Now On Video: GCHQ Destroying Laptop Full of Snowden Disclosures 237
An anonymous reader writes "On Saturday 20 July 2013, in the basement of the Guardian's office in Kings Cross, London, watched by two GCHQ technicians, Guardian editors destroyed hard drives and memory cards on which encrypted files leaked by Edward Snowden had been stored. This is the first time footage of the event has been released."
Wasn't this a movie? (Score:3, Funny)
Oh, wait... I think it was books they were burning in the movie... Or people... Maybe both...
Re: (Score:2, Insightful)
Godwin in 6 minutes, well done.
Look, I agree that this is a pretty bad transgression on the part of British government, but let's keep a bit of perspective.
If anything it is slightly comical that these people think they can destroy digital information with drills and grinders and so on. Obviously they really don't, GHCQ do not have a reputation of being digitards.
So this is a message, the presence of cameras confirms it. On the one hand to the assorted press, watch your step. On the other hand to their US c
Re:Wasn't this a movie? (Score:5, Informative)
Actually I was alluding to common practices going back many centuries, so well done on leaping to conclusions.
Re:Wasn't this a movie? (Score:5, Funny)
Nobody expects the Spanish Godwin.
Re: (Score:2)
There goes the Vol de Mort subscription.
Re: (Score:2)
Fair enough. Still, this story hardly warrants the comparison with book burning, certainly not with people burning, IMHO. Also, just curious, which movie were you thinking of?
Re: (Score:2)
This? [youtube.com]
Re: (Score:2)
There should be a f451/Orwell godwin
Re:Wasn't this a movie? (Score:4, Informative)
If anything it is slightly comical that these people think they can destroy digital information with drills and grinders and so on. Obviously they really don't, GHCQ do not have a reputation of being digitards.
Ignoring the fact that copies exist (and everyone involved knew that), physical destruction is in fact the recommended way to destroy the data on a hard drive, SSD drive, flash memory, etc. etc.
You can overwrite the drive 50 times and you can not be certain that the data is unrecoverable. If you put a grinder to the drive surface, you can be very certain of that.
There's a reason the military shreds harddrives when it disposes of them.
Re: (Score:2)
Ignoring the fact that copies exist (and everyone involved knew that), physical destruction is in fact the recommended way to destroy the data on a hard drive, SSD drive, flash memory, etc. etc.
To rephrase: It's relatively easy to ensure that this HDD does not store any data. However it is nearly impossible to ensure that this data is not stored on any HDD.
Re:Wasn't this a movie? (Score:5, Interesting)
You can overwrite the drive 50 times and you can not be certain that the data is unrecoverable.
That hasn't been true for about 20 years now. Overwrite your data once and it's gone. Even if you don't overwrite it randomly no data recovery group have been shown to be capable of recovering overwritten data even in the face of great monetary incentive.
There's a reason the military shreds harddrives when it disposes of them.
Yes but it has nothing to do with data possibly being recoverable. It's entirely to do with removing all doubt if a procedure has been applied. If you look at a drive you have no way of knowing if the data has been wiped or if there's anything recoverable on it. If you look at small shards of what's left of a drive then there's no doubt. It doesn't mean that other methods aren't equally secure, just harder to administrate.
Re: (Score:2)
That's if you want the data to be overwritten and you're the owner of the drive. If you want to delete data on someone else's drive, you would have to ensure that the drive does not have some custom firmware installed that messes with the overwriting process...
Re: (Score:2)
... no data recovery group have been shown to be capable of recovering overwritten data even in the face of great monetary incentive.
How many of those "data recovery groups" have had the resources of a modern industrialized nation state behind them? The scope of what is possible can vary enormously depending on your resources.
Re: (Score:2)
If you look at small shards of what's left of a drive then there's no doubt.
Unless the data's never been overwritten, and then someone pieces a few of those shards back together, for inspection under an electron microscope.
Re:Wasn't this a movie? (Score:5, Informative)
You can overwrite the drive 50 times and you can not be certain that the data is unrecoverable.
Bullshit. If your drive works fine, even after single (or two, if you are paranoiac) overwrite with random data no-fucking-body in the whole universe will recover anything.
There's a reason the military shreds harddrives when it disposes of them.
But for completely different reasons what you think, its because:
- your drive might be faulty so the overwrite is actually not performed
- could be faster (overwrite of big disk can take hours)
- the destruction can be performed by IT-ignorant, non-technical guy
- the destruction process can be easily CONTROLLED by another non-technical persons.
