The government can access hard drives which are supposedly protected with common drive locking features offered by many major computer manufacturers. This is not news to many of my readers, but it certainly was news to Michael Alan Crooker.
Crooker is currently in prison in Connecticut, apparently for having a gun which the federal government didn’t like.
The Bureau of Alcohol, Tobacco, Firearms and Explosives raided Crooker’s home in 2004 and seized his computer. They weren’t able to bypass his Compaq computer’s DriveLock feature and forwarded the computer to the Federal Bureau of Investigation, who was able to gain access to the drive.
DriveLock is an implementation of a standard ATA hard drive locking feature which has been built into most modern hard drives for almost a decade now. If the correct password is not given to the hard drive, then the hard drive electronics will shut down access to the drive. This sort of “locking” is quite easy to get around.
It’s unclear what was done with the laptop, but Crooker says a subsequent search warrant for his e-mail account, issued in January 2005, showed investigators had somehow gained access to his 40 gigabyte hard drive. The FBI had broken through DriveLock and accessed his e-mails (both deleted and not) as well as lists of websites he’d visited and other information. The only files they couldn’t read were ones he’d encrypted using Wexcrypt, a software program freely available on the Internet. — Hartford Advocate (via Schneier on Security)
From prison, Crooker sued Compaq and Circuit City for false advertising and the companies settled out of court. Now he’s suing Microsoft, because aside from whatever files regarding the guns the government didn’t want him having, prosecutors found pornographic files of him and his girlfriend.
Among the files, they found a video showing Crooker and his girlfriend having sex, his medical records, family photographs, and correspondence between Crooker and his attorneys. They also found Internet history files that showed Crooker’s fondness for pornographic Web sites.
Crooker says he had set Internet Explorer to delete his Internet history every five days. “Any day beyond those parameters is supposed to be permanently deleted and is not supposed to be recoverable,” Crooker says in the lawsuit. He also claims Compaq’s DriveLock security system should have prevented the FBI from accessing his hard drive. — Information Week
If you really want to protect your files, here are a few important things to remember.
First, password “drive locking” which doesn’t actually perform encryption is useless. The FBI can certainly access your files, and so can any determined expert who has even the most basic knowledge of how this system works. This means, despite claims to the contrary, DriveLock and similar systems which use boot-time passwords are not secure and will not protect your data from determined attackers.
Second, when you delete a file in Windows, the file isn’t deleted. It isn’t even touched. Only a pointer to the file is removed, so it can’t easily be found. But common forensic tools which search the entire drive from beginning to end can easily find them. Many of them operate on the same principle as commercial file undelete utilities. In order to securely delete a file, its entire contents must be overwritten, in order to destroy the data.
Finally, as Crooker learned too late, the only way to protect your files is to encrypt them. And not just any encryption will do. Many commercial programs available are too weak and can be cracked easily. Others aren’t trustworthy for various reasons, usually that they don’t advertise their encryption algorithms or share their source code.
One good, trustworthy encryption program is TrueCrypt, which runs on Windows and Linux and is also free and open source. Also trustworthy is the LUKS/dm-crypt disk encryption which is built in to the Linux operating system, though it’s not as easy to set up as TrueCrypt. I am not aware of any trustworthy encryption software for Mac OS X; this includes the built-in FileVault software.
There’s much to learn about using encryption to stay safe and too little time this afternoon, but I may do something later if there’s demand for more information.
(Hat tip to Homeland Stupidity reader Fergie’s Tech Blog)
(No Ratings Yet)
Loading ...
Gardner Goldsmith explains why claims by politicians that consumers can become "irrational" and why claims by the same politicians that government can help "fix" markets are both false and misleading. He also explains what the terms Praxeology and Epistemology mean, which is key in understanding how to place free markets in their proper place among human history.
Join the members of the Liberty Conspiracy as they discuss issues ranging from the "Incorporation Doctrine" and gun rights, to the NBA, to protests conducted at military funerals, protests that are being challenged by government, and which will be heard by the philosopher kings in the U.S. Supreme Court.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Brock
Mar 02, 2007
Please do.
John
Mar 02, 2007
Can you comment on what’s wrong with OS X FileVault
Fortyseven
Mar 02, 2007
I, too, would be interested in finding a *trustworthy* and secure solution.
My fantasy solution, for Windows at least, would have a separate drive, say, the S: drive (for Secure, perhaps? :D) and any access to that drive would require entry of passkey. Then maybe it’d be good until you trip an idle timeout by not accessing it for n minutes, and then you’d have to enter it again…
Fortyseven
Mar 02, 2007
Oops. A cursory peek at TrueCrypt looks like it might be almost what I described. Yay. :D
Anonymous
Mar 02, 2007
If he was smart he would have used a whole disk encryption and then hid his really secure stuff inside a truecrypt archive inside his whole disk encryption. The FBI would have found nothing but useless information. Ohh well, welcome to the wonderfull world of forensics, and anti-forensics!
Michael Hampton
Mar 02, 2007
See, I’m usually ahead of the game on these things.
What I’m most interested in would be something trustworthy for Mac OS X.
To answer the FileVault question, it only supports AES-128, it requires 10.4, it only protects your Home folder, and of course the source code isn’t available for inspection or recompiling.
While researching this I saw a recommendation for PGPdisk for OS X, but I haven’t had a chance to evaluate it.
Michael Hampton
Mar 02, 2007
The point is, people don’t know. Getting computer security right is harder than it looks. It’s even more difficult when you don’t even understand the underlying technology, and just rely on someone else’s claims.
