In July 2013, GCHQ, Britain’s equivalent of the U.S. National Security Agency, forced journalists at the London headquarters of The Guardian to completely obliterate the memory of the computers on which they kept copies of top-secret documents provided to them by former NSA contractor and whistleblower Edward Snowden.
However, in its attempt to destroy information, GCHQ also revealed intriguing details about what it did and why.
Two technologists, Mustafa Al-Bassam and Richard Tynan, visited Guardian headquarters last year to examine the remnants of the devices. Al-Bassam is an ex-hacker who two years ago pleaded guilty to joining attacks on Sony, Nintendo, and other companies, and now studies computer science at King’s College; Tynan is a technologist at Privacy International with a PhD in computer science. The pair concluded, first, that GCHQ wanted The Guardian to completely destroy every possible bit of information the news outlet might retain; and second, that GCHQ’s instructions may have inadvertently revealed all the locations in your computer where information may be covertly stored.
Editors of The Guardian chose to destroy the files and the devices they lived on after the British government threatened to sue them and halt further reporting on the issue, including stories on how GCHQ utilized data collected by the NSA on communications from many major Internet companies.
Footage of Guardian editors physically destroying their MacBooks and USB drives, taken by Guardian executive Sheila Fitzsimons, wasn’t released until months later, in January 2014. The GCHQ agents who supervised the destruction of the devices also insisted on recording it all on their own iPhones.
The Guardian’s video reveals editors using angle-grinders, revolving drills, masks that GCHQ ordered them to buy, and a “degausser,” an expensive piece of equipment provided by GCHQ, which destroys magnetic fields and thereby erases data. The procedure eliminated practically every chip in the device, leaving almost no recognizable piece of machinery behind. The whole process lasted over three hours.
But while Paul Johnson, The Guardian’s deputy editor, chalked the exercise up to “purely a symbolic act” of power on the part of the British government — given that copies of the Snowden files still existed in New York — there may be more to it.
At a speech given at the Chaos Communication Camp technology conference a few weeks ago in Germany, Al-Bassam and Tynan explored the details surrounding GCHQ’s decisions about how to destroy the devices, and hypothesized about what the government’s intentions might have been beyond intimidation.
“Normally people just destroy the hard drive,” said Al-Bassam. But GCHQ took it several steps further. The spy agency instructed Guardian editors to destroy parts of multiple MacBook Airs’ track pad controllers, power controllers, keyboards, CPUs, inverting converters, USB drives, and more.
According to “Joint Services Publication 440,” a 2001 British government document released by WikiLeaks, the U.K. Ministry of Defense mandates total destruction of top-secret information in order to protect it from “FISs [foreign intelligence services], extremist groups, investigative journalists, and criminals.”
However, when Al-Bassam and Tynan sent an email asking the British government for the “HMG (Her Majesty’s Government) Information Assurance Note 5,” the government-wide document that contains the U.K.’s “sanitization” policies — i.e., the specific steps necessary to destroy top-secret data — the government denied their request. The sanitization policies of the other members of the so-called “Five Eyes” intelligence alliance — the U.S., New Zealand, Canada and Australia — are public, and appeared to have very similar requirements to the techniques used to destroy The Guardian’s computers.
But in allowing The Guardian’s editors to destroy the devices themselves, and hold onto the remaining shards of computer dust, the British government essentially revealed those policies — by making it possible for people like Al-Bassam and Tynan to analyze just why they might have destroyed each part in such a specific way.
What Al-Bassam and Tynan theorized was that the government may have targeted parts of the Apple devices that it “doesn’t trust”: pieces that can retain bits of electronic information even after the hard drive is obliterated.
The track pad controller, they said, can hold up to 2 megabits of memory. All the different “chips” in your computer — from the part that controls the device’s power to the chips in the keyboard — also have the capacity to store information, like passwords and keys to other data, which can be uploaded through firmware updates. According to the public documents from other members of Five Eyes, it is incredibly difficult to completely sanitize a device of all its content. New Zealand’s data deletion policies state that USB memory is only destroyed when the dust is just a few millimeters in length. “This wasn’t a random thing,” said Tynan, pointing to a slide displaying a photo of a completely destroyed pile of USB chip shards.
These hidden memory storage locations could theoretically be taken advantage of, Tynan and Al-Bassam said, by a computer’s owner, hackers, or even the government itself, either during its design phase or after the computer is purchased. The Russian cybersecurity firm Kaspersky Lab has presented evidence that an organization it calls “Equation Group,” which is reportedly linked to the NSA, has developed ways to “create an invisible, persistent area hidden inside [a computer’s] hard drive” that would be virtually undetectable by the computer’s owner. This area could be used “to save exfiltrated information which can be later retrieved by the attackers.”
Other technologists and computer experts agreed with Al-Bassam and Tynan that significant data could theoretically be stored on a computer’s various chips. “It’s actually possible to store quite a bit of data in a small space — look at Micro SD cards!” wrote Dan Kaminsky, a computer security specialist, in an e-mail to The Intercept. “But generally these other data stores are small. [They] can certainly store cryptographic keys pretty much anywhere though; those things are minuscule.”
Steve Burgess, a computer forensics and data recovery expert, echoed Kaminsky’s technical points: “Certainly data could be stored on any kind of flash memory or SSD (if there was one), or on the computer’s BIOS, and of course on the hard disk’s rotating media — and its own on-board flash storage.”
But in terms of GCHQ’s intentions, Kaminsky thinks the answer lies somewhere between a power play and protocol based on real concern on the part of the agency. “I think GCHQ was doing half theater and half genuine threat response here. The likelihood that The Guardian had anything hidden in the trackpad was low, but from GCHQ’s perspective they’d hide something in the trackpad so why wouldn’t anyone else?”
To Tynan and Al-Bassam, the methods GCHQ used revealed just how little control we have over our data, and how difficult it is to permanently delete it when necessary. When the pair asked various companies, including Dell and HP, how different parts of the devices are designed to store information and which chips “could potentially betray us,” none were willing to reveal any specifics publicly, they said. When a member of the audience asked Tynan what laptop he’d recommend for journalists and activists who rely on privacy and control of their data, he didn’t have an answer.