This last one is actually main reason: in such process there are usually more people involved which "watch each other". ...
However control of soft (data-only) destruction is very difficult: even if all involved people would be highly technically capable (including your commanding officer), It is difficult to assure that the other guy does not use (intentionally or unintentionally) wrong, hacked or faulty software, does not make copy during overwrite, makes proper control read after the process etc
Re: (Score:2)
Re:Wasn't this a movie? (Score:4, Insightful)
But for completely different reasons what you think, its because:
- your drive might be faulty so the overwrite is actually not performed
A related one:
The drive may remap some sectors because they are failing, it may be very difficult to ensure that all the physical sectors are overwritten and not just all the logical sectors.
Re: (Score:2)
The drive may remap some sectors because they are failing, it may be very difficult to ensure that all the physical sectors are overwritten and not just all the logical sectors.
This is where the SECURE ERAS EUNIT ATA command comes in.
There are only a small number of such replacement 512 byte sectors available. Most drives have not done remapping a significant number of sectors.
The probability that critically sensitive data just so happens to reside in a remapped sector, is scant at best.
Re: (Score:3)
Bullshit. If your drive works fine, even after single (or two, if you are paranoiac) overwrite with random data no-fucking-body in the whole universe will recover anything.
Partially true, but not entirely.
True, in modern drives we operate very close to the physical limites and overwriting is a lot more destructive than it used to be.
However, there are also so many intermediate layers and internal logic (like the relocation of faulty sectors another commenter pointed out) that you'd have to go very low-level to come even close to any assurance that everything actually has been physically overwritten.
Physical destruction is still the only way to be absolutely certain. All your
Re:Wasn't this a movie? (Score:5, Informative)
You can overwrite the drive 50 times and you can not be certain that the data is unrecoverable.
Actually, this is an old myth, which had some truth to it when hard disk weren't operating at the known physical limits. Then you could actually read some erased information by using a more sensitive magnetic head, which was able to tell the difference between a former one overwritten by zero and a former zero overwritten by zero. But this is no longer so. Any reserves that might have been in the magnetic surface of disk are now used to increase information density. The most sensitive reading heads available are those already built into the hard disks. Overwrite a section of the disk with zeros (or ones, whatever you like), and you can be sure that the information formerly there is safely overwritten.
Re: (Score:2)
Re:Wasn't this a movie? (Score:4, Insightful)
If you can recover the data overwritten 50 times, then you also can recover the data overwritten 49 times (that is, the first set of data you've overwritten the original data with), the data overwritten 48 times (that is, the second set of data you've overwritten it with), the data overwritten 47 times, the data overwritten 46 times ... and you'd have to be able to distinguish between them. which means that on a 500 gigabyte hard disk, you'd be able to recover 25 terabytes of data. I strongly doubt that this is possible.
Re: (Score:2)
You misunderstood "it is not 100% guaranteed to be gone" for "it is 100% guaranteed to be recoverable".
Sure, with each pass you will make some of the data gone for good. But your certainty is a limes function. So no, after x passes you won't be able to recover x * capacity in bytes. But you might be able to recover some of the original data.
Re: (Score:2)
Ignoring the fact that copies exist (and everyone involved knew that), physical destruction is in fact the recommended way to destroy the data on a hard drive, SSD drive, flash memory, etc. etc.
Grinding the motherboard and CPU, are not ways of destroying data. They're ways of causing a loss of capital, in terms of dollars used to purchase the equipment.
I don't think the authorities' aim so much is to destroy the data, BUT to try to create a financial loss for Snowden and whoever's helping him, in term
Re: (Score:2)
Seems the allow brain-dead people on this site now. :-)
If you want to reliably destroy the data on one particular storage medium, then physical destruction is the way to go.
This is totally apart from the question of whether or not other copies exist, it's a tangential issue. Funny how everyone except one troll who was intentionally looking for an axe to grind clearly got that meaning.
Re: (Score:2)
then physical destruction is the way to go.
That makes sense for the hard drives, SSDs, and other magnetic storage medium.
Can you explain the rationale behind physical destruction of the CPU itself, motherboard, and other expensive electronics that cannot actually store any user data?
Re: (Score:3)
Re: (Score:2)
This also happened in Australia with a book chapter on the Iraq and a hard-drive destroyed.
http://www.igis.gov.au/annual_... [igis.gov.au]
"After the sensitive elements were deleted (but only those elements), each concerned person was given the choice of having the copy of their hard-drive (on a
government supplied disk) destroyed in front of them. In some instances this offer was accepted. The purpose of such visible destruction
Re: (Score:3)
That's a good question. It depends on what the original files were. I'll have to do some extrapolation, since I don't do low-level forensics, so if someone wants to correct me, feel free.
