Hard Drive/Email Security and Encryption

This post was prompted by a recent chat I had by PM about securing information on your hard drive and sending/receiving information securely.

The basic theme is about how to stop the likes of forensics/thieves from reading what you have been up to and to store important information securely. This could be information about you that would allow a third party to perform identity theft or allow them to put you in jail.

I’ll concentrate on Windows 2000/XP/Vista for the purpose of this discussion as I assume that’s what most people are using.

I’ll use PGP6.02 for this example as it covers all of the important aspects of the discussion in one package - it can be downloaded for free here http://www.pgpi.org/products/pgp/versions/freeware/ for a multitude of operating systems (I’ve not checked if this works well under Vista). Newer commercial versions are readily available to buy or download from usenet, torrents etc. And will work with Vista no problem.

Part 1 - Cleaning up your hard drive.

When you delete a file from your machine it’s not gone. Even when you remove it from your recycle bin. The reference to it is gone but it’s fairly easy to retrieve the data. Just do a google for file recovery software to see what I mean.

So you need to securely wipe your drives free space and delete your files using a different method than just hitting the delete key and emptying the bin.

Install PGP and you get the option to securely wipe files as you delete them by overwriting the data space several times. You can also wipe free space using the same system.

There are other tell tale areas of your system that need looking at though. Your browsing habits are there to be seen in several ways. Cookies and temporary internet files can give a lot away but are very easy to get rid of using your web browsers options. In Internet Explorer, use Tools → Internet options then use the options to delete your browsing history, temporary internet files, cookies etc.

There is software available to do this automatically for you each time you close your browser.

More difficult is the index.dat file which stores every web site that you have ever been to. Don’t believe me? Download Winspy from Tracks Eraser Free Download and see all the information your computer has about your browsing.

You cannot erase the index.dat file easily - you’ll need help. Index.dat viewer and delete index.dat file - Free Internet Window Washer follow the link and download WindowWasher. It’ll do the trick nicely.

That’s about it to tidy up your system (as far as I can think of right now). Remember though that any files that you have saved on your machine are going to be easy to find and view. This brings me on to encryption.

Encryption

The simplest form of encryption is to password protect your files. If you are using MSWord or many other word processors this will sufficiently scramble your file to the point where the casual observer cannot see what is written. Make sure you have a suitably complex password though, at least 8 characters long with upper and lower case letters, numbers and preferable a non-alphanumeric character too (!"£$% etc).

There are ways to break these password protected files fairly easily though. There are several software solutions that will simply try every possible combination of characters until they hit the right password (thousands of tries a second). Coupled with dictionary attacks this can be a reasonably quick way of cracking your file.

A more advanced way of safeguarding your work is to use public key encryption. This is a highly secure way of scrambling your files which, if you use a long enough key (2048bit+) will take many thousands of years to crack.

The version of PGP mentioned above (and the newer commercial versions) have a solution called PGP disk. The system sets up a secure area on your drive (size determined before hand) and assigns it a drive letter. You can then use it just like a normal hard drive once you’ve typed in your pass phrase. The advantage is that anything you store on this drive is highly encrypted and cannot be read. There are other such solutions that do the same thing.

A word of warning here - In the UK at least (and I believe in the US too), failure to hand over the passphrase & private keys or passwords to allow the authorities to decrypt a file is illegal and can land you jail time. Even “forgetting” the password is no defence.

Secure email

You wouldn’t send private details through the post on the back of a post card would you? Well why do you do it with emails? Any non-encrypted email that you send can be read by anyone who intercepts it along the way.

This means ISP’s, hackers, the police, government agencies - in fact all the people you may really not want to get your private information.

http://www.hushmail.com/ provides a free email address that you can use to send email in an encrypted format. Remember though that it must be to another hushmail account to remain secure.

An alternative is to encrypt you email yourself and send it over your normal ISP. When you set up PGP it will provide you with two “keys” - one is private and should be kept very safely somewhere. Don’t let anybody have it ever. The public key should be sent to your contacts who also use the system. When they send you an email they would use your public key to encrypt the message. Once encrypted, even the person who created the message cannot open it. The only person who will be able to do so it you. The system is even clever enough to be able to tell you if anyone has tampered with the message en route.

