Can someone just remove my hard disk and copy the contents?

Discussion in 'Computer Security' started by myahact@yahoo.ca, Jan 21, 2006.

  1. Guest

    Hello,

    Suppose I leave my laptop at work for the weekend, couldn't someone
    unscrew the hard-disk panel, remove the hard-disk, plug into it some
    gizmo and copy all my data? If so, would that leave a physical trace
    like a broken seal or something, or perhaps a system log entry where
    the date and time would be written?
     
    , Jan 21, 2006
    #1
    1. Advertising

  2. nemo_outis Guest

    wrote in news:1137869689.171283.136540
    @o13g2000cwo.googlegroups.com:

    > Hello,
    >
    > Suppose I leave my laptop at work for the weekend, couldn't someone
    > unscrew the hard-disk panel, remove the hard-disk, plug into it some
    > gizmo and copy all my data?


    Yes (for most brands - a few have encryption interlocks tied to the BIOS)

    > If so, would that leave a physical trace
    > like a broken seal or something, or perhaps a system log entry where
    > the date and time would be written?


    Probably not.

    Regards,

    PS Although it's far better practice to take the damned thing with you
    (physical security through continuous control and custody is the bedrock)
    you could use numbered tamper-indicating seals yourself to make it more
    difficult to open the case undetected.

    Be aware thouigh that this will not stop the truly skilled or determined.
    The group at LANL has done extensive studies on such matters and almost all
    seals can be defeated fairly easily - even expensive sophisticated ones.

    PPS Any laptop **should** use full OTFE HD encryption if it contains
    anything beyond the most unimportant and trivial.
     
    nemo_outis, Jan 21, 2006
    #2
    1. Advertising

  3. Notan Guest

    nemo_outis wrote:
    >
    > wrote in news:1137869689.171283.136540
    > @o13g2000cwo.googlegroups.com:
    >
    > > Hello,
    > >
    > > Suppose I leave my laptop at work for the weekend, couldn't someone
    > > unscrew the hard-disk panel, remove the hard-disk, plug into it some
    > > gizmo and copy all my data?

    >
    > Yes (for most brands - a few have encryption interlocks tied to the BIOS)
    >
    > > If so, would that leave a physical trace
    > > like a broken seal or something, or perhaps a system log entry where
    > > the date and time would be written?

    >
    > Probably not.
    >
    > Regards,
    >
    > PS Although it's far better practice to take the damned thing with you
    > (physical security through continuous control and custody is the bedrock)
    > you could use numbered tamper-indicating seals yourself to make it more
    > difficult to open the case undetected.
    >
    > Be aware thouigh that this will not stop the truly skilled or determined.
    > The group at LANL has done extensive studies on such matters and almost all
    > seals can be defeated fairly easily - even expensive sophisticated ones.
    >
    > PPS Any laptop **should** use full OTFE HD encryption if it contains
    > anything beyond the most unimportant and trivial.


    When you say , "... almost all seals can be defeated fairly easily,"
    are you referring to hard drive passwords?

    If so, care to share some references?

    Thanks!

    Notan
     
    Notan, Jan 21, 2006
    #3
  4. nemo_outis Guest

    >> PS Although it's far better practice to take the damned thing with
    >> you (physical security through continuous control and custody is the
    >> bedrock) you could use numbered tamper-indicating seals yourself to
    >> make it more difficult to open the case undetected.
    >>
    >> Be aware thouigh that this will not stop the truly skilled or
    >> determined. The group at LANL has done extensive studies on such
    >> matters and almost all seals can be defeated fairly easily - even
    >> expensive sophisticated ones.
    >>
    >> PPS Any laptop **should** use full OTFE HD encryption if it
    >> contains anything beyond the most unimportant and trivial.

    >
    > When you say , "... almost all seals can be defeated fairly easily,"
    > are you referring to hard drive passwords?
    >
    > If so, care to share some references?
    >
    > Thanks!
    >
    > Notan
    >



    Nope, I'm talking about physical seals and such (e.g., stick-on numbered
    seals that self-destruct, reveal the word "tamper," etc. when someone
    attempts to remove and replace them.)

    LANL does research and publishes a journal on such matters (they got their
    start doing high-end assessment on secure shipping of nuclear materials).
    Ross Anderson references ther work in Security Engineering. Unfortunately,
    many online articles are no longer available for download but they will
    send you them on CD.

    http://pearl1.lanl.gov/seals/downloadable_papers.htm

    Regards,
     
    nemo_outis, Jan 21, 2006
    #4
  5. myahact wrote:

    > Hello,
    >
    > Suppose I leave my laptop at work for the weekend, couldn't someone
    > unscrew the hard-disk panel, remove the hard-disk, plug into it some gizmo
    > and copy all my data? If so, would that leave a physical trace like a
    > broken seal or something, or perhaps a system log entry where the date and
    > time would be written?


