SoylentNews is people
SoylentNews
from the about-that-thing-you-thought-was-air-gapped... dept.
El Reg reports:
Data exfiltrators send info over PCs' power supply cables
Malware tickles unused cores to put signals in current
If you want your computer to be really secure, disconnect its power cable.
So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev.The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.
Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel.
The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable).
Guri and his pals use frequency shift keying to encode data onto the line.
After that, it's pretty simple, because all the attacker needs is to decide where to put the receiver current clamp: near the target machine if you can get away with it, behind the switchboard if you have to.
This seems hinky to me.
First, there's the point that the bad guys will need PHYSICAL ACCESS to the premises or even to the individual machine.
Next, if the current clamp is put around the typical line cord, the sum of the current in the hot wire and the neutral (return) wire will be zero. (An inductive current sensor is typically put over only one of the wires, so they will need to do some surgery on that cable — which will be obvious.)
Putting a 100% online UPS between the computer and the AC power supply will also interfere. [ed.]
(Score: 2) by MichaelDavidCrawford on Saturday April 14 2018, @01:30AM (17 children)
... hire my brother in law to "decommission" your storage media.
That's what some lawyer did when he retired and so didn't need his files anymore.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Funny) by archfeld on Saturday April 14 2018, @01:50AM (16 children)
I do that as part of my current job, We format the HD's, physically remove them to the loading dock area and they the get degaussed, then we drill random holes in the platters before putting them in a cardboard/garbage compactor and reducing them to flattened broken pieces. It is a very therapeutic process :) My home PC's are all connected to APC ups power filters due to grounding issues in my very old home.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 2) by Whoever on Saturday April 14 2018, @01:54AM (13 children)
That is a waste of your time.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @02:04AM
We degauss then bend them into a u-shape.
(Score: 2) by Runaway1956 on Saturday April 14 2018, @02:38AM (10 children)
Repetitive redundancy is a bad thing?
A lot of the rest of the procedure is waste as well, actually. Has anyone ever recovered a hard drive that has been dd'd? The last I heard on the subject, no one had accomplished that feat. http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux [wikia.com]
When I hear of anyone recovering a drive wiped with dd, then I'll change my mind about wasting time.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @02:43AM (2 children)
Do you really think NSA would inform you if they did?
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @03:03AM
Well, there are occasionally whistleblowers, so maybe.
(Score: 1, Touché) by Anonymous Coward on Saturday April 14 2018, @09:51AM
There, FTFY
(Score: 2) by MichaelDavidCrawford on Saturday April 14 2018, @03:38AM (3 children)
The DOD only requires 7 but the media must be inspected afterwards. If any classified data remains the media must then be incinerated
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @02:19PM (1 child)
When I worked for the DoN we wiped and shipped then to the NSA for destruction. The last time I had to get rid of classified drive we used the degauss and bend method.
(Score: 2) by MichaelDavidCrawford on Saturday April 14 2018, @08:15PM
I wrote an unclassified component - a small component - of some firmware for a defense hardware board. My clients told me to FTP a certain unclassified MIL-SPEC from an air force base.
That document had the advice to wipe seven times, inspect then maybe incinerate.
I readily agreed that the NSA would be a far more diligent disk-decomissioner though.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Informative) by pipedwho on Saturday April 14 2018, @10:15PM
It is highly improbable they can recover anything in modern hardware after even a proper single erasure.
The NSA is not just about defending against real attacks, but also theoretical attacks, even if those attacks are not currently possible (eg. see quantum computers and classical crypto). Some of those theoretical attacks are on old hardware (20+ years old) that _may_ be susceptible to some edge case attacks that have a non-zero (albeit potentially small) chance of working per each individual circumstance. The cost of this overkill data destruction procedure is infinitesimal compared to their overall operating budget, so no need to optimise for an incredibly minimal cost saving. Keep in mind the NSA is looking forward to defending against possible technology that might not be available for 50+ years. Doesn't mean that have a proof of concept, or that in 50 years it will even be possible; as the technology may not have evolved in the expected direction, there may be too much additional physical deterioration of the original media, or the data is no longer pertinent/valuable.
Agencies with policies tied to the above procedures are stuck with it, even if it doesn't add any actual additional protection from recovery.
For everyone else, it is beyond excessive. The cost associated with attempting to recover data like this on such a wide variety of hardware is huge with the overwhelming likelihood of a null result. This is assuming the hardware/drive hasn't been backdoored - either targeted, or en masse due to NSA influence at the drive manufacturer(s) - and if that is the case, then nothing short of physical destruction is going to be sufficient anyway.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @09:40AM (1 child)
"man wipe"
and learn your linux already
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @09:54AM
I do every time do #2
(Score: 2) by tekk on Saturday April 14 2018, @02:39PM
This is hearsay of hearsay, but the fact that a dd was not sufficient was one of the rules in the defcon talks "And That's How I Lost My Eye" about secure drive destruction. The presenters said that they'd been told by military friends that the procedure is to save a hard drive unless it'd been subjected to a process similar to what's described above: heated above curie point/degaussed and platters physically destroyed. Intelligence won't be able to get *everything* off, but they may be able to get *something* off.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @02:07PM
You do realize that the GP is probably not sitting there watching the progress bar, right? This may waste some electricity, but probably not enough to worry about.
(Score: 0) by Anonymous Coward on Saturday April 14 2018, @10:49AM (1 child)
Or dump the drives into a molten slag pot and leave them to melt if you really have a lot of drives to do.
(Score: 2) by archfeld on Saturday April 14 2018, @08:07PM
I can't even begin to imagine how much damage half my co-workers would do with an open flame. The formatting and degaussing part are required by Federal regulation, the rest of the process is overkill to ensure that nothing comes back to bite us in the a$$. The crushing is at request of the recycler who picks up the remains in the bins with automated equipment that already exists to handle that size containers and weight.
I think it would be kick-a$$ to toss them into a slag pot but most places don't have that kind of equipment outside of forges and iron production factories.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge