LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Closed Thread
 
Search this Thread
Old 10-03-2010, 06:06 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
Ways of getting data off the premises?


Having made a recent post elsewhere I had to come up with examples to get data off the premises after reading a file from a server:
- paste file contents in say web-based email, docs.google or social networking,
- send it to a remote server as HTTP requests,
- transmit wirelessly to a close by AP,
- make it a password-protected attachment (AV scanners don't like that),
- append it to another file (image will display just fine),
- write contents to a file on removable media and then delete it (what to look for?),
- write contents past the last partition (where to look?),
- make it an EXIF tag,
- scribble inside a book cover, newspaper crossword puzzle or inside a boot,
- convert it to a movie and upload it to whatevertube,
- photograph contents using a (phone) cam,
- read out loud and record voice or use a phone,
- print it out.

Apart from this, using pastebin, silences or code words, tricking the backup courier, flashing office lights, using morse code or braille I'm missing some other ways. If you want to share any please ensure they're not variations on a theme unless they include a notable twist, TIA.
 
Old 10-03-2010, 06:44 PM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 15,102

Rep: Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719Reputation: 2719
Quote:
Originally Posted by unSpawn View Post
Having made a recent post elsewhere I had to come up with examples to get data off the premises after reading a file from a server:
- paste file contents in say web-based email, docs.google or social networking,
- send it to a remote server as HTTP requests,
- transmit wirelessly to a close by AP,
- make it a password-protected attachment (AV scanners don't like that),
- append it to another file (image will display just fine),
- write contents to a file on removable media and then delete it (what to look for?),
- write contents past the last partition (where to look?),
- make it an EXIF tag,
- scribble inside a book cover, newspaper crossword puzzle or inside a boot,
- convert it to a movie and upload it to whatevertube,
- photograph contents using a (phone) cam,
- read out loud and record voice or use a phone,
- print it out.

Apart from this, using pastebin, silences or code words, tricking the backup courier, flashing office lights, using morse code or braille I'm missing some other ways. If you want to share any please ensure they're not variations on a theme unless they include a notable twist, TIA.
That's a farily comprehensive list. I'd add to it:

Flash memory in cell phone (like AirShare on iPhone)
Personal laptop stowed in a briefcase, via crossover cable.
SD card, slipped into a digital camera to camoflauge it.
 
Old 10-03-2010, 07:00 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Not subtle, but how about copying the file to a local internal disk and then removing the disk?
 
Old 10-03-2010, 07:14 PM   #4
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Notable twist: After having printed out the documents, you throw them into the garbage, recycle bin or "For Shredding" bin. You've already arranged for the recycle pick-up guy, garbage guy, house-keeper or shredder-truck guy to 'dispose of appropriately.
 
Old 10-03-2010, 09:00 PM   #5
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
FTP (maybe too obvious)
P2P software
Various abuse of network protocols like data sent on SYN packets, encoding data in packet header fields, or in the payload of ICMP packets.
 
Old 10-04-2010, 04:44 PM   #6
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL5/6, Solaris 10/11, NetBSD, OpenBSD, FreeBSD, MacOS
Posts: 222

Rep: Reputation: 40
Fax the document to somewhere, like a mailbox service that offers send/receive faxes. Even better if you have a modem on the server attached to a PBX and it's a plain text document.

Cheers,
Steve
 
Old 10-04-2010, 05:39 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Original Poster
Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
Quite some interesting additions here. In terms of deceptiveness and deviousness (in a thread like this meaning major bonus points) I especially liked the suggestions that cross technology boundaries or require social engineering in any form. It kind of showcases why logging isn't enough and why it's not uncommon for certain businesses to resort to using a mix of body and X-ray searches, requiring access cards or tokens or other forms of access logging, using (physical) network separation or containment rooms, regular auditing of hardware, software and wetware, denying portable equipment on parts of the premises, CCTV and deploying one or more bloodhounds SO's to hunt track down potential violations.

If you've got more ideas that are not variations on known themes please add them but please leave out the mystique and the supernatural ;-p

Last edited by unSpawn; 10-04-2010 at 05:44 PM.
 
Old 10-04-2010, 05:59 PM   #8
moxieman99
Member
 
Registered: Feb 2004
Distribution: Dabble, but latest used are Fedora 13 and Ubuntu 10.4.1
Posts: 413

Rep: Reputation: 88
The removal must avoid detection, which means that manipilating the data for portability must be done in a way that will not trigger alarms even when logged. Copying the data will be logged, leading to the question of "What did you do with the copy?" Printing it out is explanatory ("I was going to be in various places and wanted to read it when I could. I then shredded it.") and if caught with the document, just say that you're going to read it at home.

Making a CD copy of documents is second best. just say you made the CD because you wanted access when the network was down, or to preserve an archive snapshot. Trick is to make a copy of the CD onto a second CD using your personal laptop. That way you can keep the "archive" CD at work and there is no record of the second CD being made on the network -- it was made on your personal lappy. Smuggle it out.

That's what I would do. But thank God this is all hypothetical anyway, right?
 
Old 10-05-2010, 01:16 PM   #9
paulsm4
Guru
 
Registered: Mar 2004
Distribution: SusE 8.2
Posts: 5,863
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
If you've got more ideas that are not variations on known themes please add them but please leave out the mystique and the supernatural
There's always carrier pigeon, or ship-to-shore semaphores. The latter can be done using window shades and a bright lamp from the executive suite.

Just a thought
 
Old 10-05-2010, 01:52 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Original Poster
Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
Quote:
Originally Posted by moxieman99 View Post
Copying the data will be logged
With all due respect but IMHO that's an assumption. The act of copying consists of server-side reading a file (read syscall) and client-side pasting buffer contents. Thinking court-submittable evidence proving the act of copying would not only require server-side but also client-side logging and in a way that is all-encompassing (probably intrusive) to facilitate correlation or replay. Even then copying may not be proven (employee /away from unattended and unlocked workstation) unless in-memory, in-transit or on-media evidence of the copying process or copy can be found, or if evidence can be used from other sources (entry systems, surveillance cameras, statements).


Quote:
Originally Posted by moxieman99 View Post
But thank God this is all hypothetical anyway, right?
No, unfortunately it wasn't.
 
Old 10-05-2010, 06:03 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Original Poster
Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
If anyone got more contributions that are not variations on known themes please add them but please leave out mystique, the supernatural, stating the obvious or Other Forms of Dispensing Wisdom: please play the game or please don't play.
 
Old 10-05-2010, 06:22 PM   #12
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,111

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
a few ideas that haven't been mentioned yet
-------------------------------------------
1. flash the data into the firmware of an embedded device like an old Linksys wrt router or old cell phone that you don't use any more using a jtag cable, provided the information is small enough to fit (2-8 megs depending on model of wrt router) (note I say the FIRMWARE because some places might randomly check the flash storage area of mobile phones for data that shouldn't bee there and yes this will render the device a brick but if its something you don't care about then who cares, of course you could back up the current firmware first and then flash it back when you are done)

2. burn to an eeprom (similar to above process), (conceal the eeprom burner in a mouse or keyboard, or something innocuous so that it can be left behind if necessary) and carry only the chip out (disguised as something innocuous like an old video game cartridge perhaps)

3. use a steganography tool to hide the data in an image or silly audio clip and email the picture/clip to yourself or just carry it out on a thumb drive

4. use a digital camera (or film camera if you have one but of course having the film developed without being caught might pose a problem unless you have your own darkroom) and photograph the data on the screen

5. use an lcd monitor and scanner and scan the LCD screen displaying the data (similar to above) using your own laptop to run the scanner)

Last edited by frieza; 10-05-2010 at 06:28 PM.
 
Old 10-06-2010, 04:43 PM   #13
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,038

Rep: Reputation: 373Reputation: 373Reputation: 373Reputation: 373
A number of posts seem to have been deleted from this thread, without any indication from the forum moderators as to why this should be so.

Perhaps it is a system error.

An explanation, here, would be appreciated.

Edit: I am subscribed to this thread, because I have posted here. My post(s) are not visible, neither are the replies.
/Edit

Last edited by tredegar; 10-06-2010 at 04:46 PM.
 
Old 10-06-2010, 05:32 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,766
Blog Entries: 54

Original Poster
Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
To avoid distraction by unintentionally and intentionally misinformed posts, hijacking or "discussion" several posts were moved to this thread. Please note this is not up for discussion here, feel free to contact me or any moderator by email.
 
Old 10-07-2010, 09:10 AM   #15
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,159

Rep: Reputation: 258Reputation: 258Reputation: 258
Put a modem near a window?

http://it.slashdot.org/article.pl?si...thread&tid=172
 
  


Closed Thread

Tags
hiding data


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cheap ways to produce lots of truly random data Ulysses_ Linux - Security 2 09-22-2010 05:19 PM
LXer: 15 Ways Nokia’s N900 Is Better Than Apple’s iPhone (and 5 ways it’s not) LXer Syndicated Linux News 0 11-14-2009 09:20 AM
what are the ways i can back up my data in external media kumars.nitin123 Linux - Desktop 3 11-06-2009 02:05 AM
LXer: Securing your network premises with Endian LXer Syndicated Linux News 0 09-16-2008 03:00 AM
ways to secure data and information of corporate g_arun22 Linux - Security 3 06-01-2003 02:43 PM


All times are GMT -5. The time now is 04:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration