stacksmasher

Hacking Advice

40 posts in this topic

I haven't seen this anywhere on the site so I thought I would post it here. If you are doing any kind of "Security Research" than you must use hard drive encryption. It is the difference between going to jail and getting a slap on the wrist due to lack of evidence. I use these programs on a very old laptop and I cant even tell they are running, there is no performance degradation what so ever. So do yourself a favor and encrypt all of your dives today and stay safe.

http://www.utimaco.com/indexmain.html

http://www.eracom-tech.com/products/pd/pdrive.htm

0

Share this post


Link to post
Share on other sites

They can subpoena the password to get the data, and failing to give it would probably be obstruction of justice. Encyption is still a good idea though :)

0

Share this post


Link to post
Share on other sites

In todays day and age with all the passwords you have to remember it is a valid defense to say you forgot it, and you didn't write it down so.....for example I have to remember over 30 different passwords for my day to day functions, that change every 60 days, do you really think a jury is going to accuse me of NOT forgetting my password?

They can subpoena the password to get the data, and failing to give it would probably be obstruction of justice. Encyption is still a good idea though :)

0

Share this post


Link to post
Share on other sites

My encryption tool consists of a hammer :) But, I have encrypted my hard drive before and it was a pain, real pain to recover the data because the password i set didnt work for some reason. Took a good day to reformat and reinstall all the tools.

0

Share this post


Link to post
Share on other sites

As with anything though, they will try to say that "ignorance is not innocence" and that part of your job function is to remember passwords and it's your responsibility to write them down, store them somewhere, etc.

Also don't forget most common people that will sit on a jury fear "hackers", and know nothing of "white-hat, black-hat, hackers, crackers". You better hope your lawyer can really paint that picture of "security researcher". People generally don't like what they don't understand. I hope this isn't too far off topic, but it's always interesting to speak of the legal aspect of what we do on a daily basis.

Message to all: Don't let it stop you.

S

0

Share this post


Link to post
Share on other sites

i agree with the hammer thing. or if you think your gonna get in trouble, bury your hardrive somewhere.i guy my dad knows had like 3 or 4 hardrives buried in his yard. or just accidently knock your computer over as the cops come through the door, saying they startled you. :)

0

Share this post


Link to post
Share on other sites
i agree with the hammer thing. or if you think your gonna get in trouble, bury your hardrive somewhere.i guy my dad knows had like 3 or 4 hardrives buried in his yard. or just accidently knock your computer over as the cops come through the door, saying they startled you. :)

the data is still on the drive regardless and if its somethign serious, then they will just remove the plates and extract the data....knocking your pc over does nothing....NOTHIGN I SAY! RARRRRR!!

0

Share this post


Link to post
Share on other sites

The only way to truely get rid of all data is a nice long acid bath, or melting it, or shreading it into tiny pieces.

0

Share this post


Link to post
Share on other sites

Computer forensics is pretty complex. You might want to look into it before declaring yourself "safe."

0

Share this post


Link to post
Share on other sites

posting from my zaurus !

hint on pwds... have two and one be a decoy.. but forensics could still find stuff, unless. ...

0

Share this post


Link to post
Share on other sites

:blowfuse:

Edited by zeroxeal
0

Share this post


Link to post
Share on other sites

burning your shit will be obstruction of justice and destruction of evidence. Also you risk setting your house on fire. Then you will be even in deeper shit than before.

0

Share this post


Link to post
Share on other sites

I didn't think they could demand encryption keys in the U.S.?

0

Share this post


Link to post
Share on other sites

If you stick a CD into a microwave for about 10 seconds, you get a nice firework display.

0

Share this post


Link to post
Share on other sites

the old fashion "drill some holes through it" always work, to a degree, they can probably recover data from it as long as they find it, so i say take the discs out of your harddrive and smelt them in the shape of a rock, then throw them in a river.

0

Share this post


Link to post
Share on other sites

I still think transparent encrpytion is a good idea. They can't prove that you have anything illegal, just that you have alot of encrypted data. Depending on the country they can't request the key, they'd have to bargain for it, but it depends on the country. You can even get a crypto accelerator from www.soekris.com (only place I've seen them so far).

0

Share this post


Link to post
Share on other sites
If you want to rapidly destroy your harddrive the best method is thermite, using model rocet igniters to ignite sulfur that ignites the thermite.  thermite sits above drives can easily make some lame security system for the room to using crap you have around your house, a computer that is not connected to your network, and linux, a serial contoller like the ones many ddr nuts turn it pad controllers would work wonderfully to make a keypad for disarming and a trip for the door so that upon it being opened the linux box (that had a UPS of course) would start a countdown to destruction.  I will be drawing up plans and making a working model soon as I plan on implementing this on my setup as soon as I move out.

That whole paragraph is FUD. Do you even know what sulfur is?

0

Share this post


Link to post
Share on other sites

I remember reading somewhere a little bit ago about a guy who was on trial for child pornography. The guy had his hard drive encrypted and wouldn't give out his key so the DA or whoever said that having encryption implies that he was doing something illegal and he got convicted. So encryption software doesn't gurantee the case getting thrown out due to lack of evidence. Here's the link

0

Share this post


Link to post
Share on other sites

Bashing the hard drive won't work, drilling it won't work, almost anything short of actually destroying the device (melting, shredding, incinerating, etc) won't work. Forenic analysts will find whatever they want given time and equipment. The DoD has recovered data from hard drives shot by AK47s before, so you think a drill or hammer will stop them?

This year's BlackHat detailed some Anti-forensics tactics, I suggest you try and find the material for it.

0

Share this post


Link to post
Share on other sites

Hard drive encryption will not keep you safe, this has been said time and time again. Even if you use triple DES encryption if you don't know what your doing the key is usally stored in plain text somewhere, i.e. the windows swap file. It realy just comes down to how badly they want you. If your brains are in your ass and your hacking a bank across state lines then $50,000 worth of data recorvery is nothing to the FED's. If you want to make sure your hard drive is clean all you can do is not put anything bad on it in the first place, or trusty old thermite.

-Dr^ZigMan

0

Share this post


Link to post
Share on other sites

Of course, the best defence is not to be guilty, and the best way not to get caught is not to do it in the first place. Hell, noone cares what you do so long as you don't start stealing information/data/money or go bragging about what you've done. And we're hackers, we're interested in the security itself, so why would we steal anything?

The bragging thing is the real issue I have - if we tell a company what's wrong with it's security we should get paid and they should go after their security guys, not us. It just goes back to the old "make it look like we're doing something" mindset of businesses to security these days.

lol, rant over :growl:

0

Share this post


Link to post
Share on other sites
The guy had his hard drive encrypted and wouldn't give out his key so the DA or whoever said that having encryption implies that he was doing something illegal and he got convicted.  So encryption software doesn't gurantee the case getting thrown out due to lack of evidence.

By that kind of ridiculous logic, we're all guilty.

0

Share this post


Link to post
Share on other sites

for me the best thing to destory a harddrive is to have some thermite with an eletronic enighter mounted ontop but how the hell can i do this for my laptop is beyond me. Anyway back to encypted drives I havent done anything illeagal but i still have my harddrive encypted with pgp.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now