Micah Lee πŸ”‘

For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.

I wrote about my experience and methodology here: theintercept.com/2018/04/28/co

Β· Web Β· 0 Β· 145 Β· 158

I hoped that, if an evil maid attacker tried tampering with my laptop, I would not only discover the attack, but learn how it works, and possible who was behind it. Unfortunately (fortunately?), I didn't discover any evil maids.

I installed Debian on the laptop. Before each trip, I removed the hard disk and took checksums of the partitions and the disk header. I also dumped the BIOS firmware. After each trip, I did the same, and compared to see if they matched.

I learned a lot about hardware hacking and got to use free software BIOS tools like chipsec, EUFITool, and flashrom.

It was a lot of fun! I go into much more technical detail in the article.

@micahflee The simple reality is that most people who think they're a target simply aren't.

@micahflee well you did have the EFF "I do not consent to the search of this device" sticker on it so I guess that spooked them ;)

Great read! "..even in controlled environments, it’s impossible to give a laptop a clean bill of health with full confidence..." This needs to become common knowledge! https://theintercept.com/2018/04/28/computer-malware-tampering/
Isn't the solution to this problem to always travel with a firearm?
No, because the TSA are not allowed to open locked containers containing firearms without you being present. I saw a talk about this idea a while back, where the talker presents this as a useful trick to never having one's luggage get lost again, or inspected without you knowing. A flare gun or lower receiver is enough in the US, different rules may apply in the EU

@tomas that's a strange rule, any idea why is it so? Would they hurt themselves with the gun

@micahflee @qbi very interesting read, thank you. the android tool "haven" will likely be illegal in germany, though.

@qbi @jotbe @micahflee here is an article by the lawyer of german publisher heise about "haven": heise.de/ct/artikel/Snowden-Ap (de) - concluding that it will likely be illegal to covertly record voice audio of someone, privacy laws set high bars and in general prohibit video surveillance in non-public places without any visible notification that this happens. not sure whether it would be ok with a visible sign denoting "video surveillance in progress".

@micahflee my infosec strategy: use a computer so idiosyncratic and jury-rigged that replacing parts, modifying the bootloader, etc., will probably result in the computer not working any more

Sign in to participate in the conversation

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!