Announcement

Collapse
No announcement yet.

Airport searches of laptops, other devices intrusive

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Re: Airport searches of laptops, other devices intrusive

    lol moral of the story... dont leave the country ;)

    on a semi more practical note, i would assume an easy practice used to get around this problem would be to just simply get a laptop only for travel (just like haveing a con / hacking laptop and a work laptop). never mix data betwen the too and use crypto to secure sensetive data when needed

    Comment


    • #32
      Re: Airport searches of laptops, other devices intrusive

      Originally posted by xor View Post
      Fly to Mexico or Canada and walk across the border like everyone else.

      xor

      *rolling on the floor laughing*
      great idea...

      another case of the government going too far... so is there any other way to avoid it?
      unda est terminus. is iuguolo ambitus.

      Comment


      • #33
        Re: Airport searches of laptops, other devices intrusive

        Originally posted by Greyhatter View Post
        I can remember Amsterdam airport 30 years ago when it was not uncommon to see armed soldiers with M16's all around the boarding areas and throughout the airport. [...]
        I was in Amsterdam last Christmas, and they still have armed guards with MP5's and M16's all over the place.

        This Christmas I also visited Switzerland, and the Zurich airport was blanketed by security personal with shot-guns and other types of weapons.

        As for searching of laptop at the border, the next time I am going back to visit my parents in Switzerland I will be leaving my main laptop behind, carrying only a small secondary laptop. This laptop will be clean installed with FreeBSD. After I get to my destination I will install whatever I need on it to get work done, and SSH back home to access to my files.

        When I head back home, I leave the laptop in Switzerland. Problem solved. I don't have a laptop to search any more. It is going to make my travel so much easier and nicer. No more need to pull out a laptop during inspection.

        It is really pathetic that it has come down to this.

        I don't think that a personal laptop is the same as papers in a brief case. I store way more private data on my laptop than I would on paper in a brief case. Now I hear some you say, why is that? Well my laptop has more storage. It makes sense in this day and age to have all the information required at ones finger tips, not only that, it is becoming almost impossible to remember all the information someone is required to remember. Social security number, bank account numbers, pin numbers, insurance policy numbers, passwords (yeah, I will admit, those are stored in Mac OS X's Keychain). My computer is more an extension of my brain, and another place to store data long-term. Paper in a briefcase is not the same thing. It does not compare.

        Comment


        • #34
          Re: Airport searches of laptops, other devices intrusive

          An update concerning border searches of laptops:

          Judge limits DHS laptop border searches
          Originally posted by Article
          A federal judge has ruled that border agents cannot seize a traveler's laptop, keep in locked up for months, and examine it for contraband files without a warrant half a year later.
          ...
          The Justice Department invoked a novel argument--which White dubbed "unpersuasive"--claiming that while Hanson was able to enter the country, his laptop remained in a kind of legal limbo where the Bill of Rights did not apply.
          I hate that these articles rarely actually link to the actual decision. Although in this case they did post "excerpts." Still. Searching for it now...the Northern District of California does not have the best of websites...
          "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

          Comment


          • #35
            Re: Airport searches of laptops, other devices intrusive

            i am very pleased to read this. now, overall... i feel the best policy is to essentially have zero sensitive data on the laptop during border crossings. keep everything remote and VPN back into it from wherever you are.

            that way, the whole device is basically just one big burn phone. still, that's financially unfeasible to anyone except businesses, really.

            i like that there are certain things that are "protected" from unreasonable search, even in a border zone. and this makes sense, really... US Customs should be (in my view) in the business of guarding the border from import or export of controlled, sensitive materials (illegal weapons, illicit cash, smuggled and stolen items, etc) that they can actually prevent and stop.

            there is no way to effectively prevent or stop digital transmission into or out of the USA. (there shouldn't be a way to do it at other nations' borders, either... but we have a lot of corporations to thank for that happening anyway. that's a whole other topic. ask Dingledine or Appelbaum about it in the context of Tor... man, they'll tear into so many big industry names, it's vicious and awesome.)