When you run data recovery on an overwritten medium, you are usually able to recover at least parts of the data. Depending on file formats, that may or may not allow you to recover parts of the data.
Imagine, for example, that you are able to recover 80% of the bytes in a file. For a textfile, that pretty much means you have
Re:Wasn't this a movie? (Score:5, Informative)
Theoretically, when a file has been overwritten with known data, it is possible to use an electron microscope to recover what was there before, but as far as know, no one has been able to actually achieve this. Especially with modern hard drives that are more dense.
Re: (Score:3)
Generally when deleted files are able to be recovered, the bytes of the files weren't actually overwritten, they were merely marked as deleted by the filesystem.
Yes, but since a drive is partitioned into sectors, when you come back to recover the data from that free space, chances are good (depending on drive capacity and activity) that some of those sectors have already been claimed but other files.
I agree my example was misleading. You won't actually be missing every 5th character - you'll be missing large chunks somewhere within the document.
Re: (Score:3)
Re: (Score:2)
The files are encrypted, wouldn't that make it much harder to recover after rewriting the storage? Seriously asking, I honestly don't know the answer.
My guess it doesn't matter if they were encrypted.
There are copies of the encrypted files. But, as a newspaper, you don't really want third rate spooks breaking into the office trying to steal the hard drive or SD cards.
You don't want run of the mill nerds rifling your dumpster for a piece of history they can sell on eBay.
etc.
By getting most people to think the stuff was destroyed they head off a lot of headaches without really changing anything.
Re: (Score:3)
It was actually just Cameron being his usual thick-as-shit self. He requested that the drives be destroyed personally, apparently not realizing or understanding how little effect it would have. In fact it most likely had the opposite effect, ensuring that more material and this kind of negative publicity was put out. He really is a dumb fuck sometimes.
Re: (Score:2)
Which is a dick move, to be sure, but not quite the holocaust yet.
Saying "not quite the holocaust yet" is a bit of an understatement. And although you would never know it on Slashdot, there is a much more divided opinion in at least some societies about who was actually the "dick" at the heart of it.
Re: (Score:2)
So this is a message, the presence of cameras confirms it.
This is a firm message that says: "Stop publishing."
"Another word about Snowden, AND the next supervised immediate destruction order will target all your reporters' computers, All your backoffice servers, All the servers in your web farm, and all your company's backup disks."
Re: (Score:2)
I don’t think Godwin applies to Farenheit 451.
What about the copies? (Score:2)
I'm sure those are locked away safely.
Re:What about the copies? (Score:5, Funny)
Nope, through computum entanglement, destroying the south bridge of the PC which had held the hard drive also destroyed all the copies.
Quantum mechanics is a bit too complex for us peons, just trust the govt on this one.
Re:What about the copies? (Score:5, Informative)
In fact they claim it was made completely clear to the head honcho ordering the destruction that other copies did in fact exist and that this display would not change anything. It was purely a PR/attempted intimidation stunt.
Re: (Score:2)
What about good old paper copies? I hope that one of the curators actually prints all the documents out, and squirrels them away in the closed archive stacks of an obscure library somewhere. The problem with storing all the documents on hard drives makes them easier to destroy . . . one hard drive in the shredder, and you're done. Having them as paper copies might make it more difficult for the spooks to trace and destroy.
Of course, the curators will probably have to go hardcore with this. Multiple fol
Saving face? (Score:5, Interesting)
Re: (Score:3)
I suspect The Guardian was mostly thinking "Sure, we'll play along with your little pantomime. It's not like it's actually going to make any difference." I suspect the technicians from GCHQ were thinking the same as well. Possibly with a side thought of "Well, it gets us out of Cheltenham for a day at least".
Re: (Score:3)
More broadly, the UK lacks the same (or comparable) legal protections of the press & free speech that the US has via our First Amendment.
Re:Saving face? (Score:5, Insightful)
I'm so tired of hearing that.
The laws are different over here in Europe, yes. But bland statements like the above just make me cringe. Some rights are stronger in the US, some are stronger in Europe, and it even differs by country.