“From a privacy perspective, we need to empower users with knowledge about what their devices do,” Tynan concluded.
Correction: August 26, 2015
A previous version of the article stated that Kaspersky Lab “suspects” what it calls the Equation Group is “connected to the NSA.” While Kaspersky Lab reported earlier this year that “the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators” (which in turn are reportedly projects of the United States and Israel), Kaspersky Lab emphasized in email to The Intercept that “we don’t have hard proof to attribute the Equation Group or speak of its origin.”
I think more than anything this shows us that the respective governments dont want the people to know the truth behind what they do, what they have done, or what they plan to do. So the governments are opaque meanwhile democracy is supposed to function in a manner where we elect people to represent us and our wants and values up through the chain of command at which point whoever it may be, whether the executive or legislative branch, to carry out those wishes, so long as it does not infringe upon peoples rights and is in accord with the constitution of each respective country. So it seems to me that democracy does not exist in America any longer. The politicians are increasingly being recycled through government and private companies so that they can be elected based on donations, perform duties for those donors, rather than the people who elected them, then when their time is due they leave the government to become an employee of a company which pays them, personally, a lot of income so they can become one of the 1%. But not ever the %. Those people would never allow a silly millionaire to wield any real power. Then these puppets go back into government with their orders in mind and once again carry out the wishes of the corporation heads. We as voters have no power. Non-violent protests never work. Our own founding fathers said that for every generation there should be a revolution and we are simply not fulfilling our obligations by allowing this system of corporate-fed-governments to exist. We need to stop watching the news and start looking at all the traffic light cameras. The backs doors built into our PC’s and the complicity of companies to allow governments to not only spy and collect all our data, but to literally murder journalists who will expose them (RIP Michael Hastings). People in America need to stop watching TV news thinking that is the truth. The truth is whatever is left when you remove all the lies. So in my humble opinion we need to as a people assemble, armed, in great masses to the doors of our government and throw out each and ever politician and hit the reset button on the USA. We need a revised constitution making it illegal for companies to store our data or information without our consent, we need to get money out of politics and we need to elect people to represent our needs and wants. Stop making government a popularity contest. Its an evil spectacle. That is the only way to fix this problem because we already have a tyranny in the USA and basically the world. If we want change than we have to do it with our hands not our voices. This country wasn’t built by blogging about rumors of celebrities it was built on the blood of those who fought for true freedom and if we continue to do nothing than we have only ourselves to blame for the police state/surveillance state/thought crime states that we now live in. But we can change. The question is, who of us is brave enough to stand toe to toe and storm this generations Bastille.
I like to look at the Google News sites for various countries. You can tell a lot by what you get on that front page. On the front page of the US version it’s often far more gossipy than other English versions — and each country has their own level of gossip, some are surprisingly quite low in gossipy things (unless it’s in a different section, not the top part).
Rome wasn’t built in a day. But many blogs are, and most people think that that qualifies as real work (and go apeshit if you criticize it, at that).
I don’t think ‘blood’ is what we need, though. What we need is more character and knowledge and to become informed citizens. Most though aren’t capable of becoming such, and thus is the crux of the dilemma; they want to be ruled and as long as it’s not TOO bad, they’ll put up with anything.
Oh, for the Love of GOD, peepul…just wipe it with a CLOTH!!! If it’s good enough for Queen Hillary, it’s goddam good enough for you. Serf’s up, baby, grab yer Waterboard and hit th’ waves. Before the waves hit you! Ooops. Too late.
Trust. No. One.
Always a difficult thing, trying to distinguish between information and disinformation in order to get to the truth. Trust no one probably goes both ways, but I guess nobody will know. I’ve never understood trust; it only seems to work for people who live in the fantasy world most people take as the ‘real world’, not realizing there’s a whole other world they don’t see.
I keep seeing every side toss theories about who’s doing what. It’s destructive. It’s even more destructive when our leaders feel the need to hide data from the watchers that are supposed to be their guardians, like Hillary and the bathroom email server, or the Senate getting spied on. It makes you wonder who doesn’t have dirt on everyone at this point — and makes one think the only real solution is to make dirt up on yourself and see where it shows up. I don’t think that worked well for Hillary, but I’ve never seen her as much of a tactician. First she was painted as a nutcracker, now she’s being painted as a ‘me-too’.
In the case of the Guardian’s computers, the only sane conclusion is that they were probably backdoored, likely at a hardware level. I doubt newsrooms are the most secure location in the world. I have no idea how or where the data was stored, but if I were GCHQ, I’m sure I’d find a way to get myself in there sometime after the initial burst and the final destruction, if only to find out what might be on there. But that’s a conspiracy theory, at best. I’m no genius.
Every story that comes out just looks like turtles all the way down, to me. At some point it just seems like a bad move to assume anything is unpervertable. Best to choose one’s perversions and keep the rest to oneself… let people believe what they want to believe?
Like with these servers, noone’s ever going to find out. The false story benefits both sides, I’d imagine.
Well you said it. You’re no genius.
The funny thing is, there’s nothing there that isn’t true. Or do you know something the rest of us don’t and think things can’t get backdoored? I thought you were one of the people drilling up the paranoia a few months back about all this stuff?
I are confuse. I better go clean my computer with a Magic ShammyWow or whatever they’re called.
You’re all daft – it was obviously to stop the Russians stealing the data from The Guardian’s computers.
Don’t be absurd. It was clearly to stop oppressed countries’ citizens from getting information that might encourage them to throw off their yokes and protest in a meaningful way. Money.
Or it was the North Koreans. Or China. Or Anonymous, which has a habit of being indiscriminate for ‘lulz’ not realizing that when they do so they’re contributing to the very oppression they claim to oppose.
Notice signs of device failure once one engages in measures to avoid surveillance while challenging the status-quo narrative online.
