If it's encrypted it will probably end up in blob storage, which is low cost. If you want to hit them where it hurts, generate tons of fake text (stored as emails, documents, texts, etc.) with GPT-3 to clog up their elasticsearch server and/or NLP classifiers.
For maximum effect you'd want to use something like RSA-1024 which is "just" weak enough that they will take a wack at it, but also strong enough that they'll expend tens or hundreds of thousands of dollars worth of compute attacking it. If you use something "strong" like RSA-4096, they probably won't bother even taking a look at it.
All symmetrically encrypted data looks the same, but almost all encrypted wire formats and encrypted file formats contain some header information. In particular, GPG / OpenPGP encrypted files will contain a header with the public key's hash. Any investigator with more than a day's experience would check the same device for keyrings and check if any of the public or private keys in the keyrings match any of the messages.
It takes a lot of effort to make all of the metadata also not have distinguishable patterns. See DJB's "Elligator" papers for all of the work that goes into designing elliptic curves for this purpose.
It's really a pain to have a full protocol that looks like white noise even if the attacker has millions of message exchanges to look at. I designed a protocol like that about 20 years ago, using the Station-to-Station protocol with the largest 4096-bit safe prime as the DH modulus. I couldn't use the semantically secure version of DH, because in that case, the first 4096 bits exchanged each way would always be a quadratic residue. The modulus needed to be just under a power of 256, so that even with billions of samples, it wouldn't be surprising that none of them were between the modulus and the maximum N-byte integer. For the individual messages within the stream, I needed to encrypt the message length headers, etc., etc. Even with this white noise-looking protocol, I'm pretty sure the pattern of packet sizes used by TCP to encapsulate the stream would give away the protocol being used. It just really increased the amount of analysis a filtering firewall would need, and increased the false positive rate of attempts to block the protocol. These days, TLS is so common and the pain caused by blindly dropping all TLS connections is so great, that you're probably best off either tunnelling your hidden protocol through TLS, or else making your protocol look like a TLS handshake with common parameters.
Now I'm curious, because I've spent the past little while looking at file encryption headers, whether there's an example where the RSA modulus size is explicitly going to be part of the file header. I guess you could tell even if it was presented as a blob (inside a structured header) because it would be padded to a size that was equal to the length of the modulus...
You don't need to muck around with encryption headers for this. Just install gpg, generate a RSA-1024 key pair, and use the public key to encrypt a rickroll video or something.
That reminds me of some story I read back in the 90s about some famous hackers (I think the ones who testified to Congress from MIT).
One of them knew their apartment was going to be raided by the FBI so they left a suitcase full of encrypted cassette tapes in there for the FBI to salivate over.
After finally decrypting the first one, I believe it was just static noise :)
I hoped, HOPED, this story would end with a link to YouTube where a man in a trenchcoat performs a strange dance while lip-syncing to very concerning lyrics about a man that would never give her up, never let her down...
Yes, I earned the downvotes, have at it.
Anyway this made me want to read Cryptonomicon for the 5th time and gift it to some younguns.
Hehe... wish I had a link for you, I went digging around the internet with some serious Google fu and didn't turn up much. The MIT guys were l0pht, but I couldn't find any stories linked to them.
The original story was in a 200 ish page library book I rented in 2004 or so, and I imagine the publishing of that book was in the early to mid 90s based on the tech and artwork involved :) It was at Half Hollow Hills public library, which has since been demolished!
> After finally decrypting the first one, I believe it was just static noise :)
That sound fishy, was there any metadata to confirm it has been decrypted? That's the thing with encryption, it's just math, it won't "fail" anything if you got the wrong key, you'll just get random data back.
If done properly encrypted data looks like random data. That means that if you have a Raspberry Pi pumping out random data (no need for encryption), they'll probably just store it thinking it's top-secret encrypted data that they'll decrypt later.
There is the likelihood that most encryption applications would put a header of some kind on the encrypted blob.
For example, PGP, PKZip, OpenSSL, and age all do this with encrypted files. I'm not sure I can think of a user-oriented encryption application that doesn't. Disk encryption also definitely does (although in TrueCrypt volumes the header is encrypted and not recognizable as such, so TrueCrypt is an exception, probably deliberately).
