back to article Police at the door? Hit the PANIC button to erase your RAM

The next time the police kick down a hackers' door, suspects can reach for the Panic button to make it nigh-on impossible for plod to recover any data, even if they freeze their target PCs. The Panic button is a new Python app called "Centry Panic" and was developed to mitigate cold boot and direct memory access attacks on …

COMMENTS

This topic is closed for new posts.
  1. Whitter
    Black Helicopters

    This app will self destruct in 5 seconds...

    Surely the existence of the app is telling itself and therefor it should "auto-wipe" itself by some means?

    1. LaeMing

      Re: This app will self destruct in 5 seconds...

      Well yes and no, I guess. Yes, it being on your system shows you very particularly don't want others accessing your data. But no, it doesn't prove you are hiding anything from the law in particular (maybe you are concerned with industrial espionage, and activated it before you knew it was the police bursting in the door).

    2. as2003

      Re: This app will self destruct in 5 seconds...

      Uh... what if the script is installed on the truecrypt volume that it unmounts, or the fully encrypted disk the OS is installed on?

      1. Phil O'Sophical Silver badge
        Coat

        Re: This app will self destruct in 5 seconds...

        Ah, the old "rm -rf /" game, see how far it gets...

    3. JeffyPoooh
      Pint

      "Your app will begin to run in several minutes...

      ...Just as soon as I've run some update checks, downloaded a few files, maybe installed several of them, run a security scan and generally ignored the urgent requests from the pesky human." - signed, your faithful computer.

    4. Anonymous Coward
      Anonymous Coward

      Re: This app will self destruct in 5 seconds...

      > Surely the existence of the app is telling itself

      Not from a judicial point of view. It is perfectly OK to swipe your RAM clean, encrypt your disk or for that matter, set fire to your computer. It's your own property, after all.

      Caveat: if you do any of the above *after* you have been served with a subpoena to produce evidence, and it could be proved that the evidence in question was destroyed by your doing any of the above, then you are more or less in the shit.

      From a police point of view, you will look suspicious as hell and they will go at it like rabid dogs to try and uncover evidence against you, as well as apply intense psychological pressure for you to confess to a crime (which you may or may not have actually committed).

      Source: I am trained in computer forensics, but have no practical experience to speak of (on either side of the business).

  2. Matt Bryant Silver badge
    Pirate

    Re: Whitter

    "Surely the existence of the app is telling itself...." Exactly. If the coppers have got to the point of mounting a raid then they already have plenty of evidence. Whilst you may destroy a small amount of incriminating information (or nothing if the last app in memory was actually just innocent Web browsing), what you give the prosecution is something to point to as a means of demonstrating that you were (a) a committed hacker and (b) had something to hide - "why else would the accused have such an application, m'lud?" It is the electronic equivalent of 'going prepared'. That, along with the other evidence that will have been gathered before the raid, will help convince a jury that you are guilty. It also does not delete the actual encrypted content, which - in the UK at least - just means the authorities demand the encryption keys to decrypt it or they send you to prison, which is what the coppers are actually after anyway. Tough luck if you have deleted the keys, you still go to jail. At the end of that first period in prison they ask you for the keys again, if you decline again, back to prison you go, ad infinitum.

    1. Paul Crawford Silver badge

      Re: Whitter

      "Tough luck if you have deleted the keys, you still go to jail."

      Er, no. The requirement is to hand over any keys in your possession. If you don't know the key because you never memorised it nor backed it up, I'm pretty sure any attempt to jail you for lack of knowledge would fall foul of the human rights act.

      Whether they could get you for destroying evidence is another matter, I suspect that would very much depend on showing you activated the destruction because you knew it was the police calling.

      1. Anonymous Coward
        Anonymous Coward

        Re: Whitter

        It should probably also wipe the Truecrypt headers, which contain the (encrypted) data encryption key; you could then happily hand over your passphrase and it would do them no good at all. As long as there wasn't a rescue disk lying around anywhere, of course!

      2. James 51

        Re: Whitter

        They wouldn't let that stop them from putting you away for along time. The level of harrasment isn't just for your benefit, it's to encourge future victims to hand stuff over. Let's not forget the number of times anti-terror legislation has been used to pick people up at the gates of a police station for another week of questioning.