Noticing…signs of device failure and impending device failure… another index card outlining an inexplicable tech anomoly (confirmed as unique or unseen before by three pairs of eyes) lands on the WTF “timeline” stack…
One reason for securing redundant insurance coverage (point of sale, manufacturer, extended third party etc) for all devices.
Current Focus: ASUS Routers, Sprint Gemalto cards, and ADT security
camera controller phantom
port settings changes. Baby.
A new development regarding Edward Snowden. He won’t be traveling to Oslo to pick up an award because, it turns out, the Obama Dept of Justice has been pressuring Scandinavian countries to arrest him if he ever shows up.
http://www.theguardian.com/us-news/2015/aug/28/edward-snowden-fbi-norway-extradite-julian-assange
It may be difficult to destroy information; the person carrying it is another matter.
I think the Swiss may offer him asylum even though if I were him I would stay put. Trying to make friends again with USG is totally irrational, does he have a sense of what he did? He morally debased the world’sonlysuperpower! They will never forget that!
Matthew 10:28: “Do not be afraid of those who kill the body but cannot kill the soul”.
You should still, however, be cautious of them since you need a body to carry the soul and, with it, the exemplary spirit of your deeds though your existence
RCL
merely through your existence
RCL
To get to Switzerland, Snowden or Assange would have to fly over territory held by Germany or other countries and with a considerable US military presence. Aircraft can be forced down, as the President of Bolivia found when Snowden first surfaced in Moscow.
http://www.theguardian.com/media/2015/aug/29/julian-assange-told-edward-snowdon-not-seek-asylum-in-latin-america
Julian Assange has said he advised the NSA whistleblower Edward Snowden against seeking asylum in Latin America because he could have been kidnapped and possibly killed there.
The WikiLeaks editor-in-chief said he told Snowden to ignore concerns about the “negative PR consequences” of sheltering in Russia because it was one of the few places in the world where the CIA’s influence did not reach.
In a wide-ranging interview with the Times, Assange also said he feared he would be assassinated if he was ever able to leave the Ecuadorian embassy in London, where he sought asylum in 2012 to avoid extradition.
snip
Or perhaps in some cases the ALMOST entirely exemplary spirit of your deeds through existence.
I have a few keyboards laying around…I should switch up on them? Why not? If they can update firmware and store your key logging? On your keyboard? Wow! And the other chips on your motherboard that can store data on you? We’re so screwed beyond any privacy. All the encrpytion in the World can’t stop these nosy idiots!
True, but we can still do a lot to keep them off. In fact, i do believe we can regain our privacy
RCL
Mr. Lopez states – “I do believe we can regain our privacy”.
Please tell us why you believe that, and your suggestions on how to go about doing it.
(1) Watch the movie ‘Blast from the Past’ for exciting ideas on living underground.
(2) Build a big ol’ fallout shelter, making sure to have plenty of hydroponics and supplies.
(3) Wait a year or three.
Just joking. I hope.
Too dark?
Excellent work, Jenna. Re ” the U.K. Ministry of Defense mandates total destruction of top-secret information in order to protect it from investigative journalists, and criminals,”how is the public to be protected against data theft, industrial espionage and extortion by members of the intelligence-gathering community with criminal intent?
Alright so NSA who can read human minds using EMF Waves need to destroy chipsets to destroy data when they can basically kill off a journalist by giving him heart attack or organ failure after figuring out his EMF frequency of mind?The Remote Nueral Monitering ensures NSA can hack human minds and kill,torture whoever they like.Only isse NSA faces is when they get probelm with some supernatural beings who know how to use natural human EMF frequency shields to fight back. Generally NSA loves taking away kids of those who know too much about natural EMF for MKULTRA experiments to improve RNM, which is kind of expected because that is NSA job.If you read black magic, the whole concept is using own EMF frequency to damage other person EMF. Prayers is again EMF. Journalists across the globe know well you can’t cross NSA path or ask whistle blowers who complain of organ pains,heart pain,heart beat problems because NSA used EMF to hack human mind areas to delivery EMF waves of torture while claiming NSA is using “black magic”.I am sure Intercept got a document on this but they can’t release the “good” stuff? Human mind is an electronic computer with different chips in it and NSA has been testing on kids since 1960’s to hack human minds.In my case, NSA when used EMF torture they claimed that they are “anti-christ” and “use witchcraft” which is not false because origin of this program is from Voodoo and satanic works but in reality they do it so you don’t understand 8 band frequency jammers and protective shielding and binueral beats can stop NSA from torturing you.
Black magic, white magic and transcendental magic… or karma?
Finally it is all in your mind!
So clean your cache regularly – meditation works better :-)
When NSA trolls attack, they always call opposite side NSA propaganda army. Nothing new.
http://www.greatdreams.com/RNM.htm
You know at end of day, all of you NSA trolls will answer to God to what you are doing. in 1960’s no one believed US government can do human experimentation?Still no one believe JFK was killed by mind controlled slave whose memory was wiped clean. In 2015, its very visible that RNM is in action. Plus, don’t stress out, the more truth anyone speak, more hurt NSA gets.
Dude… seriously… have you ever considered meditation? Counseling? Getting some form of help? Or is this another one of those times where you and your buddies just want to run down the forums by trying to twist ‘reality’ and ‘crazy’ in peoples’ minds again and stirring up the people here who are already confused enough without your ‘influence’? Always gotta fight it, eh? Keep things self-sustaining while you go have your weekend off? Boring, boring, boring, yawn.
Anyway, if you want to get all historically accurate, AFAIK you’d be wanting to look into the companies that DARPA provided funding to in the 60s and 70s. DOD ain’t NSA. And I’m sure they’d be fascinated to hear ALL ABOUT how great their tech is, given their pitiful record at trying to get remote viewing off the ground. Them Rhine decks didn’t turn out so well either, but I bet that cost them less to figure out.
Legba would be disappointed to hear that you think he’s abusing you.