    Yes, not if there were no seals to break (their usually aren't), and no.

    Your best bet for detecting a compromise like the would be physical
    evidence though... fingerprints, small scratches where tools leave their
    marks, etc. Unless something very strange happens, there will be no
    "electrical" evidence. No changes in any of your data.
     
    Borked Pseudo Mailed, Jan 21, 2006
    #5
  6. Jim Watt Guest

    On 21 Jan 2006 20:24:31 GMT, "nemo_outis" <> wrote:

    >> When you say , "... almost all seals can be defeated fairly easily,"


    When I was in the freight business we had a shipment of watches
    that changed into sand in transit, the security seals were intact.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jan 21, 2006
    #6
  7. V.B. Guest

    The shipment was probably sand to start off with....

    V

    "Jim Watt" <_way> wrote in message
    news:...
    > On 21 Jan 2006 20:24:31 GMT, "nemo_outis" <> wrote:
    >
    > >> When you say , "... almost all seals can be defeated fairly easily,"

    >
    > When I was in the freight business we had a shipment of watches
    > that changed into sand in transit, the security seals were intact.
    > --
    > Jim Watt
    > http://www.gibnet.com
     
    V.B., Jan 22, 2006
    #7
  8. Jim Watt Guest

    On Sun, 22 Jan 2006 08:36:50 -0500, "V.B." <> wrote:

    >The shipment was probably sand to start off with....


    No, someone removed the contents and replaced them with sand
    and the seals seemed intact. As the goods were checked by weighing
    the sand was necessary to hide the substitution.

    The police caught the people involved when they started selling
    the watches.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jan 22, 2006
    #8
  9. ~David~ Guest

    Yes, someone could get into your laptop that way and steal your
    data. Like the other replies said, a few brands have locks or ways
    to try and prevent that but most of them can be broken. The best
    way to prevent this is to put your laptop in a physically secure
    location.

    Aside from that, if you are really paranoid or need ultra-security,
    there are programs and products that will encrypt the whole drive
    contents for you, such as TrueCrypt, PGP whole-disk, and loop-aes
    (linux only). To be honest, these programs are usually more trouble
    than they are worth ($$$, time, risk of data loss) but if you need
    the data ultra-secure, they will do that.

    ~David~

    wrote:
    > Hello,
    >
    > Suppose I leave my laptop at work for the weekend, couldn't someone
    > unscrew the hard-disk panel, remove the hard-disk, plug into it some
    > gizmo and copy all my data? If so, would that leave a physical trace
    > like a broken seal or something, or perhaps a system log entry where
    > the date and time would be written?
    >
     
    ~David~, Jan 22, 2006
    #9
  10. cypher Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ~David~ <> wrote in
    news:FzOAf.1754$:

    > Aside from that, if you are really paranoid or need
    > ultra-security, there are programs and products that will
    > encrypt the whole drive contents for you, such as
    > TrueCrypt, PGP whole-disk, and loop-aes (linux only).


    TrueCrypt can't encrypt whole drive. It can encrypt
    partitions but not the system partition. There is also
    DriveCrypt Plus Pack, a really good program for whole drive
    encryption. Many Linux/UNIX distributions have their own
    crypto drivers for whole disk encryption.


    >To be honest, these programs are usually more trouble
    > than they are worth ($$$, time, risk of data loss) but if
    > you need the data ultra-secure, they will do that.


    Trouble? DriveCrypt Plus Pack is really easy to use. You need
    just enter the password/USB key when computer boots and
    that's all. Installation is also easy. TrueCrypt can't
    encrypt your system partition, but it can encrypt other
    partitions and/or make encrypted files that can be mounted
    like partitions. They are very stable, user-friendly and
    don't cause any problems. TrueCrypt is free. Risk of data
    loss always exists, you should *always* have backups.

    > wrote:
    >> Hello,
    >>
    >> Suppose I leave my laptop at work for the weekend,
    >> couldn't someone unscrew the hard-disk panel, remove the
    >> hard-disk, plug into it some gizmo and copy all my data?
    >> If so, would that leave a physical trace like a broken
    >> seal or something, or perhaps a system log entry where
    >> the date and time would be written?