To send a secure email back to them you will of course need their public key. There is an online database of public keys that you can freely subscribe to which is checked before you send an email. If the recipients key is in the database your email will automatically be encrypted. A public key looks like this…

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 9.7.1 (Build 1503) - not licensed for commercial use: www.pgp.com

mQGiBEAv4goRBAD39XTxHhJRynx/PTJcqL/ZHzjihPUlhb5kX/cdhCJ2etJH07mz
y+k1wELV65CkvJeMfhfvtBxW8tYh+YRMJa5GAMnz1f7gxYqw2oczhBNn6UvT1j7R
q9F5xQZ918OTX88nWMIkDY923dj4esKUHy8NmKAw7xu3+1iuVAbeu3bTYQCg/zWs
Eb2rEWa5b2MxU+pPYXHuN4kEAJEpFfUNicxQi8v0Vuxn5PdLSPAH81j6lMcIgbJV
Zx6yZ6ZEx54OYb+BWT1WT74p03QO/Lcpf/Yk/nMq88xeNZXUR7x4YmxUr4EXPk9t
189TUyt1Ua9pXhHln0b4uCuXj9pXKI+iQWEIaFOFqlzFX5dnHSBFua0ju9e5c58G
E1g/A/9v8jSW96hxggxkWhMnLrOfBVw05vF+sBMdaFV4YlP3Pc2CScco4hNUNI5F
dODPHW4+j3oiCMZu9FkDXlje84aL0SG1IIz4sgHoFjRAIwHVoMWTU/xchYcvuFzW
tGtn/pZFqGkMlCU2N0we+wGbayG+hOZ8d5geungVPnVMmupts7QoRWRkeSBNYXJz
aCA8ZWRkeS5tYXJzaEBibHVleW9uZGVyLmNvLnVrPokAfAQQEQIAPAUCR/fFtAcL
CQgHAwIKAhkBGRhsZGFwOi8va2V5c2VydmVyLnBncC5jb20FGwMAAAAFHgEAAAAE
FQgJCgAKCRAVMk6ve/ZAbRNoAJ9F55BcAfst14wdyiQaTixkqWa7vACeN6qmMhZx
boNprCa7g7neWAsTdRGJASIEEAECAAwFAkil2DoFAwASdQAACgkQlxC4m8pXrXwu
DQgArGT2GdWkVQDDdSCU4LOuCPyD4MjuUK+LTnazKL0jLYSA4dMbSh2+HThL+doe
RgWIzWmVwUuiKYnNdIxEYnM7v5bKZTJpppA1f5BI2YsurWEqKxBoiOz0yOE8EP9Z
V5PY+gUJ430U6s6dKHtaZoZ9DNm/vRCTDhbjaJapQg9sAgl3ZCPuHHCtc5iSWNC6
MDXEIJ0eYjPEfQcvv/UoaiWfIYjGfUOHAxaqM7rbkDkoRPGjQuYw/tBay/bPiBS3
eCAAI3SlRiK9bUuPcwazyfPgzcQVmhRJHzhnuIHAsv+34qE5aBDsPqbzgXTDeS87
EOiEMDhusXdcbiIW3oTGovOmDrkCDQRAL+IKEAgA9kJXtwh/CBdyorrWqULzBej5
UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1
WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01ue
jaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJ
I8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaG
xAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwAC
AggA1Lc8FCi+GRxZL90EjT984ccGA6g6ibCoP5vbtpB4V6vFQOxrEfN8FRbOPySY
WU3nAPhnezjppcCRH0bgkjZ4Pfn3cTnUyTj/VESN+2USsIWCrUyGqlRsnd6ENSph
7sYDRyPALD+zyVxYo/eMHQAwIpnp1BIAOOrdtsG7y26eHzoKEEjJvPOGkNQigl/J
+syN987EC8fhKMosloJfAVlcDFNKl9NMY3ZTDLi1mmLOA4dGr3roLHHiwIOfiIXg
/3Hmf26DAqa4+a1flwTnCjxuXasjbyGC4iUhGLzp4JG+os9zsq4xA8Eg1H+ByFlB
Div2kLZvKckVBBn4SWoPGmq2N4kATAQYEQIADAUCQC/iCgUbDAAAAAAKCRAVMk6v
e/ZAbZcLAKCglWA0Y2nriWERuS0vGa8ANCX6CwCffoEScccpCulqwYdnHVwA7sO8
3wg=
=2pgq
-----END PGP PUBLIC KEY BLOCK-----

More stuff

A great alternative to all this cloak and dagger stuff is to use an online storage site. There are some issues here though too that you need to be aware of.

First, when you sign up for the likes of an x-drive account (http://www.xdrive.com/) it needs an email address. This links the account back to you.

