With physical access to a machine, what prevents you from adding option rom and re-initializing the TPM? I assume by "fully supports" you were referring to boot axis validation through the TPM.
Otherwise, as the thread is about keylogging (and possible rootkit) the contents can be had. The TPM feature puts up quite a roadblock though.
Interesting reading but as I read it the techniques used would be very specific to a limited number of systems (i.e. no generic attack) and blocked by the use of a TPM. The attacker would have to have some pre-existing knowledge of the target (or be very lucky) and the target couldn't be using a TPM. For anyone that would be a target of this kind of sophisticated attack I doubt they would leave a laptop with critical data on it unattended or even that they would be carrying a laptop with this kind of data on it. Anyone targeted this way would probably be as sophisticated as the attacker.
Paranoia abounds, but in real life it's rarely justified. In the context of the original question - we don't have enough data. If bitlocker or some other form of disk encryption wasn't in use and the OP is worried the solution is to wipe the hard drive and restore from a backup taken before travelling to China.
Mark McIntyre wrote in news:aXqOk.72593$ snipped-for-privacy@en-nntp-07.am.easynews.com:
heh, physical access doesn't trump encryption.
Pop the hard drive out, lock it up, hide it, take it with you. It's very simple.
Dennis =================
Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
"Question is, will anyone use them?"
Course it does. You can image the HDD, you can install hardware that intercepts the decrypted stream en route between disk and memory, you can put in a modded CMOS or BIOS that includes a builtin keylogger or data logger thats part of the firmware etc etc etc.
If you have access to the box for long enough, its yours.
From: "Mark McIntyre"
| Course it does. You can image the HDD, you can install hardware that | intercepts the decrypted stream en route between disk and memory, you | can put in a modded CMOS or BIOS that includes a builtin keylogger or | data logger thats part of the firmware etc etc etc.
| If you have access to the box for long enough, its yours.
Now your making things up... "put in a modded CMOS or BIOS that includes a builtin keylogger "
Replies in this thread seem to back and forth between two of the hackers' motivations. One where he is after the data at rest, and one where he goes after subverting the system (and maybe gets the data after decryption). The subject line asks about a keylogger that may have been added during the time the laptop was left unattended in a hotel room - and how to detect it.
I assume of course a so-called "rootkit" was involved. Any hacker worthy of the title would want to use stealthing techniques. So the question becomes how can I tell if my computer has been rootkitted?
What is interesting is the shift from outright theft of a laptop to the perhaps more lucrative compromise of the laptop. Steal someone's personal data and open a credit card account - then buy a truckload of laptops. Modern banking makes it all possible - and they charge you for "protection" against such happenings.
...what a racket!
Windoze: RootkitRevealer v1.71
Linux: ChkRootKit
It's amazing what you can find with Google.
| Windoze: | RootkitRevealer v1.71 |
Fpr Windows Gmer is *better* !
From: "FromTheRafters"
| Replies in this thread seem to back and forth between two of the hackers' | motivations. One where he is after the data at rest, and one where he goes | after subverting the system (and maybe gets the data after decryption). The | subject line asks about a keylogger that may have been added during the | time the laptop was left unattended in a hotel room - and how to detect it.
| I assume of course a so-called "rootkit" was involved. Any hacker worthy | of the title would want to use stealthing techniques. So the question | becomes | how can I tell if my computer has been rootkitted?
| What is interesting is the shift from outright theft of a laptop to the | perhaps | more lucrative compromise of the laptop. Steal someone's personal data | and open a credit card account - then buy a truckload of laptops. Modern | banking makes it all possible - and they charge you for "protection" against | such happenings.
| ...what a racket!
Since we are talking about China, we would be dealing with the PLA. The Chinese government has a "relationship" with the Chinese hacher community. The purpose of which woul be espiniage. Either industrial or military. They would NOT steal the notebook. There intent woul be a stealthy install of malware.
Yes, it would be naive to think such things don't happen.
It's funny how "paranoid" one seems once he knows such things do happen.
I could tell you stories ... but I value my freedom. :o)
From: "FromTheRafters"
| Yes, it would be naive to think such things don't happen.
| It's funny how "paranoid" one seems once he knows such things do happen.
| I could tell you stories ... but I value my freedom. :o)
*Its happening !*You said... "I could tell you stories".
I am BARRED from saying what I know.
Since this is pulic knowledge...
Yes. But a targeted attack against some very common traveling laptops like "Toughbook" or "Thinkpad" could yield quite a lot of compromised systems when they get back home.
Maybe it seems just a little 'over the top' to some people, but this is just the sort of thing that makes the TPM necessary.
What data - it is not about data. It is about compromising the laptop's security. Maybe even compromising the 'system' it might be attached to back home. Maybe data is the final objective, but not necessarily data on that laptop.
Yes, as reluctant as many people are to do this, it is often the best choice. Unfortunately, any forensic evidence would be lost in this case.
We're in the same boat in that respect. I won't even discuss that which I know to be declassified - it just ain't worth it.
I'd far rather educate people than fire them - of course, it's nice to think that all the people you ever hire will have been educated before you hired them, but very few of us are born with perfect knowledge.
Alun. ~~~~
recent news with more sophisticated flavor ... which mentions having lots of countermeasures against detection:
Three Year Old Trojan Compromised Half Million Banking Details - The exact origins of the Trojan have not been determined yet
Will these work even if the foil is made in China?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.