    Why do you want to leave your laptop at work? There are some
    simpler ways to get to your data other than unscrewing the
    HDD. Besides somebody could install a bug/keylogger/malicious
    software on your laptop. If you don't have to-don't leave it.
    If you must-leave it in a safe place if you have some
    important data on it.

    cypher

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQ9TtvSPnLg7nPH4AEQJRKACfSDhSGYNbP8YDHPzVOS7fLBEDTasAnR7A
    f9sN0YHfjAwbIusg3yMkQTNv
    =vZM4
    -----END PGP SIGNATURE-----
     
    cypher, Jan 23, 2006
    #10
  11. blackhat Guest

    Yep, and it may not leave any trace at all, consider full disk
    encryption, or at least encryption of your personal files as a solution
     
    blackhat, Jan 24, 2006
    #11
  12. blackhat wrote:

    > Yep, and it may not leave any trace at all, consider full disk encryption,
    > or at least encryption of your personal files as a solution


    You're missing the point entirely. Whole disk encryption would have
    an unacceptably high chance of failure scenario. It does absolutely
    nothing to prevent someone from physically copying the drive if they have
    that sort of access to the hardware, and having that access means it's a
    fair bet they would install a logging device that would capture the keys
    to unlock the stolen data with what can only be called "ease". :(

    That you'd suggest a software solution to a physical security problem only
    belies your ignorance. What's needed in this case is either a better
    "seal", like a vault or safe, or to simply keep possession of the
    hardware. There's also a couple other possibilities like a surveillance
    "honey pot" that might have something to do with cameras or such....

    You I understand, you're a sock puppet wannabe. But I'm honestly a bit
    surprised nemo didn't see through to this simple logic. <sigh>
     
    Borked Pseudo Mailed, Jan 24, 2006
    #12
  13. blackhat Guest

    >You're missing the point entirely. Whole disk encryption would have
    >an unacceptably high chance of failure scenario. It does absolutely
    >nothing to prevent someone from physically copying the drive if they have
    >that sort of access to the hardware, and having that access means it's a


    They would copy a disk full of encrypted giberish, and if a half decent
    encryption program is used wouldn't have access to the information on
    the disk

    >fair bet they would install a logging device that would capture the keys
    >to unlock the stolen data with what can only be called "ease". :(


    They can't install a key logger on an encrypted disk

    >That you'd suggest a software solution to a physical security problem only
    >belies your ignorance. What's needed in this case is either a better
    >"seal", like a vault or safe, or to simply keep possession of the


    Not everyone has the luxury of a safe to keep their computer in, I
    suppose you do?

    >hardware. There's also a couple other possibilities like a surveillance
    >"honey pot" that might have something to do with cameras or such....


    >You I understand, you're a sock puppet wannabe. But I'm honestly a bit
    >surprised nemo didn't see through to this simple logic. <sigh>


    You sound like an ignorant troll because you are.
     
    blackhat, Jan 24, 2006
    #13
  14. nemo_outis Guest

    Borked Pseudo Mailed <> wrote in
    news::

    > blackhat wrote:
    >
    >> Yep, and it may not leave any trace at all, consider full disk
    >> encryption, or at least encryption of your personal files as a
    >> solution

    >
    > You're missing the point entirely. Whole disk encryption would have
    > an unacceptably high chance of failure scenario. It does absolutely
    > nothing to prevent someone from physically copying the drive if they
    > have that sort of access to the hardware, and having that access means
    > it's a fair bet they would install a logging device that would capture
    > the keys to unlock the stolen data with what can only be called
    > "ease". :(
    >
    > That you'd suggest a software solution to a physical security problem
    > only belies your ignorance. What's needed in this case is either a
    > better "seal", like a vault or safe, or to simply keep possession of
    > the hardware. There's also a couple other possibilities like a
    > surveillance "honey pot" that might have something to do with cameras
    > or such....
    >
    > You I understand, you're a sock puppet wannabe. But I'm honestly a bit
    > surprised nemo didn't see through to this simple logic. <sigh>




    If you revisit my first post in this thread you will note that physical
    security through control and custody was my primary recommendation; full HD
    OTFE encryption was mentioned as an additional level of protection.

    Regards,

    PS Full HD encryption gives (nearly) complete protection against software
    keyloggers, or reading or modification of data (including the OS and
    related structures as well as user data). It cannot, of course, protect
    against compromises in hardware (e.g., hardware keyloggers, compromised
    BIOS, etc.)
     
    nemo_outis, Jan 24, 2006
    #14
  15. Guest

    Actually I copy HDD all the time. I boot the PC off of a USB drive
    running damn small linux, then clone the drive to USB mass storage. I
    can then pick through the disk at my time.
     
