Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Whitehat Hacker Moxie Marlinspike's Laptop, Cellphones Seized

timothy posted more than 3 years ago | from the why-do-you-hate-america dept.

Privacy 484

Orome1 writes "The well-known whitehat hacker and security researcher who goes by the handle Moxie Marlinspike has recently experienced firsthand the electronic device search that travelers are sometimes submitted to by border agents when entering the country. He was returning from the Dominican Republic by plane, and when he landed at JFK airport, he was greeted by two US Customs officials and taken to a detention room where they kept him for almost five hours, took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them."

cancel ×

484 comments

Sorry! There are no comments related to the filter you selected.

First Post (1, Troll)

Ethanol-fueled (1125189) | more than 3 years ago | (#34289224)

Fuck the TSA goons. Those fucking low-rent frotteurs have it coming to them.

Re:First Post (2, Informative)

Barrinmw (1791848) | more than 3 years ago | (#34289240)

Customs are not TSA.

Re:First Post (1, Offtopic)

graveyhead (210996) | more than 3 years ago | (#34289246)

Right heh, if OP has bothered to read, this is all about his friend who works with Wikileaks and the US government. Nothing to do with the TSA.

Re:First Post (4, Insightful)

Ethanol-fueled (1125189) | more than 3 years ago | (#34289248)

They are all under the umbrella of the Department of Homeland Security whose core mission is to annoy, harass, and humiliate law-abiding citizens while letting the crooks slip through the cracks.

In short, federal policing powers given to the creme de la crap.

Re:First Post (4, Insightful)

Barrinmw (1791848) | more than 3 years ago | (#34289264)

Generally, I agree with the mission of customs, inspect stuff coming into the country. But it does not take 5 hours to do so for some guys laptops and a person should not be required to hand over passwords to their own computers.

Re:First Post (5, Insightful)

Dan541 (1032000) | more than 3 years ago | (#34289616)

Data has nothing to do with customs. They are overstepping their jurisdiction just to bully people.

Re:First Post (4, Insightful)

Dan541 (1032000) | more than 3 years ago | (#34289626)

Other than their recently uncovered fetish for porn the intention of customs is good.

The idea of customs looking for data in the 21st century is laughable, have they not heard of the internet? That's where I import my data from.

Re:First Post (5, Insightful)

e4g4 (533831) | more than 3 years ago | (#34289624)

Regardless of how long it takes, there is no reason to search laptops at the border. Anyone truly interested in slyly transmitting data across the US border would never be foolish enough to accompany said data on the trip. It is _trivial_ to transmit data undetected into the US (nice to meet you, internet. how long have you been there?); what justification is there for searching laptops in the first place?

Re:First Post (5, Interesting)

uolamer (957159) | more than 3 years ago | (#34289614)

I brought a just an internal sata hard drive to Canada from the US, while in Canada I wiped it clean. On the way back into the US they stopped me for a few hours.. They seemed to not get the concept of bring just a hard drive, I think if it would have been an external drive they wouldn't have gave me so much grief. When I got home there were large files all over the drive.. I can only assume they did that to overwrite anything hidden on the drive, which there wasn't. I found it to be a long waste of time and the people to be a bit clueless.....

Re:First Post (0)

Anonymous Coward | more than 3 years ago | (#34289420)

might as well be.. they all answer to the same bosses.

Re:First Post (-1, Troll)

Barrinmw (1791848) | more than 3 years ago | (#34289434)

So does that mean that every executive program is full of evil bastards because they all answer to the President?

Re:First Post (1)

AHuxley (892839) | more than 3 years ago | (#34289476)

Yes the "greeted by two U.S. Customs officials ... and asked for the passwords needed to access the encrypted material on them."
The idea that they devices could be unlocked in a lab seems to point towards a MS and others do their part to help.
http://www.wired.com/threatlevel/2010/11/hacker-border-search/#more-20877 [wired.com] has the interesting comment on that "send them to the lab and you’re not going to have the equipment anyway and we’re going to get all the data"
Then the extended layover at the airport in Frankfurt chat is interesting too. " agent said he was from the U.S. Consulate and .... routine customs question asking him where he’d been and why he’d gone there .. Now I have to call Washington.”"
I would suggest entering (or exiting the US), have nothing on your HD/SSD but an OS with a few games/media player and a phone that empty and can be used once for a short time.
Once the feds have your contact data, everybody enters same database. Then the friends of your friends.
If your computer is cloned, wipe and sell it.

Re:First Post (1)

BrokenHalo (565198) | more than 3 years ago | (#34289532)

I would suggest entering (or exiting the US), have nothing on your HD/SSD but an OS with a few games/media player and a phone that empty and can be used once for a short time.

In that case, why carry a computer and phone at all?

Re:First Post (1)

AHuxley (892839) | more than 3 years ago | (#34289608)

So you can give your presentation/work/network on hardware you know and make/receive calls/send data?
No need to give up on all the fun tech, just be very aware of what is been collected if you are stopped or your system is cloned out of your sight ect.

Re:First Post (0, Redundant)

Dan541 (1032000) | more than 3 years ago | (#34289612)

Government hired thugs are all the same.

