
Ask HN: How would you secure your laptop against the NSA? - jc_811
Hypothetical scenario of securing your laptop against a state-level actor. What are all the steps you would take? Is something like FileVault on OSX enough? Would you feel confident in your ability to keep your data private against such an adversary? Is it even possible?
======
maksimum
How valuable is the information on your laptop to the NSA? If it's under $100k
you're probably ok doing what Stallman does [https://stallman.org/stallman-
computing.html](https://stallman.org/stallman-computing.html) . If you have
information worth over $5M to the NSA, then you better get physical security
personnel as well as network and hardware security personnel; maybe ally
yourself with a different powerful state or corporate actor. In other words
you need to make their expected cost of getting that information significantly
higher than it's worth.

~~~
tornadoboy55
I knew the FSF people could be dicks, but this guy.. holy shit

~~~
hololight
Yes, he really is... Once listened to him criticize one of the old hosts of
the Linux action show because he worked for a company as a developer and was
writing non-open source software... He felt he should quit and not support his
family or get a job outsiders of development rather than not writing open
software... Was an a$& about it too...

~~~
tehwebguy
He thinks writing closed source code is morally wrong. So he doesn't care if
it's done for supposedly good or bad reasons, it's just bad to him.

------
theSpaceOctopus
I'd just smash my laptop with a hammer, microwave the HDD, and go live a
simple life on a mountain somewhere raising alpacas.

~~~
Hydraulix989
I've seriously considered doing this before, but I would be bored out of my
mind without any intellectual stimulation.

~~~
m_samuel_l
that's why you need alpacas

------
yellowapple
The first step is buying the right laptop. In this day and age, even hardware
can have backdoors. You'd want something devoid of such backdoors (or the
potential thereof, which tends to put a dependency on open hardware) and fully
compatible with open software (not necessarily free, but it tends to help) all
the way down to the firmware.

Transparency is a dependency of trust. If any component lacks transparency,
then it cannot be trusted. Period.

This means neither macOS nor FileVault are sufficient; neither are
transparent, and therefore neither are trustworthy. Even a fully-free
operating system like a Linux distro or OpenBSD is insufficient if you rely on
closed-source drivers or firmware.

Next step is to detect tampering. This means that your laptop needs to prevent
booting any operating system unless you've signed it with some private key,
and needs to clear any full-disk encryption keys if any attempt is made at
physical tampering. This is also the step where you ensure the physical
security of that machine.

Once you've established physical security and full-stack transparency, you can
start worrying about the encryption itself (which will need to be much
stronger than the norm) and about sandboxing untrustworthy software.

Really, the only perfectly-secure computer is an incinerated computer. The
best anyone can do is minimize the opportunities for such a state-level actor
to, well, act. Transparency, tamper-resistance, cryptography, and isolation
are the keys, and even the slightest error or concession for "convenience" can
and will permit the likes of the NSA to actually infiltrate your systems.

------
davelnewton
Physical security is _the_ primary concern.

If access to data "after the fact" is what you're really asking, then you use
the strongest encryption possible (a few options), and have a deadman switch
to physically destroy the hardware (e.g., melt the platters/chips) including
any caching mechanism(s) that's off-drive.

------
wakkaflokka
I followed the Snowden leaks only from MSM sites, so I know little of the
details. Most of the comments thus far are "there's nothing you can do."

Can somebody explain in more depth whether this is likely true, or an over
reaction, and why?

Is there literally no way to stop the NSA from snooping? What if I built a
laptop from multiple separate components ordered from different websites or
purchased from different B&M stores using heavily tumbled bitcoin and ordered
to several different addresses or PO boxes from a public library, encrypt all
of the drives, boot Tails from a flash drive, use a yubikey or some other
physical authentication method in addition to passwords, and never connect the
laptop to the internet (remove the Ethernet and WiFi cards)? Put some dynamat
in the case, just to avoid some type of fancy-ass soundwave-based snooping...
maybe even throw some thermite activated by 5 or 10 failed password attempts.
Oh, and a super-silent keyboard to avoid password grabbing via the sound the
keys make. And a pop-up visor to avoid people looking behind your shoulder.

~~~
sfifs
These two links have been posted already on this thread but they answer your
question very precisely.

[https://xkcd.com/538/](https://xkcd.com/538/)

[https://www.schneier.com/blog/archives/2015/08/mickens_on_se...](https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html)

------
sfifs
If a state level actor really wants the data in your laptop in a targeted
manner, there's very little you can do. For starters, if that were _really_
your situation, you wouldn't use OSX or Windows :-)

If your objective is instead to prevent data theft by identity thieves or
commercial spies, the FileVault type precautions and standard security
practices are probably good enough.

------
openasocket
a laptop you are actively using, connected to the internet? Assuming the NSA
really wants to get you, there's nothing you can do. Here's how they would do
it:

First they need an RCE, probably for your browser, maybe your TLS library. For
a state actor, this is not a problem. Let's assume it's your browser. They
need you to visit a page with their malicious payload. They can use phishing,
they can take over a site you visit. Or they can take control of some machine
in the path between you and sites you visit. From there they can MitM a TCP
connection to inject the payload. (They might not even need to be in the path,
but most exploits to MitM a TCP connection not in your path only work for long
running connections). Now all you have to do is make an un-encrypted
connection to any site, and they've got you.

Now they have taken over the browser process. Maybe you decided to be safe and
do all your browsing in a VM, or use something like Qubes. Then the NSA has to
break out a virtualization escape from Xen/VMWare/whatever. Difficult, but not
impossible, and entirely within the NSA's capabilities. Once out of the VM,
they can use an OS exploit to get into kernel space, or just do some privilege
escalation and load a kernel module.