And then there's the law on the one hand and enforcement on the other. The NSA didn't exactly get much opposition from Google, Microsoft and everyone else they've tapped into, did they? That's not new or "post 9/11", either. If you read up on the history of the NSA, you'll find that in the early days they went to the telegraph companies and without a court order they got copies of every telegraph message leaving or entering the USA.
Re:Saving face? (Score:5, Interesting)
The NSA didn't exactly get much opposition from Google, Microsoft and everyone else they've tapped into, did they?
I think the NSA got considerable opposition from Google, and knew from the beginning that it would, which is why Google was (per David Drummond) never even asked to provide broad access to user data. The revelation that the NSA might be tapping connections between data centers caused a crash project to make sure all of that traffic was encrypted, for example. In general, this stuff has really pissed Googlers off and Google engineers are working to plug every potential leak they can find.
(Disclaimer: I work for Google, but don't speak for Google.)
Re: (Score:3, Insightful)
You'll note that the US government has not dared to even suggest censoring the New York Post.
Whist you will notice that the UK government has not dared to suggest that reading the newspaper might cause you to lose your security clearance. Both equally stupid.
Re: (Score:3)
Just as the laws differ, so do the horrible things the government does. Yeah, the GCHQ went to the Guardian to get a computer destroyed. Meanwhile, Obama will have you killed by a drone. And while there is armed military at London's airports, they don't have a TSA.
Really want to continue comparisons?
Re: (Score:3)
There are very rarely armed military personnel at UK airports. Them being there is highly unusual and worthy of comment. The uniformed armed people you usually see at UK airports are regular armed police. Although that itself is unusual in a national context (though not at airports); our police aren't routinely armed (it's in fact a specialization you have to qualify for).
Re: (Score:2)
You do realize that the rest of the western world kind of snickers whenever you do some dumb-ass thing like freak out over the Janet Jackson "wardrobe malfunction?"
Re: (Score:3)
Well you haven't heard it enough apparently so I'm going to repeat it for you: America has way better protection for the press and general freedom of expression than Europe and the UK in particular.
And yet, both Freedom House and Reporters Without Borders rate the UK higher than the US with respect to freedom of the press. On paper the US has strong constitutional protection for the press. In practice, we're happy to ignore the constitution whenever it's inconvenient, and analysis of the actual treatment of the press demonstrates that.
Re: (Score:2, Insightful)
Given its history, I think of the US Constitution as more a statement of good intent than any sort of iron clad protection or inalienable rights.
I mean, pretty well EVERY time the US has been stressed (by war, by politics, by circumstances) the Constitution and its amendments have been set aside, only for the Supreme Court or whatever to revisit the situation 10 or 20 years down the track (long after the damage has been done) to reinstate said rights and privileges ... after which everybody apologizes to th
Re: (Score:2)
It is to lose; all the gov't needs to do is recite those magic words "National Security", and they can do pretty much whatever they want. Who can stop them?
Re: (Score:3, Insightful)
Who can stop them?
Me.
You.
All of us together.
If they kill all of us, they won't have anyone to make their tea.
Strat
Re: (Score:3)
Which requires communication. Which is why NSA and its ilk are so hell-bent on wiretapping everything: to ensure any rebellion is crushed in the bud. Which, in turn, gives various governments ever greater assurance that they'll face no opposition no matter what they do, thus encouraging them to go farther.
It's a nasty vicious circle which could easily end up in another age of tyranny. It's why things like Tor [torproject.org] and Freenet [freenetproject.org] are so important: anonymous communication is the only way to organi
Moronic. (Score:2, Insightful)
I'm dumbfounded.
Why on earth would GCHQ and/or the government want to show us so clearly that they are complete morons?
I might assume they are not and that there was some deep purpose to this display of idiocy but I don't see it.
Re: (Score:2)
Definitely agree.
I had a mate who's hard disk whose laptop wouldn't boot.
He wanted to get all the personal data of it photos business accounts etc. so opened it up and took out the RAM and the the WIFI Card. And left them in his wood burner for a couple of days.
He then gave me the laptop.
I gave him back his hard drive and bought new ram and a wifi card.
And told him to speak to me first next time.
Stupidity at it's finest. (Score:2)
For many many reasons but I post for one you'd be surprised at.
http://hardware.slashdot.org/c... [slashdot.org]
People continue to do this stupid shit to perfectly good hardware, sure it's symbolic in this case to prove a point, none the less any of us here with a fucking grain of common sense realise it's a load of complete shit.
That data could've been copied 10,000 times over from that machine by now (obviously)
Re: (Score:2)
A point the editor even made to the Select Committee. In fact he straight out told them it had been copied elsewhere.
