Guillermo O. Burastero
gnulinux en bvconline.com.ar
Lun Dic 6 18:44:01 CLST 2004
Miguel Oyarzo O escribió:
> Solo es un tema de conversacion... quizas resulte interesante:
> Policia del cibercrimen de Chile (Investigaciones) llegó a Punta
> Arenas a revisar una denuncia de delito
> de hackeo contra un servidor publico.
> El hacker borró toda la información en su PC y formateó el equipo
> desde donde atacó y reinstalló todo
> desde 0. Esto lo hizo para poder dormir en paz, pues nadie lo pillaría
Capaz que dejo huellas, te dejo la siguiente info de algun articulo que
tengo sobre el tema, disculpa que no lo traduzca pero creo que es
bastante entendible para cualquiera que sepa un poco de ingles.
Forensic recovery techniques normally consist of making a mirror image
of a hard disk and searching it for compromising words. These techniques
are available to anyone with physical access to your computer (i.e.,
just about anyone who really wants to). Deleting a file is not safe in
this respect, because all the data contained in the file remains on the
hard disk (see following point).
Data that has been deleted and overwritten several times on your hard
disk can still be recovered, although this involves the use of advanced
facilities (clean-rooms similar to those used for semiconductor
manufacturing, as well as special electronic equipment). In other words,
here we are talking about NSA, FBI, KGB, the security services of most
developed countries, major technological industries, and a few of the
most advanced universities (updated information: a modified atomic-force
microscope can be used for this purpose, at a material cost probably not
exceeding US$ 50,000, which puts this operation within the reach of
small laboratories and determined individuals). I shall not discuss here
the technology involved. Just how many passes (i.e., successive
overwritings) can be regarded as safe is impossible to tell. A single
pass effectively prevents the application of techniques normally used
for forensic recovery. Four passes are known to allow an easy recovery
through special techniques. Eight passes are recommended by the Pentagon
for low-security erasing. Data recovered after 22 overwriting passes has
been used as court evidence against computer-related crimes in the
United States. Thirty passes or more should be safe, unless the opponent
is exceptionally motivated to recover the data. Physical destruction of
a hard disk, through a complex procedure (involving high temperature and
grinding to dust the whole hard disk with abrasives), is required by the
Pentagon for hard disks used to store sensitive data.
There are several file and disk wiping programs available. I recommend
two: BcWipe (available as freeware from Jetico Corp
<http://www.jetico.sci.fi/>.) and PGP file and disk wipe, which is part
of the PGP package (available from the manufacturer
<http://www.pgp.com/> or the replay server
<ftp://ftp.nl.monster.org/pub/crypto/pgp>). I use both, because neither
of them does everything I need. You must use these programs
intelligently, and be aware that they do not automatically provide
privacy. In particular, you must be aware that sensitive information may
be contained on several locations of a hard disk, in addition to a file.
In particular, remember these locations:
* temporary files created automatically by word processors and other
* free disk space resulting from the automatic deletion of the above
* the swapfile
* the file slack at the end of each file
* the cache of web browsers
Disk encryption programs are especially useful, because they create
encrypted partitions or encrypted virtual drives on a physical drive.
You cannot encrypt your whole hard disk, because the operating system
cannot boot or operate from such a disk (it could if it were designed to
do so, but so far there has been no interest by the software industry,
because of likely opposition by the authorities). Nonetheless, the use
of an encrypted virtual disk is a considerable help toward privacy. The
programs I have tested and found to work on Windows NT are Sentry 2020,
Encryption 4 Masses (which is freeware), BestCrypt
<http://www.jetico.sci.fi/> and PGPdisk <http://www.pgp.com/>. I use
An interesting characteristic of disk encryption is that you don't have
to worry about overwriting the data occupied by deleted files, because
all the contents of an encrypted disk - including unused areas and
unused directory entries - are encrypted. The pagefile is still a
security concern, however, unless it is also stored on an encrypted disk.
Typing on a keyboard generates electromagnetic pulses which can be
intercepted from a distance of several tens of metres and through
building walls. The necessary equipment can fit in a suitcase (in other
words, no particular need to park a large van right under your window).
I would expect that a broadband generator of radio noise is an effective
countermeasure, but I have no concrete information on this. Having a few
computers close to each other and running simultaneously, as frequent in
office environments, might also provide some protection (as long as they
all use the same screen resolution and refresh frequency, see below).
Computer monitors emit electromagnetic radiation that can be intercepted
and used to reconstruct the picture displayed on the screen. I don't
know whether this applies to LCD screens as well, but would expect so.
The equipment and possible countermeasure are similar to those described
under the preceding point. The military and security agencies use
so-called Tempest terminals, which are shielded against electromagnetic
emissions (in case you wonder, a home-made Tempest shield for your
computer is unlikely to be effective).
Special fonts, called Tempest fonts, have been developed for reducing
the above problem. Instead of having sharp edges, they are "fuzzy" (in
particular, their higher harmonics have been eliminated through a
two-dimensional FFT transform), so that their potential for generating
radio emissions is substantially reduced. From normal reading distance,
these fonts are perfectly readable. Later versions of PGP provide the
option of using a "secure reader" that employs this technology when
decrypting text messages.
A related technology adds high-frequency harmonics to video signals in
order to generate a display that looks normal but generates large
amounts of radio signals. These signals can be used to transmit
information (e.g., file contents or keystrokes) to a remote listener
without the knowledge of the computer user.
Bueno no se que tecnologia tendria a mano el cyberpolicia en cuestion,
pero un simple formateo por lo que te mostre no es muy seguro, ademas
fijate todas las otras posibilidades que existen para compromoter la
seguridad de la informacion que hay en una pc. Yo me inclino para una
instalacion de alta seguridad por un sistema de archivos
criptograficamente seguro, el uso de monitores LCD llamadados Tempest
terminals, con Tempest fonts, todo dentro de una jaula de Faraday para
empezar, y la configuración de los archivos temporarios de todas las
aplicaciones en ram o en particiones criptograficamente seguras aunque
se pague con caida de performance.
> El policia, tipo joven y bien preparado, solo sonrió, saco unos
> programas confeccionados
> especificamente para la institución y a modo de pelicula en camara lenta
> reprodujo todas las digitaciones de teclas que el atacante habia dado en
> las ultmas semanas. La evidencia fue abrumadora en su contra y suficiente
> para acusarlo de delito.
> Segun las palabras del detective: TODO queda en el computador, sea
> Linux o Windows y por largo tiempo.
> Solo hay que saber como armar los pedazos como un rompecabezas.
> Miguel Oyarzo
> Punta Arenas
Guillermo O. Burastero
Bahia Blanca, Argentina.
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.289 / Virus Database: 265.4.6 - Release Date: 05/12/2004
Más información sobre la lista de distribución Linux