Unix/Linux.SE: trigger system self destruct when certain password entered

Question:

Answer:

<http://unix.stackexchange.com/questions/107739/how-to-trigger-a-system-self-destruct-with-a-certain-password-is-entered>

That is very elegant

 

anyone got similar solution for windows,where a particular password will start the destruction of windows file system?

I guess setting up a new admin account and adding the batch file in task scheduler for that account will do the job.
any better suggestion?

 

I know in Dell's BIOS there is an option to password protect the HDD and if a wrong psw is entered for 3 times, then the disk is wiped.

 

Is the HDD actually wiped (all the data stored on the media is overwritten in a way that prevents the data previously stored there from being recovered) or does this feature simple manipulate access/encryption/decryption key(s) in a way that supposedly makes the data previously stored on the media from being read and decrypted?

 

I don't see how this could work with the preferred method of FDE with LUKS? This would have to trigger at user log on, after FDE is decrypted. I'd rather just just shred the boot loader and yubikey in the shredder...just as quick

But good tip for those that want to set it up.

 

Maybe something analogous is possible in the preboot environment.

 

I've thought more about this.

I wonder if there's a way to script LUKS header deletion in initramfs in response to three (or whatever) incorrect passphrase attempts -- and/or entry of a nuke-it passphrase. I've been playing with using dropbear for remotely entering the passphrase via SSH. For that, you install busybox and dropbear in the initramfs, and SSH to initramfs. You can add other small packages and scripts, so initramfs becomes a fairly capable OS.

 

I like it, if it can be done. If you could overwrite with a defined string, like "wiped wiped wiped wiped", (but zero's are probably fine too) it may help in a court situation where their forensic guy could say "yeah, the LUKS header was definitely destroyed, and without it, even the pass phrase won't let us in". Of course, the user could have a sector by sector backup drive stashed somewhere, but who knows how it would play out in a civilized jurisdiction. Assuming the guy had another complete copy of a disk, seems to be a stretch.

 

It's wiped, but I am not sure about any possible data recovering (at least when the HDD is not encrypted).
Being a BIOS option, it runs before the bootloader.

 

News:

http://freedomhacker.net/kali-linux-officially-adds-emergency-self-destruct-feature/

 

Well, hey

I guess that it's time for me to check out Kali.

If it's just an initramfs script, adding it to other Linux would be easy.

Using it for remote servers would be very cool too.

 

Kali is *not* a user oriented or server oriented operating system. It's an OS designed for penetration testing and hacking. The reason the encryption feature is helpful is so that when you're doing a pentest with sensitive company information, and you lose your laptop, the information is safe.

Do not run this as a regular user if you want to be secure from hackers. Default user is root, among other things.

 

Thanks.

I'm just interested in how they implement the disk wipe.

 

It certainly depends on your adversary but if you are faced with a police officer or FBI agent and you enter a destruct password, you better be sure they won't find the destruct script after the fact. If they do, you could be in big trouble for destroying evidence. This is why the Truecrypt developers went to so much trouble to build in plausible deniability. If you have hidden data such as implemented by Truecrypt, you can type in the decoy password and reveal the benign contents of the decoy. If they demand the password to the hidden data, you play dumb and say "what's a hidden volume?"
There is no way to prove a hidden volume exists unless you give them the password.

 

I believe you have to know that you are a target of an investigation, before a private individual can be charged with destroying evidence. Just having an "official" talk to you, or ask for the password, shouldn't rise to that level...but I am not a lawyer. If you see a police car pull into your driveway, why can't you wipe the header? People wipe data every day, using tools like Privazer, CCleaner, etc...

As presented in the article, this was mainly about pen-testers and journalists wiping the key, before leaving a client with sensitive info, or crossing an international border... and then restoring it, when "safe". No suspicion of wrong doing, just precaution against over reach or theft.

You can kind of do the same thing with TC, just not as easily. Restore the Windows boot loader to a regularly encrypted system, or restore an *incorrect* header (created with a pass phrase you definitely never knew) for the hidden volume that the Hidden OS sits in. You obviously should not have the rescue disk .iso or header backup on your person.

 

Forensic teams copy the drive first.

"NSA stuff"

 

Yes they do. This is before they get it. Leave client, wipe header. Leave for airport, wipe header. See a SWAT van pulling into your driveway, wipe header.

 

Yes indeed. It's very reversible, as long as you have the header.

As extra protection, one could keep multiple copies of the header, very thoroughly hidden. Micro SD chips are very small.

For the readily-available copy, one could make minor changes in a hex editor, in places that can't be checked through within-header relationships or whatever. So the header would be useless unless corrected.

 

Surely...

Sorry for not being clearer; my 2 cents was not in relation to your post but rather the booby trapped passwords.

Traps other than physical would not work because--as said--the team will copy first before entering in supplied/brute forced PWs.

Anyhow, for the threads sake:

What are you guys talking about?

~Adversaries have your computer and ask for passwords or brute which results in things getting gutted.

Or

~You see/feel heat so you destroy/preserve your sensitive info proactively.

 

As you note, it's too late then, because they image.

That's what I was thinking of.

Using a "nuke-it password" might also work in the airport "Please boot the machine" scenario. After entering the password, you would freak out about your lost thesis, business plan, or whatever. But that would be very risky.