Ways of getting data off the premises?
 

Having made a recent post elsewhere I had to come up with examples to get data off the premises after reading a file from a server:
- paste file contents in say web-based email, docs.google or social networking,
- send it to a remote server as HTTP requests,
- transmit wirelessly to a close by AP,
- make it a password-protected attachment (AV scanners don't like that),
- append it to another file (image will display just fine),
- write contents to a file on removable media and then delete it (what to look for?),
- write contents past the last partition (where to look?),
- make it an EXIF tag,
- scribble inside a book cover, newspaper crossword puzzle or inside a boot,
- convert it to a movie and upload it to whatevertube,
- photograph contents using a (phone) cam,
- read out loud and record voice or use a phone,
- print it out.

Apart from this, using pastebin, silences or code words, tricking the backup courier, flashing office lights, using morse code or braille I'm missing some other ways. If you want to share any please ensure they're not variations on a theme unless they include a notable twist, TIA.

That's a farily comprehensive list. I'd add to it:

Flash memory in cell phone (like AirShare on iPhone)
Personal laptop stowed in a briefcase, via crossover cable.
SD card, slipped into a digital camera to camoflauge it.

Not subtle, but how about copying the file to a local internal disk and then removing the disk?

Notable twist: After having printed out the documents, you throw them into the garbage, recycle bin or "For Shredding" bin. You've already arranged for the recycle pick-up guy, garbage guy, house-keeper or shredder-truck guy to 'dispose of appropriately.

FTP (maybe too obvious)
P2P software
Various abuse of network protocols like data sent on SYN packets, encoding data in packet header fields, or in the payload of ICMP packets.

Fax the document to somewhere, like a mailbox service that offers send/receive faxes. Even better if you have a modem on the server attached to a PBX and it's a plain text document.

Cheers,
Steve

Quite some interesting additions here. In terms of deceptiveness and deviousness (in a thread like this meaning major bonus points) I especially liked the suggestions that cross technology boundaries or require social engineering in any form. It kind of showcases why logging isn't enough and why it's not uncommon for certain businesses to resort to using a mix of body and X-ray searches, requiring access cards or tokens or other forms of access logging, using (physical) network separation or containment rooms, regular auditing of hardware, software and wetware, denying portable equipment on parts of the premises, CCTV and deploying one or more bloodhounds SO's to hunt track down potential violations.

If you've got more ideas that are not variations on known themes please add them but please leave out the mystique and the supernatural ;-p

The removal must avoid detection, which means that manipilating the data for portability must be done in a way that will not trigger alarms even when logged. Copying the data will be logged, leading to the question of "What did you do with the copy?" Printing it out is explanatory ("I was going to be in various places and wanted to read it when I could. I then shredded it.") and if caught with the document, just say that you're going to read it at home.

Making a CD copy of documents is second best. just say you made the CD because you wanted access when the network was down, or to preserve an archive snapshot. Trick is to make a copy of the CD onto a second CD using your personal laptop. That way you can keep the "archive" CD at work and there is no record of the second CD being made on the network -- it was made on your personal lappy. Smuggle it out.

That's what I would do. But thank God this is all hypothetical anyway, right?

There's always carrier pigeon, or ship-to-shore semaphores. The latter can be done using window shades and a bright lamp from the executive suite.

Just a thought ;)

With all due respect but IMHO that's an assumption. The act of copying consists of server-side reading a file (read syscall) and client-side pasting buffer contents. Thinking court-submittable evidence proving the act of copying would not only require server-side but also client-side logging and in a way that is all-encompassing (probably intrusive) to facilitate correlation or replay. Even then copying may not be proven (employee /away from unattended and unlocked workstation) unless in-memory, in-transit or on-media evidence of the copying process or copy can be found, or if evidence can be used from other sources (entry systems, surveillance cameras, statements).


No, unfortunately it wasn't.

If anyone got more contributions that are not variations on known themes please add them but please leave out mystique, the supernatural, stating the obvious or Other Forms of Dispensing Wisdom: please play the game or please don't play.

a few ideas that haven't been mentioned yet
-------------------------------------------
1. flash the data into the firmware of an embedded device like an old Linksys wrt router or old cell phone that you don't use any more using a jtag cable, provided the information is small enough to fit (2-8 megs depending on model of wrt router) (note I say the FIRMWARE because some places might randomly check the flash storage area of mobile phones for data that shouldn't bee there and yes this will render the device a brick but if its something you don't care about then who cares, of course you could back up the current firmware first and then flash it back when you are done)

2. burn to an eeprom (similar to above process), (conceal the eeprom burner in a mouse or keyboard, or something innocuous so that it can be left behind if necessary) and carry only the chip out (disguised as something innocuous like an old video game cartridge perhaps)

3. use a steganography tool to hide the data in an image or silly audio clip and email the picture/clip to yourself or just carry it out on a thumb drive

4. use a digital camera (or film camera if you have one but of course having the film developed without being caught might pose a problem unless you have your own darkroom) and photograph the data on the screen

5. use an lcd monitor and scanner and scan the LCD screen displaying the data (similar to above) using your own laptop to run the scanner)

A number of posts seem to have been deleted from this thread, without any indication from the forum moderators as to why this should be so.

Perhaps it is a system error.

An explanation, here, would be appreciated.

Edit: I am subscribed to this thread, because I have posted here. My post(s) are not visible, neither are the replies.
/Edit

To avoid distraction by unintentionally and intentionally misinformed posts, hijacking or "discussion" several posts were moved to this thread. Please note this is not up for discussion here, feel free to contact me or any moderator by email.

Put a modem near a window? :)

http://it.slashdot.org/article.pl?si...thread&tid=172