There are mentions in this thread about false positives, risk of data loss, others. This made me think of Star Trek's use of a self destruct phrase. Obviously their method is too slow, but you could have a "duress" phrase and a "all clear" phrase.
User-Defined Phrase: "Please dont kill me", activates "duress" mode.
- A daemon listens in the background for a phrase of your choice. When detected, your laptop makes a sound effect that is not out of the ordinary for others to hear, but not something you would expect it to play when self destruct is activated. Git repos are committed/pushed with a duress demarcation code to an alternate branch. Your encrypted volumes are dismounted, buffers and caches cleared, camera and microphone start sending small chunks of audio/video to a destination of your choosing. Instructions for playback from your cloud of choice are emailed to emergency contacts. If you do not give the "all clear" in a user-configurable time period, the laptop does user-defined things like wiping encrypted volumes after giving an optional warning sound, optionally sending eeprom codes to brick the BIOS or replace the BIOS with a tracker and setting the screen to say "Stolen From User-Defined String, User-Defined Phone Number" after giving an optional warning sound. All of these actions could be optionally spaced apart based on risk, probably defined in a key-pair text file or json file.
- Giving the all clear code disables this behavior and your ship does not self destruct. The system plays a sound to acknowledge "all clear". Emergency contacts are emailed the all-clear, but audio/video continue to upload for user-defined time in the event your were forced to give the phrase.
Perhaps newer cars could also have this feature? Are there any existing open source projects that could be adapted/bent to accomplish these things?
BusKill does not ship with destructive triggers. The current app is limited to locking your screen. Future releases will include soft/hard shutdown.
We do have a "LUKS Header Shredder" trigger (which we call self-destruct as it renders all the data on the FDE disk useless), but we (intentionally) don't include it by default and raise the barrier of entry because of the risk of data loss.
We'll be publishing a more detailed write-up on the LUKS Header Shredder in 2 weeks. You can subscribe for updates on our website (buskill.in) or the campaign directly (crowdsupply.com)
I always thought that a lock screen with two passwords would be an interesting idea. Say the BusKill locks your system and sends a request to a server. If you don't enter the correct password to abort the script within a few seconds, it will run on your server, which sends a distress mail/call to emergency contacts, revoke all ssh keys/passwords etc.
If however the distress password gets entered, the script still runs, but the system unlocks into a virtual pc or another account which is not suspicious.
For the Yubikey owners out there, a while back I wrote a blog post on how to achieve a similar setup using a Yubikey [1]. All it requires is a lanyard to attach the yubikey to.
Good to have if you run a dark net marketplace or a political disident ring from public libraries.
An additional refinement is to autolock the device if a certain personal key combo (ex. Shit - vol up - vol down) is not pressed every few minutes in response to an audible click. If not unlocked in a minute or so with a complex password, the device halts to a disk encrypted state and unpowered ram, minimizing the window attackers have to recover RAM state.
Wouldn't it make sense to remove the battery on your laptop entirely? With a modified magsafe-like power cord any attempt to grab the machine hard-kills the system and RAM begins degrading immediately. Epoxy over the screw terminals would also delay an attacker long enough to prevent freezing the RAM with compressed air to try and dump RAM via an exploit kit.
The combo solution is not good enough, especially if you are in public.
If you can be observed to use the combo (which you would have to be using regularly) somebody else could be pressing the combo or they could insert USB device that can generate the combo regularly.
I would also add that locking your laptop is not safe enough if you are serious about this. There are devices that can exfiltrate information from what I understand almost every operating system through USB.
Exactly. You need something not for when your laptop is removed from you, but when you are removed from your laptop.
Also, if you are being targeted this hard you need to have something for when you are left in front of your laptop and a gun is put to your head. Or the attackers threaten the welfare of your family.
Or, maybe just add back the Kensington Security Slot and attach the laptop to yourself/desk with a strong wire and not have your laptop yanked in the first place.
I understand the first part of my idea is dead in the water, we hardly get additional ports, let alone a slot hardly anyone will use. But I would like to see a way to retrofit a KSS on a laptop.
>Or, maybe just add back the Kensington Security Slot and attach the laptop to yourself/desk with a strong wire and not have your laptop yanked in the first place.
They could still yank you. It would pretty hard for you to execute the self destruct sequence after the undercover fbi agent knocked you over from your chair.
