How can I verify whether my new laptop has been tampered?
According to the news, the US government has intercepted laptops during delivery and installed surveillance kits or trojans. For example: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html
My online activities may have attracted attention from USG (eg. looking at Al Jazeera, presstv and technical forums), and my new laptop, a Lenovo Thinkpad, was delayed a long time in customs. What should I look for to verify it has not been tampered?
Immediately upon receiving it, I replaced the default commercial-ware with Linux, so I am not concerned about the OS or applications. However, I'm wondering:
* how to tell whether it's been opened after the factory
* what parts can be opened "safely" meaning without breaking anything
* what to look for on the inside
* how to verify the BIOS is untampered
11 comments
[ 0.52 ms ] story [ 40.5 ms ] threadMy answer: A laptop usually can trivially be taken apart completely and then put back together without any signs of the operation remaining, internally or externally. Same thing with smartphones. Checking BIOS integrity usually isn't possible without specialised physical tools.
Apparently I do need to look into the whole "verifying firmware" area. Maybe I'll try to compare checksums and other data with other owners of the same model and BIOS rev, on a suitable forum.
Small point be social sourcing could generate a false positive unless you can verify said individuals interests.
Of course removing anything placed by warrant is possibly illegal irregardless of you position on it. {this isn't legal advice}
I'd also say this would take a significant amount of effort to validate and you're likely to find quasi poor information.
It would be less work to just maintain multiple computers for separate, distinct tasks (eg. one for browsing Al Jazeera, one for PressTV, etc).
Oh, you'll also want separate Internet connections in highly diverse geographic locations (lots of plane tickets? no, those can be tied back. Tor? Nope, that's just pseudonymous. Multiple VPN connections? Who knows anymore.
Some additional thoughts:
1) Who's to say all Thinkpads (or whatever) aren't backdoored from the factory, perhaps without Lenovo's knowledge?
2) Perhaps buying your gear off of Craigslist from someone who is in a demographic highly unlikely to get the attention of NSA (eg. a white, blonde, college girl who doesn't follow politics, activism, or world news). See if she'll throw in some glitter nail polish.
See what I'm getting at? It's futile.
Put it behind an open source router (using as open a router as possible, e.g. an older PC you can physically examine and whose BIOS you can flash).
Then use the laptop for a while on non-critical (but perhaps "interesting") activity and accounts, and monitor via your router whether it attempts to "phone home" or engage in other suspect communication.
----
Of course, log anything suspect, and if/when you determine something is going on, find a different and secure path via which to tell us about it!