Re:First Post (0)

Anonymous Coward | more than 3 years ago | (#34289250)

rtfa, this isnt about the TSA. This is moreso about some agency not being happy with said whitehat. I'm not a person to keep tabs on celebreties, nerd celebrities or not, can anyone with more knowledge of this guy give an overview of what he qualifies as 'whitehat'? what do you think he's done to warrant this attention? is there really no cause?

Re:First Post (0, Troll)

hairyfeet (841228) | more than 3 years ago | (#34289334)

He is called a "hacker" which after Wikileaks is right up there with kiddie fiddler as far as the USA gov is concerned. As for what he has done according to the wiki [wikipedia.org] he goes to Black Hat conferences and shows tools and ways to break into websites. Now I don't know how exactly that gets labeled as "white hat" except maybe that he isn't selling the hacks first, but if he isn't warning those affected first like Kaminsky did with the DNS flaw I'd say at best he is a gray hat.

Re:First Post (4, Funny)

Hal_Porter (817932) | more than 3 years ago | (#34289458)

That's not fair. From his Wikipedia [wikipedia.org] page he seems to be obsessed with finding ways to man in the middle SSL connections so he can present them at Black Hat conferences and allow people to commercialise the for as long as possible before they are fixed.

Where would we be as a society if that it were possible for people to make secure SSL connections to their banks for example? That would be a nightmarish world where it would be impossible to redistribute income from the first world bourgeoisie to more worthy informal entrepreneurs in impoverished countries like China, Eastern Europe or Nigeria.

I think he's doing socially very useful work. I'd recommend a prize for him, except he's probably not short of cash.

Re:First Post (1)

e9th (652576) | more than 3 years ago | (#34289514)

I'd recommend a prize for him, except he's probably not short of cash.

You must be referring to his Wikipedia page of November 16th. [wikipedia.org]

Re:First Post (0, Troll)

kainosnous (1753770) | more than 3 years ago | (#34289570)

It seems to me that the "whitehat" lable is simply to make people feel sorry for him. This might work a little for a slashdot article, but if writing software to crack SSL was "whitehat" then that just helps to prove the case against most "hackers" (so-called by the media). Furthermore, he was being searched by customs after returning from a know drug smuggling point [wikipedia.org] . This kind of thing is just muddying the waters when it comes to a much needed honest debate about security vs. privacy. It only makes my side (the pro privacy side) look week.

Nevertheless, I am still opposed to all of the misguided screenings from the government. I can see why customs might want to physically look through his laptop, but I strongly oppose them attempting to look at the data. I'm not sure what contraband they think could be in the data comming into the states. As for the TSA screenings being talked about lately, my concern is that when they do catch a terrorist, they let them go. IIRC, the underware bomber didn't even have his own passport and was allowed to board. Recently, we see a known war criminal tried and almost aquitted in a civil court. The way I see it, the governemnt doesn't care if we are safe, they just want more power to control.

Re:First Post (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34289262)

uhh, customs and TSA have nothing in common. Customs is a legitimate part of the federal government. TSA is neither legitimate nor competent.

Re:First Post (2, Informative)

PatPending (953482) | more than 3 years ago | (#34289292)

uhh, customs and TSA have nothing in common.

Other than they are part of the same organizational chart [dhs.gov] .

Re:First Post (3, Informative)

Anonymous Coward | more than 3 years ago | (#34289342)

Once again, Customs is a legitimate and competent part of the government. The TSA is neither. Yes, they both fall under DHS. However, the Army Corp of Engineers and the NSA both fall under the DOD but are very different. Further, the TSA and Customs are regulated by different parts of the CFR. 19 CFR for Customs and 49 CFR for TSA. As in, you're wrong.

Re:First Post (3, Funny)

cheekyjohnson (1873388) | more than 3 years ago | (#34289368)

"Customs is a legitimate and competent part of the government."

A part of the government that is both legitimate and competent? I never knew such a thing existed!

Competent? (0, Offtopic)

www.sorehands.com (142825) | more than 3 years ago | (#34289528)

>Customs is a legitimate and competent part of the government

Really? Customs have become an arm of the MPAA and RIAA.

Yeah, we need CD-Rom sniffing dogs, not monitoring illegal aliens, not enforcing laws that punish employers that hire illegal aliens at half of minimum wage.

4th (5, Insightful)

drumcat (1659893) | more than 3 years ago | (#34289254)

I'm still not sure how this doesn't violate the Fourth Amendment. Customs has the right to view your belongings for *safety* reasons, and to ensure that the items you are carrying are not contraband. Does code constitute contraband now? Can you be arrested for having code on your machine? I'm not talking about copyrighted, installed programs.... if something is encrypted, isn't that the same as having a secret in your mind? You know they dumped his drive, but the main question is whether they're allowed to. Isn't that stealing from the passenger then?

Re:4th (5, Insightful)

Barrinmw (1791848) | more than 3 years ago | (#34289268)

What you want to do is to have something you copyrighted on your laptop, so if they copy your hard drive you can sue them for copyright infringement.