Sounds like Monas Quaker Friend Non-Anon
From the Jeh Jhonson piece a ways back…
the panopticon will allow encryption, and we will be told to trust it, but the panopticon has the resources to see, no matter what we do; and even if encryption DOES work, to some extent, we will never really trust it, thus we change our behavior, which is the point of the panopticon. how does it feel to be Panoptikonically Kool?
https://www.youtube.com/watch?v=12gLKggzj9g
So it’s safe to assume that they can look at me knocking one out if my computer camera’s on… great… good to know… will definitely either be covering everything or practicing my absolutely most hysterical busting a nut face.
In the United States my electronic communications are tampered with on a daily basis. For over 10 years I have notified the U.S. Department of Justice, members of Congress, federal and state attorneys general and even IG’s.
That’s in a nation with a U.S. Constitution that makes it illegal. We can’t judge any other nation.
Crap! Can we have some respect for easily verified technical details.? A degausser is not an expensive or unusual device, and it does not destroy magnetic fields. A typical degausser creates a strong time varying magnetic field to destroy the alignment of magnetic domains in a magnetic material. The information in a magnetic storage device is contained in the pattern formed by the alignment of these domains. The degausser flips the domains back and forth, leaving them in a state that contains little or no useful information.
not entirely due to
https://en.wikipedia.org/wiki/Hysteresis
RCL
HonourableMember [1508270601] ….. outing more than just one huge problem with a short comment on http://www.theguardian.com/commentisfree/picture/2015/aug/26/steve-bell-chilcot-inquiry-iraq-war-report-cartoon
This is/Is this what Chilcot is revealing/has revealed?! ……. Western Democracy Is An Endangered Species On Its Way To Extinction
And yes, that is a rhetorical question and valid inconvenient statement which is too true to ever be dismissed as nonsense.
Interesting times and spaces ahead, mes amis, with smarter events than ever thought possible and probable, virtually leading remotely and relatively anonymously.
There is another story to this happening.
GCHQ could, as td says, just taken them.
The song and dance that ensued was for the benefit of the punters, the public.
The Guardian and I mean Rusbridger ( https://en.wikipedia.org/wiki/Alan_Rusbridger ) was a player with them and he did his patriotic service.
Wrong parts shown in photos, wrong hard drives shown in videos and Rusbridger describes the process as if he were there and not in New York at the time.
Suss as all shit.
Follow the sequence of events, the Guardian played their part.
If the devices were to be destroyed, surely it would have been easier just for GCHQ to confiscate them?
I think the NSA and GCHQ are first graders in the school where the principal is a Chinese. No wonder those yellow geniuses hack into any server they whimsically choose to slant their peek into, helped no doubt by the fact that most of the stuff is what they produce. Donald Trump is the only person who has realized our folly of oursourcing all electronic manufacturing to them, and after he becomes president he will send the NSA director to Beijing to get properly trained in Spi Chi.
We’re a nation of laws not men and women. It is our collective responsibility to each other as citizens to make every effort to create the necessary conditions to enforce existing laws. That ship has not sailed at all people. Pointing to the pre-snowden pre-standing failures of legal efforts to enforce existing law is a gutless dodge unworthy of First Look her readership or our brave whistleblowers.
At a site like this every attorney should be working toward that end. Filing criminal charges against the perps on behalf if anyone snd everyone. Anybody with a clue knows every Intercept regular is targeted as a potential trouble maker just like
every Wikileaks user or supporter is part of an open ended Five (5) year grand
jury investigation. ..
Whats more is it is First Look discussion board legal eagles that should be leading the charge in identifying seeking out and confirming (FOIAing) ongoing criminal constitutional violations against its journalists, administrative staff AND ITS READERS as each one is deserving of remedy and relief. Most of us have given to Snowden Manning Assange etc so there is no doubt a “material support” aspect in play as well.
First Look and the Intercept should be submitting public records requests requesting public records requests from every IC and LEO entity or related private contractor that MIGHT play a role in breaking laws that already criminalize violating the constitutional rights of the Intercepts managerial staff and activist journalists AND the collective constitutional rights of their readership (us).
You guys need a Ryan Schapiro or a Jason Leopold to be running an FOIA public records mosaic on behalf of every Intercept journalist or staff member AND every clearly identified (real names) intercept reader brave enough to participate.
Too often at this site folks with the legal training to know better stop well short of encouraging filing criminal charges against known perps individually or collectively.
Socrates is a criminal for aiding and abetting an unconstitutional regime. Everyone here understands jtrig tactics designed to destroy peoples lives are deployed against environmental activists govt transparecy advocates human rights activist throughout the United States. For those of you with less well documented cases (in other words not me) the Intercepts needs to take a more active role in seeking to ENFORCE EXISTING LAW by pre-emptively (via legal actions and public records requests) protecting the constitutional rights of your staff and readershi on an ongoing basis. Think of it as entrapping the entrappers.
No flying saucers. No aliens. Just Pierre and Company stepping up to Criminally prosecute thise responsible for violating the constitutional rights of a bunch of ordinary First Look staff and First Look readers. Those readers with the temerity to prefer their news on mass surveillance to be based on that ever increasing stack of top secret givernment documents finding their way slowly but surely into every court in the land.
Stop pussyfooting around and take it to them.
UNITED STATES CODE
TITLE 18 – CRIMES AND CRIMINAL PROCEDURE
PART I – CRIMES
CHAPTER 13 – CIVIL RIGHTS
§ 241. Conspiracy against rights
If two or more persons conspire to injure, oppress, threaten, or intimidate any inhabitant of any State, Territory, or District in the free exercise or enjoyment of any right or privilege secured to him by the Constitution or laws of the United States, or because of his having so exercised the same; or
If two or more persons go in disguise on the highway, or on the premises of another, with intent to prevent or hinder his free exercise or enjoyment of any right or privilege so secured –
They shall be fined not more than $10,000 or imprisoned not more than ten years, or both; and if death results, they shall be subject to imprisonment for any term of years or for life.