Something isn't adding up... (Score:5, Funny)
I viewed the video and I read the related article... and it says here:
A small team of trusted senior reporters examined Snowden's files in a secure fourth-floor room in the Guardian's King's Cross office. The material was kept on four laptops. None had ever been connected to the internet or any other network. There were numerous other security measures, including round-the-clock guards, multiple passwords, and a ban on electronics.
Okay, 4 laptops are fine. So why does the video show a desktop keyboard? And why is there a completely destroyed ATX desktop motherboard shown there?
Re: (Score:2)
Re: (Score:2)
Okay, 4 laptops are fine. So why does the video show a desktop keyboard? And why is there a completely destroyed ATX desktop motherboard shown there?
OK That will teach me to read the article.
You are dead right, why a keyboard and possibly a PS/2 keyboard (do modern laptops support this connector any-more? Some other things that don't make sense is the tower PC power supply and the huge fans (I would love to see how they got them in a laptop). Also while we are at it how did they get a standard PC motherboard in a laptop.
As for grinding the boards well words fail me. I suppose that is a bit like destroying RAM especially when we all know those sneaky
Herding wildcats in a burning barn.... (Score:5, Insightful)
Yes, let us NOW close the barn doors after the cats have escaped.....that will stop the cats from escaping!
From my view(USA), the U.K. seems to be following in our footsteps with afterburners engaged.
I remember when everyone was claiming computers would make life easier. LOL! Paperless offices FTW!
(don't misunderstand; I like computers and networks, but from the beginning, I have always questioned the implementation of them as it occurred...one of the reasons why I don't own a cell phone, and studied networking so I could protect some of my privacy, just as I studied driving a vehicle before driving)
The cat is out of the bag/barn door, the best thing for the gov't.s involved is to admit it and make acceptable changes, but don't hold your breath waiting.
The question now is:
Do we fight this crap, or grease up our bungholes and take like a good consumer?(we are no longer citizens or customers...just livestock consuming the crap corp.'s and their bitches(gov't) shovel out.
If you use the term 'consumer' for anything outside of eating and drinking, or physically using something to depletion, then you are part of the problem by accepting this crap.
Consume various media?
I have NEVER eaten or drank an music or video file, I've watched/listened to them, and THEY ARE STILL THERE! So I could not have consumed them.
This may seem like an offtopic rant, but the brainwash mentality is what makes this crap work.
We have gotten into a mindset from this tactic that makes this shite easier to swallow, because we get used to swallowing shite. We have forgotten how to find out for ourselves, we WANT the 10 second soundbite because we are too busy swallowing the shite, to fit in with our shite swallowing peers.
I personally am too old, broken down, and poor to start the needed coup, but will gladly join in if it ever happens.
Here in the USA 20 years ago, if what happened under Bush jr.'s reign happened then, I would have started(or at least attempted) another revolution...strictly out of patriotic feelings for the oath I took to defend the Constitution of the USA, and Dubya and company would have been first against the wall to be shot as a traitor to the Constitution I pledged to uphold against enemies foreign and domestic.
Apparently, my peers are happy to have the following generations buggered, and now it's showing up.
In retrospect, I would include Obama and co. for not doing away with all of Bush/Cheney's constitutional violations.
As it stands, I will do everything within my power and ability to train and educate the younger generations to combat this crap.
Note to self: Quit posting when drinking!
I meant everything above, but focus and eloquence decline severely when drinking!
Apologies if I sound like some butthurt old geezer, but I am one, due to the 'War on Drugs', 'War on terrorism', War on this', War on that', alcohol is my only outlet short of ending up on the evening news as some nutjob taken out by the local SWAT Team. :-)
OK, now all of you all, get off my lawn!
*chugs bottle of Geritol*
Re: (Score:2)
The vast illegal domestic surveillance system is built like an elint overflight of the Soviet Union collecting everything it can.
Its their network, every keystroke you make is kept, sorted, indexed, filed, read by a real person if your on a list...
Build on that - read up all you can on the side of politics you find interesting and write long detailed emails to m
This was done to protect the Guardian as well (Score:3, Funny)
I think the Guardian guy is being deliberately vague, since they now have evidence that they destroyed all of their copies.
They are now only going to report on the information that others are leaking.
It is PR for GCHQ and the Government, i.e. don't hold documents you know you shouldn't cos we'll smash your shit up.
