
Don't want your laptop tampered with? Just add glitter nail polish - rdl
http://www.wired.com/threatlevel/2013/12/better-data-security-nail-polish/
======
haberman
This reminds me of 1984, where Winston placed a speck of dust on the corner of
his diary. He knew he couldn't prevent the authorities from reading it, he
just wanted to know if they had or not. However (spoiler alert) he learns at
the end of the book that they were careful to put the speck of dust back just
where he left it.

This is like that, except it (hopefully) would actually work.

~~~
namlem
By far the most unbelievable thing about 1984 was how competent the government
was.

------
source99
I thought this was gonna be an article about making your laptop look like it
belonged to a 14yr old girl and therefore uninteresting to the NSA.

~~~
enkephalin
i wish i were still at the point where i could believe that government
agencies weren't interested in the doings of 14 year old girls (or kids in
general).

------
nicolethenerd
Misleading title - this doesn't prevent tampering, it just makes it obvious to
you, as the laptop owner, that your machine has been tampered with. Still
useful, but then what are you supposed to do about it?

~~~
huhtenberg
It may actually prevent tampering if the tampering is supposed to remain
undetected.

~~~
dhughes
Just look for the dude with glitter on his face.

~~~
001sky
glitter <nailpolish> !

~~~
dhughes
It has to dry eventually, glitter falls off.

------
sillysaurus2
EDIT: Holy smokes. I wasn't trying to be inflammatory. Sorry. I was only
saying not to trust that this is an absolute guarantee that your laptop hasn't
been tampered with.

Even the top comment is misleading -- "this doesn't prevent tampering, it just
makes it obvious to you, as the laptop owner, that your machine has been
tampered with. Still useful, but then what are you supposed to do about it?"

This method provides no guarantee of detecting tampering. It provides a
guarantee that if an adversary is dumb and unaware of this method, then they
may break the seal and get themselves caught. But it's a bad idea to be
confident that the seal itself is evidence you haven't been tampered with.

Would anyone please explain which ideas are mistaken and why?

~~~
dredmorbius
First off, there's a whole school and practice of security measures which is
aimed more at _revealing_ breaches than in preventing them, per se. Audits,
tamper-evident seals, tell-tales placed in maps, watermarks in documents or
images, and very large swaths of system monitoring, reporting, and alerting.
Much of military electronic security "Orange Book" procedures have much more
to do with _auditing_ than they do _securing_ data.

Sometimes the goal is to determine _what_ was taken or breached, sometimes
_who_ violated confidentiality (especially via watermarks or telltales), or
_how_.

In some cases, the goal may be to ensure/assess planted information _was_
actually accessed. One counterintelligence mission, Operation Mincemeat from
WWII involved landing a dead body (a deceased criminal if memory serves) with
bogus military plans, and a pretty elaborate back-story, to mislead German
intelligence into thinking an Allied attack would occur in Greece rather than
Sicily. Part of the assessment of the plan involved determining whether or not
the Germans had in fact examined the documents, and forensics showed that the
corners of the papers indicated that they had been secured in a manner
consistent with being photographed.

[https://en.wikipedia.org/wiki/Operation_Mincemeat](https://en.wikipedia.org/wiki/Operation_Mincemeat)

Another case might be, say, a journalist who wanted to be able to positively
demonstrate that electronics were accessed without authorization by officials
(whether in a border crossing or some other means). The glitter polish trick
would make for a useful and highly embarrassing bit of evidence which could be
shown to the public in the form of before-after photographs.

No, it doesn't _prevent_ access (and the title is misleading), but it does
_identify_ access.

~~~
sillysaurus2
I just wanted to thank you for this fantastic comment. Security history is
fascinating, and this provides a ton of new material for me to osmose. Do you
have any more reading recommendations? I've been wanting to research the WW2
period up through the end of the cold war in particular.

~~~
fazzone
If you are interested in that sort of thing, I highly recommend the novel
Cryptonomicon by Neal Stephenson - it is partly about the activities of a
joint British/American counterintelligence unit whose mission is to make sure
the Axis does not figure out that the Allies have broken their codes. It's
also a great read in general.

~~~
munin
Cryptonomicon is a pretty shallow treatment of intelligence during ww2, and
Stephenson makes stuff up (as fiction, he doesn't claim it is fact) when the
truth is even more outlandish.

I would recommend the following books:

[http://www.amazon.com/dp/0743217349](http://www.amazon.com/dp/0743217349)

[http://www.amazon.com/dp/006097771X/](http://www.amazon.com/dp/006097771X/)

[http://www.amazon.com/dp/0679762892](http://www.amazon.com/dp/0679762892)

[http://www.amazon.com/dp/068486780X/](http://www.amazon.com/dp/068486780X/)

[http://www.amazon.com/dp/0452287472](http://www.amazon.com/dp/0452287472)

[http://www.amazon.com/dp/1452206120/](http://www.amazon.com/dp/1452206120/)

~~~
e12e
I trust Singh's "the Code Book" is hiding behind one of those amazon links?

