Police bugged SHAC, but what else did they do?
Collins | 10.10.2008 12:44 | SHAC | Animal Liberation
Police have admitted to bugging SHAC, however it's what tehy don't admit to that is more interesting.
As expected SHAC was bugged by the police. This isn't a surprise. What is interesting is that Police have knowledge of files that SHAC supposedly securely erased.
This means that either the police had an virus on SHAC members computers or that SHAC has a apolice informer in it's ranks.It is likely that both are true however the amount of knowledge police seem to have could only have been acquired by them having a software bug on SHAC computers.
This is something all activists must be careful about. The Police are putting backdoors onto peoples computers. Virus checkers won't spot them as they will not be known by anti-virus companies.
What can we do against this new threat?
This means that either the police had an virus on SHAC members computers or that SHAC has a apolice informer in it's ranks.It is likely that both are true however the amount of knowledge police seem to have could only have been acquired by them having a software bug on SHAC computers.
This is something all activists must be careful about. The Police are putting backdoors onto peoples computers. Virus checkers won't spot them as they will not be known by anti-virus companies.
What can we do against this new threat?
Collins
Comments
Hide the following 17 comments
Well you can make it harder
10.10.2008 12:53
Alpha Geek
Don not assume Linux =safe
10.10.2008 13:03
Beta Geek
autosave was probably to blame
10.10.2008 13:15
Even if you securely delete the final plaintext copy, fragments of these insecurely deleted autosaved files could still remain on the disk.
The lessons are:
* Don't put sensitive information on computers unless absolutely necessary.
* Use full disk encryption rather than relying on encryption of specific files or partitions.
Full disk encryption means everything on the disk is encrypted - the operating system, the applications, and the files. There is some good free and open source full disk encryption software called Truecrypt:
http://www.truecrypt.org/
Remember also to shut down or lock the computer when you are away from it - if they gain access to your computer while it is running and open, all the encryption will be useless.
supporter
I agree
10.10.2008 13:45
Alpha Geek
sauce?
10.10.2008 13:54
> What is interesting is that Police have knowledge of files that
> SHAC supposedly securely erased.
Care to share where this is from?
hp
Risks of full disk encryption
10.10.2008 15:21
The risks are:
1) The thumbscrew attack: use some form of torture to get the person to give up their passphrase.
2) Weak passphrase: don't use you dog's name, and make it long and difficult to guess!
3) Keyloggers: unless you are with your computer 24/7, someone can gain physical access to your computer and plant a hardware keylogger that records all your keystrokes - including when you type in the passphrase.
4) Firewire ports: firewire/iLink ports have direct access to the computer memory, which would necessarily include the decryption key. Remove or disable your firewire ports.
5) Access to a running computer: protecting from someone who has physical access to a computer is difficult at the best of times, but if it is powered on, it is even more difficult. Set your computer to use a locking screensaver, and turn it on when you are not sat at the computer.
supporter
Why not use macs?
10.10.2008 17:05
Mac fan
What actually happened..
10.10.2008 17:18
They were not aware of this, and what the police have got their hands on are the automatically saved files which weren't encrypted.
There was no virus, they dont know their passwords and they havent got anywhere near as many recovered files as they are making out.
So everyone please stop worrying!
I highly suggest everyone gets full disk encryption
A friend of SHAC
Homepage: http://www.shac.net
Good to know BUT who was advising them?
10.10.2008 17:29
But it is good to know that it;s simple cock up and not a super PLOD black helicopter squad :)
Another Mac Fan
re: What actually happened
10.10.2008 18:12
Collins
Don't rely on disk free space wipers
10.10.2008 19:43
Tools that wipe the free space take a long time and aren't always guaranteed to work. Also, you would have to run them every time you edited your file, since you never know when you might get a visit. That makes them practically useless, in my opinion.
If you want security, full disk encryption is the only way to go. And even then, be aware of the possible risks (see my earlier post).
Note that if you use Thunderbird, it is possible to turn off autosave of emails you are writing. It's probably a good idea to do this even if you use full disk encryption, just as another layer of security.
supporter
A Very Real concern
11.10.2008 09:26
Every time I post I get to a page stating there is a problem with the security certificate - what does this mean?