It is part of the legal defence of the Guardian, "We aren't distributing this information, but are now free to report the information that others have released to the public"
By the way IANAL, it just seems like common sense to me.
Video Is Missing One Thing (Score:2)
A "laugh track".
Just sayin'...
Strat
Headling is wrong (Score:2)
GCHQ Destroying Laptop Full of Snowden Disclosures
As the summary actually makes clear, one of the interesting about this incident is that the Guardian editors opted to destroy the laptop themselves, instead of letting GCHQ do it.
Danger, top secret electronics dust (Score:3)
It's probably been so long since they released it because GCHQ had to vet the video to make sure you couldn't reconstruct the document from the fragments visible during the video.
They seem to be about that level of tech-literate.
Re: (Score:3)
You appear to be confusing GCHQ with the Home Office. I very much doubt the instructions for this little bit of theatre came out of GCHQ; it pretty obviously political theatre.
Re: (Score:2)
It's probably been so long since they released it because GCHQ had to vet the video to make sure you couldn't reconstruct the document from the fragments visible during the video.
Actually... we came up with a device that can mess with entropy so much; that the dust particles are expected to spontaneously come back together and reassemble themselves into chips and disk drives, with no damage whatsoever, and then the data wlill be retrievalbe again.
Silly Paranoid Hard Drive Destruction (Score:2)
Even if it was true that one can economically retrieve data after it has been erased / overwritten a few times, the buzz-sawing of individual chips in this video fans the paranoia of people over hard drives. You can disassemble the hard drive, or hit it once with a ball peen hammer. Drilling multiple holes through ceramic chips borders on the Pythonesque. Perhaps they were being tongue-in-cheek during the application of physical overkill, but it fans the billion dollar planned obsolescence industry. Mo
Re:No more bombshells? (Score:5, Funny)
Not from that particular copy of the data.
Re: (Score:2)
Is this the end of the leaks then? No smoking gun?
No, just a bunch of smoking HDs. But seriously, a "smoking gun" is what you need in a case where the evidence is thus far not conclusive. In this case, however, I don't know of anything Snowden released which has been denied by officials and much of it has been confirmed or corroborated by others.
Re: (Score:2)
Re: (Score:2)
Yeah, but at least it won't be starring fucking Ricky Gervais!
Re: (Score:3, Interesting)
It's just a stupid as the US response taking out and replacing every part of every computer and network that Snowden accessed.
I mean, really - the CAT-5? Come on. Just a stupid excuse for work and so that they can claim "Oh he did millions of $$ damages, see we had to replace everything including a new coat of paint on the data center".
Absolute tripe.
Re:Motherboards (Score:5, Insightful)
It's just a stupid as the US response taking out and replacing every part of every computer and network that Snowden accessed.
Disagree. No matter what you think of the NSA, in the whole circus they are one of the few people who actually know their stuff. These guys are scary good at what they do. If I had to clean up a place that was bugged by the NSA, I'd do the same - rip out everything and replace it.
You can buy keyloggers that fit into a USB plug these days. I'm pretty sure the NSA has stuff like Ethernet monitors that fit into slightly-larger-than-usual CAT-5 plugs. And if you consider the size of Raspberry Pi, you'll realize that you can fit a whole second computer into the case of another computer.
When your server gets rooted by a hacker, every security professional worth his money will tell you to wipe it and do a complete reinstall. There is no way to clean up the system without that where you can be certain that there's not a backdoor left somewhere you didn't look.
This is the same, just in hardware.
Re: (Score:2)
When your server gets rooted by a hacker, every security professional worth his money will tell you to wipe it and do a complete reinstall. There is no way to clean up the system without that where you can be certain that there's not a backdoor left somewhere you didn't look.
Depending on the nature of the server, I'd be tempted to replace the hardware as well and shred the old stuff as well.
Formatting a hard drive doesn't really remove everything, even a "secure" erase isn't the same thing as simply buying a new one.
Re:Motherboards (Score:5, Informative)
When your server gets rooted by a hacker, every security professional worth his money will tell you to wipe it and do a complete reinstall. There is no way to clean up the system without that where you can be certain that there's not a backdoor left somewhere you didn't look.
Those were the good ol' days. These days everybody knows there are half a dozen backdoors in the various firmwares that even an OS wipe won't get. (disk, network, bios, etc)
Re: (Score:2)
That, as well as the other comment much to the same, is very true.