That’s why I post one of these every few months, to remind people of this fact and hopefully dispense some useful advice.
But how can you trust my useful advice? Ask the person who literally wrote the book on cryptography, Bruce Schneier. His nine warning signs for snake oil security should steer you right.
Kevin Fields
Mar 03, 2007
I dunno what the guy did to get in so much trouble with the feds, but from the way it sounds he DID do the right thing by suing Compaq and Circuit City for false advertising. While I do agree that you should always do your research, there is no reason why companies cannot be truthful and honest when selling their products.
Slim
Mar 03, 2007
You have touched on one of the worlds most believed myths in this article. The myth is security. Nothing in this world is secure it may be difficult to get the information or property that is being “protected”. Computers (the way) we think of them have only been around for about 20 to 30 years in that time everything has been changing hardware has been designed, software has been written and rewritten. If you believe that someone can make complex systems like that secure in a couple decades I have a some land to sell you in Florida. Lets just look at one item that has been around for many more years the lock on your front door, that item has been around much longer then a PC and is much less complicated and still it can be accessed by unauthorized users.
I am not saying leave your front door wide open but if someone is committed to get something you have and are patient they will get it. Using basic security with anything can deter the majority of people, the more advanced security can deter more but there is a point that you begin to get diminishing returns on any security system.
Javarod
Mar 03, 2007
Diminishing returns? Like this:
Timothy
Mar 04, 2007
Michael,
Currently there is not Full Disk Encryption for MacOS X.
PGPDisk will allow you to setup encrypted physical and logical volumes, but it won’t work on the entire boot volume.
Also, FileVault works on 10.3 and 10.4 and while it can’t be used to secure the entire boot volume, you do not need to have your entire Home directory encrypted either. You can use Disk Utility to create an encrypted image of any size which you can use to store only the files you want.
As for the security of FileVault, there is only one publicly known analysis.
BTW, there is no point in trying to use any sort of encryption to hide anything from the US govn’t. They will break through it, even if they don’t publicly acknowledge that they can…
Anonymous
Mar 04, 2007
I guess the tag nazi stripped out the link from my comment.
Here is the link to some info about FileVault
broken syntax
Mar 05, 2007
the most secure thing is destroying the drive itself, some have attached a thermite filled package to their hard drive, with a activation feature, that melts the disk making it completely impossible to ever use again.
forstand
Mar 05, 2007
Michael,
Thanks for this article. It comes at a good time as I want to be more security conscious. I can hear my Dad now, “If you have nothing to hide then why do this?” Habit, just habit, until I need it. I cannot see how the government can bitch about a man having naked pictures of his wife and having with sex with her on his computer, home movies or Polaroids. How low can someone or government go to portray sex between a man and his wife as porn just because they record it is beyond me. I could be guilty of the same offense. Just put me on that jury–a good case for jury nullification. If jury nullification is good enough for black murderers of white women then I can do it as well.
I BELIEVE THE WORD porn IS MISUSED by the government for their pwned purposes (misspelling intended). The use of that word in conjunction with a person’s name hangs the label of SHAME on that person and prejudices the audience against that person. It is a cheap trick.
I just installed SuSE Linux as dual boot (XP) on my notebook with an encrypted partition. The instructions also said to add an encrypted file to the encrypted partition. A little more work but it makes sense as root has access to the encrypted partition.
My passwords are difficult for even me to remember. I don’t use the same password twice for important stuff. I use mnemonics to assist me. My passwords are quite complex and would take a lot of work to guess with government computers.
Phil Zimmerman has stated repeatedly that PGP does not have backdoors and so far I have not heard of any compromises. Linux I trust but not Microsoft, Compaq, and others of that ilk.
Again, thank you for an awareness of this issue and I look forward to further information.
Regards, forstand (savvy in Swedish)
broken syntax
Mar 06, 2007
my link was was wiped out too. it was to freely available information, and a display of what exactly happens when thermite is activated inside a computer. those who are smart enough should already know how to find it, everyone else is on their own.
However I will say that I find the removing of the link; disturbing.
i suppose its a game of cover your ass, but seriously, it was posted on a site in complete public view and was broadcast on a cable television show, there was no reason to censor it.
Michael Hampton
Mar 06, 2007
There’s no ass covering going on here. You’re welcome to include links to any relevant sites in your comment, providing you can follow very simple instructions (they were written for children!).
Tommy Jefferson
Mar 06, 2007
GnuPG has file encrypt features.
forstand
Mar 06, 2007
Not long ago our nefarious Department of Homeland Security decided that metal powders such as aluminum and magnesium would no longer be available to schools or by normal purchase.
Any terrorist could manufacture all he wants with a flat mill bastard file and a little work. Axle grease can be used as a binder.
A quick Scroogle search (try it, you’ll like it, especially if you don’t want to be logged by Google as searching for instructions on how to manufacture thermite) gave Wikipedia as an excellent source for information. The Screen Savers TV show actually did melt a hard drive–good video.
Thermite-like materials are used for welding in construction and are easily available.
The most difficult part would be reliable ignition when required. And that is not difficult with a switch, lithium battery and light bulb filament (with the glass removed). Can you imagine Homeland Security trying to ban those three items?
Michael Hampton
Mar 08, 2007
If you’re actually watching Michael Alan Crooker’s case, the judge has thrown it out for “failure to state a claim for which relief can be granted,” which in English is just one step below “frivolous lawsuit.”