Re:4th (4, Insightful)

LearnToSpell (694184) | more than 3 years ago | (#34289280)

Like email?

Re:4th (1)

Fallen Kell (165468) | more than 3 years ago | (#34289598)

Or even better, have a photograph/video in a very simple crypto scheme and if/when they ask you about the meaning of it, you sue them for circumventing a copyright protection as well as copyright infringement.

Re:4th (2, Informative)

jopsen (885607) | more than 3 years ago | (#34289684)

Everything you write is copyrighted...

Re:4th (2, Insightful)

cheekyjohnson (1873388) | more than 3 years ago | (#34289276)

"I'm still not sure how this doesn't violate the Fourth Amendment."

You think the government or its workers still abide by that silly old piece of paper known as the constitution when they can get away with not abiding by it? That's funny.

"isn't that the same as having a secret in your mind?"

An unreadable but visible secret.

"Isn't that stealing from the passenger then?"

It would only be stealing if he was deprived of something.

Re:4th (1)

WhoseSideAreWeOn (1916768) | more than 3 years ago | (#34289560)

It would only be stealing if he was deprived of something.

I think the RIAA & MPAA might disagree with that statement.

Re:4th (1)

cheekyjohnson (1873388) | more than 3 years ago | (#34289680)

Of course they do. They couldn't sue 'pirates' for those so-called 'damages' if they publicly admitted the truth.

Re:4th (1, Informative)

Anonymous Coward | more than 3 years ago | (#34289324)

This has been litigated to death, and searches at the border, essentially without limit, have been deemed reasonable. Indeed, for a little bit inside the border, the same applies.

Re:4th (2, Insightful)

cheekyjohnson (1873388) | more than 3 years ago | (#34289344)

" essentially without limit, have been deemed reasonable."

Deemed reasonable by the constitution or just some judges who like to 'interpret' the constitution as they please?

Re:4th (0)

Anonymous Coward | more than 3 years ago | (#34289386)

Oh, please. The constitution is a set of principles, which laws are then written to implement. I'm no fan of the federal government (I think they have whole agencies that are not allowed under the federal constitution), but your expectation that every last detail - indeed, in anticipation of every last future development - be in the constituion is absurd. Do you really expect the founding fathers to have anticipated computing devices that can encrypt data? And to put that sort of thing in the constitution? Get real.

You must be European, because you seem to be coming from the point of view of expecting the law to capture every possiblity. Here in the US (and England) we rely more on common law - yes, judges.

Re:4th (5, Informative)

fyngyrz (762201) | more than 3 years ago | (#34289530)

Do you really expect the founding fathers to have anticipated computing devices that can encrypt data? And to put that sort of thing in the constitution?

No, the authors of the constitution didn't anticipate everything. But they anticipated quite a bit, and that includes unanticipated technology and social issues. In order to give the government the ability to deal with change, the constitution contains article V, which is the portion that outlines the procedure for amendment. Excepting amendment, they expected the constitution to be followed. Not "interpreted."

Our government, however, has fiddled its way into a situation where it does whatever the heck it wants. Make no law? Let's make some law!!! No state religion? Let's print Christian stuff on the money, carve it into buildings, sing it in the anthem, and best of all, use it in the courts for swearing... that'll teach 'em. Shall not infringe? Yay, let's infringe! Regulate among the states? Let's regulate IN the states! No ex post facto laws? Oh *heck* no, we GOTTA make those! Enumerated powers? Nah, let's just do anything we want, the heck with that! Warrants to search? Um... only in the interior of the country. And even then, maybe not. Probable cause? That's the same as "We like to grope", isn't it? Sure! No double jeopardy? Oh, that's easy, we'll just toss them back and forth between the criminal and civil court systems, they'll never figure that one out! Trial by jury? Same as "Lock in closet indefinitely, no lawyer, no phone call, innit?" Cruel and unusual punishment... yeah, what was that awesome torture we hung the Axis defendants for using at the war crimes trials? Oh yeah, water-boarding... let's do THAT! (and let's not forget we have rendition to play with, either.) Excessive bail shall not be imposed... heck with that, we'll ask whatever we want! Powers reserved to the states? Bwahahahaha. Oh, and the article III kicker... judicial power in constitutional cases: nah... let's just Make Stuff Up and skip that whole article V inconvenience.*

(*) It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.

Here in the US (and England) we rely more on common law - yes, judges.

Here in the US, we have government that has usurped powers far outside the explicitly authorized bounds. And that most certainly includes the judiciary.

In the end, it turns out that what the authors of the constitution wrote matters very little in our current legal system, because that document is treated by the government as barely relevant at this point in time, and even at that, only when it is convenient. Otherwise they ignore it, make things up, or simply plow ahead regardless.

Re:4th (1)

Thinboy00 (1190815) | more than 3 years ago | (#34289574)

(*) It should be noted that the USG has steadfastly avoided violating the 3rd amendment, and should certainly be commended for its restraint in this matter.

This is false [enwp.org] (unless "USG" specifically means the Federal government -- I would argue that state governments are just another level of the U.S. Gov't)

ObTopic: Demanding passwords is evil!