For best effect, get a mate to set up the account in the first place. I have a gmail account which has no ties back to me. I would use that to set up a new gmail account and use that account to set up the x-drive system. I then pass those details on to whoever needs the account. They can then change the passwords so I have no access.

In this way there is no track back to me or whoever is using the storage. If the authorities confiscate your computer and you have followed the hard drive clean up suggestions outlined above then they would know nothing of your alternative storage.

Save your password protected files to your x-drive and you are as safe as possible.

This is a great way to keep information - hide it out of sight. As was mentioned earlier, if the authorities know you have an encrypted drive they can force you to decrypt it. If they don’t even know you are storing information elsewhere they canit ask to see it.

If you really want to reduce the chances of someone digging deeper, create an encrypted drive and put a load of porn in there. The authorities would find the secure storage and go all out to see what’s in there. When they force you to disclose the contents all they find is porn. You simply say that you store it there so others who may access your computer don’t see your perverted images.

Unless they have big suspicions that you are up to something else (which they won’t have because you’ve cleaned up your drive right?) they’ll more than likely stop looking. Remember they only have a certain amount of time, funds and inclination to go digging.

PM’s on T-Nation are likely not encrypted person to person and remain on your account until they are deleted. Whether they can be retrieved after deletion I don’t know. Maybe Lowfatmatt could confirm? Your T-Nation account will be linked back to you by your email address so this is not a secure way of communicating if you do not religiously delete your PM’s.

That’s about it. There are lots of other things that can be done and methods used which I won’t go in to at this point but using the above methods should keep you reasonable safe from prying eyes.

Feel free to add information or ask questions. I’m happy to help out via PM too if you need assistance.

When did you become a PGP rep? :slight_smile:

[quote]RSGZ wrote:
When did you become a PGP rep? :-)[/quote]

Lol - Last Tuesday. I mean - errrrr.

Anyhow, I didn’t actually advocate buying it! :stuck_out_tongue:

[edit] Where did the Z come from? You trying to be cool? lol

[quote]Renton wrote:
RSGZ wrote:
When did you become a PGP rep? :slight_smile:

Lol - Last Tuesday. I mean - errrrr.

Anyhow, I didn’t actually advocate buying it! :stuck_out_tongue:

[edit] Where did the Z come from? You trying to be cool? lol[/quote]

Yeah I figured I should be daring plus everyone think I’m super cool now because I can change my name when no one else is allowed to so there.

On a serious note, isn’t it a pain for the other people receiving mail to keep messing with keys when sending/receiving all the time - using PGP?

[quote]RSGZ wrote:
Renton wrote:
RSGZ wrote:
When did you become a PGP rep? :slight_smile:

Lol - Last Tuesday. I mean - errrrr.

Anyhow, I didn’t actually advocate buying it! :stuck_out_tongue:

[edit] Where did the Z come from? You trying to be cool? lol

Yeah I figured I should be daring plus everyone think I’m super cool now because I can change my name when no one else is allowed to so there.

On a serious note, isn’t it a pain for the other people receiving mail to keep messing with keys when sending/receiving all the time - using PGP?[/quote]

It integrates well into your email client so once you have it set up it’s pretty much seemless.

It does add a level of complexity certainly but it’s easy enough once you try it. That and if you want security you are going to have to use something over and above your standard O/S options.

If you want to trial it - ahem - http://tiny.cc/SBslq

[edit] Oh - You mean if they don’t have PGP? Your email will just get sent unencrypted. This means that you can have a list of ‘friends’ who get encrypted stuff, everybody else just gets your normal email.

[quote]Renton wrote:
It integrates well into your email client so once you have it set up it’s pretty much seemless.

It does add a level of complexity certainly but it’s easy enough once you try it. That and if you want security you are going to have to use something over and above your standard O/S options.

If you want to trial it - ahem - http://tiny.cc/SBslq

[edit] Oh - You mean if they don’t have PGP? Your email will just get sent unencrypted. This means that you can have a list of ‘friends’ who get encrypted stuff, everybody else just gets your normal email.[/quote]

Ah, I tried it wants many years back in high school and it just seemed like way too much effort at the time.

The encrypted partion using PGP does sound interesting though.

Cheers mate, I’ll bookmark that and read it all properly later.

Just out of curiosity, do you ever read The Register? There are usually stories on there that I’m sure you’d find interesting (it’s a kind of IT based news site with a twisted sense of humour).