            there's nothing that can be "inside of" a laptop hard drive which customs could ostensibly be really "stopping" from entering or exiting the country anyway. thus, i'm puzzled as to why anyone could consider it a worthwhile use of their resources to poke around there anyway. (outside of the context of a larger investigation of an individual who is already being held on other evidence)
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #36
              Re: Airport searches of laptops, other devices intrusive

              Originally posted by goathead View Post
              I would be more concerned if they were to attach it to a harness. Once attached to a harness my device is no longer protected by the inspector's skill level and instead vulnerable to a myriad of automated forensics. The replication or imaging of whole volumes for deeper analysis at a later time would be possible. It may not be completely feasible for all devices but possible.
              So for those that are familiar with laptop searches, to the best of my knowledge you are allowed to watch them search the laptop. Does this include watching the screen? Or can they hide what they are doing from you?

              If it's the latter, and they do attach it to some automated forensic tool. I don't think I could trust that laptop any more. While I'm sure that nothing malicious is actually added the possibility that even without admin rights or without me logging in they could've put software on there (Think unencrypted hard drive, how difficult is it to replace a binary when booted off your own media?).

              I'd probably wipe the laptop and reformat at my next available chance. Has anyone witnessed border or airport personal booting off external media or hooking laptops up to external devices for automated testing?

              Comment


              • #37
                Re: Airport searches of laptops, other devices intrusive

                Originally posted by Deviant Ollam View Post
                there's nothing that can be "inside of" a laptop hard drive which customs could ostensibly be really "stopping" from entering or exiting the country anyway. thus, i'm puzzled as to why anyone could consider it a worthwhile use of their resources to poke around there anyway. (outside of the context of a larger investigation of an individual who is already being held on other evidence)
                Deviant, I see where you are coming from, but I can think of one exception. In my cybercrime and computer forensics courses, we talked about the kiddie porn problem. One guy went to an Asian country where sex tourism is popular, spent some time with some underage boys, and took photos and videos of what he did there. He flew back to Mexico then attempted to re-enter the US legally from there. Of course, he was already under suspicion of being a pedophile, and when his computer was searched, they found the evidence. Normally what is on someone's personal computer is nobody's business, but I think in this case the search was justified. That's the bad thing - there will always be that one exception, and it is difficult to know how to catch people like that without trampling the rights of the rest of us
                "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                Comment


                • #38
                  Re: Airport searches of laptops, other devices intrusive

                  aside from stupidity, what stopped this guy from simply burning this stuff to disk, mail itback over the border, and then come into the country normally with a wiped "new" image. searching laptops at the border just catches the low hanging fruit and wastes my time when crossing. there are so many ways to get data into the country. it is logical not physical like drugs and the sooner these people understand that the better off we will all be.
                  Originally posted by Ellen
                  Do I wish we could all be like hexjunkie? Heck yes I do. :) That would rock.

                  Comment


                  • #39
                    Re: Airport searches of laptops, other devices intrusive

                    Originally posted by TrueDuality View Post
                    So for those that are familiar with laptop searches, to the best of my knowledge you are allowed to watch them search the laptop. Does this include watching the screen? Or can they hide what they are doing from you?
                    From a buddy of mine that has to do these, they CAN take the laptop away from you, rip an image and then return it to you. They may just ask you to boot it up and check random folders. As I understand it, it's all up to the officer doing the check.
                    Aut disce aut discede

                    Comment


                    • #40
                      Re: Airport searches of laptops, other devices intrusive

                      Originally posted by hexjunkie View Post
                      aside from stupidity, what stopped this guy from simply burning this stuff to disk, mail itback over the border, and then come into the country normally with a wiped "new" image. searching laptops at the border just catches the low hanging fruit and wastes my time when crossing. there are so many ways to get data into the country. it is logical not physical like drugs and the sooner these people understand that the better off we will all be.
                      I agree that those who are really trying to hide something will most likely find other ways of smuggling contraband data into the country. This guy was apparently not very tech-savvy. He had left a trail of stupidity in planning his trip as well - law enforcement were familiar with his sex tourism destination, which raised their suspicions. It was weird how they did this though - they did not have a warrant and did not have him in custody. They just used a "random" search at the border as a means for searching his laptop.
                      "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                      Comment