Crypto primitives in programming languages don't, and NaCl crypto secretboxes don't (they just start with the nonce!), so I guess if you were calling the NaCl secretbox encryptor by hand to encrypt your files, they wouldn't have any header.
The Snowden leaks showed that the NSA has built the capacity to spy on essentially the entire internet. You really think they'll balk at a few petabytes?
Yes but this isn’t the NSA, this is the border patrol, operating with a fraction the budget and expertise of the NSA. The people doing the copying are basically security guards that couldn’t pass the police physical nor find work as teachers.
I really like the idea of a hacked hard drive or phone which generates a never-ending series of files containing terabytes of random data. I bet any given boarder crossing will only have the ability to scan two devices at a time, so bring a couple and you can probably shut down everything as they scramble to figure out what to do when their local storage fills up.
I understand that you're coming from a good place, but speculation on how to "hack" fascism is fundamentally misplaced energy. Nobody will have to worry about overloading the CBP's hard drives if we live in a country where our right to privacy & protections against unlawful search & seizure are respected.
I realise that this is not the exact argument that i was originally making, but technical people are unlikely to rethink technical solutions without them understanding the technical barriers that limit a "solution's" effectiveness.
Most hard drives (and presumably SSDs) contain embedded microcontrollers to handle translation between the various protocol levels (USB, SATA, etc) and the raw data on the platters/FLASH cells, often running i/o drivers on top of some microcontroller-specific RTOS.
So ... surely the ideal technique would be to write a driver for the RTOS that generates a stream of data on the fly that looks like an ExFAT filesystem full of directories and email folder hierarchies containing Lorem Ipsum text? That way, it keeps feeding an unending supply of junk back to the imaging hardware (which probably isn't anything as high level/simple as "plug into a PC, mount it, and copy everything"). Yet if they open up the case and look inside, they'll see a genuine hard drive with genuine platters.
An exotic device that smells like tradecraft is a great way to get past the bored rent-a-cops and meet some some serious counterintelligence investigators.
This is more like my way of thinking. People seem highly focused on how much space they might have for storage. But security isn't really about disk space, which is quite cheap these days. It's about how much time/money/resources it takes to complete the tasks needed to circumvent whatever security controls are in use.
If I had to do this, I would indeed make a faked Nimbus 100TB SSD drive, but it would also be super slow and glitchy. Spit out the proper meta data, then slow random noise presented as glitchy virtual sectors. Done deal. They've surely imaged glitchy drives before. They aren't rare.
How many drives can they image at a time, and how long does it take? How many drives can they not image because yours is taking so long? That's what I would attack.
Maybe you're waiting in a room (or covid-room) while they're trying to copy your strange shitty disk for days on end. I can already see the 'The Atlantic' piece.
I'm wondering if it's not gonna be another 'good' reason to keep anyone they want to mess with for days. Oh sorry we can't read m2 disks we have to call the guy from the place that has the only converter. We'll keep you warm in the mean time. You didn't have a flight connection or a lawyer you wanted to call, right?
That is where the storage comes in. Most likely the data from the drives is being dumped to a local NAS device with a limited capacity - more then likely a consumer level NAS sitting under someone’s desk. When it fills up it probably requires an IT person to get involved, and then they have to decide if they are going to dump data or do an unscheduled upload, being greedy they will probably wait for it to upload, then they have to start over or resume copying data from your device, so if it’s a honeypot giving endless data then you can imagine them making thee or four attempts before giving up and waving you through. Meanwhile they have hundreds of terabytes of your random data to store and index for 75 years.
All of these comments seem to be written as though the side effect of trolling federal agencies is everyone being mature, recognizing that you pulled a great joke on them, having a good laugh, patting you on the back and sending you on your way.
Based on prior stories I've read - trolling pissed off people with any form of Authority could end up very very badly for anyone doing this.
Aside from them just out and out confiscating any electronic device they like, they could detain you for a long period of time, they could put you on no-Fly lists (and then good luck ever flying into/within the US again), they could put you on extended screening lists (and so, every time you fly then on - again, kiss goodbye every electronic device you posess every time you travel, again). If you're a foreign national, or even if you look vaguely foreign, you might find yourself deported/denied entry/locked up for a while during the deportation process.