Locking your laptop to a table in a cafe doesn't seem like something most folks would do. Working in a cafe was the use case I imagined when I saw this.
Yeah I still don't get this. I hate that I can't secure a Macbook. But pretty much every cheap laptop comes with a kensington lock hole.
Sure it is not _super_ secure but being able to leave my laptop for 1 minute in a public place is nice. Instead I have to put the macbook in my backpack and take it with me.
It would be interesting if you could combine the two ideas. Physically secure the laptop to the table, but also lock / shut down / wipe the drive in the event that someone cuts through the wire.
Reminds me of a coworker who had their iPhone set to "wipe after 10 bad pins". Took about 2 days before their 5 year old happily typed the wrong pin 10 times and wiped it.
Presumably the people who opt into the self-destruct option are more concerned with the possibility that they might need to self-destruct and not be able to than of possibility of false alarms.
If you've already planned for the possibility of self-destruct, a laptop can be a very transient device. Maybe the only important thing on the laptop is your bitcoin wallet key, but you also have a physical copy stashed in a lockbox somewhere. Maybe you're only using the laptop for its browser, and you've memorized all the passwords you need to enter.
Someone snatching the laptop might be doing so to grab the one keyphrase that you logged in with. The actual device is unimportant to you, then.
Hi, Michael Altfield here (founder of the BusKill project).
As described on the crowdsupply page, the cross-platform GUI app (as opposed to the udev rule for which BusKill was originally designed) currently only has the "lock screen" trigger. In the future, we'll add a "shutdown" trigger.
While we have developed a "LUKS Header Shredder" trigger (what we call "self-destruct" trigger -- as it renders your FDE disk's data permanently inaccessible), we will never ship that directly with the app by default.
There's definitely a use-case for it, but most people probably don't want it. For those that do, we're publishing a guide on how to use the "LUKS Header Shredder" script (tested on Ubuntu and QubesOS) in 2 weeks. For updates, you can subscribe to the website's RSS feed, our website's newsletter (buskill.in), or the crowdsupply.com newsletter.
There are any number of ways to do this, but one is a LUKS encrypted file system and "self destruct" is wiping out the LUKS header and halting. Only the backup of the LUKS header (not with you at the time!) will restore the data.
Feel like this something similar can be accomplished for Macs using AirTags/Apple Watch proximity to do specific actions via Shortcuts App, instead of just locking/erasing remotely using 'Find My'.
Interesting. The site implicitly references the arrest of the Silk Road founder, using the alternative acronym "Department of Parks and Recreation". He was arrested by having his laptop literally yanked from under his fingertips in a public library.
> The BusKill team publishes cryptographically signed warrant canaries on a biannual basis.
The canary-002 says:
Status: All good
Release: 2021-06-13
Period: 2021-06-01 to 2021-12-31
Expiry: 2022-01-31
EDIT: Oh, the issue is just that they failed to update the wording of: "We plan to publish the next of these canary statements in the month of June 2021." Looks like a copy from canary-001.
The agents arresting him did in such a way that they prevented him from touching his laptop (by creating a diversion), because they were feared that such a protection might exist.
Windows: Sorry, Dave, we can't shut your system down right now, you have 3 apps keeping it from shutting down and we have 37 updates to Edge Browser to install... Have a nice day.
Must have if you work in public places in SF. I can barely count how many times I’ve personally or had a friend who’s either had their laptop stolen in a coffee shop or attempted. In recent years thieves even got more brazen and just try to snatch it from you while your hands are still on the keyboard which is perfect for this device. You’ll want to enable full disk encryption for full security.
Reminds me of the story of the arrest of Ross Ulbricht, where his open laptop was snatched away from him in a library by undercover FBI agents, while logged in and chatting as DPR. I recommend reading the whole story, this is in part 2 (https://www.wired.com/2015/05/silk-road-2)
DPR is Dread Pirate Roberts from Silk Road.
“What unfolded next was a piece of improvisational theater. At 3:14 pm, DPR was typing away, writing to Cirrus. Just then, a middle-aged woman and man came toward Ross, ambling along in the kind of semihomeless shuffle you might often see in a San Francisco library. “Fuck you!” the woman yelled when they were directly behind Ross’ chair. As if they were a deranged couple about to fight, the man grabbed the woman by the collar and raised his fist.