                      • #41
                        Re: Airport searches of laptops, other devices intrusive

                        Originally posted by AlxRogan View Post
                        From a buddy of mine that has to do these, they CAN take the laptop away from you, rip an image and then return it to you. They may just ask you to boot it up and check random folders. As I understand it, it's all up to the officer doing the check.
                        Are these guys trained in computer forensic acquisition though? Even ripping an image improperly can leave room for disputing the evidence if it went to trial. I would love to hear the details from someone who does this. Perhaps the rules are different in these cases? The main issues I can think of with regards to whether the image would be of any use are 1) imaging a full disk can take quite some time, and obtaining a partial acquisition is often used when time constraints are present and 2) usually the investigator must choose partial acquisition data in accordance with a warrant. That is the US procedure for it, so if you are somewhere else the procedure may differ. I guess they might have a forensic tool that only looks for certain file types, hash values, or certain keywords when doing airport/border searches. It would be great if your friend or someone else in the know can clarify this.

                        I guess it brings up another question - at what point will they begin imaging cell phones and iPads/Ereaders/etc. during these searches?

                        *Note: I am really interested in this topic because I am thinking about getting a MS in Computer Forensics once I finish my BS in Information Systems Security - trying to learn what I can, and this discussion is full of good points.
                        "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                        Comment


                        • #42
                          Re: Airport searches of laptops, other devices intrusive

                          Originally posted by AgentDarkApple View Post
                          Are these guys trained in computer forensic acquisition though? Even ripping an image improperly can leave room for disputing the evidence if it went to trial. I would love to hear the details from someone who does this. Perhaps the rules are different in these cases? The main issues I can think of with regards to whether the image would be of any use are 1) imaging a full disk can take quite some time, and obtaining a partial acquisition is often used when time constraints are present and 2) usually the investigator must choose partial acquisition data in accordance with a warrant. That is the US procedure for it, so if you are somewhere else the procedure may differ. I guess they might have a forensic tool that only looks for certain file types, hash values, or certain keywords when doing airport/border searches. It would be great if your friend or someone else in the know can clarify this.
                          From what I have heard, the guys actually doing the acquisition are forensically-trained. Aside from that, I do know that they are only looking for certain files during this type of imaging to reduce the amount of time.

                          I'm going out to con with a friend that has a MS in Digital Forensics, so he can probably answer a lot of questions that you might have as well.
                          Aut disce aut discede

                          Comment


                          • #43
                            Re: Airport searches of laptops, other devices intrusive

                            Originally posted by AlxRogan View Post
                            I'm going out to con with a friend that has a MS in Digital Forensics, so he can probably answer a lot of questions that you might have as well.
                            Wish I could be there, but I am stuck with some stupid family obligations that weekend I would love to hear what your friend has to say about this though. The bad thing is, there are still some shady areas when it comes to what is ok and what isn't in searching personal electronics and doing forensic analysis, and they basically have to make up the law as they go. I think the next time I travel by air, I will leave my computer at home and just take my iPad lol. Sure, they could search it too, but it would be less of a big deal to wipe it and start over.
                            "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                            Comment


                            • #44
                              Re: Airport searches of laptops, other devices intrusive

                              Originally posted by AgentDarkApple View Post
                              I guess they might have a forensic tool that only looks for certain file types, hash values, or certain keywords when doing airport/border searches.
                              A friend who is a forensic examiner recently told me that if the authorities are doing a quick look at a laptop and have only limited time, then an examiner is probably going to copy the pagefile.sys and hiberfil.sys files.
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment


                              • #45
                                Re: Airport searches of laptops, other devices intrusive

                                I fly quite a bit and I've found I can get away with just taking a Nokia n810 or n900 nowadays. They don't really check phones, and the Nokia n810/n900 can run most things people need day to day, if their a Linux user.
                                Insert funny sig here

                                Comment

                                Working...
                                X