Skip to content or view screen version

Police bugged SHAC, but what else did they do?

Collins | 10.10.2008 12:44 | SHAC | Animal Liberation

Police have admitted to bugging SHAC, however it's what tehy don't admit to that is more interesting.

As expected SHAC was bugged by the police. This isn't a surprise. What is interesting is that Police have knowledge of files that SHAC supposedly securely erased.

This means that either the police had an virus on SHAC members computers or that SHAC has a apolice informer in it's ranks.It is likely that both are true however the amount of knowledge police seem to have could only have been acquired by them having a software bug on SHAC computers.

This is something all activists must be careful about. The Police are putting backdoors onto peoples computers. Virus checkers won't spot them as they will not be known by anti-virus companies.

What can we do against this new threat?

Collins

Comments

Hide the following 17 comments

Well you can make it harder

10.10.2008 12:53

You could make it harder for them by using open source software. Not as easy to plant a virus then. Using windows (if you do) just makes it easy for them.

Alpha Geek


Don not assume Linux =safe

10.10.2008 13:03

There are rootkits available for Linux which would give the same level of access as rootkits for windows. Using Linux might make you a little safer but it doesn't make you safe.

Beta Geek


autosave was probably to blame

10.10.2008 13:15

I suspect the problem in this case was the "autosave" functionality used by most complex software applications. Things like email and word processing programs generally will autosave backup copies to disk every minute or so, so that files you are working on can be recovered if the program crashes.

Even if you securely delete the final plaintext copy, fragments of these insecurely deleted autosaved files could still remain on the disk.

The lessons are:

* Don't put sensitive information on computers unless absolutely necessary.
* Use full disk encryption rather than relying on encryption of specific files or partitions.

Full disk encryption means everything on the disk is encrypted - the operating system, the applications, and the files. There is some good free and open source full disk encryption software called Truecrypt:
 http://www.truecrypt.org/

Remember also to shut down or lock the computer when you are away from it - if they gain access to your computer while it is running and open, all the encryption will be useless.

supporter


I agree

10.10.2008 13:45

I agree Beta Geek, I wasn't saying *nix is totally safe.

Alpha Geek


sauce?

10.10.2008 13:54

> As expected SHAC was bugged by the police. This isn't a surprise.
> What is interesting is that Police have knowledge of files that
> SHAC supposedly securely erased.

Care to share where this is from?

hp


Risks of full disk encryption

10.10.2008 15:21

Full disk encryption is a good step, but like anything, it is not a total panacea.

The risks are:

1) The thumbscrew attack: use some form of torture to get the person to give up their passphrase.

2) Weak passphrase: don't use you dog's name, and make it long and difficult to guess!

3) Keyloggers: unless you are with your computer 24/7, someone can gain physical access to your computer and plant a hardware keylogger that records all your keystrokes - including when you type in the passphrase.

4) Firewire ports: firewire/iLink ports have direct access to the computer memory, which would necessarily include the decryption key. Remove or disable your firewire ports.

5) Access to a running computer: protecting from someone who has physical access to a computer is difficult at the best of times, but if it is powered on, it is even more difficult. Set your computer to use a locking screensaver, and turn it on when you are not sat at the computer.

supporter


Why not use macs?

10.10.2008 17:05

Look better, don't line the geat satans pockets any further and are much more secure. You can put PGP on them too.

Mac fan


What actually happened..

10.10.2008 17:18

The macs they were using weren't full disk encrpyted (you can now get full disk encryption for macs, i suggest you get it!) and the programmes they were using, eg. word, notepad etc. were automatically saving in the background.
They were not aware of this, and what the police have got their hands on are the automatically saved files which weren't encrypted.

There was no virus, they dont know their passwords and they havent got anywhere near as many recovered files as they are making out.

So everyone please stop worrying!

I highly suggest everyone gets full disk encryption

A friend of SHAC
- Homepage: http://www.shac.net


Good to know BUT who was advising them?

10.10.2008 17:29

The fact WORD periodically says - 'autosaving' is a bit of a clue!

But it is good to know that it;s simple cock up and not a super PLOD black helicopter squad :)

Another Mac Fan


re: What actually happened

10.10.2008 18:12

Friend of SHAC (and others) thanks for informing us what actually happened. But isn't that even more worrying? In that it would be a common problem especially with shared computers that people can't use full disk encryption on. A friend has mentioned tools that securely wipe these fragments of information and also deleted information. Can anyone on the newswire suggest some software that is known to work well. EVERYONE should use one of these wipers immdiately.Better to be safe.

Collins


Don't rely on disk free space wipers

10.10.2008 19:43

If you are using a shared computer my advice is: don't put anything that you want kept private on there.

Tools that wipe the free space take a long time and aren't always guaranteed to work. Also, you would have to run them every time you edited your file, since you never know when you might get a visit. That makes them practically useless, in my opinion.

If you want security, full disk encryption is the only way to go. And even then, be aware of the possible risks (see my earlier post).