Re:4th (1)

fyngyrz (762201) | more than 3 years ago | (#34289604)

Geeeez. See that? They couldn't even manage to leave the third alone, easy as that would have been. I looked into it further, and the case, of course, went the government's way - they got away with it 100%. Some drivel about "they didn't know, so they weren't responsible." Guess the government doesn't need to know the law in the eyes of the courts. Funny, isn't there something about us lowly citizens being supposed to?

Ok, next time I rant on this, I'll say:

(*) It should be noted that the USG has only violated the 3rd amendment once, and should certainly be commended for its restraint in this matter.

Re:4th (1)

ScrewMaster (602015) | more than 3 years ago | (#34289556)

The constitution is a set of principles, which laws are then written to implement

No, I'm pretty sure the Constitution is a set of rules, indeed an enumeration of what powers the Federal Government may have ... and which it may not. The rest of those powers are reserved for We the People. You should get used to the phrase "Congress Shall Make No Law ...". It will give you an idea that the Constitution is not, and was not ever, intended to be a mere set of "principles."

Your cavalier attitude towards the Supreme Law of our Land is a major part of why things have been going from bad to worse lately.

Re:4th (5, Insightful)

ScrewMaster (602015) | more than 3 years ago | (#34289582)

Do you really expect the founding fathers to have anticipated computing devices that can encrypt data?

And furthermore, there's a reason that the Founders didn't try to enumerate specific communications technologies: they figured (apparently incorrectly, given your statements) that we would be able to logically extend our legal system to accommodate new technology, without requiring the citizenry to give up hard-won civil liberties as enshrined in the Constitution. It looks like some people are just unable to grasp that "personal papers and effects" might, I mean, just might, include a personal computer, and that that would indeed be in the spirit of the Constitution.

Do you really, in your heart of hearts, believe that the Founding Fathers, if they were alive today, would consider a hard drive full of a citizen's personal and confidential files to be in any way less deserving of the same legal protections afforded someone's wallet or their file cabinet? Do you really? Or are you one of these people who believes that the government should have the right to snoop into anyone's private business, for any reason, because they might have something to hide?

Spare me. This artificial dichotomy that is being presented to us by the government, that the "Internet" and "computing" are so intrinsically different from printed materials that the Constitution some how magically doesn't apply is disingenuous at best, treasonous at worst.

Re:4th (2, Interesting)

Barrinmw (1791848) | more than 3 years ago | (#34289374)

If the government had to build giant platforms 10 miles out to sea and require all people entering to stop there before coming into the country so their stuff could be inspected, they would. The courts give them some leeway as a nod to the fact that would be ridiculous for people trying to come in.

Re:4th (2, Insightful)

theMAGE (51991) | more than 3 years ago | (#34289472)

Why would those giant platforms not become US territory and be subject to the same laws as the mainland?

Re:4th (2, Funny)

Barrinmw (1791848) | more than 3 years ago | (#34289488)

Cause the government would pay someone to live on each one and we would recognize them as a sovereign nation.

Re:4th (5, Interesting)

fyngyrz (762201) | more than 3 years ago | (#34289548)

The courts give them some leeway as a nod to the fact that would be ridiculous for people trying to come in.

The courts, in point of fact, allow warrentless searches anywhere within 100 miles of the border, regardless of if you are, were, or ever planned to traverse the border. 190 million US citizens live within this region. Also, it is worth noting that the "4th amendment border exclusion" principle appears nowhere in the constitution. It's invented, unauthorized law. If they wanted it, the legitimate path to it was through article V. Consequently, it represents (yet another) usurped power.

Re:4th (2, Informative)

VortexCortex (1117377) | more than 3 years ago | (#34289502)

This has been litigated to death, and searches at the border, essentially without limit, have been deemed reasonable. Indeed, for a little bit inside the border, the same applies.

Here, in the USA, "a little bit" means 100 miles (160.9 kilometers) inside the border... 2 out of 3 Americans live within 100 miles of the border; No, it does not matter if you have crossed the border or not many of your constitutional rights are null and void in this zone [privacydigest.com] .

Re:4th (2, Interesting)

HiThere (15173) | more than 3 years ago | (#34289566)

A *LITTLE* bit inside the border? Think again.

I believe that it's anywhere within 200 miles of either the border or of an airport at which international flights land. (Or, of course, a port at which international shipping docks.)

That covers most of the population.

The constitution is pretty vague. (4, Informative)

pavon (30274) | more than 3 years ago | (#34289340)

The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts. Border searches have long had a broader definition of reasonable (since the very first session of congress), and are not limited to safety and contraband. FindLaw has additional commentary [findlaw.com] on the issue.

Re:The constitution is pretty vague. (5, Interesting)

afidel (530433) | more than 3 years ago | (#34289448)

I'm still not giving up my passwords on fifth amendment grounds even if I have nothing to hide. In fact I've told a TSA goon exactly that when they asked me to login to my laptop at a screening checkpoint. They could see it wasn't a bomb from the xray and by me powering it up, the only thing that logging in could have possibly done is get me into trouble for the contents of my machine.

