Frankly, if I were in a place or doing activities where I thought a police raid was a significant possibility, I'd MUCH rather have something that would trigger video AND AUDIO recording from multiple cameras in the house, placed in locations where they wouldn't be "accidentally" knocked over or otherwise destroyed and with the data going offsite immediately via any of several channels (e.g. home network, home wifi, neighbor wifi, public/semipublic wifi (e.g. "xfinitywifi"), LTE phone).
Alternately, always have the recording going to something local, but trigger offsiting it with something like this and otherwise have a very limited timeframe for keeping it.
The other VERY VERY important piece of this I suspect would be notices posted at every possible entrance to the house, something like "Video and audio recording occur on these premises. By entering, you consent to this recording and to the use and public disclosure of these recordings. If you do not consent to these recording, use and disclosure policies, please call (xxx) xxx-xxxx and schedule an appointment." Perhaps I should call this a kick-through license - I'm not sure it'd stand up, but I suspect you'd have a pretty decent chance of that.
Of course, I'm boring, not inclined to activities likely to inspire either police interest or SWATing, and I live in a mostly-white townhouse community in the 'burbs. My most likely home invasion would be because "you are in a maze of twisty drives and townhouse units, all alike."
It's probably my PTSD but my biggest fear is getting raided by SWAT in a "wrong house" mixup or for some other stupid reason. In such an instance I would likely kill one or more of them. I have a family in my house that could be injured by them in the process. I've always wanted a camera system that had remote encrypted storage so I could prove the truth in court.
Just hope the police can't remotely access your cameras and film you hacking the gibson :X
I've yet to read of a raid where somebody successfully destroyed all forensic evidence off their systems instead they usually idle in chat rooms and wait for the suspect to write 'brb coffee' or kick down the door while they are passed out with everything powered on like Max Vision
I really like his sort of thing, but realize that, like anti-forensics tools, there is a risk to having and using destructive anti-tamper triggers.
If the police actually think you're up to something, raid you, and your "cybernetic boobytrap" destroys your hundreds of GB of actual random data, they may still try and prove that you're a terrible person and destroyed evidence in court. Then it's up to a jury, and a prosecutor bent on making you look guilty as hell.
I'm not trying to dissuade exploration, but understand what can happen if you actually deploy this sort of system.
This program makes me nervous because its primary use case is to obstruct justice, which the author tries to get away from with a thinly-veiled excuse that it could also be used to defend against criminals. I understand that technology is ethically neutral (for example, this program could be used to hinder reverse-engineering of a sealed computing appliance), but the fact that they're basically advertising this thing to obstruct police investigations puts me off.
IANAL: what could actually happen to you, legally, if your hard-drive self-destructs after being tampered with?
Is that really "destroying evidence?" What if you just shut down the computer, rendering the hard drive unusable, its contents completely encrypted (a la TrueCrypt). The evidence isn't destroyed, it's just inaccessible.
Not to be picky, just interested. What's the reason behind using a daemon instead of simply running sensor check scripts in Cron? Or even better, raise interrupt when sensor fails, so you don't have to wait 30s (in worst case).
IAALBIANYL, so I will leave whether or not this would be operationally useful to those smarter than me, but from a legal standpoint, one should be aware that operation of a system like this as far as the United States would likely result in additional charges for obstruction of justice[1].
It is by no means unusual for the government to fail in the prosecution of the original crime they investigated, but succeed in convicting a defendant for obstruction. (See, e.g. Martha Stewart[2]). In fact it is not at all impossible (though not likely) to imagine a scenario in which someone committed no crime, was running a utility like this, and was eventually charged with obstruction. Say I'm Brian Q. Krebs, some nice people on the Internet decide to swat[3] me confusing me with someone with a similar name[4], police enter my house, swatd deploys and ambitious and creative young prosecutor decides to charge me with a violation of 18 USC 1519. Might not succeed, but boy will he get some press.
As always, the best advice if you are going to engage in a wide-ranging criminal conspiracy is to make sure you have some goofy-reasoned memos from DOJ lawyers approving your activities[5] and Congress on call to provide you retroactive immunity[6].
IAALBIANYL - I'm thinking this means "I Am A Lawyer But I Am Not Your Lawyer"? I haven't seen this before but it seems to make sense. Or does it mean something else?
I really didn't want this to blow up. It's absolutely NOT a solution to getting raided by the police. While that was the original inspiration for writing the tool, I was half-joking when I wrote the README about it being a defense against law enforcement.
I've moved the code into a different branch and added a disclaimer to the README. The most important line of the disclaimer is: "If you need to rely on SWATd, you have already lost."
Willful destruction of evidence is a criminal act in many cases, and even in cases where it isn't, judges can instruct juries to make adverse inferences.
If you're handling sensitive material, you should have a consistent policy/practice to periodically purge, destroy or deal with data. You're less likely to get into hot water over deleting data if its a long-standing process. If you are involved in a criminal scheme and the police are busting down the door, they have evidence already.
Previous jobs had me involved in alot of civil litigation from the IT side. Many really serious problems were avoided by having good deletion policy. The place that let employees squirrel away email for 20 years would either lose cases because of stupid employee chatter or win pyrrhic victories after spending thousands (or millions in one case) of dollars on discovery.
