Is Your Laptop Betraying You?
In 2013 the Guardian was ordered to destroy laptops containing the Snowden documents under supervision of GCHQ. The British secret service insisted on the meticulous destruction of seemingly unimportant components like the keyboard and battery controllers, causing two cybersecurity experts to ask: besides the hard drive, where is our data stored?
Mustafa Al-Bassam and Richard Tynan investigated the destruction process of the Guardian's MacBooks [background story at the bottom of the page]....
In 2013 the Guardian was ordered to destroy laptops containing the Snowden documents under supervision of GCHQ. The British secret service insisted on the meticulous destruction of seemingly unimportant components like the keyboard and battery controllers, causing two cybersecurity experts to ask: besides the hard drive, where is our data stored?
Mustafa Al-Bassam and Richard Tynan investigated the destruction process of the Guardian's MacBooks [background story at the bottom of the page]. Al-Bassam is a security and privacy consultant and formerly known as tflow, one of the LulzSec hackers. Tynan is a technologist specialized in surveillance technologies working for Privacy International, a human rights organization focused on privacy intrusions by government and businesses.
When they learned eradicating the data wasn't simply a matter of pulverizing the hard disks or feeding the machines into a shredder, they became suspicious. If these commonly used methods aren't sufficient in the eyes of GCHQ, then what do they know about our devices that we don't? Do our computers store data in places we aren't aware of?
Al-Bassam and Tynan gave a talk about their investigation during the Chaos Communication Camp 2015, the largest outdoor hacker gathering in Europe. Held in a huge tent, the talk started after a short delay because a summer storm caused a temporary blackout. The power grid – like the gigabit ethernet and GSM network – had been installed by the hackers themselves to boost the facilities of Ziegeleipark Mildenberg, an industrial heritage site some 60 kilometers north of Berlin, to provide for the not insignificant power needs of the 4500 participants.
The Guardian had been given very specific instructions by GCHQ on which components to destroy and how to destroy them. When Al-Bassam and Tynan looked into it, they found that the track pad controller had been targeted for destruction while chips sitting next to it were left alone. The controller turned out to be a flash chip that can store up to 2 megabits of memory, said Al-Bassam.
The two identified more components that were targeted by GCHQ, like the keyboard controller and battery controller, which reveals something about what computers actually are. Al-Bassam explained by paraphrasing security expert Dan Kaminsky: “The biggest lie about your computer is that its just one computer. In fact your computer is actually many computers all networked together. And”, he added, “each of those computers has its own firmware and as a consequence its own storage.”
Not knowing where our data resides and, consequently, not knowing how to make sure it is completely eradicated reduces ownership of our devices. Tynan said: “From a privacy perspective we need to empower users with knowledge about what their devices do and where they store the information. More importantly, when we want to destroy our information we should have a right to actually destroy it and be sure it's gone.”
He pointed out that “for many people around the world deletion of their information is a matter of life and death. Many activists have very sensitive information that can lead to them or any of their sources getting in trouble. I really don't want to have to advise them that the only way to be sure to get rid of this information is to actually take out an angle grinder to a very expensive laptop [...] and then they are left with nothing afterwards.
To learn more about how the targeted components function, Al-Bassam and Tynan contacted several of the components' manufacturers. Unfortunately, they all refused to cooperate, especially when it became clear the two of them intended to make the information public. Another indication that many of the devices that are integral parts of our lives are black boxes and that they are intentionally built that way. “We ought to be able to have verifiable deletion of our information and know that that information is gone”, said Tynan.
Here is the entire talk with thanks to the CCC Video Operation Center (c3voc), a group of volunteers that recorded, streamed and uploaded all the talks at CCCamp15. Even during summer storms.
Image: Destroyed keyboard component of the Guardian MacBook.
Mustafa Al-Bassam and Richard Tynan investigated the destruction process of the Guardian's MacBooks [background story at the bottom of the page]. Al-Bassam is a security and privacy consultant and formerly known as tflow, one of the LulzSec hackers. Tynan is a technologist specialized in surveillance technologies working for Privacy International, a human rights organization focused on privacy intrusions by government and businesses.
When they learned eradicating the data wasn't simply a matter of pulverizing the hard disks or feeding the machines into a shredder, they became suspicious. If these commonly used methods aren't sufficient in the eyes of GCHQ, then what do they know about our devices that we don't? Do our computers store data in places we aren't aware of?
Blackout
Al-Bassam and Tynan gave a talk about their investigation during the Chaos Communication Camp 2015, the largest outdoor hacker gathering in Europe. Held in a huge tent, the talk started after a short delay because a summer storm caused a temporary blackout. The power grid – like the gigabit ethernet and GSM network – had been installed by the hackers themselves to boost the facilities of Ziegeleipark Mildenberg, an industrial heritage site some 60 kilometers north of Berlin, to provide for the not insignificant power needs of the 4500 participants.
Your computer isn't what it seems
The Guardian had been given very specific instructions by GCHQ on which components to destroy and how to destroy them. When Al-Bassam and Tynan looked into it, they found that the track pad controller had been targeted for destruction while chips sitting next to it were left alone. The controller turned out to be a flash chip that can store up to 2 megabits of memory, said Al-Bassam.
The two identified more components that were targeted by GCHQ, like the keyboard controller and battery controller, which reveals something about what computers actually are. Al-Bassam explained by paraphrasing security expert Dan Kaminsky: “The biggest lie about your computer is that its just one computer. In fact your computer is actually many computers all networked together. And”, he added, “each of those computers has its own firmware and as a consequence its own storage.”
Owning your device
Not knowing where our data resides and, consequently, not knowing how to make sure it is completely eradicated reduces ownership of our devices. Tynan said: “From a privacy perspective we need to empower users with knowledge about what their devices do and where they store the information. More importantly, when we want to destroy our information we should have a right to actually destroy it and be sure it's gone.”
He pointed out that “for many people around the world deletion of their information is a matter of life and death. Many activists have very sensitive information that can lead to them or any of their sources getting in trouble. I really don't want to have to advise them that the only way to be sure to get rid of this information is to actually take out an angle grinder to a very expensive laptop [...] and then they are left with nothing afterwards.
To learn more about how the targeted components function, Al-Bassam and Tynan contacted several of the components' manufacturers. Unfortunately, they all refused to cooperate, especially when it became clear the two of them intended to make the information public. Another indication that many of the devices that are integral parts of our lives are black boxes and that they are intentionally built that way. “We ought to be able to have verifiable deletion of our information and know that that information is gone”, said Tynan.
Here is the entire talk with thanks to the CCC Video Operation Center (c3voc), a group of volunteers that recorded, streamed and uploaded all the talks at CCCamp15. Even during summer storms.
Destroying the Snowden files
Two weeks after the Guardian started publishing stories about the existence of a vast surveillance apparatus based on classified NSA documents leaked by whistleblower Edward Snowden, the British government demanded the newspaper hand over the files to them. In the following weeks, pressure mounted and the Guardian was ordered to either turn over the documents or destroy them under threat of legal action.
Unwilling to surrender the files to the British authorities, the Guardian acceded to destroying them. On August 20, 2013 all devices containing the files were destroyed by a Guardian computer expert and an editor while being closely watched by two GCHQ technicians.
The event was little more than a show of power. The newspaper continued reporting on the files from its New York office, shielded by the far stronger freedom of the press protections in the US.
Image: Destroyed keyboard component of the Guardian MacBook.