      3. Vic

        Re: Whitter

        Er, no. The requirement is to hand over any keys in your possession

        No, not really.

        Section 49 of RIPA200 states :-

        If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds ... that a key to the protected information is in the possession of any person, ... the person with that permission may, by notice to the person whom he believes to have possession of the key, impose a disclosure requirement in respect of the protected information.

        The offence is a failure to comply with a S49 notice.

        Of course, there is *a little* wiggle room in S49(1), which defines the applicability of S49; it could be argued that, as there is no such key, the section cannot apply. But to do that, the defendant would have to prove the non-existence of such key - and we all know how tricky sucha proof could be...

        If you don't know the key because you never memorised it nor backed it up, I'm pretty sure any attempt to jail you for lack of knowledge would fall foul of the human rights act.

        I'm pretty sure the whole damn Act falls foul of the Human Rights Act. But that doesn't stop them using it - including for purposes we were specifically assured it would not be used for :-(

        Vic.

      4. I. Aproveofitspendingonspecificprojects

        Human rights in the British soviet?

        In police states like the USA and Britain have become, human rights stop with the words: I arrest you.

        The biggest problem the precaution has is that police raids tend to catch the targets unaware. Even with CCTV, you would have to be a very cool customer to think clearly about deleting all your computer files. Just downloading the app and telling yourself you are prepared to do that isn't enough to overcome the paralysis of an early morning raid by a gang of professional mobsters like a police team.

        Guilty or innocent the doors and windows will be in shards and splinters along with your peace of mind and stay that way until you pay for the repairs and the councelling. And if you are important enough for the government to release the files from them, GCHQ will already have what you have.

        If things go on like they seem to be going it won't be long before raids to get your personal copy of GCHQ's evidence will be deemed unecessary.

        1. Anonymous Coward
          Anonymous Coward

          Search warrants

          [...] if the police are knocking your door down they have enough evidence to convince a magistrate to issue a warrant but they don't have enough evidence to convict you [...]

          The act of arresting you - for any offence - automatically conveys the right to search you and your property. The Police use this on dawn raid fishing expeditions when they are throwing their net wide to try to find something to justify an ongoing investigation elsewhere. They know that a magistrate is unlikely to give them a search warrant with no evidence against the particular person.

          Since the change to the law to make any offence "arrestable" the Police can abuse their search powers with impunity. Even if they have nothing other than you are in the same social circle as someone they are unsuccessfully investigating. They only have to decide to arrest you on "suspicion of conspiracy to..." and they have their Open Sesame. The institutionalised Police mind construes alleged crimes and conspiracies everywhere. The more innocent you are - the more likely they are to view you as "guilty but very clever".

      5. Matt Bryant Silver badge
        Facepalm

        Re: Paul Crawford Re: Whitter

        "....If you don't know the key because you never memorised it nor backed it up...." This app just deletes keys out of memory, it does not go around clearing up all other copies of the key. And then you still have to convince the authorities that you don't have the keys, and if they are convinced you do then you go to prison. The Reg has covered this previously - http://www.theregister.co.uk/2008/10/14/ripa_self_incrimination_ruling/

        "....I'm pretty sure any attempt to jail you for lack of knowledge would fall foul of the human rights act...." They would jail you for declining an order to provide the keys, the HRA has nothing to do with it. Ask convicted terrorist Syed Hussain or paedo Oliver Drage how that worked out for them.

        1. Paul Crawford Silver badge

          Re: Paul Crawford Whitter

          Do SSD's have a bulk erase option? That would side-step the issue as you could arrange for the data to be erased on panic, and not just the key, thus no encrypted data left to be prosecuted over.

    2. Anonymous Coward
      Anonymous Coward

      Re: Whitter

      "That, along with the other evidence that will have been gathered before the raid, will help convince a jury that you are guilty."

      But that wont be beyond reasonable doubt. Any lawyer for the defense will state "if there is nothing to see there is no proof" which will cast doubt and ultimately get the case thrown out.