That's before they even get motivated enough to be malicious - I'm sure if they wanted, they could gin up enough of a case of "obstruction" or "wasting police time" if they can find any evidence (or even anything that looks like it could be hint of intention, like posting on HN), which even if it never goes to trial can still make your life a living hell, cost you your job, and a huge amount of money defending.
>The people doing the copying are basically security guards that couldn’t pass the police physical nor find work as teachers.
Or maybe they're just people who want to protect the country they live in? You can't just view everyone who disagrees with you politically as a drooling idiot.
I've heard that 5 eyes can only process 20 precent of what they collect a day. I'm not sure what they do with the 80% at the end of the day considering that pipe is constantly getting more feeds.
I doubt they look at everything by default. I would think they have a starting point of something like Persons of Interest, Devices of Interest, and Locations of Interest.
This is HackerNews, so you're going to get called out on such nonsense. There is no technical capability to "spy on the entire internet". If you truly believe this, then you are probably consuming propaganda.
Honestly if you do try that, I think the legal system would be right to prosecute you for it. "The law is immoral" is not a legal defense against "You knowingly disrupted a law-enforcement IT system."
Agreed, but there are no legal defenses against having done 2.
Civil disobedience requires breaking the law. With that comes the possibility of being legally prosecuted. Civil disobedience requires accepting that. And in fact, a large part of the effectiveness of civil disobedience comes from the fact that people accept the risk of arrest.
Just in case any readers are taking the above comment seriously, there is no modern legal system anywhere that allows exceptions based on the above. It is absurd nonsense.
I would encourage you to study peaceful revolutions (e.g. Mahatma Gandhi). Protestors protested against unjust laws by filling up the prisons. One can't be afraid to lose money or time when taking a moral stance. You are ofcourse doing this at great personal expense because you believe you are correct, not for external praise or glory.
Back up a moment, this is suggesting emailing a zip bomb[to yourself or an account you know will not open it.] I believe showing intent is a separate issue.
I think, back in the day, it was used to get away with lynchings. Not the best example, because laws against lynchings were actually also morally correct.
There are many reasons you could legitimately hold a drive with a zip bomb; maybe you're researching them for security? Maybe you collect interesting examples to teach the concept?
(Note: this doesn't mean you should go on record with such a defense without an attorney present, just saying why it shouldn't legally be regarded as malicious without a lot of other evidence.)
It would be interesting to see the legal defense of what constitutes "knowingly" disrupting it.
For example, if I put a zip bomb on all my emails regardless of the border security but just as a general security measure, would that make me culpable if it wasn't targeted?
All hypothetical of course, because there's other hurdles to that as well like being flagged as spam in every day use.
And how would you prove intent? It might be easy to prove if it's an usb drive with only a zip bomb. But what if it's on a 8TB external hard drive, with a bunch of random stuff (research papers, movies, podcasts, etc), placed inside a folder called "DoS examples" with a bunch of other malformed files as well?
Isn't the American legal system the one where that kind of argument actually has weight? Why so many cases are thrown out on technicalities and litigation costs are so high.
A kitchen knife is just a tool for cutting meat, does that sound like a crime to you?
Depends very much on what is being cut, in what context, and why. Cutting chicken fillets in a kitchen to cook dinner? No. Cutting a human on the street whilst screaming 'die you bitch' probably yes.
Because we're talking here about a file that one might possess within one's personal effects and papers--a file, on a PC, with no desire whatsoever to share it with anyone--the comparison to waving a knife around while screaming threats, or forcing a malicious file into a server, seems more than a little thin. Where is the motive? Where is the criminal frame of mind?
Remember, piping /dev/zero to a compression routine for a few seconds, out of curiosity or testing a shell script or whatever, could create a file that might throw a wrench into poorly-built works.
Yes, and if you suspect someone is going to legally try unzipping it, you are probably legally required to inform them that it does contain a zip bomb.
And if you have the zip bomb on the USB drive with the intention to damage a law enforcement system, things change.
