Analyzing hard drives
Chances are you probably have had to take your laptop, tablet or mobile phone for repair. You might’ve heard that you may become a victim of fraud by having your new details replaced for older ones or getting charged you for some issue that your device never had. But you may be unaware of a different kind of threat: the contents of your hard drives can be scoured, your sensitive data stolen, and the compromising information – sent to “someplace unknown”.
This may happen at remote computer repairs too. Using remote-controlled software, the remote technician connects to your computer to inspect and troubleshoot your issues. They too can gain access to your sensitive information.
Do you think this sounds groundless and paranoid? Recently, the documents released to the Electronic Frontier Foundation revealed the FBI’s ties to Geek Squad, a Best Buy's computer repair facility.
What was the nature of this relationship? The retail company’s managers took payments from the FBI in exchange for letting the agents use the access to the illegal materials the recruited employees searched for on their customers’ devices. According to the records, Best Buy has enjoyed a particularly close relationship with the agency for at least 10 years.
Do you still think this is paranoid? A prominent Orange County physician and surgeon Mark Rettenmaier had no idea that taking his desktop computer to a computer repair facility will lead to his prosecution on child-pornography charges after its employees revealed illicit child pictures.
To his misfortune, he was too careless to take his computer to the computer repair without securing its contents.
The evidence in the case appears to show that Geek Squade’s employees used forensic software to analyze the content of Mark Rettenmaier’s computer since a simple run-through wouldn’t typically allow to access the incriminating file.
I’m not protecting Rettenmaier but his case shows that the employees of the repair facility swept all devices and analyzed all files for illicit content, including personal, possibly private pictures of innocent customers.
The retail giant Best Buy confirmed that four Geek Squad informants took payments from FBI and dismissed them. But that was just a single incident, how many computer repairs are there enjoying such close ties with the FBI? How many of them are recruited by law enforcement in other countries? I don’t think we’ll ever receive an answer to these questions.
Unconfirmed sources report that a number of major computer repair facilities in Ukraine searched customer equipment for any separatist materials, evidence of drug dealing and child abuse, passing on this information to Ukraine’s Security Agency.
Forensic software can search for child pornography, images and videos with pornographic content, to be exact, that were viewed by another person. Apart from that, this type of software is capable of searching all files and logs of correspondence in instant messaging services for any incriminating search queries.
Let me give you another interesting example. An employee of a store located in one of Russia’s major radio markets that accept second-hand or stolen phones talked about his job on a popular forum. In his words, he regularly accessed information on bought smartphones just for fun. His technical expertise and software enabled him to restore deleted data (you probably know that if you simply delete your data, it can be easily recovered).
Sometimes he didn’t even have to restore data, it was just left undeleted before the smartphone was sold. He posted some of the extracted information that includes intimate pictures, photos of a credit card on both sides, copies of sensitive documents and compromising photos showing drug abuse.
It is especially dangerous to leave photos and videos unremoved since a malicious intruder can identify the phone holder on a social network, put together a list of contacts and start blackmailing him or her by threatening to send intimate photos or videos to friends, colleagues and family.
Installing spy implants and firmware
Unfortunately, you can’t rule out the possibility that the employees of a computer repair won’t just install spare parts but also malicious implants. In the chapter revealing how perpetrators can obtain physical access to your device you learned about RAGEMASTER – VGA, a spying hardware implant concealed in a cable and designed by NSA in 2008.
Not only cables can hide malicious software, you can take your computer home with a new hard drive that contains an installed implant, or the casing of your PC can be rigged with a bug, or malicious firmware or firmware with a backdoor can be introduced to one of its components. In this case neither anti-virus nor Linux safe assembly, nor virtual environment will help you.
A common user is unlikely to face this kind of threat, but if you are a person who may be watched by the government, you should bear this possibility in mind when you take your laptop to a computer repair facility.
How to protect yourself
If you fear someone can gain access to your data, a comprehensive approach to encrypting the data on your computer or mobile device will be a sufficient measure to protect yourself. Go to the chapter “Encryption of operating system” in our course to find the information on how to ensure comprehensive encryption for your device.
Remember that a password for locking your screen or logging in to the system doesn’t serve as encryption for your device. This password won’t stop a perpetrator from getting physical access to your storage device.
Tip
Make sure your device is encrypted.It’s a lot harder to protect yourself from implants and infected firmware. If you have suspicions that your device may have been compromised, get rid of it and buy a new one. Don’t take your devices to repair facilities, and if you have an urgent need in doing that, at least send your device there anonymously.
Be aware that an implant or malicious firmware won’t disappear if you reinstall the system or install the most advanced anti-virus. There is a high chance that even the most experienced computer security expert won’t be able to discover them.