[quote]Roual wrote:
Cheers mate, I’ll bookmark that and read it all properly later.

Just out of curiosity, do you ever read The Register? There are usually stories on there that I’m sure you’d find interesting (it’s a kind of IT based news site with a twisted sense of humour).[/quote]

Absolutely. The Register is almost required reading!

Slashdot as well.

Good stuff Renton!

[quote]Renton wrote:
That’s about it to tidy up your system (as far as I can think of right now). Remember though that any files that you have saved on your machine are going to be easy to find and view. This brings me on to encryption.
[/quote]

Don’t forget the pagefile. If someone has your hardrive, they can get tons of info from that file. When Windows swaps memory to that file, it doesn’t encrypt it and you can find all kinds of stuff in there - even keys and password - that can make all other precautions moot.

Similarly, if you have a laptop and use hibernation (ie, “suspend to disk”), you have “hiberfil.sys” in addition to “pagefile.sys” to worry about.

I think there should be a disclaimer about pgp because if you think they(meaning NSA CIA Homeland FBI AFT RCMP MIL) don’t have master keys then your really naive.

Could it stop a script kiddy for sure it could. Could it stop a normal person with direct access from looking at your files when your not there. Yep.

But if you get someone that really knows what they are doing you will not stop them. Specially if your infected with a custom trojan with key logging and screen capture. The problem is, the data has to be viewed by the end user.

Also if your up to anything on the net that requires investigation by “da man”. You will get an electronic wire tap on your person. Meaning all data travelling to and from your computer cell phones land lines faxes will be captured and looked at. And the crappy part is you will not even know they are doing it.

And when they have enough info for a warrant all electronic communication devices in your home or office(work too), Will be taken and looked at by guys that have not seen sun in years. Even the wires in your home are ripped out.

So when your thinking this will protect me. Yep, from the average to some advanced. But the elite computer people hold all the keys.

[quote]dirtbag wrote:
I think there should be a disclaimer about pgp because if you think they(meaning NSA CIA Homeland FBI AFT RCMP MIL) don’t have master keys then your really naive.

Could it stop a script kiddy for sure it could. Could it stop a normal person with direct access from looking at your files when your not there. Yep.

But if you get someone that really knows what they are doing you will not stop them. Specially if your infected with a custom trojan with key logging and screen capture. The problem is, the data has to be viewed by the end user.

Also if your up to anything on the net that requires investigation by “da man”. You will get an electronic wire tap on your person. Meaning all data travelling to and from your computer cell phones land lines faxes will be captured and looked at. And the crappy part is you will not even know they are doing it.

And when they have enough info for a warrant all electronic communication devices in your home or office(work too), Will be taken and looked at by guys that have not seen sun in years. Even the wires in your home are ripped out.

So when your thinking this will protect me. Yep, from the average to some advanced. But the elite computer people hold all the keys.

[/quote]

Absolutely right and a good disclaimer. As I said earlier though it all depends on what you are up to and how interested “the man” is in getting information from you.

They generally have more technology at their disposal than we do, this simply makes things a lot more difficult for your average police department or hacker to get their hands on your private information.

[quote]pookie wrote:
Renton wrote:
That’s about it to tidy up your system (as far as I can think of right now). Remember though that any files that you have saved on your machine are going to be easy to find and view. This brings me on to encryption.

Don’t forget the pagefile. If someone has your hardrive, they can get tons of info from that file. When Windows swaps memory to that file, it doesn’t encrypt it and you can find all kinds of stuff in there - even keys and password - that can make all other precautions moot.

Similarly, if you have a laptop and use hibernation (ie, “suspend to disk”), you have “hiberfil.sys” in addition to “pagefile.sys” to worry about.
[/quote]

Good add pookie.

Clearing the pagefile is easy enough although should be backed up by a free space wipe on reboot.

Click Start
Click Control Panel
Click Administrative Tools
Click Local Security Policy
Click the “+” next to Local Policies
Click Security Options
Doubleclick “Shutdown: Clear Virtual Memory Pagefile”
Select the “Enabled” radio button
Click OK

The only true security is what you keep within your head these days.

[quote]MaximusB wrote:
The only true security is what you keep within your head these days. [/quote]

There are ways to get at that too…

[quote]Renton wrote:
MaximusB wrote:
The only true security is what you keep within your head these days.

There are ways to get at that too…[/quote]

Or I could just be a normal person with nothing to hide.

Nah, that’s no fun.

Off to download more movies, music and porn.