    , Jan 25, 2006
    #15
  16. nemo_outis Guest

    wrote in news:1138155636.360222.206820
    @g44g2000cwa.googlegroups.com:

    > Actually I copy HDD all the time. I boot the PC off of a USB drive
    > running damn small linux, then clone the drive to USB mass storage. I
    > can then pick through the disk at my time.
    >
    >




    If someone has had the foresight to use full HD OTFE encryption you will
    find this a most unrewarding pursuit. ...which is precisely why I
    recommend it.

    Regards,
     
    nemo_outis, Jan 25, 2006
    #16
  17. nemo_outis wrote:

    >> That you'd suggest a software solution to a physical security problem
    >> only belies your ignorance. What's needed in this case is either a
    >> better "seal", like a vault or safe, or to simply keep possession of the
    >> hardware. There's also a couple other possibilities like a surveillance
    >> "honey pot" that might have something to do with cameras or such....
    >>
    >> You I understand, you're a sock puppet wannabe. But I'm honestly a bit
    >> surprised nemo didn't see through to this simple logic. <sigh>

    >
    > If you revisit my first post in this thread you will note that physical
    > security through control and custody was my primary recommendation; full
    > HD OTFE encryption was mentioned as an additional level of protection.


    I must have missed that. The server I'm pulling from is having problems at
    the moment. Like I said, I would have been surprised if you'd not at least
    addressed physical security. ;)

    > PS Full HD encryption gives (nearly) complete protection against software
    > keyloggers, or reading or modification of data (including the OS and


    Which is why I plainly said "device"....

    > related structures as well as user data). It cannot, of course, protect
    > against compromises in hardware (e.g., hardware keyloggers, compromised
    > BIOS, etc.)


    Of course. And in the scenario at hand physical compromise /is/ the
    problem. The OP didn't even really ask about protecting data, except as a
    side effect of recognizing potential physical threat. Encryption of any
    type is essentially useless in that poster's scenario.

    The only exception I might see is OTFE with some sort of "smart card" or
    ephemeral authentication. I could ALMOST go along with a solution where an
    authentication stream couldn't be duplicated. Not just a "keys on thumb
    drive" scenario because they too can be "logged".
     
    Borked Pseudo Mailed, Jan 25, 2006
    #17
  18. blackhat wrote:

    >>You're missing the point entirely. Whole disk encryption would have an
    >>unacceptably high chance of failure scenario. It does absolutely nothing
    >>to prevent someone from physically copying the drive if they have that
    >>sort of access to the hardware, and having that access means it's a

    >
    > They would copy a disk full of encrypted giberish, and if a half decent
    > encryption program is used wouldn't have access to the information on the
    > disk


    Unless they also had the keys to that encryption, typically a pass phrase,
    which is where a device that captures pass phrases just might come in
    handy. Don'tcha think?

    >>fair bet they would install a logging device that would capture the keys
    >>to unlock the stolen data with what can only be called "ease". :(

    >
    > They can't install a key logger on an encrypted disk


    Did you fail to see the word "device", are you too illiterate to
    comprehend its meaning, or are you just too damned dishonest to admit
    that someone with access to a piece of hardware housing an encrypted disk
    would logically use such a device to circumvent that encryption?

    Seriously. I'm genuinely curious. You going with blind, dumb, or just flat
    out lying here?

    >>That you'd suggest a software solution to a physical security problem
    >>only belies your ignorance. What's needed in this case is either a better
    >>"seal", like a vault or safe, or to simply keep possession of the

    >
    > Not everyone has the luxury of a safe to keep their computer in, I suppose
    > you do?


    Matter of fact yes I do, but that's beside the point. The question was
    about securing something that's physically vulnerable to compromise
    regardless of any disk encryption. The answer to a physical vulnerability
    generally isn't an "ephemeral" software solution. It's CERTAINLY not in
    this scenario anyway.

    If the hardware is worth securing then the proper physical solutions will
    be applied or the hardware and its data will be at risk. Again, simple
    math. Just no way around the facts, sorry about your luck.

    >>hardware. There's also a couple other possibilities like a surveillance
    >>"honey pot" that might have something to do with cameras or such....

    >
    >>You I understand, you're a sock puppet wannabe. But I'm honestly a bit
    >>surprised nemo didn't see through to this simple logic. <sigh>

    >
    > You sound like an ignorant troll because you are.