      "It also does not delete the actual encrypted content, which - in the UK at least - just means the authorities demand the encryption keys to decrypt it or they send you to prison. Tough luck if you have deleted the keys, you still go to jail. At the end of that first period in prison they ask you for the keys again, if you decline again, back to prison you go,"

      That is not true at all. If you do not have the keys then you have nothing to give up. You cannot be thrown in jail for refusing to give up something you do not have. Just like the police cannot throw you in jail for stealing a TV if you haven't been seen stealing it and you haven't still got it in your possession. (in court a he said she said argument isn't valid) It comes down to the hard evidence not circumstantial, and if the police are knocking your door down they have enough evidence to convince a magistrate to issue a warrant but they don't have enough evidence to convict you, which is why they need the raid in the first place. If they had enough to convict already you would simply be taken down the station and charged and they would then search your house whilst you were down the station.

      1. Vic

        Re: Whitter

        If you do not have the keys then you have nothing to give up. You cannot be thrown in jail for refusing to give up something you do not have.

        Yes you can - this is the evil of RIPA2000. The offence is that you failed to comply with a legally-given Section 49 notice to disclose; the reason that you failed to comply is your own problem.

        This is *dreadful* legislation, but no party seems even remotely interested in reforming it (I've tried asking them...)

        Vic.

        1. Anonymous Coward
          Anonymous Coward

          @Vic

          "Yes you can - this is the evil of RIPA2000."

          But...

          "If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds ... that a key to the protected information is in the possession of any person"

          The key is no longer in their possession. They've deleted it. If you have told them it is deleted and no longer in anyones possession it is not reasonable to assume you have it to give up.

          If what you are saying is true (and I have no reason to believe it isn't given the state of the law in this area) then the police can simply accuse anyone close to the machine in question of having the keys and they need no hard evidence to secure a conviction. That just doesn't sound right to me (in the moral sense) and I'd be interested to see a case where this has happened to see what the outcome was.

          What if there was an encrypted file on your machine placed there by a 3rd party, you have no keys, or knowledge of the file, but the cops want to decrypt it to have a look. Who would be liable to produce the key then? would you have to prove the file was put there by someone else or will you just get thrown in jail because you are unable to provide the keys.

          1. Vic

            Re: @Vic

            The key is no longer in their possession. They've deleted it. If you have told them it is deleted and no longer in anyones possession it is not reasonable to assume you have it to give up.

            Correct - but go back and read the wording you quoted :-

            "If any person with the appropriate permission under Schedule 2 believes, on reasonable grounds ... that a key to the protected information is in the possession of any person"

            It matters not one bit whether the key is in posession of that person - nor whether it has ever been, nor even that a key has actually existed.

            What matters is whether someone with "appropriate permission"[1] believes it does. This is part of why RIPA 2000 is such a shit piece of legislation.

            the police can simply accuse anyone close to the machine in question of having the keys and they need no hard evidence to secure a conviction.

            Yes.

            This is why I describes the Act as "evil". it actively criminalises your being believed to have done something, with no actual proof required. Your only defence is to prove the negative, unless a judge has the balls to tell the Approprait Person to go fuck himself.

            That just doesn't sound right to me (in the moral sense)

            Of course it isn't.

            I'd be interested to see a case where this has happened to see what the outcome was.

            I cannot cite you a case because I have not been following it with the attention it deserves - for that, I apologise. But nevertheless, the Act permits those actions which both of us find objectionable, whether or not such transgressions have occurred (yet).

            What if there was an encrypted file on your machine placed there by a 3rd party, you have no keys, or knowledge of the file, but the cops want to decrypt it to have a look. Who would be liable to produce the key then?

            You would. It matters not who put it there - if there is something that an Appropriate Person thinks is an encrytped file towhich you might have the keys, it is your responsibility to produce those keys or decrypt the file, under penalty of prison.

            would you have to prove the file was put there by someone else or will you just get thrown in jail because you are unable to provide the keys.

            Guess...

            Seriously - go read the Act, with specific attention to Section 49. It's an eye-opener. People should be told.

            Vic.

            [1] Note that, although there is a little initial oversight of who gets classified as an Appropriate Person, that person need not be part of the Judiciary...

            1. phil dude
              WTF?

              Re: @Vic

              <quote>Seriously - go read the Act, with specific attention to Section 49. It's an eye-opener. People should be told. <quote/>

              Some nice points, you clearly have studied it...

              I vaguely remember the outcry when it originally passed. This is why the US has a constitution. Yes, I know the executive never ceases to find new blatant ways to ignore it, but it is there.

