There’s an investigator I know, top of her profession, who once put her laptop in the trunk of a cab. By the time she reached her hotel, the laptop was gone. This happens thousands of times a year at airports, train stations, libraries and coffee shops. Sometimes the thief wants your hardware. Sometimes your data turns out to be more valuable, or its loss more damaging. (It’s pathetically easy to find examples.) And sometimes the victim is not a matter of chance.
In this case our investigator was onto something hot. She was closing in on a high-profile scandal that disturbed the interests of powerful and resourceful people. Maybe her bag was jacked by a petty thief, but Occam’s Razor pointed another way. She had to assume her targets now knew anything they could glean from her computer. I found her to be oddly undisturbed by this. She said she had followed the first rule of prudence, which is not to write anything down — especially in digital form — that you really, really need to keep secret. But I thought she was nuts to believe she lost nothing sensitive. It is astonishing what current forensic tools can learn from your computer.
And no, your log on password is not an obstacle. I’ve tried password cracking tools like this one on my own machines, and they work. More importantly, anyone can buy software that copies your hard drive and strips away all its secrets without even having to log on. For an example, take a look at the capabilities (PDF) advertised for EnCase, a leading forensic tool. Besides sorting, searching and reading the contents of every file on your drive, this software can recover your deleted files, list the URLs and times of every web site you visited, reconstruct email and instant messaging conversations, list every thumb drive you’ve ever attached, and a whole lot more. (More on Time.com: See photos on the history of the computer)
What to do
There’s no single answer to this problem, but one of the first things to think about is encrypting your computer. With “whole disk encryption,” you have to supply a password before you begin to boot the PC, and the information on the hard drive is scrambled so that even advanced forensics can’t see it.
You don’t need to be a spook to care about encryption. If you travel with your computer or keep it in a place where other people can put their hands on it, you’re vulnerable. There’s almost bound to be something that you don’t want the whole world to see. Maybe it’s not about you. It could be personal stuff about your friends or family, unlisted phone numbers for members of your club, or your company’s payroll or personnel records.
Before you start
No kidding, read this first. Disregard at your peril. Before encrypting your computer:
- Make sure you won’t get in trouble with your IT department if it’s a computer you use at work.
- Make a backup of the whole PC, and test that it works by restoring one or two files. Most computers today have built in backup software. Or do a web search for free alternatives. (Suggestions, anyone?) I mostly use Acronis TrueImage, a commercial product. Being a good CounterSpy, you’ll want to encrypt your backup if your software offers the option.
- Understand that if you forget your password, you will never get into an encrypted hard drive again. Period.
How to encrypt your drive, for free
There are commercial products from companies like PGP, Checkpoint and Mobile Armor, but they’re mainly geared toward IT professionals who administer multiple computers. For personal use, I recommend the free and open-source Truecrypt, which comes in flavors for Windows, Mac and Linux.
After installing Truecrypt, choose “Create Volume” and then “Encrypt the system partition or entire system drive.” The software wizard walks you through the rest. There are technical-looking options along the way, but stick to the defaults.
You have one important choice to make: your pass phrase. It needs to be long and hard to guess. We’ll come back to that in future posts, but meanwhile, please don’t use your dog’s name, boyfriend’s birthday or favorite football team. A jaw-dropping analysis of 10,000 stolen passwords last year showed that the top 20 most common ones included 123456, 123456789, 111111 and america. Seriously, people.
Once Truecrypt gets started, it will take a few hours to encrypt your drive. But the process runs in the background, you can pause and resume, and it’s fine to keep working while it happens. You only have to do this once. After that, you won’t notice the encryption except at boot up time, when you have to enter a password twice.
Nothing is absolute in security. It is highly unlikely that anyone can break the Advanced Encryption Standard used by Truecrypt. Because the software is “open source,” which means a lot of people have laid eyes on the programming instructions, it is also unlikely that the programmers left a back door unlocked, on purpose or by mistake. But if your threat model is a highly motivated, highly capable opponent, that isn’t quite the end of the story. (More on Time.com: See the top 10 technology bans)
Ever hear how invaders breached the Great Wall of China? They didn’t try to knock it down. They bribed the guards. German forces likewise conquered France by the expedient of bypassing the impenetrable Maginot Line. In future posts, we’ll talk about the digital equivalents of these threats, and what you can do about them. Meanwhile, don’t leave your password on a sticky note, and shut down your encrypted computer before you walk away.
Want more CounterSpy? Click here.