§ 242. Deprivation of rights under color of law
Whoever, under color of any law, statute, ordinance, regulation, or custom, willfully subjects any inhabitant of any State, Territory, or District to the deprivation of any rights, privileges, or immunities secured or protected by the Constitution or laws of the United States, or to different punishments, pains, or penalties, on account of such inhabitant being an alien, or by reason of his color, or race, than are prescribed for the punishment of citizens, shall be fined not more than $1,000 or imprisoned not more than one year, or both; and if bodily injury results shall be fined under this title or imprisoned not more than ten years, or both; and if death results shall be subject to imprisonment for any term of years or for life.
The targets would be obvious if you asked a simple question: “Can the software communicate with it? Can it store data? Can it process data?” Anything that’s a yes is a potential point of attack or point of covert storage. Always has been. This event tells real, security engineers nothing new except that GCHQ knows this and will destroy any chips visible. We suspected this, of course, so any critical data is stored in *removable* storage.
All lessons to remember for anyone that didn’t know. Will help when you’re looking for attack surface in a system that should resist or slow nation states.
There are two obvious reasons.
– The more likely is simply that they were being mean and vicious for the sake of being mean and vicious.
– It’s possible that they or one of their partners in the intelligence community had black-bagged the Guardian’s computers, hiding bugs in keyboards or other hardware, and wanted to make sure that they covered it up so the Guardian couldn’t find out.
I think the latter is more paranoid, but we do know that GCHQ and others were out to get them. The latter certainly doesn’t preclude the former.
Thanks Jenna,
Firmware present in almost every component part. Unique EMF signatures for every component part separately and collectively. A truly elegant First Look…
> what laptop he’d recommend for journalists and activists who rely
> on privacy and control of their data, he didn’t have an answer.
I think the Purism Librem laptops are a move in the right direction.
GCHQ and the rest of ‘five eyes’ can go to hell.
ANON
I readily admit to being what I declare myself to be and am thankful for this article; but, all the same, as it seems to me, we rather badly need some prehistory here — viz., how did Snowden’s data get into those Guardian computers in the first place? Did The Guardian’s Ewan MacAskell return from Hong Kong with a computer of Snowden’s, and/or with (a) memory stick(s) handed him by Snowden — and/or by Poitras and/or by Greenwald — and transfer that to the computers then destroyed by the GCHQ? Alternatively, did EM fly to Hong Kong with a PC (plus memory sticks?) of his very own, and there load it (or these) up with Snowden data? If so, was EM’s personal computer one of those destroyed by GCHQ; and, if not, did the GCHQ demand access to and/or possession of that private PC, too? Come to that, can we confidently assume that, in the absence of any cry of “Eureka!” from the GCHQ (and NSA) these past two years, they have failed miserably in decrypting the electronic data which they pirated @ LHR @ UK from David Miranda, and we are therefore entitled to award ourselves some Schadenfreude? Won’t GG please consider giving us all an update on the Miranda/Greenwald lawsuit pending against the UK govt.?
First, at typo: it’s the Chaos Computer Club (www.ccc.de). Second, I guess this only shows the high anal retentiveness of the GCHQ. Confiscating the hard drives would have done the job and, as Benito points out below, given the thugs at least a partial inventory of the Snowden document store. It is pretty clear from the subsequent articles that they are still relatively clueless in that regard, viz the hilarity of successive lies by Obama, Cameron and their ilk that are promptly followed by articles revealing their deception.
Of course the alternative hypothesis is that GCHQ and NSA did recover the list of documents, but Obama and Cameron are too stupid to anticipate the consequences of their continued lying. Hmmmmm, I think I like that alternative better.
Serious question: how expensive is a vat of Hydrofluoric acid?
I did a quick check on Alibaba and you can get a metric ton of the stuff for 1-2 thousand dollars.
Just a word of warning — hydrofluoric acid is really nasty stuff that shouldn’t be handled without stringent safety precautions. You don’t want to get even a drop of it on you.
I obviously wasn’t interested in purchasing any.
My question was, why wouldn’t they just dissolve the laptops in acid? Seems like it would be pretty easy to do. Not in-field, but at one of their facilities.
It would be good if the included youtube video was in English (https://media.ccc.de/browse/conferences/camp2015/camp2015-6799-how_to_destroy_a_laptop_with_top_secrets.html#video&t=1) rather than the German version.
And the Youtube URL for that would be:
https://www.youtube.com/watch?v=2vv6OfjpU1E
Well written article (sad that a machine which we can control and doesn’t control us doesn’t exist yet)
There is a real danger if any nation’s government can attack the free press when it is “contrary” to that nation’s official rulebook advertised for both citizens and government to follow.
That is the basis for civilized society: written laws for citizens to comply with and an independent judiciary to “referee” that written rulebook. In this country, it would be akin to the FBI punishing Martin Luther King, Jr not for violating the written laws but punishing citizens for complying with the written laws – very barbaric!
Once we abandon the constitutional “rule of law” we become more like banana republics that use “rule of man” models of government – which creates chaos amongst the citizenry since law abiding citizens are punished and law breakers are rewarded.
It is a mistake to assume that the press enjoys the same protections in the UK as it does in constitutional republics like Germany and the US. There is no British constitution, believe it or not, and it has been a longstanding practice of the British government to attack the press when they are felt to be out of bounds. I leave it to others to compare the scope of the US Espionage Act with the UK Official Secrets Act; my impression is that the latter has far broader scope.
Good points! Both the U.S. and other nations did sign onto the binding U.N. Convention Against Torture supported by Ronald Reagan and Margaret Thatcher. Most civilized nations also supported the Geneva Conventions and supported the “Nuremberg Defense” legal precedent from World War Two (“following orders” is not a legal shield for order-takers involved in war crimes).
These are “binding” international agreements that mandates all signatories agree to investigate and prosecute torturers within their borders. Ronald Reagan also thought any cruel & unusual punishment should be included also.