Thank you for sharing a clever script that has many uses!
However ...
Ideally, your computer should be secure against physical access and not need to run a script.
This is a solved problem in the intelligence and defense communities which have policies such as physical key storage, e.g. PIN enabled encrypted USBs, encrypted file systems, multifactor authentication and such to defeat forensic tools operated by an adversary.
Suppose you are a military or intelligence officer carrying around a laptop with secret stuff on it. How do you think that laptop is secured so that its safe even in the hands of an adversary.
Far more likely than a police raid, is the accidental trigger of the script, e.g. the house painter needs to move your server a bit to get to the wall behind it!
> This is a solved problem in the intelligence and defense communities which have policies such as physical key storage, e.g. PIN enabled encrypted USBs, encrypted file systems, multifactor authentication and such to defeat forensic tools operated by an adversary.
That doesn't really help if they grab your pc while you are in the middle of a session while your data is already decrypted.
It's difficult to think of things you could watch that would only occur during a raid. The examples given: ethernet and wi-fi, both go down much more often than you would like to think. Usually it's only for microseconds, but if you have a program that happens to check right then, there goes your encryption keys.
A tweak to the code would be to make sure that the sensor stays in the fail state for a particular duration. Even a few seconds would get rid of a lot of the false positives.
I think you could accomplish a similar function using the proximity of a cell phone to a laptop (like this: http://www.novell.com/coolsolutions/feature/18684.html). If the script shuts the laptop down when it's too far from the phone, that's perfect for me.
Well, for non-destructive actions that's probably good enough.
For destructive actions (say zeroing an RSA private key or some sort of master key, wiping an HSM, etc.) than you would want a system where the likelihood of false negatives is minimized only so far as the likelihood of a false positive is very remote.
In the former case, you could be compelled to provide the password (or equivalent). In the later case, even if you do they have to brute force the crypto container (assuming no backup of the destroyed data can be found.)
HSMs generally behave destructively to tampering and normally are the exclusive holder of a specific key. They tend to have a metal casing that protects the tamper detection mechanisms from accidental triggering and redundant batteries to avoid running out of power (which is normally a trigger for self-erasure through de-powering SRAM or running off of a capacitor with an high-priority non-maskable power-loss interrupt to trigger zeroing.)
You basically have to script your own, depending on your system.
Case instrusion sensor, availability of your network, inertial sensors.
Hotplug events are especially interesting. There are Firewire memory dumpers or attempts to reboot from an USB stick. And they simply might have to unplug things if they want to physically move the machine, even if they have spliced the power source.
[+] [-] fencepost|11 years ago|reply
Alternately, always have the recording going to something local, but trigger offsiting it with something like this and otherwise have a very limited timeframe for keeping it.
The other VERY VERY important piece of this I suspect would be notices posted at every possible entrance to the house, something like "Video and audio recording occur on these premises. By entering, you consent to this recording and to the use and public disclosure of these recordings. If you do not consent to these recording, use and disclosure policies, please call (xxx) xxx-xxxx and schedule an appointment." Perhaps I should call this a kick-through license - I'm not sure it'd stand up, but I suspect you'd have a pretty decent chance of that.
Of course, I'm boring, not inclined to activities likely to inspire either police interest or SWATing, and I live in a mostly-white townhouse community in the 'burbs. My most likely home invasion would be because "you are in a maze of twisty drives and townhouse units, all alike."
[+] [-] ryanmarsh|11 years ago|reply
I just re-read this comment and I'm clearly nuts.
[+] [-] pakled_engineer|11 years ago|reply
I've yet to read of a raid where somebody successfully destroyed all forensic evidence off their systems instead they usually idle in chat rooms and wait for the suspect to write 'brb coffee' or kick down the door while they are passed out with everything powered on like Max Vision
[+] [-] CurtMonash|11 years ago|reply
[+] [-] mk4p|11 years ago|reply
[+] [-] ipsin|11 years ago|reply
If the police actually think you're up to something, raid you, and your "cybernetic boobytrap" destroys your hundreds of GB of actual random data, they may still try and prove that you're a terrible person and destroyed evidence in court. Then it's up to a jury, and a prosecutor bent on making you look guilty as hell.
I'm not trying to dissuade exploration, but understand what can happen if you actually deploy this sort of system.
[+] [-] gpcz|11 years ago|reply
[+] [-] nateberkopec|11 years ago|reply
Is that really "destroying evidence?" What if you just shut down the computer, rendering the hard drive unusable, its contents completely encrypted (a la TrueCrypt). The evidence isn't destroyed, it's just inaccessible.
[+] [-] stronglikedan|11 years ago|reply
[+] [-] mathetic|11 years ago|reply
It's funny how the distinction seems blurry at times.
