How not to secure your hard drive

The government can access hard drives which are supposedly protected with common drive locking features offered by many major computer manufacturers. This is not news to many of my readers, but it certainly was news to Michael Alan Crooker.

Crooker is currently in prison in Connecticut, apparently for having a gun which the federal government didn’t like.

The Bureau of Alcohol, Tobacco, Firearms and Explosives raided Crooker’s home in 2004 and seized his computer. They weren’t able to bypass his Compaq computer’s DriveLock feature and forwarded the computer to the Federal Bureau of Investigation, who was able to gain access to the drive.

DriveLock is an implementation of a standard ATA hard drive locking feature which has been built into most modern hard drives for almost a decade now. If the correct password is not given to the hard drive, then the hard drive electronics will shut down access to the drive. This sort of “locking” is quite easy to get around.

It’s unclear what was done with the laptop, but Crooker says a subsequent search warrant for his e-mail account, issued in January 2005, showed investigators had somehow gained access to his 40 gigabyte hard drive. The FBI had broken through DriveLock and accessed his e-mails (both deleted and not) as well as lists of websites he’d visited and other information. The only files they couldn’t read were ones he’d encrypted using Wexcrypt, a software program freely available on the Internet. — Hartford Advocate (via Schneier on Security)

From prison, Crooker sued Compaq and Circuit City for false advertising and the companies settled out of court. Now he’s suing Microsoft, because aside from whatever files regarding the guns the government didn’t want him having, prosecutors found pornographic files of him and his girlfriend.

Among the files, they found a video showing Crooker and his girlfriend having sex, his medical records, family photographs, and correspondence between Crooker and his attorneys. They also found Internet history files that showed Crooker’s fondness for pornographic Web sites.

Crooker says he had set Internet Explorer to delete his Internet history every five days. “Any day beyond those parameters is supposed to be permanently deleted and is not supposed to be recoverable,” Crooker says in the lawsuit. He also claims Compaq’s DriveLock security system should have prevented the FBI from accessing his hard drive. — Information Week

If you really want to protect your files, here are a few important things to remember.

First, password “drive locking” which doesn’t actually perform encryption is useless. The FBI can certainly access your files, and so can any determined expert who has even the most basic knowledge of how this system works. This means, despite claims to the contrary, DriveLock and similar systems which use boot-time passwords are not secure and will not protect your data from determined attackers.

Second, when you delete a file in Windows, the file isn’t deleted. It isn’t even touched. Only a pointer to the file is removed, so it can’t easily be found. But common forensic tools which search the entire drive from beginning to end can easily find them. Many of them operate on the same principle as commercial file undelete utilities. In order to securely delete a file, its entire contents must be overwritten, in order to destroy the data.

Finally, as Crooker learned too late, the only way to protect your files is to encrypt them. And not just any encryption will do. Many commercial programs available are too weak and can be cracked easily. Others aren’t trustworthy for various reasons, usually that they don’t advertise their encryption algorithms or share their source code.

One good, trustworthy encryption program is TrueCrypt, which runs on Windows and Linux and is also free and open source. Also trustworthy is the LUKS/dm-crypt disk encryption which is built in to the Linux operating system, though it’s not as easy to set up as TrueCrypt. I am not aware of any trustworthy encryption software for Mac OS X; this includes the built-in FileVault software.

There’s much to learn about using encryption to stay safe and too little time this afternoon, but I may do something later if there’s demand for more information.

(Hat tip to Homeland Stupidity reader Fergie’s Tech Blog)

One thought on “How not to secure your hard drive

  • March 8, 2007 at 5:11 am

    If you’re actually watching Michael Alan Crooker’s case, the judge has thrown it out for “failure to state a claim for which relief can be granted,” which in English is just one step below “frivolous lawsuit.”

Comments are closed.