At 09:29 AM 7/15/03 -0400, Sunder wrote:So, the best way to avoid that situation and not being able to reachthebig red switch, is simply not to attract their attention in the first place by not following the footsteps of Jim Bell. :)
Stego + broadcast is indeed your friend.
A more likely, and far more important, scenario to worry about is the black bag job whereby a hardware keystroke recorder can get installed without your knowledge...
There may be ways to prevent/detect this... Software (open or closed source) alone won't help very much.
Epoxy and other conformal coatings are also your friends.
Thinking about this brief comment, I assume MV means sealing a PC to make black bag opening more apparent.
But this suggest a return to _sealing wax_. Seriously.
A dab of sealing wax (available in most stationery stores, save for Staples, Office Depot, OfficeMax, Paper Barn, StaplerWorld, Nothing But Rubber Bands, and other warehouses masquerading as stationery stores) over the side panels and other access points, even over the floppy and CD-ROM ports (carefully!), and a distinctive signet ring or other such seal-making device could be quite easy to use.
(As we all know, CIA and other spook agency "flaps and seals" specialists are well-versed in duplicating such seals...but probably only after collecting good information. An FBI black bag job is likely to encounter the sealing wax and seal and be unable to duplicate it. There may be tools now to take a fairly good impression, perhaps with a fast-setting polymer, and then make a convincing duplicate of the seal. All crypto is economics, though, and simple seals probably work against most attackers.)
There are other methods:
-- keep key material on a USB or PCMCIA flash card dongle.
-- wear this around your neck or otherwise make it secure against girlfriends, wives, others who may try to copy it
-- use a small handheld PC (like the HP machines) or Palm OS device as the "front-end" for security apps: at the simplest level, use it to store very long keys which don't get typed-in, but instead are cut-and-pasted in a way to bypass the keyboard driver completely.
Note: It is common in military crypto for their to be different levels of "security tokens" to increase physical security. Rarely are the keys to the kingdom gotten merely by sitting down and typing stuff into a computer. For one thing, this encourages people to get lazy and write the passwords and keys down on Post-It notes or on pieces of tape stuck to the underside of paperclip holders or other entropically-obvious things. For another thing, it makes remote attacks or keystroke logging much more of an attack mode. Finally, the rigamarole or ritual of having physical tokens on chains around one's neck tends to make the process of security seem more serious, which can cause more care to be taken.
(All of this slows down the process. The rigamarole that a shipboard crypto shack will put up with is not the same as what Joe Sixpack will put up, as we all know. RSA-like crypto makes crypto a lot less expensive to deploy, but it's wrong to think it makes it a no-brainer, point-and-click process....except in things like SSL, where it does a specialized job without human involvement.)
-- the usual point about having a network with a secure machine locked up very well in a closet or safe (I have a large gun safe, which I usually run a small heating element into to prevent condensing conditions...I have toyed with the idea of putting a small PC running on 25-40 watts, or less, into this gun safe, with only a power cord and Ethernet wire coming out).
-- and the usual point about having cameras watching the areas where the PCs and keyboards are located.
(Yeah, maybe the black bag types can find and disable the cameras, but then Alice knows something unusual happened. But odds are pretty good they _can't_ find all of the cameras or microphones or sensors, especially in a building with many PCs and wires and other gadgets. They can cut the power, but smart folks have things on battery backups, or self-powered, or on laptops left plugged-in and able to run for 3-4 hours without AC power, etc.)
Were I setting up such a system, all sorts of inexpensive ideas suggest themselves.
By the way, I recommend the novels of Thomas Perry, especially "Pursuit," "Vanishing Act," and his others in the "Jane Whitefield" series. All four novels of his I have read so far deal centrally with issues of people trying to escape those tracking them, kind of a private version of the Witness Security Program (popularly called "Witness Protection"). The novels are filled with good ideas, and a few glaring misses, about changing identity, avoiding patterns, etc.
If there's a weakness in his novels, it's that not enough modern technology is used. I cringe when I see his characters not even using readily-available throwaway cellphones to stay in contact, or not even setting up Hotmail accounts to communicate. (He favors postal dead drops, which in at least one of the novels allows an attacker to find out the home and name of another....a determined opponent, like the government, would know the names and addresses quickly.)
Still, his series fits with the kind of security awareness and hypervigilance we often discuss.
--Tim May