              It was achieved by a revolution, something Britain hasn't seen since 30/1/1649.

              P.

        2. I. Aproveofitspendingonspecificprojects

          Re: RIPA2000

          This is *dreadful* legislation, but no party seems even remotely interested in reforming it (I've tried asking them...)

          What do UKIP say?

          1. Anonymous Coward
            Anonymous Coward

            Re: RIPA2000

            "What do UKIP say?"

            Probably whatever comes into their mind. They will probably claim libertarian practices for themselves - while being authoritarian towards anyone who disagrees with them. RIPA will be right up their street as a means of control.

            I'm getting old - but it seems current events are resonating with the 1930s. Sudetanland; the ruling elite in the Weimar Republic ceding too much power to a populist new-party leader; territory disputes in the Far East over natural resources.

            1. damian fell

              Re: RIPA2000

              Argh Godwin's Law strikes early on.

          2. Vic

            Re: RIPA2000

            > What do UKIP say?

            I don't know - I didn't ask them. I though they were insignificant in the greater scheme of things.

            Given last week's performace, perhaps I'll rethink that bit...

            Vic.

            1. Anonymous Coward
              Anonymous Coward

              Re: RIPA2000

              AKA: The Bastard Act of 2000

          3. Keith 21

            Re: RIPA2000

            "What do UKIP say?"

            Given UKIP do things like getting the Police to pop round for a quiet "chat" to ask you to remove posts from Twitter which they don't like (but which fall foul of no law), I rather suspect you will be out of luck if you think they would even consider repealing anything like RIPA.

      2. Matt Bryant Silver badge
        FAIL

        Re: AC Re: Whitter

        "....If you do not have the keys then you have nothing to give up. You cannot be thrown in jail for refusing to give up something you do not have....." Big hint - Oliver Drage, Syed Hussain. Search for either on El Reg to find out how wrong you are.

    3. Anonymous Coward
      Anonymous Coward

      Re: Whitter

      I think that you may well be over estimating the plod here. When they went to the trouble of raiding me and my business they managed to bankrupt me and close my business.

      Sadly it was very quickly evident that they had very little evidence after all how could there be as I had done nothing against the law.

  3. Eradicate all BB entrants

    They still haven't developed the .....

    ...... one application we all need. A heart monitor that is connected to your mobile device, if your heart stops beating it sends out a signal to remote wipe your browsing history.

    Won't someone think of the children who have to sort through expired parents computers?

    1. Rick Giles
      Joke

      Re: They still haven't developed the .....

      Won't someone think of the children who have to sort through expired parents pr0n cache?

      There, fixed it for you.

  4. DropBear
    Joke

    Yes, but...

    ...can it be activated by the laser 'tripwire' at the door (what do you mean 'what tripwire'? Don't all doors come with one?!? ...no? Oh...)

    1. Paul Crawford Silver badge

      Re: Yes, but...

      Yes, I can see how much fun your computer will be once your cat finds the laser spot...

  5. Psmo

    Huh?

    I thought that nuking the site from orbit is the only way to be sure...

    1. Pascal Monett Silver badge

      Do you have ANY idea how much Amazon charges for personal nukesat delivery ?

      And don't even think about overnight - we're way past arm & leg territory already.

      I was really appalled at the invoice.

  6. Aqua Marina

    Does this mean future raid teams will be skilled in knife throwing????

    The enemy can not push a button... if you disable his hand.

    Medic!

    1. Muscleguy

      Re: Does this mean future raid teams will be skilled in knife throwing????

      Touch screens can be head butted though. So no hands, no problem. Also I am ambidextrous so I would require two very good knife throws.

      1. Anonymous Coward
        Anonymous Coward

        Re: Does this mean future raid teams will be skilled in knife throwing????

        > Touch screens can be head butted though.

        Are you from Glasgow by any chance?

  7. RyokuMas
    Black Helicopters

    No good...

    All that will happen is that upon finding you've utterly wiped your machine, the police will just get in touch with Google and probably be able to get their hands on about 80% of anyone's data on average...

    1. Sir Runcible Spoon

      Re: No good...

      ..but crucially not the keys on your PC nor the ones stored in RAM, which I believe is the point of the app.