~~~
mjolk
Don't be so lazy. If you're just interested, click and find out. If you feel
it should be, suggest why it's an interesting read.

~~~
dredmorbius
Naked links offer varying level of affordance on different platforms. I've
frequently been on systems (or networks) in which following through on
individual links is a pain. What's particularly annoying in this case is that
Amazon's full links _do_ include item descriptions (for books: the title) in
them, though you'd have to click through to the links here, _search the
fucking title_ and then click on _that_ link before you get what you're
looking for:

[http://www.amazon.com/dp/0743217349](http://www.amazon.com/dp/0743217349)
fully expanded is:

[http://www.amazon.com/Battle-Wits-Complete-Story-
Codebreakin...](http://www.amazon.com/Battle-Wits-Complete-Story-
Codebreaking/dp/0743217349/)

e12e's comment was helpful: it supported the original post and included
additional information of use to others. And as it happens, Singh's _The Code
Book_ was _not_ included in the original list. You can find it here:

[http://www.amazon.com/Code-Book-Science-Secrecy-
Cryptography...](http://www.amazon.com/Code-Book-Science-Secrecy-
Cryptography/dp/0385495323)

munin would have performed a superior service (remember: writing is for the
benefit of the reader) if he'd at _least_ included descriptive URLs, if not
the titles of the works in question.

And your attitude could use considerable improvement.

~~~
mjolk
If one bothers to post on hacker news, it should be for the benefit of the
community. It was a lazy action and you can spare me the snide remark.

------
DanAndersen
"He put the diary away in the drawer. It was quite useless to think of hiding
it, but he could at least make sure whether or not its existence had been
discovered. A hair laid across the page-ends was too obvious. With the tip of
his finger he picked up an identifiable grain of whitish dust and deposited it
on the corner of the cover, where it was bound to be shaken off if the book
was moved."

------
rdl
Hi -- this was a fun talk to give.

The big point which wasn't so clear is that seals are not locks. Seals exist
to identify tampering; locks exist to prevent it. We use a software tool (and
remote network service) to turn seals _into_ (electronic) locks, which is kind
of cool -- the integrity is measured locally using a trusted device (iPhone
for now, eventually something better), verified remotely, and then a 2FA token
is returned.

Glitter nail polish is maybe 70% good for this, but has the huge advantage of
being widely available. Part of the goal here is to travel completely "naked"
to a country, then buy a random local laptop, other local stuff, and tools,
and then be able to re-create your capabilities. There are some custom
conformal coatings which are brittle, much harder to pry off, single-layer,
etc. which we've played around with which work much better. Plus actual
paper/tape/plastic seals, and indicators already in devices (manufacturing
defects like the grain of a casting).

Hooking this stuff into conventional security measures (MDM, VPN, FDE, various
access control, etc.) is the ultimate goal; it's useless to detect tampering
if your data is all they're after and unencrypted, after all.

My coauthor Eric Michaud is a former safeguard seals guy from Department of
Energy's VAT, probably one of USG's top 3 seals programs (and probably one of
the top 10 seals groups in the world), and has a physical security company
(and is a lock expert), so I've been learning a lot from him about that
technology.

------
praptak
This Slasdot article:
[http://m.slashdot.org/story/28566](http://m.slashdot.org/story/28566)

describes a similar technique - glass spheres in transparent epoxy resin
creating an uncopyable optical fingerprint. One of the comments states that
tinfoil pieces in clear epoxy photographed from several angles were used as
tamper proof seals during the cold war era.

------
ThatGeoGuy
There is an interesting comment in the original article, that I wasn't sure
about, and figured I'd bring up here:

"There was always a question that bogged me. Imagine you are called aside to
do a routine border check in airport security area. Imagine they want to
inspect your laptop. Can you refuse to surrender your password which encrypts
the whole disk? Is there such right to say "Nay, what is mine stays mine"?"

As somebody who is not from the USA, are you allowed to ask that they perform
any security checks in front of you? Are you allowed to ask for the TSA
agent's supervisor and have them walk you through each of the steps?

I guess one obvious solution is to carry the laptop/device with you on the
flight, and leave the battery/adapter in check luggage, but this becomes more
difficult when you consider tablets, phones, and the like. Thoughts? As
somebody who may travel to the USA one day, I'd like to hear what kinds of
situations you might end up in playing games like this.

~~~
joezydeco
The short and general answer is that the border entry area, where you are
typically interacting with US Customs, is a "no-man's land" and you basically
have zero rights in that zone. That goes for US citizens as well.

The simplest result is that they can turn you away from the USA and send you
back on the next flight if they think you're a problem or unqualified to
enter. You may also be detained and things get worse from there.

Carrying a laptop without a charger is not a solution at all. The hard drive
can be extracted and read apart from the machine. Same for your phone/SD
cards/external disks, etc.

The safest way to enter the US it seems is to carry completely blank devices,
if you need to carry them at all.

~~~
Crito
If you are a US citizen who continuously gets refused reentry at the border,
what would happen if you snuck across?

