evil maid attack

2 results back to index

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

3D printing, 4chan, active measures, address space layout randomization, air gap, Airbnb, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, availability heuristic, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, business logic, call centre, carbon tax, Cass Sunstein, cellular automata, cloud computing, cognitive dissonance, commoditize, Compatible Time-Sharing System, Computing Machinery and Intelligence, coronavirus, COVID-19, CRISPR, cryptocurrency, cyber-physical system, Daniel Kahneman / Amos Tversky, Debian, Dennis Ritchie, disinformation, Donald Trump, double helix, Dr. Strangelove, dumpster diving, Edward Snowden, en.wikipedia.org, Evgeny Morozov, evil maid attack, facts on the ground, false flag, feminist movement, Gabriella Coleman, gig economy, Hacker News, independent contractor, information security, Internet Archive, Internet of things, invisible hand, John Markoff, John von Neumann, Julian Assange, Ken Thompson, Larry Ellison, Laura Poitras, Linda problem, loss aversion, macro virus, Marc Andreessen, Mark Zuckerberg, Menlo Park, meta-analysis, Minecraft, Morris worm, Multics, PalmPilot, Paul Graham, pirate software, pre–internet, QWERTY keyboard, Ralph Nader, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Richard Thaler, Ronald Reagan, Satoshi Nakamoto, security theater, Shoshana Zuboff, side hustle, Silicon Valley, Skype, SoftBank, SQL injection, Steve Ballmer, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, tech billionaire, tech worker, technological solutionism, the Cathedral and the Bazaar, the new new thing, the payments system, Turing machine, Turing test, Unsafe at Any Speed, vertical integration, Von Neumann architecture, Wargames Reagan, WarGames: Global Thermonuclear War, Wayback Machine, web application, WikiLeaks, winner-take-all economy, young professional, zero day, éminence grise

I used email, but almost always to communicate with classmates. It never occurred to me to ping someone outside the university. Social media, e-commerce, affordable cell phones—they were still years away. Even more confusing was the world of hacking, a place teeming with tricky lingo. Honeypots? Sinkholing? Fuzzing? Shellcode? Mimikatz? Evil maid attacks? WTF is an evil maid attack?! It all seemed opaque, unintelligible, and impossibly abstract. But I was becoming increasingly aware that I wouldn’t be able to do my day job, which was to study cyberwar, if I didn’t get up to speed. To adapt Leon Trotsky’s famous line about war, you may not be interested in hacking, but hacking is interested in you.

…

T-Mobile acknowledged that Paris Hilton was a customer and that the data posted came from her Sidekick II mobile phone. “Her information is on the internet,” said Bryan Zidar, head of media relations for T-Mobile, stating the obvious. Speculation ran rampant on who did it and how. One possibility discussed was an “evil maid” attack. In an evil maid attack, someone who has physical access to a digital device compromises data manually. An evil maid (or a bald butler) could have taken Paris Hilton’s Sidekick and either entered her pass code or exploited one of the phone’s numerous security vulnerabilities (many of which were discussed in great detail on internet chat boards).

…

produce downcode securely: Many of the findings from the Windows Security Push were published in Howard and Le Blanc, Writing Secure Code. 6. Snoop Dogg Does His Laundry as fast as they sprang up: Steve Hargreaves, “Paris Hilton Hacking Victim?,” CNN Money, May 2, 2005, money.cnn.com/2005/02/21/technology/personaltech/hilton_cellphone/?cnn=yes. “evil maid” attack: Zidar mentioned T-Mobile’s investigation included the “possibility that someone had access to one of Ms. Hilton’s devices and/or knew her account password”: David Quinton, “T-Mobile Reacts to Hilton’s Sidekick Hack,” SC Media, February 22, 2005, https://www.scmagazine.com/home/security-news/t-mobile-reacts-to-hiltons-sidekick-hack/.

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick, Mikko Hypponen, Robert Vamosi

4chan, big-box store, bitcoin, Bletchley Park, blockchain, connected car, crowdsourcing, data science, Edward Snowden, en.wikipedia.org, end-to-end encryption, evil maid attack, Firefox, Google Chrome, Google Earth, incognito mode, information security, Internet of things, Kickstarter, Laura Poitras, license plate recognition, Mark Zuckerberg, MITM: man-in-the-middle, off-the-grid, operational security, pattern recognition, ransomware, Ross Ulbricht, Salesforce, self-driving car, Silicon Valley, Skype, Snapchat, speech recognition, Tesla Model S, web application, WikiLeaks, zero day, Zimmermann PGP

To enable BitLocker, if installed, open File Explorer, right-click on the C drive, and scroll down to the “Turn on BitLocker” option. BitLocker takes advantage of a special chip on your motherboard known as a trusted platform module, or TPM. It’s designed to unlock your encryption key only after confirming that your bootloader program hasn’t been modified. This is a perfect defense against evil maid attacks, which I will describe shortly. You can set BitLocker to unlock when you power up or only when there’s a PIN or a special USB that you provide. The latter choices are much safer. You also have the option of saving the key to your Microsoft account. Don’t do that, because if you do you will have more or less given Microsoft your keys (which, as you will see, it might already have).

…

In its 2014 wiretap report, the US government reported encountering encrypted drives on only twenty-five out of the 3,554 devices that law enforcement had searched for evidence.15 And they were still able to decrypt the drives on twenty-one of the twenty-five. So while having encryption often is good enough to keep a common thief from accessing your data, for a dedicated government, it might not pose much of a challenge. Years ago researcher Joanna Rutkowska wrote about what she called an evil maid attack.16 Say someone leaves a powered-down laptop whose hard drive is encrypted with either TrueCrypt or PGP Whole Disk Encryption in a hotel room. (I had used PGP Whole Disk Encryption in Bogota; I had also powered down the laptop.) Later, someone enters the room and inserts a USB stick containing a malicious bootloader.

Dark Mirror: Edward Snowden and the Surveillance State by Barton Gellman

4chan, A Declaration of the Independence of Cyberspace, Aaron Swartz, active measures, air gap, Anton Chekhov, Big Tech, bitcoin, Cass Sunstein, Citizen Lab, cloud computing, corporate governance, crowdsourcing, data acquisition, data science, Debian, desegregation, Donald Trump, Edward Snowden, end-to-end encryption, evil maid attack, financial independence, Firefox, GnuPG, Google Hangouts, housing justice, informal economy, information security, Jacob Appelbaum, job automation, John Perry Barlow, Julian Assange, Ken Thompson, Laura Poitras, MITM: man-in-the-middle, national security letter, off-the-grid, operational security, planetary scale, private military company, ransomware, Reflections on Trusting Trust, Robert Gordon, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Saturday Night Live, seminal paper, Seymour Hersh, Silicon Valley, Skype, social graph, standardized shipping container, Steven Levy, TED Talk, telepresence, the long tail, undersea cable, Wayback Machine, web of trust, WikiLeaks, zero day, Zimmermann PGP

I don’t think I’m a bad-looking guy, but I’m not the kind of guy women message out of the blue and invite me to cuddle.” Soltani suspected an intelligence agency setup—“the Chinese government trying to get up on me” in an effort to elicit information about the NSA documents, or to steal the digital files. The two of us talked through a well-known information security scenario known as the evil maid attack, which relies on brief physical access to a computer to steal its encryption credentials. The Snowden files, as it happened, were at that time locked in a Washington Post vault room and kept separate from their keys, but outsiders would not know that. And if Soltani was sufficiently motivated, an attractive spy might assume, anything was possible.