Re:The constitution is pretty vague. (4, Informative)

fyngyrz (762201) | more than 3 years ago | (#34289558)

The constitution only protects against "unreasonable" search an seizures, with unreasonable being up to the interpretation of the courts.

No, the constitution protects against unreasonable searches and seizures, and then it specifically defines what that means: "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The idea that the definition of unreasonable in this context isn't clear and present is a myth that is instantly dispelled if you simply read the 4th amendment. It's right there, plain as day.

Re:4th (0, Flamebait)

slack_justyb (862874) | more than 3 years ago | (#34289540)

You're at a border fourth amendment doesn't apply. I know a lot of people who don't like that idea. My suggestion is any one of the following, 1) Don't leave the country. 2) Don't return to the country. 3) Sneak your way in/out of the country. America's borders have gone to shit. Every in the country is pissed about illegal border crossers and the government is putting pressure on the border agents to do something about it, so they have, piss every single person off to the point that I don't think I'll ever pay the outrageous fee for crossing the American border.

Re:4th (5, Funny)

Anonymous Coward | more than 3 years ago | (#34289568)

The encrypted material might have contained something hazardous like a Uwe Boll movie. The risk of one of those being released to the public far outweighs any privacy or Constitutional concerns. Memories of House of the Dead and Bloodrayne still make me wake up in a cold sweat. Just imagine one that was considered unreleasable. Terrorist can kill thousands but a Uwe Boll movie can injure millions, or at least the hundreds that actually see them.

It probably is (2, Informative)

Sycraft-fu (314770) | more than 3 years ago | (#34289602)

Problem is it is going to have to get tested in courts, mostly likely the supreme court, and that takes time. Searches at the border themselves are completely legal. That has been established long ago. You have no expectation of privacy there, and the government has a right, and duty, to secure its borders. However the idea behind this was searching for contraband more or less. A regular search. The whole "copying your entire harddrive" or "taking your computer and not giving it back for months" is not something that was considered because such devices weren't around.

Well that being the case there's three ways this could change:

1) The president could order it stopped. Even if the government does have the authority, they don't have to exercise it. However the whole thing started with the executive and it is pretty clear the president has no wish to put a stop to it.

2) Congress could pass a law stopping it, or more generally defining what is and is not allowed in border searches. Pretty clear they are not at all interested in that.

3) The Supreme Court could find the searches unconstitutional. I think there's a reasonable chance that would happen, but only if a case reaches them. Unfortunately that is kinda hard. More or less someone has to either be convicted of criminal charges base don evidence obtained in this way, or harmed by it in some manner giving them standing to file a suit. It then has to work its way up. Also, it needs to be a good case. Any civil rights lawyer that would take it up to the SC would want a solid case because if you lose, then you are fucked and getting it reversed would be near impossible.

As such this shit will probably continue for a good while.

What you can do about it is write to the president and your representatives and let them know this is an issue that matters to you and one you'll vote on. The only hope of getting the practice changed any time soon is to get the president to order it halted, or congress to pass a law preventing it.

Re:4th (1)

Wrath0fb0b (302444) | more than 3 years ago | (#34289642)

I'm still not sure how this doesn't violate the Fourth Amendment.

There has never, since the founding of this Republic, been any understanding that searches at a border are unreasonable under the 4A. Those searches might be wrong, or privacy-violating or even fascist, but they are certainly not contrary to the 4A. See, e.g. United States v. Arnold (9th Cir. 2007), 2007 WL 1407234 ("Computer devices are conceptually no different for Fourth Amendment purposes than other closed storage containers that are subject to suspicionless searches at the border.")

Unlike the UK, however, you cannot be jailed for failure to turn over an encryption key. http://www.theregister.co.uk/2010/10/06/jail_password_ripa/ [theregister.co.uk]

Hidden volumes? (0)

Anonymous Coward | more than 3 years ago | (#34289256)

I know they were returned to him, but couldn't he have used hidden volumes or something for his laptop so that they wouldn't ever find it in the first place?

Re:Hidden volumes? (3, Funny)

MrQuacker (1938262) | more than 3 years ago | (#34289294)

Logic dictates that you'd send an agent at least as smart as the suspect to do the HD search. Granted, this is the government...

Re:Hidden volumes? (2, Interesting)

el_tedward (1612093) | more than 3 years ago | (#34289424)

If it's on the hard drive, and it's not encrypted, one should not expect it to be secret unless you can limit who touches that data. There's tools like those put out Access Data, and some other ones I can't remember cuz I haven't used them in class.. but they make the process of carving data out of a hard drive pretty darn easy.

FTK (or is it PRTK? I ain't no expert, dawgs) even goes through the hard drive, looks at phrases and words on the disk in some fashion, and creates a dictionary you can use to try to start cracking at any encryption there is :D Lots of money to be made if you want to be a Forensic Investigator, though I'm looking more towards playing with servers in the future..

Re:Hidden volumes? (2, Informative)

VortexCortex (1117377) | more than 3 years ago | (#34289542)

TrueCrypt [truecrypt.org] because it works [slashdot.org] .