However, it depends on your threat scenario. If you are the victim of a regular hack, i.e. someone gained entry over the network, then you know your hardware is unchanged, so you can keep it. That is the scenario I was referring to. If, of course, someone physically broke into your server room, you should mistrust your hardware unless you know exactly what they did and didn't do (say you have a video that you know was not tampered with).
I don
Re: (Score:2)
If you do a wipe and restore of the OS from backup, from a date you can verifiably show was before the compromise; AND repair the security holes and vulnerabilities, and make sure to change all security credentials -- passwords, etc, , before reconnecting to the internet.
Then after so restoring... the biggest things you actually should worry about are.... (1) Something else on your network may likewise be compromised, such as other servers or networking infrastructure - especially anything Telnet i
Re: (Score:2)
If I had to clean up a place that was bugged by the NSA, I'd do the same - rip out everything and replace it.
I'd be tempted to torch the place for the insurance money and move.
Re: (Score:2)
I'd be tempted to torch the place for the insurance money and move.
Which would play right into the NSA's hands, as you move on from your torched building, and agents quietly recover some fireproof surveillance blackbox units which had been dropped down various walls, that your torching made retrieval a simple task.
Re: (Score:3)
Disagree. No matter what you think of the NSA, in the whole circus they are one of the few people who actually know their stuff.
If that were true, Snowden wouldn't have been able to access and distribute the sensitive security documents he did and we wouldn't be talking about this at all. Doesn't seem they are particularly competent with regards to security to me.
Re: (Score:2)
competent != perfect
If you run an organisation of this size, you have security holes, period. There is no such thing as perfect security, and everyone knows it (though some snake-oil sellers pretend otherwise).
Re: (Score:3)
There is no such thing as perfect security, and everyone knows it
This is why the notion "It is OKAY if we have all these backdoors and all this data collection, the only quantum computer, etc, as long as it is controlled by strong security controls, laws, regulations, oversight" is absurd.
Re: (Score:3)
Yes he would, because his job and vetting level allowed him unsupervised access to materials at that level of protection. The flaw in their system was either their vetting - I have no idea if there was anything in Snowden's past that should have given them a reason to consider him unreliable - or that his access was unsupervised.
The problem with requiring supervised access to materials or infrastructure you (potentially) routinely access as part of your job is you've just doubled (at least) the number of p
Re: (Score:3)
The NSA failed at basic information security. There are plenty of corporate IT departments that have more robust information security than the NSA it would seem.
I didn't think I'd use that abbreviation ever again, but: ROTFLMAO
Most corporate IT security is a joke. There's a reason the security consulting business is thriving, and it's that when they get called in, they always find yet another problem. What corporate IT is good at is creating bullshit rules that placate management types and don't add any actual security. Yes, I'm looking at you, SOX. And don't get me wrong, I worked as the Senior Manager IT Compliance for a fairly big company. It was a lot of fun, b
Re: (Score:2)
These guys are scary good at what they do. If I had to clean up a place that was bugged by the NSA, I'd do the same - rip out everything and replace it.
And dig up the foundation.
Re: (Score:2)
NSA certainly bugs ethernet sockets – see http://images.dailytech.com/ni... [dailytech.com] .
The amount of destruction on motherboard teaches us a thing: GCHQ destroyed elements they KNOW could be used for storing data/snooping. So we say ”morons”, but they actually are ahead of us in spying. And they expect other intelligences to have similar capacities as NSA/GCHQ.
Re: (Score:2)
When your server gets rooted by a hacker, every security professional worth his money will tell you to wipe it and do a complete reinstall.
And then get countermanded/overridden by the server or workstation technician or management, because wiping and reinstalling is too time consuming and/or expensive. Just get some antivirus and security scanners software setup, clean out all the malware, and resecure it, so the system works again.
"We won't tolerate laziness from you security folks. You have to d
Re: (Score:2)
Re: (Score:2)
Well, given that it was the Guardian destroying the computers under oversight of GCHQ, and they knew it was filmed, I can imagine them fulfilling the order ridiculously to the letter, to make the stupidity of it obvious without the GCHQ being able to complain.
Re:Such documents trove (Score:4, Insightful)
No actually, having a journalistic intermediary that does vetting and filtering is a better approach. One of the -false- accusations against wikileaks was their undiscriminate leaking of classified documents.
Re: (Score:3, Informative)
One of the -false- accusations against wikileaks was their undiscriminate leaking of classified documents.
False?
http://download.cabledrum.net/... [cabledrum.net]
Interviewer: "So come on, redactions are going on at the same time, now there is
or isn't a row going on about redaction, I haven't the faintest clue
whether there is or isn't...?
