Many of EFF’s recommendations involve copying data onto an external device and then removing it from the device you’ll be carrying across the border. When doing this, you will want to make sure that the data you delete is actually gone. Simply pressing the ‘delete’ key or emptying the desktop waste basket makes the data disappear, but it doesn’t necessarily remove the data in question from a device.
The EFF are huge proponents of full-disk encryption with strong cryptography on every device you own. This is especially true if you’re concerned about having your mobile device seized at the border. A government forensics expert can easily crack any password or bypass it altogether (for example, by booting the system from a CD or USB device.) Full-disk encryption with a strong passphrase ensures that border agents can only enter your device with your consent. It also protects your data if your device is lost or stolen.
Searches and seizure is not limited to personal computers or laptops. Any device that stores data is fair game for Customs and Border Protection or Immigration and Customs Enforcement (ICE) Agents. This includes all computers, laptops, tablets, mp3 and mobile media players, digital cameras, hard-drives, and any other mobile device you can imagine. If it stores data, Customs can search it. To be fair, the government only conducts these types of searches 300 or so times a month. So the likelihood of being searched is still small.
The EFF has some advice for interacting with border agents. First: don’t lie to them. This is a punishable crime regardless of whether you are lying to cover something up or not. It is always better to decline answering than it is to give a false answer. Don’t obstruct an Agent’s investigation or attempt to delete data once it becomes clear that an agent intends on examining a device. Just write down the agent’s identifying information and collect a receipt for your property. Be courteous, but firm. Only a judge can make you reveal a passphrase or otherwise decrypt a machine.
With U.S. Customs agents increasingly interested in the contents of digital devices like iPhones, iPads and laptops, The Electronic Frontier Foundation has issued guidance for getting your mobile device across the border safely and protecting the data on it should it get seized.
The nation-state sponsored malware arms race is on. Stuxnet may have been the “Shot heard round the world” but we think its likely that 2012 will witness a number of other skirmishes, with malware linked to foreign governments hostile to (or allied with) U.S.
Adoption of Google’s Android operating system is accelerating faster than a run-away train. That’s good news for Google, which always saw Android as a potential iPhone killer. But the events of the past year also make it clear that the company will be forced to deal head on with a dirty little secret: both the Android operating system and the Android Marketplace have become the preferred platform for malicious software authors interested in compromising mobile devices.
Counterfeit and “certified pre-owned” hardware is nothing new, but we think 2012 will see this issue morph from a sideshow in the cyber security world to center stage, with new revelations about contamination of the global supply chain by hardware and software components of dubious origin and possibly malicious intent.
User backlash against Facebook’s ever-evolving but always overreaching data privacy plans is almost as old as the site itself. But there’s good reason to believe that 2012 will mark a turning point for the fast growing social network. For one thing, Facebook is on track for an IPO (initial public offering), possibly before the end of 2011. Valuations for the 800 million person social network range as high as $100 billion in private markets. With an IPO looming, Facebook is under more pressure than ever to generate outsized revenue from its massive, 800 million strong user base.
The past year saw the emergence of a series of cleverly named hacking groups like Anonymous, LulzSec, and TeaMp0isoN. In 2011, these groups brought the fight to corporate America, crippling firms both small (HBGary Federal) and large (Sony). As the year drew to a close these groups noticeably shifted from prank-oriented hacks for laughs (or “lulz”), aligning themselves with political movements like Occupy Wall Street and using their skills to lend material and virtual support to the protests in various cities.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
