Wednesday, July 2, 2014

My tax dollars at work. My laptop and TSA. Again.

So, I fly out from Birmingham to Colorado Springs via Dallas-Fort Worth. Mindful of my last experience after the Bundy Ranch, I had the laptop in a carry-on. It was out of my sight for less than a minute (I would guess thirty seconds) at the check-in in Birmingham. By the time I got to DFW and pulled it out to update SSI and look at my emails, it was deader than Kelsey's nuts. I flipped it over and discovered that the bottom panel had been apparently removed and then hastily (and wrongly) reassembled. (See photo above.)
I also noted that there were tool marks on the small phillips head screw which secured the panel. (See below.)
When I got into Colorado Springs and was picked up at the airport by a friend, I showed him the evidence and he took the above pictures. The next morning we took it into the Geek Squad at BestBuy. They carefully opened it, agreed with my conclusion that it had been tampered with in haste and probably by someone who didn't know what they were doing. They had disturbed the power circuitry but BB was able to bring it back on line and they sent us on our way without charging me a dime. Great customer service. Hard to tell what that was all about, except perhaps to remind me that Darth Vader was still watching.

35 comments:

Jhn1 said...

talk to a hard-core security geek with laptop experience.
Maybe they couldn't clone the hard drive that fast, but install a trojan to a deep (MBR or boot?) sector on a removed drive? or swap bios chips for one with malware?
What other targets could have that damage by somebody going after that other target?

Anonymous said...

Could you please explain a little better just how your computer was out of your sight and how and where you believe they had a chance to open it?

FedUp said...

Is the hard drive under that cover?
Even at 300MB per second, it would take a long time to copy a hard drive, and a directory search to find all the document files wouldn't be quick.

Just for safety's sake, I'd wipe the drive and set it back to factory defaults (you do have the factory recovery disks, right?)when you get home.

Anonymous said...

Get it checked by a Geek familiar (very familiar!) with that model and make to ascertain if any component or 'bug' has been attached anywhere in it - especially radio frequency devices designed to send every keystroke or byte of data to the spy agencies.

Better still dump it in some inner city trash can so that any such device sends information from the finder!

Remove the hard disc and burn any information off it with an electric welder before melting it with a gas torch ...

You are NOT paranoid when you know 'they' are after you ...

III

Anonymous said...

Destroy that laptop!

Anything you have on that laptop, forget about it.

Destroy it, and don't look back.

Anonymous said...

Be careful, Dutchman, that you do not violate Hanlon's Razor:

Never attribute to malice that which is adequately explained by stupidity.

Robert A. Heinlein is credited with the principle:

Never attribute to malice that which can be adequately explained by stupidity, but don't rule out malice.

Napoleon is credited with a quote which (considering that we're talking about feds here) might be a bit more accurate:

Never attribute to malice that which is adequately explained by incompetence.

When I read the piece my 1st reaction called to mind Heinlein's line in his 1941 short story "Logic of Empire":

"You have attributed conditions to villainy that simply result from stupidity"

It is inarguable that your laptop was tampered with. It is equally inarguable that the person who effected the tampering was, if not a member of TSA, at a minimum part of SOME federal agency. Personally, I do not believe they intended for or expected you to even know you had been "gotten to" until you reached your final destination. I doubt the actual problem induced was one the majority of techs would look for when troubleshooting a dead laptop. If the malfunction induced could ONLY occur as a result of deliberate sabotage then, as a 30+ year electronic/computer tech, I freaking well KNOW it would not be something that any tech would look for. Whichever numb skulled, ham-handed, dingleberries-for-brains fed (yeah, I know that all those pejoratives are implicit in the term "fed". I just wanted to PO the drones reading this) botched replacing the cover actually may have done you a favor by doing so. You could have been without the the use of your laptop for days - possibly permanently - if the fed who sabotaged it had done even a half-way decent job.

There is a corollary to the stupidity/incompetence principle above that is a riff on one of Clarke's laws (often called Grey's Law) that reads as follows:

"Any sufficiently "advanced" incompetence is indistinguishable from malice."

If someone who could reliably distinguish between fecal material and shoe polish had done the job then you would have well and truly
been screwed, blued and tattooed.