Ross turned around for just a second, during which a hand reached across the table and grasped Ross’ Samsung. The petite, unassuming young Asian woman sitting across from Ross this whole time was, to everyone’s surprise, also an FBI agent. Ross lunged for his machine, a hair too late, as she turned like a quarterback for a quick handoff to Kiernan, who appeared out of nowhere—as instructed—to get the laptop. It took less than 10 seconds. From afar, Tarbell was astonished by the elegant choreography of the whole thing. It looked like the police procedural version of a tight jazz quartet.”
I can grant expensive (though I don't know for how cheap I could make such a sellable project with free worldwide shipping, while also making profit), but what is comically impractical about this? It's not like the default functionality is to nuke the device from the orbit on disconnect.
You could make one for yourself cheaper, though, if you have the know-how.
Though a basic face detection-based screen lock could be quite more useful and cheaper, at the cost of increased battery consumption.
Me, a person with no real use for this product but still interested: "Wow this is a great idea! I'll investigate!"
Me, a clumsy person watching the video: "Oh no,"
In all seriousness though, I can see how this product could be useful to someone in very specific circumstances and is also an interesting idea.
When I designed BusKill, I intentionally avoided wireless solutions.
BusKill is designed for situations where the risk is extremely high, and you'll find that the radio-based solutions aren't very secure. They're faulty and have huge surface areas of attack.
> Using a radio-based Dead Man Switch introduces complexity, delays, and an increased vector of attack. BusKill is a simple hardware kill cord and is therefore more secure than any wireless solution.
It would be nice if it were a USB-C power brick + magsafe like attachment. That could also be a lot more discrete by shifting the hardware to the brick itself. Granted that limits you to fewer laptops.
This is very cool to see. When I discovered and subsequently purchased my framework back in October I had an idea for a homebrewed, 3D printed expansion card, where plugging it in/activating it immediately executes dban (or some other, better alternative).
Or you could always just carry an enormously strong electromagnet on you :-)
Very keen on picking one of these up purely for the novelty, price isn't too bad. Although I think the demographic who would and could actually benefit from a failsafe for having their laptop physically yanked away from them is quite small.
Maybe I'm "spoiled" because in Germany there's a need to publish an imprint on all websites that are somehow "commercial" (having ads on it would be enough), but this is highly "dubious".
No contact information (as in "who runs this?") is provided on the site. Privacy policy is not GDPR compliant (no contact information provided), no names, nothing.
This might be fine for a personal blog, but for doing business this is (at least for me) a no-go.
[+] [-] LinuxBender|4 years ago|reply
User-Defined Phrase: "Please dont kill me", activates "duress" mode.
- A daemon listens in the background for a phrase of your choice. When detected, your laptop makes a sound effect that is not out of the ordinary for others to hear, but not something you would expect it to play when self destruct is activated. Git repos are committed/pushed with a duress demarcation code to an alternate branch. Your encrypted volumes are dismounted, buffers and caches cleared, camera and microphone start sending small chunks of audio/video to a destination of your choosing. Instructions for playback from your cloud of choice are emailed to emergency contacts. If you do not give the "all clear" in a user-configurable time period, the laptop does user-defined things like wiping encrypted volumes after giving an optional warning sound, optionally sending eeprom codes to brick the BIOS or replace the BIOS with a tracker and setting the screen to say "Stolen From User-Defined String, User-Defined Phone Number" after giving an optional warning sound. All of these actions could be optionally spaced apart based on risk, probably defined in a key-pair text file or json file.
User-Defined Phrase: "Computer, disable self destruct" disables "duress" mode.
- Giving the all clear code disables this behavior and your ship does not self destruct. The system plays a sound to acknowledge "all clear". Emergency contacts are emailed the all-clear, but audio/video continue to upload for user-defined time in the event your were forced to give the phrase.
Perhaps newer cars could also have this feature? Are there any existing open source projects that could be adapted/bent to accomplish these things?
[+] [-] maltfield|4 years ago|reply
We do have a "LUKS Header Shredder" trigger (which we call self-destruct as it renders all the data on the FDE disk useless), but we (intentionally) don't include it by default and raise the barrier of entry because of the risk of data loss.