From here they've got complete control of your machine. They can do disk and
memory capture, capture all your keystrokes, record your screen, etc.

All of the above can be done without leaving a clear footprint in network
traffic or on disk. An analyst could find it, given time, but I wouldn't trust
any sort of AV program or network monitor to catch any of this automatically.
Exfilling data is a little more complicated to avoid leaving a giant footprint
in the network traffic. Probably the best thing is to take advantage of that
staging server they set up in your path: your machine can make a TCP
connection to an innocent-looking IP address and get the connection MitM-ed.
Break the data into pieces and hide it in innocent-looking requests to generic
places and have it intercepted.

Notice everything I've described can be done completely remotely, without any
physical access, and can be applied to basically any setup you have. The
bottom line: once you're dealing with a adversary sophisticated enough to be
able to use multiple 0days against ubiquitous programs, there's not much you
can do. Your best defense at this point becomes security through obscurity:
force them to have to figure out what setup you have to progress through your
system. This might slow them down enough that they get caught.

~~~
runT1ME
> Now all you have to do is make an un-encrypted connection to any site, and
> they've got you.

Seems easy to ensure that doesn't happen. If I block all non SSL requests
going out from my machine, what's the next step?

~~~
openasocket
The NSA still has plenty of options. First is an undisclosed RCE in your SSL
implementation. If they don't have an 0day handy, they can compromise any
server you would visit. They can hijack a web server to inject the payload,
they can steal the certificate and then MitM anywhere on the path. They can
create a malicious ad with the payload, targeted towards you. They can get
their hands on a valid certificate for a site you commonly visit, by using a
CA that doesn't properly check these things, either through a vulnerability,
social engineering, forgery, or coercion. And of course there's always spear
phishing. They don't need to get credentials, just get you to click the link.

------
lithos
Remove hard drive send via UPS, or private courier.

If that is insufficient it's not a fight over security. It's a fight about
mobilization of lawyers and political contacts.

------
todd8
I've never been worried about a National Security kind of interest in my
affairs, but if you are here is a humorous and relevant blog post on
Schneier's blog:
[https://www.schneier.com/blog/archives/2015/08/mickens_on_se...](https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html)

------
a8A6SNRRG1MTZ6X
Yes, you should most definitely take steps. The main thing to look out for,
and easier to prevent, is 'persistent intrusion', as opposed to 'incidental
intrusion'.

'Persistent intrusion' involves long-term monitoring to gain psychological and
behavioral insight. The industry has evolved, it's not always just about
running a keylogger and capturing some files, anymore. Some example of what
persistent intrusion is about: running a 'wmctrl' equivalent every 12 seconds
to capture classes and titles of windows currently opened, which is then
uploaded and assessed. Keyboard typing patterns are also captured. Your music
collection is captured, including which tracks you listen to and how often.
Over the course of months/years an large amount of information is ultimately
collected which is then sent to a team of data scientists and psychologists
for data mining and analysis. The wealth of information allows you to predict
the target's thought patterns and movements.

The microphone is NOT captured for standard targets.

Persistent intrusion is easier to prevent:

\- Prefer Linux to OSX/windows. Prefer Arch or similar but Ubuntu is
infinitely better than OSX/windows.

\- If you are using Ubuntu, never download apt-get packages over http (the
default), switch to a mirror that uses https. The reason is there is MITM
monitoring on the packages you are downloading in order to look for packages
they need to find exploits in, and to gain information about your system.

\- Obviously, never connect to a website unencrypted. The connection will be
MITM'd, a 0day will be injected in-flight on the return path from the remote
host and your browser will crash.

\- On Linux, in the event of a normal crash, never use the crash reporters to
send a crash report. The connection will be MITM'd, a 0day will be injected
in-flight on the return path from the crash acknowledgement server.

\- Routinely reinstall your operating system every 2-3 weeks. It's easy on
Linux and you can automate the install using scripts. Additionally you can
mount your home directory seperately. Physically change the installation
drive.

Unfortunately, incidental (one-off) intrusion is more difficult to stop since
assumedly a single attack is all it will take to lose your data on disk, if
this is the resource you are trying to protect.

Even if you are not a high profile target, any connection to a VPN or TOR is
monitored, and your IP address is added to an array and entered into a lottery
for penetration.

------
Cozumel
Obligatory XKCD: [https://xkcd.com/538/](https://xkcd.com/538/)

~~~
bbcbasic
It's funny because it is true.

------
bbcbasic
Assuming this is about some secret data:

It's maybe the wrong question, or part of a bigger question of how do you
secure information you want to keep from a state-level actor. Your laptop may
be part of that but also your mobile device, home phone, cloud services, and
other people who also have access to the said data. Also how determined they
are to get the data is another factor, and can they achieve what they need to
another way without 'your' data.

------
BorisMelnik
you forgot the biggest piece of information: is the laptop connected to the
internet or a local area network? (or bluetooth etc)

edit: assuming it is not "connected" to the physical world, I'd partner with
an embassy to house the laptop there. preferably a communist state where we
don't have good relations.

------
Spooky23
Avoid attracting unwanted attention.

~~~
gediminas_
Yeah, this one's pretty important - don't do stuff publicly the government
does not like to not have your electronics seized. Being on the grey list
ain't that fun from what I've read..

------
pasbesoin
Thermite + vigorous stirring.

Oh, you mean a _usable_ laptop?

------
neilsimp1
Never connect it to the internet.