FTK, PRTK?
Pffft, The FBI knows about those, and still didn't crack the TrueCrypt volume.

Re:Hidden volumes? (4, Informative)

Ultra64 (318705) | more than 3 years ago | (#34289462)

He could put the contents of the hard drive on a webserver, wipe the hard drive clean, then download the data once in the country.

Re:Hidden volumes? (1)

AHuxley (892839) | more than 3 years ago | (#34289526)

Depends on the lab set up and what an ex CIA/MI6/GCHQ contractor sold them.
That hidden formatted file might show, some other random 'data' might give a false positive too.
So they will then flag a "probably encrypted and being hidden" data structure. Next would be intensive network logging and other hardware/software options to see what your really doing long term at home, work and on other devices.

Link to longer article at CNET (5, Informative)

Anonymous Coward | more than 3 years ago | (#34289260)

border (0)

Anonymous Coward | more than 3 years ago | (#34289286)

It's like the duty-free shop of search & seizure.

Publicity Whore? (-1, Troll)

Frosty Piss (770223) | more than 3 years ago | (#34289302)

This is most likely no more than PR bullshit by the publicity whore known as "Moxie Marlinspike", this guy is well known as a publicity whore. Ya sure, it's possible they "made copies" of his 'puter, but most likely he made a scene at customs and they treated him accordingly.

Finishing the story (5, Informative)

the_other_chewey (1119125) | more than 3 years ago | (#34289304)

took his laptop and two cell phones and asked for the passwords needed to access the encrypted material on them.

...didn't get them, gave him back his hardware and let him go.

Really, why try to sensationalize a story by omitting its outcome?

The fact that something as diriculous as "incoming data storage devices searches" even
exist should be enough of a story by itself, and that has been known for quite a while.

Re:Finishing the story (1)

Fantastic Lad (198284) | more than 3 years ago | (#34289446)

Your word-fu is strong. I had to look up "diriculous".

Anyway, sensationalism, while a bit tabloid, is standard fare for Slashdot and should be expected by now. In any case, the point behind the alarm is perfectly valid, and the on-line forum, which is still a pretty new and amazing cultural phenomenon, offers all the power necessary for readers to discuss any given concerns and thus find balance and truth.

It's not ideal or entirely mature, but it's colorful and it doesn't actually get in the way. I kind of enjoy it. Like movie posters.

-FL

format time (1)

luther349 (645380) | more than 3 years ago | (#34289306)

i dunno bought installing anything on his devices if they couldn't get in. but it would be unlawful for them to do so. of course this is the government where talking abought. i say destroy all data re flash keyboard firmware.

Re:format time (1)

Barrinmw (1791848) | more than 3 years ago | (#34289320)

Check for inconspicuous chips with antenna...

Re:format time (1)

luther349 (645380) | more than 3 years ago | (#34289348)

yea i would pull that sucker apart as well and even reflash bios.

Re:format time (2, Insightful)

el_tedward (1612093) | more than 3 years ago | (#34289432)

I'd smash it with a hammer.

Re:format time (1)

faclonX (759436) | more than 3 years ago | (#34289672)

I'd sell it to someone I really didn't like........

Re:format time (0)

Anonymous Coward | more than 3 years ago | (#34289662)

Reformat? What a waste.
He should take advantage of the opportunity and hand the machine over to an organization with the capability to perform the most detailed examination of hardware, software and firmware to produce hard evidence (if it should exist) of EXACTLY what was done to the machine by the agents.

Time for him to invoke the china visit policy... (2, Interesting)

nweaver (113078) | more than 3 years ago | (#34289308)

I worked through this policy myself as an intellectual exercise [blogspot.com] (A protocol for China. Or Defcon. Take your pick).

Basically, take a laptop with an easy to swap hard drive. Swap in a new drive, with a clean image, and no access credentials except to a temporary dropbox account for emergency mail and/or working set.

Now if you are intercepted, there is no data TO capture, and you can remove all but hardware/bios trojans by a wipe and reinstall.

As a bonus, you can just take out the drive, hand it to customs, and let them have fun with it.

Re:Time for him to invoke the china visit policy.. (1)

spongman (182339) | more than 3 years ago | (#34289508)

better still: cat /dev/urandom > /dev/hda # eat my highly-encrypted shorts

You can't wipe BIOS (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34289512)

It's in the on-board flash ROM, so you can't easily wipe or check its integrity. Not only BIOS can be reprogrammed, but hardwares like GPUs, peripheral controllers have its own ROM with complete RTOS in some cases. I have a RAID controller I've got from a junkyard. I noticed it has intel logo on the big chip, googled it and turned out it was a ARM-based single board computer which seemed to be capable of running full GNU/Linux.

Re:Time for him to invoke the china visit policy.. (1)

AHuxley (892839) | more than 3 years ago | (#34289546)

Reinstall into hardware they scanned and logged all the unique stats off? You can wipe, change some hardware numbers but they will just look for your computer again.
Why glow so bright online but they will get back to you via a sneak and peek soon enough.

