Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Travel with notebook habit

Julian Oliver julian at julianoliver.com
Thu Dec 27 16:56:25 PST 2012


..on Thu, Dec 27, 2012 at 09:51:02PM +0100, Jerzy Łogiewa wrote:
> I am just reading this,
> http://www.schneier.com/blog/archives/2012/12/breaking_hard-d.html
> 
> Can we start some discussion about good notebook travel habit? I have read
> Jacob Appelbaum say he does not travel with _ANY_ drive in notebook, and this
> seem to be extreme.
> 
> Without removing drive, what is the best habit for FDE for prevent attacks as
> Schneier describe? Full power-down? No hibernate file? Any other things?

Well, it's not the disk but what's on it. 

I don't trust closed platforms like OS X or Windows systems. Take what I write
with a grain of salt but here's my general approach on a GNU/Linux system:

First tar up all the documents/files you need at the destination, note the
md5sum and then securely copy them to a server you trust. Then start an sshd
instance on port 443 (https) on the file server, so as to get around standard
filtering on port 22 on the other end. Even some hotels filter against ssh but
none do 443.

Then set up two bootable stock Linux distributions with *full disk encryption*
on fast USB sticks andsetup user accounts. Ensure tsocks, macchanger and Tor
Browser Bundle, ssh, nmap and a few other basics are on the machine. Install Do
Not Track plugin (or similar) alongside a User Agent Switcher. Take the actual
hard disk out of the machine. Put one stick in your pocket and another in your
check-in luggage. Take a few external USB wireless internet adapters with you.

Take the plane/train/car over the border.

On arrival and when you know you have an Internet gateway, plug one of the
sticks in and boot up and get online using the external USB wireless adapter. If
you have a link using Ethernet cable (RJ45) with an onboard Ethernet adapter
then use it but only if you change your MAC address. Use macchanger to do this
like so:

    sudo ifconfig eth0 down # now plug in Ethernet cable
    sudo macchanger -A eth0 # A random hardware address will be assigned
    sudo ifconfig eth0 up
    sudo dhclient eth0

Now securely copy all the files back onto the local machine as a torified
instance (only with tsocks to avoid UDP and DNS leaks) something like so:

    cd
    torify scp -P 443 you at remotehost.net:/path/to/files.tar.gz .
    md5sum files.tar.gz # check it's the real deal against noted md5sum earlier
    tar xvzf files.tar.gz

Avoid using any web services that track you across sites (at the least use Do
Not Track plugins and the like). Change your User Agent in the Torified browser
you use to something ubiquitous like the Android browser (most popular
smartphone by 3x in most countries). Always use SSL when connecting to mail
services and the like.

Before you fly again destroy that USB stick physically (smash with hammer and
then burn). Destroy the USB network adapter you purchased also. Buy another USB
stick, copy from the other stick you have (use 'dd' or 'cpio') and fly.

I'm sure there's a far more user friendly approach that's sane enough out in the
field. One can't expect journalists to learn the CLI (albeit I think anyone that
needs to trust their machine, isolate and mitigate network threats (among
others) ought to!).

Cheers,

-- 
Julian Oliver
http://julianoliver.com
http://criticalengineering.org



More information about the liberationtech mailing list