We'll be publishing a more detailed write-up on the LUKS Header Shredder in 2 weeks. You can subscribe for updates on our website (buskill.in) or the campaign directly (crowdsupply.com)
[+] [-] V__|4 years ago|reply
If however the distress password gets entered, the script still runs, but the system unlocks into a virtual pc or another account which is not suspicious.
[+] [-] 867-5309|4 years ago|reply
[+] [-] tbabej|4 years ago|reply
[1]: https://tbabej.com/Yubikey-secure-session-setup/
[+] [-] yholio|4 years ago|reply
An additional refinement is to autolock the device if a certain personal key combo (ex. Shit - vol up - vol down) is not pressed every few minutes in response to an audible click. If not unlocked in a minute or so with a complex password, the device halts to a disk encrypted state and unpowered ram, minimizing the window attackers have to recover RAM state.
[+] [-] zionic|4 years ago|reply
[+] [-] lmilcin|4 years ago|reply
If you can be observed to use the combo (which you would have to be using regularly) somebody else could be pressing the combo or they could insert USB device that can generate the combo regularly.
I would also add that locking your laptop is not safe enough if you are serious about this. There are devices that can exfiltrate information from what I understand almost every operating system through USB.
[+] [-] FpUser|4 years ago|reply
[+] [-] kingcharles|4 years ago|reply
Also, if you are being targeted this hard you need to have something for when you are left in front of your laptop and a gun is put to your head. Or the attackers threaten the welfare of your family.
[+] [-] Jerrrry|4 years ago|reply
Both the dongle and the computer have accelerometer-bump-tilt-oh-fuck-support.
A OTP has to be entered every 5 minutes, or a secure screen/dead sequence starts.
Sudden accelerated movements or a lack of presence-detection would also start the sequence.
[+] [-] goodpoint|4 years ago|reply
...and expose the contents of the screen to any camera with a good zoom? And the passwords you type? Not good.
It's just an very overpriced thing that can protect you from a thief and not the FBI.
[+] [-] salex89|4 years ago|reply
I understand the first part of my idea is dead in the water, we hardly get additional ports, let alone a slot hardly anyone will use. But I would like to see a way to retrofit a KSS on a laptop.
[+] [-] gruez|4 years ago|reply
They could still yank you. It would pretty hard for you to execute the self destruct sequence after the undercover fbi agent knocked you over from your chair.
[+] [-] ssorallen|4 years ago|reply
[+] [-] Farbklex|4 years ago|reply
Sure it is not _super_ secure but being able to leave my laptop for 1 minute in a public place is nice. Instead I have to put the macbook in my backpack and take it with me.
[+] [-] buu700|4 years ago|reply
[+] [-] alushta|4 years ago|reply
[+] [-] shultays|4 years ago|reply
[+] [-] XorNot|4 years ago|reply
[+] [-] SamBam|4 years ago|reply
If you've already planned for the possibility of self-destruct, a laptop can be a very transient device. Maybe the only important thing on the laptop is your bitcoin wallet key, but you also have a physical copy stashed in a lockbox somewhere. Maybe you're only using the laptop for its browser, and you've memorized all the passwords you need to enter.
Someone snatching the laptop might be doing so to grab the one keyphrase that you logged in with. The actual device is unimportant to you, then.
[+] [-] maltfield|4 years ago|reply
As described on the crowdsupply page, the cross-platform GUI app (as opposed to the udev rule for which BusKill was originally designed) currently only has the "lock screen" trigger. In the future, we'll add a "shutdown" trigger.
While we have developed a "LUKS Header Shredder" trigger (what we call "self-destruct" trigger -- as it renders your FDE disk's data permanently inaccessible), we will never ship that directly with the app by default.
There's definitely a use-case for it, but most people probably don't want it. For those that do, we're publishing a guide on how to use the "LUKS Header Shredder" script (tested on Ubuntu and QubesOS) in 2 weeks. For updates, you can subscribe to the website's RSS feed, our website's newsletter (buskill.in), or the crowdsupply.com newsletter.
[+] [-] MarkusWandel|4 years ago|reply
[+] [-] DarthNebo|4 years ago|reply
[+] [-] dotancohen|4 years ago|reply
[+] [-] laristine|4 years ago|reply
[1] List of canaries: https://www.buskill.in/tag/canary/ [2] https://www.buskill.in/canary-002/
[+] [-] maltfield|4 years ago|reply
No, you should not be concerned. The latest canary #002 literally says:
Source: https://www.buskill.in/canary-002/What matters is what's cryptographically signed. Did I make a mistake somewhere else?