Anonymous said...

Toss it and get a new one. You now have no idea whether or not it has been bugged.

Anonymous said...

Coat the screw heads with purple orange or yellow touch up paint to show if some one messed with it- if they see the paint they may not try it. (White could be duplicated with "white-out".)

Anonymous said...

Get an iron key drive. Ten attempts to put in your passphrase and it self-destructs.

Anonymous said...

Anything that was on that drive is theirs and consider the entire system compromised. Grind it to dust and stop taking laptops with you. What do pro's do when they whack someone? Make it look like a sloppy breakin gone bad? Act accordingly. Just 'cause it looks sloppy doesn't mean it was.

Anonymous said...

If you learn to use an ironkey, you won't have to lug a laptop around anymore. When you get to your destination, you can plug into a borrowed computer or stop by an internet bar or a library. The ironkey is the size of a normal thumb drive and can go on your key ring. Even if they take it from you, they can't open it. Your information will be safe from prying eyes. If you use Ironkey's included back-up service and back your ironkey drive up, if it gets lost, confiscated or stolen, you just get another new one and restore your back-up to it. Nobody will be able to unlock the lost, confiscated, stolen ironkey..NOBODY! It's the nature of the beast.

Anonymous said...

Get an odd color nail polish. Paint thin lines across the screws to act as witness marks. Also allow it to fill in the X of the Philips heads. You can undo it yourself, but it will have to displace the "green glitter" polish. Also put a sticker on the underside announcing "secure unit- tamper evident seals in place."

Slobyskysa Rotchikokov said...

I don't know if this is possible but could you travel without a laptop in future and maybe rent one or borrow one on site? I would loan you mine if you were coming here to spend a few days and needed one, so I assume any IIIper would do the same for a few days. . Plus the different IPs would probably confuse the Donut Squads.

Paul X said...

So... what did they install on it?

If I were you I would not be using Windows at all (don't know your practice). I'd probably be booting Linux from an encrypted USB flash drive and keeping that flash drive with me at all times, certainly going through airports (another alternative is to put all your stuff encrypted on cloud storage). You could use other folks' computers with that flash drive and have fewer worries about trojans and keyboard loggers and such.

These guys look as clumsy as the old German Stasi. What a bunch of clowns.

Anonymous said...

Watch out for kiddie porn on the hard drive (from your Federale Friends who want to lock you up). Those sneaky bastards will stop at NOTHING to get you out of circulation.

Anonymous said...

There cameras literally everywhere in airports. This activity simply HAD to be taped.

Question though - how was carry on OUT OF YOUR SIGHT beyond travel through the scanners that you would be standing next to?

I got hassled to the tune of everything in my carry on scanned separately and the entire contents removed and gone through piece by piece - but this all happened with my bag and contents remaining in my presence.

In my opinion, you have exposed more than a hassle. This experience PROVES that a "printer" bomb type episode can happen with carry on luggage- and the person carrying it won't even know.

Mike, this is far more serious than just mysterious "screwing with you".

Carl Stevenson said...

They probably installed a back door or worse.
I'd get rid of it if I were you. They could bug you or make it look like you've done something illegal,.
I wouldn't chance it.

Allen said...

travel with a dummy...get a cheap win XP netbook at a yard sale..

when you get to your destination, hand it directly to a security expert to see what, if anything, has been done with it.

if it's been turned into a spying machine..well, counterintelligence is a fun sport. be sure to arrange "pickups" and "drop-offs" of "packages" on the opposite side of the state from where you will really be. for bonus fun have people go to these locations at the appropriate times and play "spot the fed". be sure to photograph and circulate the results of the game!

after that, go to random used computer store..and buy a random computer. use that during your stay and perhaps sell/donate it to a local friendly before you leave.

Anonymous said...

Even products like Ironkey may be sourced from agencies. any cloud storage could be a front business designed specifically by agencies to attract those who want encrypted backups. i wouldn't doubt that a service like dropbox might have been created specifically by security agencies.
if a product or service is created in the name of security you might ask who benefits most from such an attractive honeypot for thos who want to conceal or keep their matters and papers private.

Anonymous said...

