Compare this to cheap forms of hacking like email phishing: You can target thousands of people at once from the comfort of your office, and the risk of getting caught is much lower. Hacking a target’s laptop by physically tampering with it while they’re traveling probably happens only rarely because it’s so expensive – it may require travel, physical surveillance, breaking and entering, and the risk of getting caught or breaking the laptop is high. Or maybe potential attackers noticed that the laptop I carried with me and used at the conferences I was attending was different than the one I left in my room, and decided against tampering with it in case it was a trap.īut the most likely reason I didn’t catch any attackers is that no one tried to tamper with my laptop. Perhaps someone did tamper with my honeypot laptop, and my methodology for detecting this wasn’t thorough enough to notice. If someone who makes their living securing computers thinks they could have missed a computer infection, what hope is there for the average computer user?Īt the end of my experiment, I thought through all of the things that could have gone wrong. But the absence of any evidence of tampering - and my obsessive thoughts about the various ways an attacker could have evaded by detection - serve to underline how fraught the process of computer forensics can be. I never caught anyone tampering with this laptop. I have no way of knowing how many times it had been searched by other authorities who weren’t kind enough to leave me a note. I found eight different notices from the Transportation Security Administration informing me that my baggage had been searched. Over the duration of this experiment, I traveled to Europe three times and domestically in the United States five times (including once to Puerto Rico). I also put a bunch of hacker stickers all over it, hoping that this would make it a more enticing target. When staying in hotels, I left the laptop sitting on the desk in my room while I was away during the day, to make sure that any malicious housekeepers with permission to enter my room, or anyone else who broke into my room, was free to tamper with it if they chose to. While traveling by air, I checked this laptop in my luggage to make it easily accessible to border agents, both domestic and foreign, to tamper with if they chose to. If any hackers, state-sponsored or otherwise, wanted to hack me by physically messing with my computer, I wanted to not only catch them in the act, but also gather technical evidence that I could use to learn how their attack worked and, hopefully, who the attacker was. For the last two years, I have carried a “honeypot” laptop with me every time I’ve traveled this computer was intended to attract (and then detect) tampering. But I hoped I could get a sense of the risks with a carefully controlled experiment. These questions typically can’t be answered with total confidence because clever tampering can be so hard to detect. How safe is it to leave your laptop in your hotel room while you’re attending sessions at a conference? If you come back to find your laptop in a different position than where you thought you left it, can you still trust it? Did someone tamper with it, did a hotel housekeeper simply straighten up the items you left on your desk, or did you misremember where you left it? People in these vocations are often keenly aware of the security of their laptops while traveling – after all, laptops store critical secrets like communication with sources, lists of contacts, password databases, and encryption keys used to vouch for source code you write, or to give you access to remote servers. The issue of tampering is particularly relevant for human rights workers, activists, journalists, and software developers, all of whom hold sensitive data sought by powerful potential attackers. And even in controlled environments, it’s impossible to give a laptop a clean bill of health with full confidence – it’s always possible that it was tampered with in a way you did not think to check. So while it’s definitely possible to detect certain types of tampering, it isn’t always trivial. We dread this sort of query because modern computer exploits are as complex, clever, and hard to reason about as modern computers - particularly if someone has the ability to physically access your device, as is routinely the case with laptops, especially when traveling. Digital security specialists like me get some version of this question all the time: “I think my laptop may have been infected with malware.
0 Comments
Leave a Reply. |