Just like you are allowed to have a gun, but you can't walk into a random place carrying a gun.
Personal attacks will get you banned here, so please don't. Also, could you please stop posting unsubstantive comments generally? We're trying for at least a little higher than internet default on this site.
I imagine they would seize the drives and give you a receipt. And then, a year or two later, they give you a call to tell you they are releasing the drives and you can pick them up. Isn't that what happens to computers that are seized as a part of a police investigation?
Best to be deepfake granny & grandpa porn. Is there anyone working on that yet? The US legal system being what it is, I expect it will be necessary to prove the deepfakes are legal adults that consented to the filming.
HN getting upset over something you never said is one thing. The Border patrol getting upset over something you never said would be quite a different level of pain. I think that's the fear.
Where did I make that argument? Most people here have no idea how law enforcement or CBP operates. Some full drives are not a big obstacle and they're not going to waste time without knowing who you are first.
As far as the data collection, searches without reasonable suspicion are already ruled unconstitutional. The rest has been policy for years. The only change is centralizing the data but this isn't big news and there are already movements against existing practices.
I don't support unlawful collection or searching law-abiding citizens but that has nothing to do with my work, or what would realistically happen in the above scenario. I'm not sure what you're talking about with the rest of your political claims.
I believe pretty much none of these protections exist at the US border if you aren't a US citizen, which isn't that much of an edge case considering that's like 96% of the world's population and a lot of people may want or have to visit the US at some point.
I think you must be talking about another situation than the US, can you explain? The us border patrol can do this to citizens and non-citizens, and they assert their right to do it to anyone within 100 miles of the border, which is much more than half the us population. I don't want this for noncitizens crossing the border either. One reason for that is I don't want this to happen to me either.
During the bush 2 administration, they were harassing people traveling to the us who were making documentaries about the us in the iraq war. This is just a convenient way for them to invade the lives of privacy of people coming through the border.
The previous poster was talking about non-citizens and that's what I responded to. Non-citizens by definition don't have the same rights.
I never said I supported this but just explained what would happen in the original scenario and that this isn't new policy. Anyways I've given up trying to deal with the irrational and emotional behavior on HN when it comes to political topics.
Would you support them seizing data from someone who owns a legal marijuana cultivation business in San Diego (because he's so close to the "border area") and then sharing that information with the DEA to federally prosecute him? The definition of "law-abiding" there would get a little murky.
What if it's someone who grows weed for his personal, medical use in an illegal state?
Marijuana is federally illegal and comes with plenty of risks. I don't think CBP should be abusing border area privileges for drug-related offenses but technically the fed govt can use the support of any agency. It's highly unlikely that CBP/DEA would waste time if the establishment is legitimate given state laws unless you're helping a cartel or personally known as a major dealer.
He said "only" risk. I consider them separate. Are we really debating the semantics of the plurality of risks in this situation? This thread is hopeless.
I'm saying you just repeated what he said with more words for no reason. Why are we talking about what affects an arrest might cause? It's not related at all.
Of course they do. I only said that a bunch of harddrives aren't going to be a real problem for them. Not sure why that's leading to so many extra interpretations of things I didn't say.
"A Boston federal court ruled that U.S. federal agents can’t conduct “suspicionless” searches of international travelers’ smartphones and laptops at the border and other ports of entry, a decision hailed by the American Civil Liberties Union (ACLU) as a major victory for privacy rights. In a 48-page decision, U.S. district judge Denise Casper ruled that border officials need justifiable reasons to search a person’s electronic devices, which should be balanced against the privacy interests of travelers."
> Until an appeal actually overturns this, is this not the new standard?
No, because the 11th Circuit Court or Appeals has already ruled to the contrary, while the 4th and 9th Circuits have rules similarly. However the First Circuit rules on this there is a Circuit split until the Supreme Court resolves it. So calling other side of that split the absolute rule is presumptuous.
For forensic, as opposed to manual, searches of electronics there is under the district court judgement in Alasaad v. Nielsen (currently on appeal as Alasaad v. Wolf because of change in DHS leadership.)
How many petabytes of mirroring before the whole operation becomes too expensive to justify?