Presumably once you were across the border you would have rights again and
could not be removed from the US. I imagine you would be arrested, but at
least you would be officially back in the system, right?

~~~
VLM
Its very difficult to be refused entry as a citizen. Not impossible, but very
difficult.

They can F with you WRT interrogation pretty much as they please until you
give up or contact a lawyer, or state a belief in your being intoxicated until
you get a lawyer and/or blood test, or mess with your belongings (YOU can
enter but not that bottle of tequilla and not (you+the bottle)). Another way
to mess with you is dual citizenship type stuff like you've legally become a
citizen of Canada but haven't officially renounced US citizenship yet. They
can also threaten to arrest you if you persist in trying to gain entry while
illegally importing something, like, say, a bottle of tequilla or the clothes
on your back. The most effective way to be refused entry as a citizen is to be
drunk (aka the whole so-cal/tijuana thing).

I've heard stories from coworkers who used to visit tijuana back when it was
safe (or at least, safer). I'd be mildly interested in any story of a citizen
actually being denied (as opposed to them screwing around with obnoxious
drunks). Or great Tijuana stories, for that matter.

~~~
Crito
I suppose the best way to handle this sort of situation would be to refuse the
search, turn back away from the border, figure out somebody to hold onto your
computer _(mail it to a friend in the US? It would cross customs, but maybe
you could hope it wouldn 't be randomly searched. Alternatively just copy the
drive to the internet, then trash or sell the hardware)_, then approach the
border again without the computer. They cannot turn you away for refusing to
let them search a computer if you do not have a computer.

~~~
VLM
Keep the data remote via VPN/SSH/rdesktop/VNC, and the appliance is a lump of
hardware that can be reinstalled. This is easy with a laptop running vanilla
Debian, not so easy to wipe/reinstall some appliances.

------
Theodores
Just buy a HP/Compaq CQ series notebook and make sure that you aren't going to
be parted with it for more than the ten hours needed to get to the hard drive.
Simple.

Jesting apart, who has not had screws fall out or work loose from a Dell or HP
laptop? The likelihood that the screws are in differently due to some secret
spy type of person opening the machine is quite unlikely compared to the high
likelihood that they have just worked loose of their own accord.

~~~
lucb1e
> who has not had screws fall out or work loose from a Dell or HP laptop?

Me. If your laptop is falling apart, it might be time for a new one.

------
PavlovsCat
Relevant section of the talk (about all sorts of seals, not just nail polish):

[https://www.youtube.com/watch?v=d6tdq603z20&t=1h45m31s](https://www.youtube.com/watch?v=d6tdq603z20&t=1h45m31s)

------
wyck
Wax stamps, for the internet dark age.

------
vacri
_By taking the picture with a cellphone that is kept with you at all times_

... wait a minute, I remember seeing this earlier...

 _Border areas can be especially dangerous, as authorities can confiscate a
laptop or cell phone_

~~~
joshka
hash photo, remember hash.

------
gesman
It's more about "knowing" that your laptop was tampered with.

Nothing about "preventing" it from happening. Or knowing "who" was tampered
with it.

Big difference.

------
dzhiurgis
I can already imagine US border officer asking "Why do you keep a bottle of
nail polish? Are you a terrorist?"

~~~
dredmorbius
Giving a whole new meaning to "robust tradecraft is such a drag" ...

------
auctiontheory
Assuming you were carrying secret information on a business or government
trip, wouldn't you carry the data on your person in an encrypted USB drive,
with a blank/vanilla OS install on your laptop? That seems more efficient (and
effective) than all this glitter spraying and photography.

------
rexreed
How are you supposed to glitter over a laptop's ports?

~~~
anigbrowl
Put a sticker over them, put glitter on the sticker edges.

------
ramy_d
Is there a substantial risk of mailing your hard drive to your destination and
simply travelling with a hollow computer?

------
deegles
"Border areas can be especially dangerous, as authorities can confiscate a
laptop or cell phone to “examine” it, then return it with the drives imaged or
malware installed."

Has anyone actually had this happen to them? What was the fallout from it?

------
itsybitsycoder
If this got popular, I'm not sure how easy it would be to detect if someone
broke your seal, replaced the screws/stickers as they were and resealed it
with a clear topcoat of a similar gloss level.

------
sfrechtling
Based on the comments here, I can see that this tamper evidence method is not
foolproof. Is there anything that is better (harder to detect, harder to
replace even if known about)?

------
altero
Perhaps encrypt HDD and store boot loader, kernel and keys on USB?

~~~
lucb1e
I don't see how this prevents anyone from adding hardware keyloggers, mics to
do side channel attacks on private keys, speakers to jump airgaps, etc.

------
atmosx
Uhm, well that's another level of paranoia all together. The more solutions
the better, even to problems that we (me at least) most probably will never
have (or at least, I hope so!).

------
randall
Clever!

------
judk
This article is useless without pics

~~~
rdl
Good idea; we're doing another talk at RSA where we drop some tools, so I'll
set up a macro rig and take some pics/videos for a supporting website. I need
to buy a ring flash which actually doesn't suck, I think.

