With physical access to a machine, what prevents you from adding option rom and re-initializing the TPM? I assume by "fully supports" you were referring to boot axis validation through the TPM.
Otherwise, as the thread is about keylogging (and possible rootkit) the contents can be had. The TPM feature puts up quite a roadblock though.
Interesting reading but as I read it the techniques used would be very specific to a limited number of systems (i.e. no generic attack) and blocked by the use of a TPM. The attacker would have to have some pre-existing knowledge of the target (or be very lucky) and the target couldn't be using a TPM. For anyone that would be a target of this kind of sophisticated attack I doubt they would leave a laptop with critical data on it unattended or even that they would be carrying a laptop with this kind of data on it. Anyone targeted this way would probably be as sophisticated as the attacker.
Paranoia abounds, but in real life it's rarely justified. In the context of the original question - we don't have enough data. If bitlocker or some other form of disk encryption wasn't in use and the OP is worried the solution is to wipe the hard drive and restore from a backup taken before travelling to China.
Course it does. You can image the HDD, you can install hardware that intercepts the decrypted stream en route between disk and memory, you can put in a modded CMOS or BIOS that includes a builtin keylogger or data logger thats part of the firmware etc etc etc.
If you have access to the box for long enough, its yours.
| Course it does. You can image the HDD, you can install hardware that | intercepts the decrypted stream en route between disk and memory, you | can put in a modded CMOS or BIOS that includes a builtin keylogger or | data logger thats part of the firmware etc etc etc.
| If you have access to the box for long enough, its yours.
Now your making things up... "put in a modded CMOS or BIOS that includes a builtin keylogger "
Replies in this thread seem to back and forth between two of the hackers' motivations. One where he is after the data at rest, and one where he goes after subverting the system (and maybe gets the data after decryption). The subject line asks about a keylogger that may have been added during the time the laptop was left unattended in a hotel room - and how to detect it.
I assume of course a so-called "rootkit" was involved. Any hacker worthy of the title would want to use stealthing techniques. So the question becomes how can I tell if my computer has been rootkitted?
What is interesting is the shift from outright theft of a laptop to the perhaps more lucrative compromise of the laptop. Steal someone's personal data and open a credit card account - then buy a truckload of laptops. Modern banking makes it all possible - and they charge you for "protection" against such happenings.
| Replies in this thread seem to back and forth between two of the hackers' | motivations. One where he is after the data at rest, and one where he goes | after subverting the system (and maybe gets the data after decryption). The | subject line asks about a keylogger that may have been added during the | time the laptop was left unattended in a hotel room - and how to detect it.
| I assume of course a so-called "rootkit" was involved. Any hacker worthy | of the title would want to use stealthing techniques. So the question | becomes | how can I tell if my computer has been rootkitted?
| What is interesting is the shift from outright theft of a laptop to the | perhaps | more lucrative compromise of the laptop. Steal someone's personal data | and open a credit card account - then buy a truckload of laptops. Modern | banking makes it all possible - and they charge you for "protection" against | such happenings.
| ...what a racket!
Since we are talking about China, we would be dealing with the PLA. The Chinese government has a "relationship" with the Chinese hacher community. The purpose of which woul be espiniage. Either industrial or military. They would NOT steal the notebook. There intent woul be a stealthy install of malware.
Yes. But a targeted attack against some very common traveling laptops like "Toughbook" or "Thinkpad" could yield quite a lot of compromised systems when they get back home.
Maybe it seems just a little 'over the top' to some people, but this is just the sort of thing that makes the TPM necessary.
What data - it is not about data. It is about compromising the laptop's security. Maybe even compromising the 'system' it might be attached to back home. Maybe data is the final objective, but not necessarily data on that laptop.
Yes, as reluctant as many people are to do this, it is often the best choice. Unfortunately, any forensic evidence would be lost in this case.
I'd far rather educate people than fire them - of course, it's nice to think that all the people you ever hire will have been educated before you hired them, but very few of us are born with perfect knowledge.
recent news with more sophisticated flavor ... which mentions having lots of countermeasures against detection:
Three Year Old Trojan Compromised Half Million Banking Details - The exact origins of the Trojan have not been determined yet
formatting link
steals 500,000+ bank and card details
formatting link
'Ruthless' Trojan horse steals 500k bank, credit card log-ons
formatting link
Trojan Virus Compromises Bank Info
formatting link
data-stealing trojan has infected half million PCs
formatting link
part of archived (linkedin) thread (regarding article from Kansas City FED: Can Smart Cards Reduce Payments Fraud and Identity Theft?) that includes discussion of countermeasures for compromised PCs
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.