Note that if you use Thunderbird, it is possible to turn off autosave of emails you are writing. It's probably a good idea to do this even if you use full disk encryption, just as another layer of security.

supporter


A Very Real concern

11.10.2008 09:26

This is certainly a worrying state of affairs - I am also a supporter and am very involved in prisoner support, am in touch with shac activist - since we live in a police state i suppose this sort of thing is to be expected - I have had the experience of local police (Brighton/Hove) driving past me when I am posting and shouting out "we know what you're doing George"
Every time I post I get to a page stating there is a problem with the security certificate - what does this mean?
I would be interested in others views - it is worth noting that there was almost certainly an informer within shac - also that one group are pleading guilty to conspiracy to black mail while the others (with heather Nicholson) are pleading not guilty

George Coombs
mail e-mail: georgecmbs@tiscali.co.uk


Some comments

11.10.2008 12:11

1. Free space wipers and file erasers generally do work (there's one called Eraser for windows which I think is held in good esteem). However the problem is not the erasing, it's that Windows/Office etc make copies (temporary files, swap space, backups, auto-saves etc). which are not getting erased. The solution here, as has been said previously, is to encrypt the entire drive. Truecrypt is the way I would go for this.

2. If your computer is taken by the police at any time, if you want to be very careful it is wise to assume that the operating system has been "doctored", perhaps to record keystrokes for transmission to the internet. This is a touch paranoid, to be fair, and unless you're a terrorist there's a chance that the police won't spend the time/money doing this. It may also be illegal (though that may not stop them). If your computer is returned to you after "evidence gathering" then personally I would wipe the entire operating system and reinstall it. Usually this is not for the faint-hearted as it can be a pig to do. Many machines no longer come with restore discs these days - instead they have a "restore partition" on the hard disc which unfortunately also can be doctored (although it's harder to do). If you want to be sure, get someone to restore it all properly from CDs/DVDs that have not been confiscated.

3. Bear in mind that the ROM (a silicon chip) of a machine can also be compromised! There is an anti-theft product on the market that modifies the contents of the "boot sequence" software, so that it sends out a regular tracking signal over the internet. This is a good thing if your machine is stolen, as it helps the owner find their machine even if the operating system is wiped and reinstalled. However the same technology is available to the police/authorities and can be used to install keystroke loggers to discover your encryption passwords. To combat this, the "BIOS" needs to be reinstalled (or "reflashed"). Again this requires an expert.

4. The problems with the security certificate are almost certainly NOT evidence that the cops are intercepting your visits/posts to IM. They are there (I believe) because IM has not purchased "legitimate" server certificates from a certifying authority. This might be because IM admins don't believe in having an "authority" (as IM is anti-authoritarian) but also because certificates can be expensive, and IM presumably isn't awash with cash. A properly working/purchased certificate only guarantees so much anyway - if the certifying authority was to hand over the certificate private key to the police, they would be able to decrypt everything you do. (There's no evidence that this is rife however, since if it was made public, it would start to degrade public trust in buying online, which the certifying authorities rely on to continue their business).

5. Lastly keep backups of everything you want to keep, and give them to your non-activist friends for safe storage. Keep stuff encrypted at your own house and (in general) unencrypted at your friends' houses (unless you have special reason to be worried, in which case keep it encrypted everywhere). The reason I suggest keeping it unencrypted is that if your encryption fails (or you forget your password) you have a backup that you can rely on! Encryption is great but it can cause you more problems than it solves if you are not careful. Never refer to backups in instant messaging, text, email or telephone calls otherwise the police will be able to find out where you keep copies.

Think that's about it.

Jon


An effective solution....

12.10.2008 08:11

Instead of using Windows, (or MAC OS or even normal Linux), you should all be using this:

 http://mandalka.name/privatix/index.html.en

You can run it in a "Virtual Machine" on any Windows computer and it will leave no traces of what you have been doing, (except on the encrypted USB key). This means that you can have a normal OS that you use for "normal" activities and a separate OS for any more "controversial" activities.

It works....


Microsoft sucks!

12.10.2008 13:26

There is a type of spyware in the windose registry that spyware doesn't pick up, that is microsofts MRU files.
The Most Recently Used files log every file you've opened and saved.

How to Clear the Windows Explorer MRU Lists
 http://support.microsoft.com/kb/142298

also delete the entries in-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet_Explorer\Typed

I also recommend overwiting the IE history folder and deleting the info in that .dat file which is hidden in that folder.

EnCase user!


more on this

13.10.2008 00:55

You can now run entire operating systems from a CD ROM - these run slower but do not leave any trace of files after they have been turned off. Similarly, you can run entire an entire system off a USB drive now... if you were to do this and periodically erase the free space using a program like Eraser then you would be safe too.

If you are surfing you can use TOR too - though again, it is slower than accessing the Internet directly.

Let's be honest though, there is no real chance of privacy when every mobile phone is a potential police microphone and location finder, records of net activity are kept for years, and DNA evidence can be retrieved from any computer. I reckon the cops are gonna be one step ahead of this on this one...but they don't have the money, resources, or expertise at present to follow-up on absolutely every case - they will reserve this for really high profile issues.

I would be interested to hear about any really foolproof means of having total privacy using a PC.

Krop


How to clean Firefox's history

22.10.2008 12:46

Firefox's history files are in weird .MORK files which can be accessed with Mork.pl

Mainly they are accessed from their history.dat file which can be opened with Notepad.
in XP-
C:\Documents and settings\\application Data\Mozilla\Profiles\\history.dat
in Linux-
~/.Mozilla/profiles//history.dat

OR from the cookie data
C:\Documents and settings\\application Data\Mozilla\Profiles\\cookies.dat
~/.Mozilla/profiles//history.dat

also in linux browse this URL-
about:cache

Nicola