How to get away with it (0)

Anonymous Coward | more than 3 years ago | (#34289312)

No, I cannot give you the password for the harddrive encryption Sir.

You see this is not my laptop. It belongs to a company myname plc. If you want to obtain passwords for it you have to approach our legal department about it.

Nothing to hide... (1)

Datamonstar (845886) | more than 3 years ago | (#34289338)

How the hell would you even know that you don't?

"There is someone somewhere who wants access to something on my laptop or my phone and they can't just come and ask me for it. And they can't get a warrant without suspicion. So, they wait for me to travel internationally because at the border they can do anything they want."

It's not about the hassle of it all. it's not about having the "peace of mind" that privacy as we often refer to it brings, and it's not about sheer rebellion. We want to keep our freedom at the borders for simple reasons like this one. The possibility that ridiculously strict flight checks could have much wider impact that what is currently purported. Just like how a company recalls defective products for the small possibility that someone could get hurt. Why aren't our laws as reasonable as that? Because it's much easier to use fear and lack of knowledge in a shot-gun approach to looking capable at security while getting some gravy on the top in the form of a social surveillance mechanism. So far, it's working.

Re:Nothing to hide... (1)

luther349 (645380) | more than 3 years ago | (#34289382)

heck i would encrypt my entire machine just for the kick of doing it. then make them go threw all the hassle or braking the crypto getting a warrant etc just to find knoething. other then maybe a text file saying did you enjoy wasting all that time.

Re:Nothing to hide... (0)

Anonymous Coward | more than 3 years ago | (#34289396)

Don't forget to be polite but unhelpful the whole time.

Re:Nothing to hide... (0)

Anonymous Coward | more than 3 years ago | (#34289480)

... And then enjoy your future life after those bags of white powder mysteriously turn up in your luggage.

Big Sis is gonna love this! (0)

Anonymous Coward | more than 3 years ago | (#34289390)

Our story begins with Moxie Marlinspike seated in a detention room. Unbeknown to his interrogators, he had shipped his real laptop and cell phones ahead of his flight.

Fed: What's the password of your PC?

Moxie: Goatse.cx

Fed: How's that?

Moxie: You know, "goat sex"

Fed: Huh? Er, how are you spelling that?

Moxie: G O A T S E dot C X

Fed: Oh, okay.

Enters password, waits for the PC to boot. Upon booting, the desktop background is the infamous image. And the hard drive is filled to capacity with files having the most intriguing names. One by one the agent opens files only to discover every single one contains the infamous image.

Fed: Thinking to himself: I have got to make a copy of this--Big Sis is gonna love it!

Looking for what they don`t comprehend. (0)

Anonymous Coward | more than 3 years ago | (#34289398)

He should`ve walked back to America, or get off the plane at a precisely more frugal waypoit. I bring a parachute with me on every flight and it will save my life more than a blow-up preserver or overhead oxygen dispensor ever would. It is the point of encryption to isolate searchable data from encrypted data known as an executable. Customs shouldn`t search his binaries when they are looking for porn on someone` laptop in all the wrong places. Some of us need to b e somewhere, especially consultants and bankers!.

And he didn't realize this would happen to him? (2, Insightful)

mikein08 (1722754) | more than 3 years ago | (#34289406)

If the govt. is interested in you, it's going to be interested in your computers and cell phones. Makes sense, right? So if you don't want the govt. diddling your electronics, don't carry them on airplanes or across an international border. Isn't that pretty simple? The alternative is to have multiple sets of cell phones and computers: one set with all the good stuff on it, one set with nothing important on it that goes with you on planes and across borders so the government agents will have something to amuse themselves with when they detain you.

Re:And he didn't realize this would happen to him? (0)

Anonymous Coward | more than 3 years ago | (#34289536)

It's only simple if you have something to hide.

Quick question (1)

lennier1 (264730) | more than 3 years ago | (#34289414)

What exactly is the advantage of harassing one of the good guys?

Re:Quick question (4, Insightful)

PatPending (953482) | more than 3 years ago | (#34289450)

It's about questioning authority. It's about unreasonableness. It's about personal liberty & heavy-handed government. It's about "give an inch and they'll take a yard." (There's more but I hope that's sufficient.)

Great, now it's trash. (5, Insightful)

VortexCortex (1117377) | more than 3 years ago | (#34289436)

I would never trust my hardware again once I had handed it over to some customs (or other government agent) goons, and it left my sight. I would rather just remove the hard drive and hand it alone over to them, at least then I wouldn't have to trash the whole thing.

There's really no way to be 100% sure you successfully "re-flashed" the BIOS, or cleaned all hardware as some posters have said they would do. Not to mention: There could be additional hardware installed, 5 hours is a long time...

You could tear your machine apart and inspect it all you want, but it's well known once the enemy has unfettered physical access to a device, all bets are off.

Re:Great, now it's trash. (3, Insightful)

the_humeister (922869) | more than 3 years ago | (#34289622)

Paranoid much? Shit, you could say that about new hardware as well. How do you know the manufacturers didn't put some virus/trojan, inadvertently or maliciously, on the devices you bought (especially now that most of those devices are made in China)?