If they only had a minute, they did nothing. It might have been a ham-handed attempt to steal ram or the hdd out of the laptop: not for intelligence, but just to get a free ram upgrade or hard drive for their laptop.

Truthfully I think the laptop just got jostled and didn't power on because of that. The screw was already worn from the initial assembly, not tampering.

If you want a difficult to tamper with system get a MacBook air and have a fellow patriot geek install parallels on it to run .your choice of windows os. Macs have specialized screws and are difficult to open without a lot of time.

FedUp said...

The other comments have a point about backdoors and trojans. It might be worth a $200 loss to sell it on eBay and buy a new one, let them waste more time and money snooping the poor sucker who bought it.

Anonymous said...

time to get a new lap top. and the next one should be void of the hard drive, than buy an external hard drive and keep them apart except when in use obviously

never let them have your external hard drive

Anonymous said...

May also be non-related to you personally. May have been to see if it was really a laptop.

http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/10943971/Fears-terrorists-will-target-planes-with-computer-and-human-bombs.html

Anonymous said...

MBV, I know you've been at this game for a while, but it's time to find someone you trust who's been at this new game, and who has a more than passing familiarity with it.

Spot the fed is fun and all, but you need to protect yourself and the people you're meeting with. You need to find someone who can tailor a security protocol to your knowledge.

Anonymous said...

It was a simple message. Otherwise, you would never have known they were there.

The intention is to impart fear and intimidation, to yourself and those who read you.

When you do these things, you plan ahead, down to replacing the screws with new ones, although you are not simply replacing that part of the unit.

Anonymous said...

While all attention is focused on the obviously hacked laptop, ask yourself this - what else did they tamper with?

Given your prior experience, this looks like a red herring to me.

III N TN

Crustyrusty said...

What Paul X said... boot linux off an encrypted USB stick and leave the hard drive out.

Anonymous said...

I doubt anything could be done in a minute! but it wouldn't surprise me to learn it had.

I know you're not rolling in dough, but if it were me, I'd junk it. There's a place nearby that sells used laptops for $150 ish. If you can locate such a place, get a replacement. Your backed up files are available, right? If you use Office, a free replacement called "Open Office" is available online. It is open source, therefore more likely to be secure against windows back doors.

In the future, buy / build your machines to be replaceable and keep,your data portable, even to the tune of carrying a $36 16GB thumb drive with you for docs. The machine it self is simply an access device loaded with a browser and OO.

FG said...

Mike, I have to agree with the previous posts.

Sell your laptop on Craigslist,
or consider using it as a boat anchor.

Your machine may very well have A.I.D.S.*

*Amateurishly Inserted Digital Spyware.

Use caution.

Joel said...

I'm no computer expert, but it seems to me paranoia would not be out of line in this instance.

You need a security expert. Or a new laptop, if possible.

Anonymous said...

Mike, Information security is my business. I have been at this for a very long time. It looks like (to me and not knowing the particulars) that someone wanted to "inspect" the RAM or WLAN card area on the laptop. My guess is the RAM access door. They removed and improperly reinstalled the ram and the PC would not boot. Sounds like they were looking for something that you did not have. Flush the PC, reinstall it and you should be fine. I don't know any hacking devices that utilize the RAM or WLAN ports on a laptop, so my suggestion is to just flush, reinstall and go on.

Edwin III

Stormy223 said...

They were looking for laptops being used for smuggling. When they saw it was a real laptop and did not have any drugs/money in it, they slapped the cover back on. A few TSA agents probably take home a substantial second income stealing from other criminals.

Anonymous said...

Perhaps they were looking for 30 round magazines stashed in your laptop, since you are an admitted smuggler ? :-) More likely a botched attempt to install something in your laptop.

Anonymous said...

I would like to echo the sentiments od Mr. Edwin. I would not dispose of the computer due to a ham fisted attempt to break into it. Throwing money away on yet a new computer may be the intent.

We used to keep the Russians up late at night trying to decrypt our white noise. Spending resources that you do not have on things that do not need to be disposed of would not be a good thing.

My .02 USDs worth anyway.

Anonymous said...

A dab of metallic fingernail paint on the edge of each screw is the way to go.