[+] [-] NoMoreNicksLeft|11 years ago|reply
[+] [-] malka|11 years ago|reply
[+] [-] pluma|11 years ago|reply
[+] [-] kbart|11 years ago|reply
[+] [-] nkw|11 years ago|reply
It is by no means unusual for the government to fail in the prosecution of the original crime they investigated, but succeed in convicting a defendant for obstruction. (See, e.g. Martha Stewart[2]). In fact it is not at all impossible (though not likely) to imagine a scenario in which someone committed no crime, was running a utility like this, and was eventually charged with obstruction. Say I'm Brian Q. Krebs, some nice people on the Internet decide to swat[3] me confusing me with someone with a similar name[4], police enter my house, swatd deploys and ambitious and creative young prosecutor decides to charge me with a violation of 18 USC 1519. Might not succeed, but boy will he get some press.
As always, the best advice if you are going to engage in a wide-ranging criminal conspiracy is to make sure you have some goofy-reasoned memos from DOJ lawyers approving your activities[5] and Congress on call to provide you retroactive immunity[6].
[1] 18 U.S.C. 1519 (or 1001 or 1501, or 1510) - http://www.law.cornell.edu/uscode/text/18/1519
[2] http://en.wikipedia.org/wiki/Martha_Stewart#Stock_trading_ca...
[3] http://en.wikipedia.org/wiki/Swatting
[4] http://krebsonsecurity.com/tag/swatting/
[5] http://en.wikipedia.org/wiki/Torture_Memos#Letter_from_John_...
[6] http://en.wikipedia.org/wiki/Amnesty_law#United_States or http://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillan...
[+] [-] saganus|11 years ago|reply
[+] [-] earthrise|11 years ago|reply
I really didn't want this to blow up. It's absolutely NOT a solution to getting raided by the police. While that was the original inspiration for writing the tool, I was half-joking when I wrote the README about it being a defense against law enforcement.
I've moved the code into a different branch and added a disclaimer to the README. The most important line of the disclaimer is: "If you need to rely on SWATd, you have already lost."
[+] [-] Spooky23|11 years ago|reply
Willful destruction of evidence is a criminal act in many cases, and even in cases where it isn't, judges can instruct juries to make adverse inferences.
If you're handling sensitive material, you should have a consistent policy/practice to periodically purge, destroy or deal with data. You're less likely to get into hot water over deleting data if its a long-standing process. If you are involved in a criminal scheme and the police are busting down the door, they have evidence already.
Previous jobs had me involved in alot of civil litigation from the IT side. Many really serious problems were avoided by having good deletion policy. The place that let employees squirrel away email for 20 years would either lose cases because of stupid employee chatter or win pyrrhic victories after spending thousands (or millions in one case) of dollars on discovery.
[+] [-] SlipperySlope|11 years ago|reply
However ...
Ideally, your computer should be secure against physical access and not need to run a script.
This is a solved problem in the intelligence and defense communities which have policies such as physical key storage, e.g. PIN enabled encrypted USBs, encrypted file systems, multifactor authentication and such to defeat forensic tools operated by an adversary.
Suppose you are a military or intelligence officer carrying around a laptop with secret stuff on it. How do you think that laptop is secured so that its safe even in the hands of an adversary.
Far more likely than a police raid, is the accidental trigger of the script, e.g. the house painter needs to move your server a bit to get to the wall behind it!
[+] [-] jordsmi|11 years ago|reply
That doesn't really help if they grab your pc while you are in the middle of a session while your data is already decrypted.
[+] [-] Practicality|11 years ago|reply
A tweak to the code would be to make sure that the sensor stays in the fail state for a particular duration. Even a few seconds would get rid of a lot of the false positives.
[+] [-] smoyer|11 years ago|reply
[+] [-] acveilleux|11 years ago|reply
For destructive actions (say zeroing an RSA private key or some sort of master key, wiping an HSM, etc.) than you would want a system where the likelihood of false negatives is minimized only so far as the likelihood of a false positive is very remote.
In the former case, you could be compelled to provide the password (or equivalent). In the later case, even if you do they have to brute force the crypto container (assuming no backup of the destroyed data can be found.)
HSMs generally behave destructively to tampering and normally are the exclusive holder of a specific key. They tend to have a metal casing that protects the tamper detection mechanisms from accidental triggering and redundant batteries to avoid running out of power (which is normally a trigger for self-erasure through de-powering SRAM or running off of a capacitor with an high-priority non-maskable power-loss interrupt to trigger zeroing.)
[+] [-] pluma|11 years ago|reply
But that might be easier said then done if you happen to actually live in the US, of course.
[+] [-] e40|11 years ago|reply
[+] [-] the8472|11 years ago|reply
Case instrusion sensor, availability of your network, inertial sensors.
Hotplug events are especially interesting. There are Firewire memory dumpers or attempts to reboot from an USB stick. And they simply might have to unplug things if they want to physically move the machine, even if they have spliced the power source.
Not everyone has the same hardware.
[+] [-] kefka|11 years ago|reply
Speaking tangentially, what is the current state of the art of homomorphic encryption? I found this: https://hcrypt.com/ - Anyone try it yet?
[+] [-] cryoshon|11 years ago|reply
[+] [-] towelguy|11 years ago|reply
I wonder why DPR wasn't living in some tropical riviera instead of the US.
[+] [-] justizin|11 years ago|reply
I'm eager to see your github repository for fixing the police. :)