Re:Great, now it's trash. (1)

n3r0.m4dski11z (447312) | more than 3 years ago | (#34289638)

well you can still sell it so not all would be lost. Infact that would be the thing to do!

Re:Great, now it's trash. (4, Informative)

lakeland (218447) | more than 3 years ago | (#34289658)

Right, and if you read the CNET article he mentions that he's already disposed of all the checked hardware.

He also mentioned that the extra cost of hardware + embarrassment of missing meetings due to being detained and missing flights means his business is losing contracts and money, and he's thinking of refusing international clients. Maybe that's the government's goal.

THEY WANT TO FIND ILLEGAL MATTER ON IT. (0)

Anonymous Coward | more than 3 years ago | (#34289676)

There are no safeguards for these thugs of Customs-enforcement from puting those materials onto the computer's magnetic storage because there is a financial incentive that rewards for displacing such content onto those tools.

It looks to me like all these Federal agencies are just a bunch of perverts that show-up and say they want you to sell them Child Porno, Alcohol, anti-United States media, Fire-Arms, Tobacco, and nuclear weapons: what are they going to do with such material when they have hold of it, other than enjoy it like the rest of the world does?

Tell them to get their own porno, they don't need my computer to watch porno on or use my computer to download and watch porno on. No safeguards whatsoever, and they are running a-muck about it with their double-speak words.

Customs: "HEY MISTER, WE ARE LOOKING FOR PORNO! GIVE US YOUR COMPUTER! WE WANT TO FIND PORNO!"
Me: Porno is immoral material, and I don't want you to put porno on my computer.
BATFE(ces): "HEY MISTER, we want to shoot your guns and ammo while we smoke your cigars and drink boos, give to us now"
Me: Cigars are for my pain-relief, Alcohol for me to forget the stresses of the day, and the fire-arms are for protecting myself and others from any that take property without compensation even if ployed by unethical currencies."

Travel Tip (5, Interesting)

Anonymous Coward | more than 3 years ago | (#34289490)

I travel to the US a lot for business. What I do is Fedex my "real" hdd to the hotel I'm planning on staying at, usually 1 day before travel to the US is enough for it to be there waiting for me when I arrive at check-in (obviously its an encrypted disk).

I travel with my laptop, with a small capacity hdd that has a clean install, some common oss apps installed, some bogus documents downloaded from scribed, some fake e-mail accounts with credentials saved in firefox and some typical surfing history. The aim is to make them feel like they've found the stuff they're looking for and that there isn't anything worth pursuing - rather than trying to be a smart-ass that makes them even more intent on performing those unwanted rectal examinations. I've had my laptop taken twice in the last 3 years, and on both occasions after providing access details, I was given the laptop back within 5-10mins, other people i know that tried to screw over the TSA/customs by not providing all the access details they wanted, ended up never seeing their machines again.

Though now with the new scanners at play in the airports, I'm trying to reduce my travel to the US to a minimum. If I have to travel, I charge a premium for the various inconveniences endured, most clients are sympathetic and pay without much fuss.

Re:Travel Tip (1)

PatPending (953482) | more than 3 years ago | (#34289522)

Interesting for its simplicity. However for those technically inclined, this [slashdot.org] is also a viable alternative. (From another post in this very thread.)

Simple solution sparky (0)

Anonymous Coward | more than 3 years ago | (#34289544)

There is a very simple solution to all of this sparky. Put data on the internet in an encrypted format. When you are away, you put the information up. Leave the computers and phones clean. Squeaky clean. Annoyingly clean. Oh sure, maybe you can put up some really bad videos, and ads about how the TSA and FBI are violating rights for detaining travellers an inappropriate amount of time. You can encrypt something with a hard cipher, a message such as "Its wrong for the NSA to steal other peoples data, and then demand passwords."

Shamir's method, 1979 (0)

Anonymous Coward | more than 3 years ago | (#34289554)

Shamir's method is proof against production requirements if you do it right. Any whitehats traveling international should become familiar.

What's so important to warrant harrassing millions (5, Insightful)

mykos (1627575) | more than 3 years ago | (#34289592)

I can't think of a single thing that could be carried on any laptop that warrants the harrassment of millions a year.

Even if a 9/11 scale event happened every single year, it would take more than four years to match a single year of alcohol-related deaths in the U.S.

Re:What's so important to warrant harrassing milli (1)

orphiuchus (1146483) | more than 3 years ago | (#34289678)

I think that last point is a little silly, but I agree that there isn't anything good reason for them to be looking at the data on laptops. The only possible reason I can think of is that they hope to get lucky and stumble across something objectionable, like child pornography or .txt files containing detailed contact information for Osama.

and i always said (1)

chronoss2010 (1825454) | more than 3 years ago | (#34289650)

no such thing as a white hat hacker there is a stooge for the system and a hacker .....if your too chicken shit to call your self a real hacker dont bother.....

Yet another exciting episode in (0)

Anonymous Coward | more than 3 years ago | (#34289682)

The soon to syndicated series - "so much for the forth amendment". Check your local listing for the next show time and channel!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?