I would be interested in others views - it is worth noting that there was almost certainly an informer within shac - also that one group are pleading guilty to conspiracy to black mail while the others (with heather Nicholson) are pleading not guilty
George Coombs
e-mail: georgecmbs@tiscali.co.uk
Some comments
11.10.2008 12:11
2. If your computer is taken by the police at any time, if you want to be very careful it is wise to assume that the operating system has been "doctored", perhaps to record keystrokes for transmission to the internet. This is a touch paranoid, to be fair, and unless you're a terrorist there's a chance that the police won't spend the time/money doing this. It may also be illegal (though that may not stop them). If your computer is returned to you after "evidence gathering" then personally I would wipe the entire operating system and reinstall it. Usually this is not for the faint-hearted as it can be a pig to do. Many machines no longer come with restore discs these days - instead they have a "restore partition" on the hard disc which unfortunately also can be doctored (although it's harder to do). If you want to be sure, get someone to restore it all properly from CDs/DVDs that have not been confiscated.
3. Bear in mind that the ROM (a silicon chip) of a machine can also be compromised! There is an anti-theft product on the market that modifies the contents of the "boot sequence" software, so that it sends out a regular tracking signal over the internet. This is a good thing if your machine is stolen, as it helps the owner find their machine even if the operating system is wiped and reinstalled. However the same technology is available to the police/authorities and can be used to install keystroke loggers to discover your encryption passwords. To combat this, the "BIOS" needs to be reinstalled (or "reflashed"). Again this requires an expert.
4. The problems with the security certificate are almost certainly NOT evidence that the cops are intercepting your visits/posts to IM. They are there (I believe) because IM has not purchased "legitimate" server certificates from a certifying authority. This might be because IM admins don't believe in having an "authority" (as IM is anti-authoritarian) but also because certificates can be expensive, and IM presumably isn't awash with cash. A properly working/purchased certificate only guarantees so much anyway - if the certifying authority was to hand over the certificate private key to the police, they would be able to decrypt everything you do. (There's no evidence that this is rife however, since if it was made public, it would start to degrade public trust in buying online, which the certifying authorities rely on to continue their business).
5. Lastly keep backups of everything you want to keep, and give them to your non-activist friends for safe storage. Keep stuff encrypted at your own house and (in general) unencrypted at your friends' houses (unless you have special reason to be worried, in which case keep it encrypted everywhere). The reason I suggest keeping it unencrypted is that if your encryption fails (or you forget your password) you have a backup that you can rely on! Encryption is great but it can cause you more problems than it solves if you are not careful. Never refer to backups in instant messaging, text, email or telephone calls otherwise the police will be able to find out where you keep copies.
Think that's about it.
Jon
An effective solution....
12.10.2008 08:11
http://mandalka.name/privatix/index.html.en
You can run it in a "Virtual Machine" on any Windows computer and it will leave no traces of what you have been doing, (except on the encrypted USB key). This means that you can have a normal OS that you use for "normal" activities and a separate OS for any more "controversial" activities.
It works....
Microsoft sucks!
12.10.2008 13:26
The Most Recently Used files log every file you've opened and saved.
How to Clear the Windows Explorer MRU Lists
http://support.microsoft.com/kb/142298
also delete the entries in-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet_Explorer\Typed
I also recommend overwiting the IE history folder and deleting the info in that .dat file which is hidden in that folder.
EnCase user!
more on this
13.10.2008 00:55
If you are surfing you can use TOR too - though again, it is slower than accessing the Internet directly.
Let's be honest though, there is no real chance of privacy when every mobile phone is a potential police microphone and location finder, records of net activity are kept for years, and DNA evidence can be retrieved from any computer. I reckon the cops are gonna be one step ahead of this on this one...but they don't have the money, resources, or expertise at present to follow-up on absolutely every case - they will reserve this for really high profile issues.
I would be interested to hear about any really foolproof means of having total privacy using a PC.
Krop
How to clean Firefox's history
22.10.2008 12:46
Mainly they are accessed from their history.dat file which can be opened with Notepad.
in XP-
C:\Documents and settings\\application Data\Mozilla\Profiles\\history.dat
in Linux-
~/.Mozilla/profiles//history.dat
OR from the cookie data
C:\Documents and settings\\application Data\Mozilla\Profiles\\cookies.dat
~/.Mozilla/profiles//history.dat
also in linux browse this URL-
about:cache
Nicola