Archive for Privacy and Security

MacLockPick: A Vital Tool For Our Trusted Protectors

maclockpick_pulls_private_data_via_usb_portOnly $499 and available in bulk from Subrosasoft, The MacLockPick is a handy little device for computer-illiterate trusted civil servants to plug into sleeping MacBooks and collect data from all those computers left lying around at crime scenes – just like on TV. Via Digital Trends Magazine:

MacLockPick Pulls Private Data Via USB Port

Friday, April 27th 2007 @ 6:50 AM PDT
By Nick Mokey
Staff Writer, Digital Trends News

Uncle Sam has a new way to pry into your data, and it’s as simple as popping in a thumb drive.

Lock up your MacBooks, Apple fans: SubRosaSoft announced Friday that they are shipping a USB thumb drive, dubbed MacLockPick, that can extract passwords, Internet history, and system settings from an OS X user just by slipping it into a USB drive.

Of course, the drive is only available to law enforcement, but we have to wonder if the same technology that powers it will ever become available to less scrupulous individuals. […]

Anyone wonder just what security measures are in place to ensure that only law enforcement can purchase this. Better yet, what security is in place to ensure that law enforcement doesn’t lose, misplace, or steal the device? Not that it does anything that a power user couldn’t do given a little private time with the computer, but it does make it seamless, simple, silent, and quick – just the thing for the sort of abuse-prone neanderthals that seem to make up far too much of the law enforcement population.

The following is a list of file items that can be extracted using SubRosaSoft’s MacLockPick:

Apple Keychain Passwords

  • System – The user password of the logged in user. Often this is shared for root access and FileVault encryption.
  • General – Includes (but is not limited to) passwords for encrypted disk images, wifi base stations, iTunes music store, iChat login, Apple Remote Desktop.
  • Internet – Includes (but is not limited to) login and password details for web sites, email accounts, some peer to peer networks, online services and stores, auction sites, and .mac accounts.
  • AppleShare – A list of login and password details for appleshare servers this mac has connected to.

Files and Folder details

  • Folder Dates – A list of all the key user folders along with their creation date, date of last modification, date of first access, and date of the most recent access.
  • Disk Images – Paths to the most recent disk images that have been mounted on this mac.
  • Preview – Full paths to recent files that have been viewed in the preview program.
  • QuickTime – File names for recently viewed movies fro the QuickTime player applications
  • Recent Applications, Documents, and Servers – Program names for the most recently used items on this Macintosh computer.

Instant Messaging

  • Default Login – for iChat instant messenger system.
  • Complete buddy list – including buddies who have since been deleted.

eMail

  • Account Details – login names and server addresses used.
  • Address Book – Address details for entries in the address book including contacts that have been deleted. This address book is used by most communication programs on the Mac and is used to synchronize with the iPod and other portable devices.
  • Opened Attachments – Paths to files that have been received as an attachment then saved or opened including the date and time of opening.

Web History and Preferences

  • Search Strings – The most recent items that the user has searched for using the google toolbar in safari.
  • Cached Bookmarks – Sites that have been bookmarked in Safari including items that have been deleted.
  • Current Bookmarks – Sites that are currently bookmarked in Safari.
  • Cookies – A full list of cookies include the server address the cookie value and the date and time of assignment.
  • History – Complete details of browsing history including the number of times visited and the date and time of the most recent visit.

Hardware Preferences

  • iPod – Serial numbers of any iPod that have been connected to this Mac along with the date and time it was first used.
  • Bluetooth Devices – hardware address of any bluetooth devices that have been paired with this mac along with the most recent time these devices have been paired.
  • Wifi Connections – Listings for wifi base stations that have been used on this computer including the base address and the date and time of the first connection.
  • Network Interfaces – MAC address for each integrated network interface on the suspect’s machine.

No doubt there will be, if there isn’t already, an open source version of this  or a free set of instructions to DIY for anyone with the time and inclination to do so.

Tracking The Loss of Private Data

If you’re interested in the subject of data breeches, data loss, and mishandling of private information you might want to have a look at etiolated.org.

etiolated

Site features real-time graphs, statistics, and searchable full-text database of company names, event summaries, and comments. Thanks to my friend Al Macintyre.

Private Intelligence and the Sovereign Individual

In The secret service for the rest of us, Matt Mower writes:

I’ve often wondered how feasible it would be for us to setup an intelligence service to watch them (most recently I was wondering whether there are intelligence services at work in Second Life). After all; What is an intelligence service other than an organization that collects data from the edge and analyzes it for the benefit of its customers?

Blogs and other read/write web tools give us all the ability to gather data and, in our own fashion, analyze it and pass it on. We are each miniature intelligence services for a varied clientelle and, although we too are biased, our bias can be adjusted for since it is more easily determined (over time).

More than a decade ago two futurists – James Dale Davidson and William Rees-Mogg – wrote of the coming breakdown of state-based security and the growth of independent, individual security forces in their books “The Great Reckoning” and “The Sovereign Individual.” They were ridiculed pretty widely at the time and the books were considered fodder for bunker-dwellers, albeit rich bunker-dwellers. Much of what they projected was based on cultural and social models already visible at the time in Latin countries dominated by drug cartels. 15 years and the meteoric rise of technology have changed the landscape of what can be done but, if anything, the predictions of Davidson and Rees-Mogg seem more tangible than ever. If they were guilty of anything, it was merely being too far ahead of their time.

Current futurists and military analysts like John Robb (my source for the original story) are busily deconstructing the projected fall of the nation-state, peak oil,  the rise of non-state entities, etc all of which is important. But no one seems to be thinking about my problems in the way that Davidson and Rees-Mogg did – deciphering what all this chaos means to the individual – and more importantly what to do about it.

How do we predict the unpredictable? How do we assess probability and impact? How do we, as individuals, make the right choices for where to live, where to put our money, how to prepare for the unexpected, how to protect our family, our friends, ourselves? Packing the basement full of survival rations, bottled water, duct tape and gas masks is a shallow, and rather ineffectual, approach.

What we really need is analytic intelligence for the individual. Governments – no matter who’s – are unreliable sources of information for the individual (if they can be considered reliable sources for anything at all save waste and corruption.) But to get such intelligence will be very difficult. Matt is right, current social software tools provide a glimpse of what may be possible, and many of the tools are being deployed within intelligence communities. But that is the key. Could we, as individuals, build our own intelligence communities?

Private CIAs

John Robb, independent military analyst, futurist, and author of “Brave New War,” on Friday posted this interesting tidbit on Friday regarding the move by GlobalCos into the intelligence and security space:

JOURNAL: Private CIAs

By John Robb

A strong sign that the nation-state is in decay is the frequency we see announcements of companies that are replicating some of the most sensitive government services. The most recent mover is Walmart, which is in the process of putting together its own intelligence arm (it’s being built by a former CIA/FBI officer Kenneth Senser). For those unable to afford their own global intelligence unit, Blackwater’s Cofer Black is building one called Total Intelligence Solutions.

If you want to get up to speed quickly, the background for this is available in BNW.

This makes sense, of course. As these companies plan long-term deployments across the globe they can little afford not to know the risks involved. And the intelligence fiasco of Iraq WMDs showed how unreliable government intelligence can be. This looks, to me, like another area where oligopoly control of a market makes sense. I wonder how the potential for shared intelligence organizations, and perhaps shared risk, will alter the oligopoly landscape?