Re: Russian hacker nabbed by FBI now lost in federal prisonsystem

From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Mon Jul 30 2001 - 07:43:51 MDT


On Sat, 28 Jul 2001, Samantha Atkins wrote:

> I am more paranoid. How difficult would it be to infiltrate many
> computer systems and find PGP keys and such? Even if it took breaking

Difficult, especially if you use secure systems. *Very* difficult, if you
store your crypto binaries and keys (the keyring is encrypted, so you'd
have to snarf the passphrase, too) on a dedicated air-gap protected
machine (i.e. sustainbly off network, only exchanging nonexecutable
documents via sneakernet, e.g. on MODs). It is typically easier to break
in into your apartment (of course, as an owner, you can make traceless
invasion very difficult), or, if you're that interesting, snatch you off
the street, and do a little rubberhose cryptoanalysis.

> into a house to get the keys or plant software to find and transmit
> them it is by no means certain my mail is secure when I use PGP. I

If you think you're that interesting (few truly are), perhaps you should
take other precautions.

> have heard of programs that can detect information patterns hidden in
> pictures and such and that these are used by the FBI to note
> steganographic communications.

About 90% of all steganoware leak presence of an (hopefully, encrypted)
message, but there is some steganography out there that is remarkably
difficult to screen for.

In any case, screening for steganography is much, much more expensive.

-- Eugen* Leitl leitl
______________________________________________________________
ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:09:17 MST