Mr Assange: No, there's no row going on about redactions at all....There was a
group of reports where although they were not really intelligence
informants there were sort of hotline tips...something called threat
reports comprised one in five of the Afghan War Logs and so we held
them back for a line by line redaction...But what we didn't do was
redact one in five lines, putting black marker through it, we just
removed them, and so it looked like we hadn't redacted everything but
in fact we had redacted a fifth of all material, and this permitted an
attack, a political attack, to come from The Times of London.... So The
Times did a proxy war on The Guardian through us by attacking us....
So most of those names were meant to be there, it is right for
them to be published, it is right to publish the names of
politicians, generals bureaucrats, etc, who are involved in this
sort of activity, it is right even to publish the names of corrupt radio
stations in Kabul that were taking SYOPS programme content. It is
also right to publish the names of those people who have been
killed and murdered and who need to be investigated and it is
right to publish the names of all incidental characters who
themselves are not at serious and probable risk of physical harm.
Those incidental characters are someone who owns a company for
example is just involved in shipping operations.... So then there is the
question were there any sort of villagers or so on who gave
information that might lead to reprisals, were there some of those?
Um there were some villagers who - who had given information,
um so that is a regrettable oversight, but it is not our, not merely
our oversight it was the oversight of the United States military
who should've never included that material and who falsely
classified it, and who then made it available to everyone and it
then got out."
Assange never wanted to redact but was forced his media partners. Then he published the full unredacted cables on wikileaks' website. Which they denounced
http://www.bbc.co.uk/news/worl... [bbc.co.uk]
In a joint statement, the Guardian, El Pais, New York Times and Der Spiegel said they "deplore the decision of WikiLeaks to publish the unredacted state department cables, which may put sources at risk".
And before you mention the password that appeared in David Leigh's book that was supposed to be for a temporary copy of the archive
http://www.theguardian.com/med... [theguardian.com]
WikiLeaks claimed its disclosure was prompted after conflicts between Assange and former WikiLeaks associates led to one highlighting an error made months before. When passing the documents to the Guardian, Assange created a temporary web server and placed an encrypted file containing the documents on it. The Guardian was led to believe this was a temporary file and the server would be taken offline after a period of hours.
However, former WikiLeaks staff member Daniel Domscheit-Berg, who parted acrimoniously with WikiLeaks, said instead of following standard security precautions and creating a temporary folder, Assange instead re-used WikiLeaks's "master password". This password was then unwittingly placed in the Guardian's book on the embassy cables, which was published in February 2011.
Separately, a WikiLeaks activist had placed the encrypted files on BitTorrent, a peer-to-peer file sharing network, in the hours before Julian Assange was imprisoned pending extradition proceedings in December 2010, as a form of insurance for the site. Fewer than five people knew of the existence of the site.
As former activists' disillusionment with WikiLeaks grew, one told German magazine Freitag about the link between the publicly available password and files in an attempt to highlight sloppy security at WikiLeaks. The magazine published the story with no information to identify the password or files.
WikiLeaks then published a series of increasingly detailed tweets giving clues about where the password might be found as part of its attempts to deny security failings on its own part. These are believed to have led a small group of internet users to find the files, which were published in a difficult-to-access format requiring significant technical skill, on rival leak site Cryptome.
Domscheit-Berg, often referred to as Assange's former deputy at WikiLeaks, condemned the password reuse. "The file was never supposed to be shared with anyone at all," he said. "To get a copy you would usually make a new copy with a new password. He [Assange] was too lazy to create something new."
Assange always wanted to released the unredacted cables because in his mind anyone who cooperated with the US deserves
Re: (Score:2)
More precisely, there really is no way for a journo to know what is dangerous to disclose and what isn't. The only source that could really tell us that are those who the information would embarrass to begin with.
Re: (Score:2)
At the very least they should put up a torrent of the encrypted full document dump as an insurance file against the US/England harassing more journalists or using extraordinary rendition. Glenn Greenwald's partner might not have been detained for 9 hours if there was a chance it would result in the release of all the documents.
Re: (Score:3)
That would solve two problems: the Guardian continuing to publish, and the staff's need for housing.
Re: (Score:3)
Re: (Score:3)
http://arstechnica.com/tech-po... [arstechnica.com]
Apparently this guy thinks there are only a couple copies and they need to be physically returned to the NSA so they can be certain that no copies exist anywhere else. Or he's just being more obvious in deliberately implying things that are false than is normal even for someone in his position.