    How does it feel to be so easily and thoroughly proven an incompetent
    buffoon by an ignorant troll? To have "ignorance" be your master? :)
     
    George Orwell, Jan 25, 2006
    #18
  19. blackhat Guest

    >>>Unless they also had the keys to that encryption, typically a pass phrase,
    >>>which is where a device that captures pass phrases just might come in
    >>>handy. Don'tcha think?


    No, if you use the proper encryption program it will take the password
    before the boot and windows loading in, any key logger won't be in
    operation yet... don't cha think? Missed that one did you, lol

    >>fair bet they would install a logging device that would capture the keys
    >>to unlock the stolen data with what can only be called "ease". :(


    > They can't install a key logger on an encrypted disk


    >>>Did you fail to see the word "device", are you too illiterate to
    >>>comprehend its meaning, or are you just too damned dishonest to admit
    >>>that someone with access to a piece of hardware housing an encrypted disk
    >>>would logically use such a device to circumvent that encryption?


    It's usually a fool or a real dishonest troll that starts calling
    names, anyway as I mentioned there are very capable encryption programs
    out there that can provide protection against loggers and other
    concerns, but only if the logger isn't already on the machine. If it
    is, it has to be detected and removed before any encryption.

    >>>Seriously. I'm genuinely curious. You going with blind, dumb, or just flat
    >>>out lying here?


    Neither, but I think you are, have a nice day!
     
    blackhat, Jan 25, 2006
    #19
  20. TwistyCreek Guest

    blackhat wrote:

    >>>>Unless they also had the keys to that encryption, typically a pass
    >>>>phrase, which is where a device that captures pass phrases just might
    >>>>come in handy. Don'tcha think?

    >
    > No, if you use the proper encryption program it will take the password
    > before the boot and windows loading in, any key logger won't be in
    > operation yet... don't cha think? Missed that one did you, lol


    Uh, dumbass.... hardware keyloggers don't give a flying **** about
    Windows, booting, or what's in or not in "operation" except MAYBE for a
    power supply.

    And you talk about someone else "missing something"?

    <chuckle>

    Whata moron!

    >>>fair bet they would install a logging device that would capture the keys
    >>>to unlock the stolen data with what can only be called "ease". :(

    >
    >> They can't install a key logger on an encrypted disk

    >
    >>>>Did you fail to see the word "device", are you too illiterate to
    >>>>comprehend its meaning, or are you just too damned dishonest to admit
    >>>>that someone with access to a piece of hardware housing an encrypted
    >>>>disk would logically use such a device to circumvent that encryption?

    >
    > It's usually a fool or a real dishonest troll that starts calling names,


    Maybe, but not this time. You're an idiot. An incompetent dimbulb spewing
    useless advice when you haven't a single clue, and you just got through
    demonstrating that fact with your special brand of practiced deftness for
    about the 186,901,271st time.

    Even neophytes with a moderate interest in security quickly grasp
    basic concepts like software being essentially defenseless against an
    attacker with access to the hardware it's running on, but here YOU are
    defending the ridiculously indefensible not once, but 3 or 4 times now.
    Just like some retarded record player skipping on "I'm a fukwit!".

    > anyway as I mentioned there are very capable encryption programs out there
    > that can provide protection against loggers and other concerns, but only
    > if the logger isn't already on the machine. If it is, it has to be
    > detected and removed before any encryption.
    >
    >>>>Seriously. I'm genuinely curious. You going with blind, dumb, or just
    >>>>flat out lying here?

    >
    > Neither, but I think you are, have a nice day!


    I am, believe me. Every time I get the chance to grind one of you addle
    minded trolls under my heel it's a dandy day indeed. :)

    Now make it complete by coming back with some more of your head shaking
    stupidity. Or better yet, dive head long into some more of your one-line,
    third rate attempts at insulting someone. You know it's all you have left,
    so dance for me some more...... sockpuppet.
     
    TwistyCreek, Jan 25, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gary
    Replies:
    2
    Views:
    847
    Walter Mautner
    Oct 28, 2004
  2. Spin
    Replies:
    7
    Views:
    766
    Bill in Co.
    Apr 9, 2008
  3. Spin
    Replies:
    10
    Views:
    2,947
    Bill in Co.
    Apr 9, 2008
  4. Mark C
    Replies:
    31
    Views:
    3,083
    Mark C
    May 15, 2009
  5. Mark C
    Replies:
    0
    Views:
    555
    Mark C
    May 10, 2009
Loading...

Share This Page