I am thinking that I must learn to speak french. I don’t just mean “Bonjour” and a spattering of phrases I’m talking chattering away in french as if there was nothing to it.
I feel I must because I want the option to get the hell out of the UK when it completes it’s transformation into a nazi state.
They can fingerprint me and record personal data about me if I commit a crime but not otherwise. I do not see a good reason to hand over every form of data about me to a group that can not even keep my name and address a secret.
Let me tell you about that.
When I wrote “Open Letter to The British Government Regarding the Loss of Sensitive Personal Information on every household with a child under 16 years old.” it was with the hope that I would be able to show just how badly the govenment does not understand IT.
I pointed to a free peace of technology that would allow me to store whatever I felt on a hard drive tot he point that all of MI5 with the help of the CIA, the FBI or any number of 1337 script kiddies would never be able to break into with plausible deniability to it’s existence in the first place. I officially have no encrypted volumes and I do not store notes in them.
Meanwhile as regular power users are able to store our data so safely that even if you steal our computers you will find nothing at all the Government idea of secure is text based password. Even vista has disk encryption as standard (if you switch it on).
So let’s talk about your password protect file that I (in theory) have on my theoretical hard drive.
A dictionary attack will open most files inside six minutes – that’s just enough time to fix a cup of coffee. Failing that if I know what some of the locked text says (or if I can see the encrypted password) a rainbow table attack will break most very quickly.
Let’s talk password locks for a moment. Not all password protected files are unreadable it is just that the software asks you to give the password. All I need to know is the file format (or a good guess at it) and I’ll have half the content out of the file while you were scratching your head.
Let me remind you that a dedicated attacker with access to criminal “botnets” (used by many kinds of “cyber criminal” for activities such as blackmail, spamming, Distributed Denial of Service attacks or “brute force” password attempts) or other large co-operative systems might be able to make the work of years in to the work of a few days. With access to a modern Mainframe computer this can be done many times quicker still.
So while the UK govenment does not even understand how to make safe use of passwords I know how to make my files unfindable forever – forget trying to break in – you have to find it first.
No let us talk network security. Most networks are secured using passwords. All I need to break in is (a) to guess your password, (b) trick the password out of you, (c) steal the password using a virus, keylogger or other malware or (d) use “smart” brute force methods to systematically guess a password. If I don’t fancy any of that lot I can look for an exposed computer that is not up to date and exploit it or I could get a job (I have no criminal record) or pay someone else to get a job working inside or I couldblackmail a junior worker, line manager or similar. Frankly there are more ways into a govenment network than there are people working on that network.
If I’m good I might even set up some back doors to the system and document all flaws for next time.
There is no way that a system so badly set up that disks are sent in the post with nothing more than a human generated password to “lock them” is secure. I would bet money that there are right now over one hundred ways into every file the government keeps.
So when they indicate that they want to keep track of enough data that someone with half my skills could get at and then use to pretend to be me I know it is time to give up my citizenship and move out.
Don’t even get me started on the privacy and human rights side of the debate…