Senator Patrick Leahy tried to give alleged war criminals an option of little or no prison time if they created a “Truth Commission” – essentially tell the whole truth and there is little to no punishment, lie about and you go to orison for perjury. Victims of these government abuses would e compensated for punitive damages and receive official apologies for Cheney & friends.
War crime proponents essentially told Leahy to go “F—” himself. If that’s the path they choose – why not criminally indict and prosecute them? Cheney admitted to it on national television and is opposed to a Truth Commission.
We’re a nation of laws not men and women. It is our collective responsibility to each other as citizens to create the necessary conditions to enforce existing laws. That ship has not sailed at all people. Pointing to the pre-snowden pre-standing failures of legal efforts to enforce existing law is a gutless dodge unworthy of First Look and her readership.
At a site like this every attorney should be toward that end. Anybody with a clue knows every Intercept regular is targeted as a potential trouble maker just like
every Wikileaks user or supporter is part of an open ended Five (5) year grand
jury investigation. ..
Whats more is it is First Look discussion board legal eagles that should be leading the charge in identifying seeking out and confirming (FOIAing) the criminal ongoing constitutional violations against its journalists, administrative staff and regular passive and active users each one deserving of remedy and relief. Most of us have given to Snowden Manning Assange etc so there is no doubt a “material support” aspect in play as well.
First Look and the Intercept should be submitting public records requests requesting public records requests from every IC and LEO entity or related private contractor that MIGHT play a role in breaking laws that already criminalize violating the constitutional rights of the Intercepts managerial staff and activist journalists AND the collective rights of their readership. TI should be lookin out for their readership of informed citizens. Those with the temerity to prefer the fact based adversarial journalism represented by First Look to its alternative.
You guys need a Ryan Schapiro or a Jason Leopold to be running an FOIA public records mosaic on behalf of every Intercept journalist or staff member AND every clearly identified (real names) intercept reader brave enough to participate.
Too often at this site folks with the legal training to know better stop well short of encouraging filing criminal charges against known perps individually or collectively.
Socrates is a criminal for aiding and abetting an uncostitutional regime. Everyone here understands jtrig tactics designed to destroy peoples lives are deployed against environmental activists govt transparecy advocates human rights activist throughout the United States. For those of us with less well documented cases (in other words not me) the Intercepts needs to take a more active role in seeking to ENFORCE EXISTING LAWS by pre-emptively (via legal actions and public records requests) protect your staff and readerships constitutional rights on an ongoing basis.
No flying saucers. No aliens. Just watching out for protecting the constitutional rights of a bunch of ordinary intercept staff and readers. Those with the temerity to prefer their news on mass surveillance to be based on that ever increasing stack of top secret documents finding their way slowly but surely into every court in the land.
Stop pussyfooting around and take it to them
UNITED STATES CODE
TITLE 18 – CRIMES AND CRIMINAL PROCEDURE
PART I – CRIMES
CHAPTER 13 – CIVIL RIGHTS
§ 241. Conspiracy against rights
If two or more persons conspire to injure, oppress, threaten, or intimidate any inhabitant of any State, Territory, or District in the free exercise or enjoyment of any right or privilege secured to him by the Constitution or laws of the United States, or because of his having so exercised the same; or
If two or more persons go in disguise on the highway, or on the premises of another, with intent to prevent or hinder his free exercise or enjoyment of any right or privilege so secured –
They shall be fined not more than $10,000 or imprisoned not more than ten years, or both; and if death results, they shall be subject to imprisonment for any term of years or for life.
§ 242. Deprivation of rights under color of law
Whoever, under color of any law, statute, ordinance, regulation, or custom, willfully subjects any inhabitant of any State, Territory, or District to the deprivation of any rights, privileges, or immunities secured or protected by the Constitution or laws of the United States, or to different punishments, pains, or penalties, on account of such inhabitant being an alien, or by reason of his color, or race, than are prescribed for the punishment of citizens, shall be fined not more than $1,000 or imprisoned not more than one year, or both; and if bodily injury results shall be fined under this title or imprisoned not more than ten years, or both; and if death results shall be subject to imprisonment for any term of years or for life.
Angle grinders, unite!!
That’s curious, since they may also have been attempting to destroy any evidence of their having toyed with those devices before hand, too. Perverts.
I still do not understand why we are not concerned that David Cameron’s email in a criminal suspect’s BlackBerry which spent a month in police custody under complaints of hacking and corruption was returned to her lawyers with his email content compressed as if it was a Tempora metadata file. No content.
We only knew this occurred because someone in Britain requested the court question the BB’s owner, who used a secret server much like Hillary’s which she had wiped against court oders, to explain this. She had no idea how it became “compressed,” and no one in Britain could come up with an answer, not even BlackBerry, until Snowden’s leaks came through loud and clear.
She said the email was “compressed,” which is the language GCHQ used to brag to NSA that they’d cracked the BB’s compression technology in that very quarter.
Are we ever gonna address this perversion of justice, because if not, I’m taking my talents to SONY.
To me this is even more convincing evidence that the internet has become this grotesque monster where nothing is protected and nothing is safe. With millions of tech savvy (enough) people out there any one of them with a petty grudge or adolescent morality can and might do great harm to me or anyone because there is no way to stop them.
And NSA/GCHQ are vulnerable too if some of the most sophisticated tech companies in the world can be hacked (see Hacking Team) what chance is there for regular people? – NONE!
Enter anything into a computer connected to the internet and it becomes public information there for anyone to take. The hardware we buy is already outfitted for spying and the number of people with the skills to hack is growing constantly.
The internet is now this out of control monster working more against us than for us – no matter who we are.
and so is the software bought or not. Socially spying on people in various ways has become a commodity thanks to the Internet
Privacy became the Santa of Adulthood a long time ago thanks to the Internet technically but also because we let it be that way
RCL
Excellent article, Jenna.
The GCHQ wouldn’t be interested in where the Guardian might be hiding data, since it was already known to have been copied to computers in New York and potentially other places as well. So perhaps the GCHQ was simply following standard protocol for wiping a computer.
