since there has been some talk about pirates getting jail time for
warez and moviez in the news lately. I thought I would post a
countermeasure.

I have built a freebsd file server with windows file sharing, GBDE whole disk
encryption and a hacked serial port program to monitor physical security that will
lock, destroy, or nuke your data when physical security is breached, great for
unexpected raids by the authorities. No evidence no jail time.

there is absolutely no way I am walking you through the steps to install and configure
freebsd or install the ports you will need (like samba), use man pages and google for that.

once you have a server configured and visible on your windows network, download
the file below and and start reading the included PDF's, build the serial port hardware
and modify the tripwire.c source code for your server configuration. compile the
source and install.

you should use a separate disk for your encrypted data, and make sure it is not
mounted at boot time. or you will have to input the password for the disk during
the boot process which really sucks if you have a headless server hidden in a
closet.

http://www.coffincruisers.com/gbde.rar

links:

http://linuxfocus.org/English/January2001/article186.shtml
http://www.openaddict.com/installing_freebsd_6_2.html
http://www.freebsd.org/doc/en_US.ISO8859-1...encrypting.html
http://www.bsdforums.org/forums/showthread.php?t=43796


take that MPAA/RIAA

Thats some pretty usefull info right there. Hey, how about this... dont do warez! Hey look, no need to encrypt anything! HUZZAH!

Believe it or not, some of the laws here in the USA concider encryption "witholding evidence". If the authorities have a warrent to sieze your shit and you dont give them passwords and how-to instructions, that could be more jail time for you. Last i remember the 5th ammendment states "The accuesed may not be forced to testify in their own behalf" which pretty much means if you are accused of a crime, you dont have to get on the stand and be questioned. Also, by not testifying that does NOT prove guilt. Forcing someone to reveal evidence against them sounds like a violation of the 5th if you ask me... Im no law expert *shrugs*

Encrypting the file system, wont that slow down HDD performance? And if you are running SMB Shares, all someone has to do is log into the share and d/l the content, so encrypting the HDD is kinda' pointless. If they have physical access to the machine, the first thing they do is pull the power cord out, so the failsafe serial tripwire is pointless. The first thing they do once they have your machine is clone the HDD. They literally do that RIGHT THERE on the spot. They pull your power cable out, open the machine, pull the HDDs and clone them.

Even if they dont clone the HDD, if the OS isnt encrypted they can pull the SMB passwords out of the config file, slap an XP box to LAN and just d/l the contents of all the shares.

This seems like a great idea for the insanely paranoid, but I dont think its going to be effective with how they sieze and clone shit right away. Even if you erase everything, they try to recover anything viable to hold against you. Good idea, but a better idea would be not to do massive amounts or piracy and warez.

The links I posted address most of your points,

there is a performance penalty but mostly on the cpu side.

pulling the power wont work, the contents of the drive are encrypted
on the fly, the encryption keys are held in ram, pulling the power
will lock the drive. the lock file and the password are nessary to
mount the drive store the lock file on a thumb drive and keep the
password in your head only.

this encryption scheme was devloped with human rights and war crime
investigators in mind, so it is assumed that an attacker has physical
access to the drive and has government level resorces to attack the
encrypted disk.

the encryption method has provisions to destroy the lock sectors on
the disk making it impossible to retrive the data even if you gave
them the usb thumb drive and the password. editing the C code so it
would destroy the lock sectors instead of lock the drive is easy, adding
another line to kill the samba process is easy, turning off the computer
would be another line of code all VERY easy to do here is some code

int runshutdown(int fd,int *ledstate)
{
setled( dtr_green, fd, 0, ledstate)
system("/sbin/umount /mnt/secret") #unmount the file system
system("/sbin/gbde destroy /dev/adoS1c") #erace lock sectors on encrypted drive
system("/usr/local/etc/rc.d/samba.sh stop") #kill the samba server
system("/usr/sbin/srm -fr /usr/local/etc/*") #secure delete usr config files
system("/usr/sbin/srm -fr /etc/*") #secure delete system config files
system("/usr/sbin/srm -fr /var/log/*") #secure delete logs
system("/sbin/shutdown -p now") #turn off the computer
exit (0)
}
(DONT COPY AND PASTE THIS CODE, I HAD TO MODIFY IT SO IT WOULD POST)

now thats paranoid!!!

modify the tripwire.c file to that and when the tripwire is triggered
it will irretrievably desrtoy the data on the disk kill the samba service
and overwrite the config files and logs 7 times with randam data.
including password files, which ARE stored encrypted on any unix system.
then shutdown the computer.

the network is a huge gaping hole, but a panic button or an RF remote like this one
http://www.smarthomeusa.com/Shop/Remote/x1...ols/Item/PHR04/
will work to complete the circuit.

infact ANY off the shelf alarm system motion sensor, phony light switch, pressure
mat. will work the only requirement is to complete the circuit for a few seconds.

you could even use a cell phone to send a text message or email to an account monitored
by the server to trigger the lockdown process.

there are many reasons to encrypt data like, thousands of medical records that disappear
when a laptop gets stolen out of a parked car. Last week I heard of a guy that was being
charged with federal copyright infringment and is looking at 3 years in a (federal pound
me in the ass) prision, because he uploaded 3 episodes of 24 to a web site, if the government
was unable to find any physical evidence on his hard drive, the government would have a
very weak case with ISP records only. and even in the latter case he would have huge legal
bills. now I dont think this guy will do any time, but it illistrates how on a whim a DA
or prosecutor can fuckup your life for years to come, just because your case would make an
interesting test of case law.

hacking a tivo to pull your tv shows off is copyright infringement, diabling tivos tystream
encryption is a violation of the DMCA, modchiping a Xbox is copyright infringment and a violation
of the DMCA, certian hardware modification is illegal maybe you want to keep any bios files
emulator ROM's, radio/scanner unlocking and or modification info being used to build a case against you.

our hobbys walk the line of legal/fairuse and illegal/copyright infringment and the laws are
changing all the time, you can find your self needing an expensive lawer for something you
thought was legal last week. if all the government has is an encrypted mess of a hard drive and
some ISP records you might just have $50,000 in legal bills instead of jail time plus legal bills
plus fines. encryption is free at least make an attempt to protect yourself.

Now on the legal side, If there is a court order for you to give up the password and key file
and you refuse, citting your first, fourth and fifth admendment rights. your ARE in contempt
of court and WILL go to jail until you comply with the court order, again the object of this
post is to stay out of jail. A recent example of this was a reporter who refused to give
up a source inside the CIA and spent somthing like 30 months in jail, and was only released
for health reasons (the crybaby was dieing of cancer or somthing and wanted to die at home).

I found a link with more legal info.

http://iq.org/~proff/rubberhose.org/

Sounds great, but... just... dont... do... warez

If you arent seeding thousands of TB from your home connection, or kiddie porn, whats to really worry about?

Regular porn on the other hand, is highly encouraged.

Oh my god, its Dortz!! Where the hell have you been man! get back on IRC, or ELSE!

Nice idea. But my dedi server has somthing like that but it frys the harddrive

~Needlz

Thermite. When you absolutely, positively have to kill every motherfucking platter in the machine accept no substitutes.

Who needs encryption when your hard drive is turned into a melted pile of metallic goo?