The next canary will be posted before 2022-01-31.
[+] [-] JeffRosenberg|4 years ago|reply
The canary-002 says:
EDIT: Oh, the issue is just that they failed to update the wording of: "We plan to publish the next of these canary statements in the month of June 2021." Looks like a copy from canary-001.[+] [-] mmaunder|4 years ago|reply
[+] [-] 323|4 years ago|reply
The agents arresting him did in such a way that they prevented him from touching his laptop (by creating a diversion), because they were feared that such a protection might exist.
[+] [-] k1rcher|4 years ago|reply
[+] [-] snypher|4 years ago|reply
[+] [-] rje99|4 years ago|reply
[+] [-] comeonseriously|4 years ago|reply
[+] [-] chrischen|4 years ago|reply
[+] [-] ltultraweight|4 years ago|reply
[+] [-] ronenlh|4 years ago|reply
DPR is Dread Pirate Roberts from Silk Road.
“What unfolded next was a piece of improvisational theater. At 3:14 pm, DPR was typing away, writing to Cirrus. Just then, a middle-aged woman and man came toward Ross, ambling along in the kind of semihomeless shuffle you might often see in a San Francisco library. “Fuck you!” the woman yelled when they were directly behind Ross’ chair. As if they were a deranged couple about to fight, the man grabbed the woman by the collar and raised his fist.
Ross turned around for just a second, during which a hand reached across the table and grasped Ross’ Samsung. The petite, unassuming young Asian woman sitting across from Ross this whole time was, to everyone’s surprise, also an FBI agent. Ross lunged for his machine, a hair too late, as she turned like a quarterback for a quick handoff to Kiernan, who appeared out of nowhere—as instructed—to get the laptop. It took less than 10 seconds. From afar, Tarbell was astonished by the elegant choreography of the whole thing. It looked like the police procedural version of a tight jazz quartet.”
[+] [-] throwaway12232|4 years ago|reply
[+] [-] Ensorceled|4 years ago|reply
It's just as impractical as money belts, key chain alarms, Tiles(tm)
I mean, too impractical for me, but there is definitely a market for it.
[+] [-] _flux|4 years ago|reply
You could make one for yourself cheaper, though, if you have the know-how.
Though a basic face detection-based screen lock could be quite more useful and cheaper, at the cost of increased battery consumption.
[+] [-] serverlessmom|4 years ago|reply
In all seriousness though, I can see how this product could be useful to someone in very specific circumstances and is also an interesting idea.
[+] [-] noasaservice|4 years ago|reply
This does the same thing, but you can use any USB hardware as the entry/remove trigger. And you can script it to whatever you want.
But... that doesn't sell unneeded hardware.
[+] [-] rckt|4 years ago|reply
It would be nice to have a BT dongle that could react to the distance to the owner and to being unplugged.
[+] [-] maltfield|4 years ago|reply
* https://www.crowdsupply.com/alt-shift/buskill
When I designed BusKill, I intentionally avoided wireless solutions.
BusKill is designed for situations where the risk is extremely high, and you'll find that the radio-based solutions aren't very secure. They're faulty and have huge surface areas of attack.
[+] [-] paulcole|4 years ago|reply
> But bluetooth...
> Using a radio-based Dead Man Switch introduces complexity, delays, and an increased vector of attack. BusKill is a simple hardware kill cord and is therefore more secure than any wireless solution.
[+] [-] sf_rob|4 years ago|reply
[+] [-] lalopalota|4 years ago|reply
[+] [-] k1rcher|4 years ago|reply
Or you could always just carry an enormously strong electromagnet on you :-)
Very keen on picking one of these up purely for the novelty, price isn't too bad. Although I think the demographic who would and could actually benefit from a failsafe for having their laptop physically yanked away from them is quite small.
[+] [-] maltfield|4 years ago|reply
Keep an eye on the number of journalists who are murdered in oppressive regimes. It's very sad :'(
* https://rsf.org/en/ranking
[+] [-] martin_a|4 years ago|reply
No contact information (as in "who runs this?") is provided on the site. Privacy policy is not GDPR compliant (no contact information provided), no names, nothing.
This might be fine for a personal blog, but for doing business this is (at least for me) a no-go.