But if we’re speculating, it’s possible the GCHQ was destroying the evidence that it had successfully hacked the computers. Even if they were air gapped, the GCHQ no doubt has agents at the Guardian who could have found a way to insert the hacking software. In that case, the iPhones might not have been for taking pictures, but to remotely download all the data from the pwned hard drive and then the GCHQ destroyed all of the chips where various pieces of its hacking software were tucked away.
The GCHQ would have been extremely interested to know what files Snowden had taken. So there is no way they would destroy the data unless they themselves already had a copy. They could probably, under English law, have simply confiscated the computers under the pretext of national security. But then everyone would know they had a copy of the files. So they perhaps preferred to use a more covert approach – spies never walk in through the front door if they can use a secret passage instead.
This is a keenly astute perspective.
Benito can imagine duplicity in every loop, mobious. But there are so many more angles to corrupt. FCPA got this partly started. Murdoch freaked he was gonna get made as King Hack with a 2 billion dollar cashback so he killed his favorite and blew EVERYONE’s covers, even Q’s. That’s my story and I’m sticking it to him.
If GCHQ embeds spies in the BBC, and they do, GCHQ would not neglect IT departments of any and all other sizable media organizations in the UK, since none of them could possibly be as loyal as the Queen’s own Ministry of Information.
The theory this was more than a panicky, frustration triggered clowning op is plausible. CYA does take priority over everything else in all Stasi organizations.
This reads like a story about a comedy skit, directed by people without a sense of humor. The unfounded worries about how “chips” might “retain data” exposes an awesome level of ignorance of the basic physical forces at work. This entire “Guardian” exercise was solely and exclusively GCHQ’s attempt to intimidate the citizenry with outlandish claims. And, by the way, a “degausser” doesn’t “destroy magnetic fields.” It PRODUCES magnetic fields that corrupts the fine, magnetic details holding the bits of data within a magnetic medium like a disk drive, effectively destroying the patterns by replacing them with random values, or destroying the magnetic “tracks” that guide the reading process. All theater, signifying nothing except the intelligence community’s lack of native intelligence.
What is the smallest, lightest degaussing device available? Do you know?
(I’ll check to see if the Stasi’s product catalog includes degaussers.)
The cheapest degausser would be a small fire. Place those Macs in a small fire and they won’t remember anything.
“The unfounded worries about how “chips” might “retain data” exposes an awesome level of ignorance of the basic physical forces at work.”
Except they’re not unfounded.
You can find a video on youtube (likely more then one) about how to get the data out of the RAM chips after you’ve shutdown your laptop. I think it was on DefCon.
The data in the RAM chips decays over time (which you can slow down by cooling it) but if you get access to the RAM before that has happened, you can retrieve the data that is/was on it.
It falls in the expert level (hardware) hacking, so not a lot of ppl in the world can do that. But it can be done and thus is not unfounded.
Carol Anne is correct: not only do the various chips retain miniscule amounts of data, but they are very difficult to program. Think about the consequences of overwriting the software of the trackpad controller with 2 MB of “secret” data: the track pad will stop working. Aside from main memory almost all the memory contained on a computer motherboard is either volatile (like RAM) or is dedicated to the function of various devices such as displays, mice, disk drives, DVD ROMS, and so forth. Overwriting that memory comes at the price of making the computer disfunctional.
As far as recovering the contents of RAM, you are right, technically, but the time the data remains viable is on the order of seconds, and after a couple minutes at room temperature the device is essentially blank. Also, what can be recovered, even after say 30 seconds, consists of fragments, so what is recoverable even after that amount of time is probably useless except for forensic purposes. (By that I mean being able to prove that classified material was in fact stored there.)
I interpreted the part I quoted of Carol Anne’s post as meaning that chips/RAM do NOT retain data, to which I disagreed.
I never said it was easy or that you’d have plenty of time to do it.
I only said that it was possible.
“As far as recovering the contents of RAM, you are right”
Thanks for confirming my point ;-)
I found the DefCon talk and linked directly to the part of the cold-boot attack: https://youtu.be/EFsoCr589GI?t=10m35s
In that talk there is a reference to a paper which Jacob Appelbaum talked about on Debconf8, which you can see here: https://www.youtube.com/watch?v=O_QA4vCJr40
I have always thought so as well. I never understood why they did guardian people destroy them and why did they participate. They could have done it themselves. Police does that as a way to make people self discipline themselves, acquiesce to their being ruled in the future, “behave”.
This is their way to let us know: “we are the rulers”
RCL
they think so too
RCL
A question for anyone knowledgeable about degaussing technology…
How small can degausser hardware be? Does the Stasi have portable units that fit in smart phone sized containers?
A degauser is just a magnet with a coil around it so can be any size. A tape deck head for example could be used as a degausser and is if you use it to wipe a tape. However a degausser with enough oomph to get through a metal harddrive and at the platters is usually a foot by 9′ x 9″ or so it can very by design. They are very heavy and eat a lot of power.
The smallest degausser that can be used on a hard drive is just the magnet that the hard drive uses to write data. Disassemble a hard drive by removing the magnet. Then place the magnet in contact with the media surface to be erased. Done. I’ve personally verified that this works for floppy drives, for instance.
The size of the degausser depends on a number of factors, including the size of the device to be degaussed and the distance of the degausser from the device being degaussed. The largest degaussers have an inner diameter somewhat larger than the diameter of a submarine; various navies degauss their subs to make them less easily detectable by magnetic anamoly detectors (MAD).
Correct me if I’m wrong, but the coercivity of floppy drives is notoriously low, far lower than that of a modern HDD plate.
With HDDs you’re far more likely to damage the heads during disassembly or mess with the contents of the chips that house the firmware and stuff than to actually destroy the data on the plates. The magnets sit quite close to them during the whole of the device’s lifetime, after all.
True regarding coerecivity and damage during disassembly. My point was that one can effectively erase magnetic media simply by bringing a sufficiently strong magnet into direct contact with it. As you know, the magnet-HDD geometry under normal conditions constitutes a near field geometry, but even so, bringing the magnet into direct contact is sufficient to bring the domains into alignment with the field.
Let me also say that the standard for erasure depends on what one’s standards are. Making a document as a whole unreadable is much easier than making each and every word in the document unreadable. I suppose the intelligence agencies would worry that a name of some agent might remain readable even though the document as a whole was rendered incomprehensible, and hence they feel the need to take extraordinary measures to destroy the media.
Thanks. I am wanting to know how large a degausser would need to be to have the capacity to corrupt laptop hard drives in crowded, public areas.
I’ve noticed STASI love their phones in public!
Yes, they are always attached to their controllers. Others have to think for them. They would be lost, and possibly more vulnerable to annoyed targets without techincal support during stalking and skit sessions.
I have been wondering if the gadget waving habits I have recently witnessed among some of my Zerstezung teams are something more than theatre, which is why I am asking about portable, wavable degaussing devices.
Yes more!
And yes more than just a PSYOP!
FBI / COINTELPRO are murderous Bastards!
Yes… more soapbox time until I’m banned a second time.
Zersetzung’s goal is social death of the target, up to murder, accompanied by mirth, popcorn, and a long suck on the public teat. It is executed in ways indoctrinated Americans refuse to acknowledge because they live in a free country where things like this just don’t happen. More zealous patriots overtly approve of American on US Person torture, rationalizing it with “they do it over there” whataboutery. I speculate active-duty torturers are probably the most vociferous Zersetzung deniers. And as many regular TI comment readers know — including Stasi sock-puppets — a surfeit of unhinged Zersetzung denials with companion crazy talk from decoy targets can be found in TI discussion threads containing targets’ posts about their experiences.
But I reserve much of my contempt, nursed by too many years of no-touch and a dash of touch torture, for the ass-wipes who call themselves US Citizens. The Voter. The Complicit. Zersetzung cannot happen without their consent and active participation. This was true in the GDR and it is true in the US.
Yes, the Stasi are murderous bastards, and so are millions of patriots who support them. The “I’m scared. Thanks for keeping me safe by torturing those people I do not want to know anything about” crowd. They approve of torture and deny it happens at the same time. Creepy, stupid, vicious and contemptible.
The NSA has hand held degausser “wands”. They can fit in your pocket. They do not even have to hide it, because most people would not know what it is in the first place. I am sure all the alphabet agencies use these kinds of devices.
They are not directional though, they just manipulate magnetic fields. it is not like someone can just point it at you and destroy your laptop/tablet. That would be more like an electro magnetic pulse device.
Thanks.
I watched a man plug a rubber armored smartphone shaped device into an outlet next to my chair and place the gadget on the floor, right next to my laptop/briefcase. When I returned home and turned it on the disk boot sector was “gone”.
It could have been the cheap — but new — crappy hardware. I do not know. But after this incident I noticed my active-duty Stasi Rodents had a new habit: waving their phone-things at me instead of just pointing them at me. One of them waved their gadget at another machine, wrapped in several layers of tinfoil, and there was no apparent damage.
Cheap hardware? Skits? Both? Or Stasi angst as they watched me set up disk encryption on an air gapped machine being used exclusively for dumping experiences into a book about their torture techniques? I haven’t got clue, but I want my IPSec placebo. Fuck, I had to pay through the nose for the priviledge of being tortured and I should not have to pay extra just to write about it.
This is an excellent article that emphasizes how the “free market”, as is all too common nowadays, fails to deliver any tangible example of a product people want: open source computers, designed for privacy from the bottom up, that the world can freely scrutinize.
I apologize for an off-topic question: Windows 10 has a “Wi-Fi Sense” system, enabled by default, that as far as I understand is snarfing up the unique identification codes of any Wi-Fi device it can communicate with and uploads them to Microsoft, together with its own location information. Can someone confirm whether this means, essentially, that any device you might have with a ‘local’ Wi-Fi connection capability is now going to be trackable at Microsoft by GPS wherever it goes that is within reach of any Windows 10 system? How serious is this issue?
Rather than imposing on the citizenry the requirement that they be embedded with geo location and identification, tracking and monitoring devices… the NSA and private industry was engaged to “solve” the problem of human management, civilian monitoring and control.
The solution, of course, was a completely voluntary, willful adoption of a commercial product, that… bonus… pays for itself!
You guessed it: cellphones.
Gotta have ’em, right?
Well, the thing is, it’s not just the person with the cellphone in this case. I mean, suppose some guy is living in a shack in Montana and he sets up a router to connect his few electronic devices. Living off the grid on solar power, no internet connection, he thinks he’s off the grid, and even if the router (like all of them seem to now) come with wireless built in, he imagines at least his privacy isn’t being infringed because it’s short range. Well, if one lost motorist drives up his driveway and asks him which way to Burning Man, who is carrying a phone with Windows 10 and GPS, now Microsoft has – AFAIK – a record of exactly where the router with that serial number is. And if the guy in the shack has distributed some naughty revolutionary documents over flash drive, that had hidden records of the numbers built in to them somehow, now someone can connect the one with the other.
I feel like the scenarios I picture are individually unlikely, but I’m thinking there’s some very common exemplar that I haven’t thought of yet.
“Living in a shack” is not enough. It must be a shack framed in a Faraday cage. Which you could even do in an apartment.
// __ Sleep Inside A Faraday Cage
~
youtube.com/watch?v=P4UdozjyLlA&t=165
~
Also you could take networking totally off the Linux kernel into user space and not ever use that computer to connect to the Internet …
There are still ways to have some privacy in not such a difficult way
RCL
That’s disingenuous from every angle. Faraday doesn’t stop signals from transmitting — it only prevents signals from getting OUTSIDE. But if someone were to have bugged your equipment, they could merely just do transmission and storage locally within said cage, then just retrieve it when you go out to do your groceries or your errands (as people generally do) — basically, pretty much like any old-school tap before wireless came around, without even having to worry about inductance or battery life (both are, by far, technologically superiour to their predecessors).