  8. Craig 2
    Trollface

    As a byproduct, it creates a new variant of knock-a-door-run where you bang on a nervous hacker's door and shout "Open up, Police!" They then have to spend the next few hours re-installing :)

    1. Rick Giles
      Black Helicopters

      RE: knock-a-door-run

      Any true hacker has video surveillance on the doors so they can tell who's who and what's what.

  9. sandman

    Argh!

    "Daddy, I was playing on your computer and then it all went away…"

  10. Pascal Monett Silver badge

    Next in News at 9

    Hackers have found a way to disable multiple computers at once by activating a mysterious panic app.

  11. MrDamage Silver badge
    Mushroom

    Overload

    Just get yourself a system with nothing but SSD's, and set up an overload circuit on your UPS.

    Cops knock on the door, you hit the button, and they enter to the smell of fried silicon.

  12. Anonymous Coward
    Anonymous Coward

    Unfortunately, in the UK, you are required by law to reveal keys to encrypted files. Failure to do so can result in a criminal conviction... (Yes, I know truecrypt can do dual layer).

    So I'll stick with my total physical destruction solution of 2lbs of semtex under the file server.

    What do you mean that's illegal too?!

    Good grief, it's a conspiracy I tell you!

    1. Rick Giles
      Black Helicopters

      RE: Semtex

      What about small amounts of thermite on each hard disk and RAM module?

      1. Triggerfish

        Re: RE: Semtex

        Can't remember which one, but I seem to remember they had that on a William Gibson novel, it was part of the acceptable risks of being on a cracking industrial espionage team.

  13. Rick Giles
    Black Helicopters

    DHS

    Since I have recently read "Little Brother" by Cory Doctorow, I like the idea of this app considering the path that the US Government is trying to go down.

    I have nothing to hide. I love my country and that will be the very reason that they will come after people like me. They don't want the US Constituion getting in their way.

  14. Gronk
    Coat

    Missing the point

    All this discussion about revealing keys is missing the crucial point that the programmer misspelled "propagate" (check the screenshot).

  15. MeRp

    Of course all the section 49 talk is somewhat mooted by the fact that we're talking about TrueCrypt here; you SHOULD have it set up so that you CAN give them the password (to the public part); they can then decrypt the volume, see that it is just tame sort of stuff (legal porn, maybe some legal docs, whatever). Keep the hidden volume key (and password) secret; preferably with a backup of the key somewhere not in your possession and the primary copy getting deleted along with everything else.

    As for the laser trip on the door; you could use a Z-Wave (or probably other) security setup on your doors/windows and have it set up so that if it is armed and gets tripped, you computer reacts by activating this software. You just have to make sure the perimeter is armed any time you have your truecrypt volume is mounted and/or you are doing sensitive stuff; you may be able to automate that as well.

    1. Midnight

      The only problem with this is that you may be arrested by someone who has heard of TrueCrypt already, and as a result believes that you may have created a second partition and therefore should know the key to unlock it.

      Thanks to that you can be locked up under section 49 even if you have already coughed up the password. Didn't create a second partition? That's your problem.

      1. MeRp

        Surely you would then have grounds to argue that they would need to prove that there is a hidden volume, since it is also capable of NOT making such a thing?

        1. Keith 21

          "Surely you would then have grounds to argue that they would need to prove that there is a hidden volume, since it is also capable of NOT making such a thing?"

          Nope, you would have to prove you did not create it, after all they would simply cite that they have "reasonable grounds" to believe you did. Ball is in your court. Can't prove you didn't create it? Oh dear sonny...

          1. Anonymous Coward
            Anonymous Coward

            Sorry Keith, but you are plain wrong with that idea. If you use truecrypt and give them the password to unlock it after a good deal of arm twisting (or even without) there is absolutely no way they would be able to convince a court of your guilt. The whole point is they can only prove the outer layer of encryption exists and once unlocked they would have to prove to a court there was another layer of encryption in order to apply that heinous piece of legislation.

            "Can't prove you didn't create it? Oh dear sonny..."

            Bollocks. Total bollocks.

  16. Zmodem

    just run http://bleachbit.sourceforge.net/ or tweak the source to suit your needs

  17. Anonymous Coward
    Anonymous Coward

    Inaccuracy

    > It can also propagate the panic commands to other nodes on a network.

    Not according to the screenshot you've posted. It can only propogate it.

  18. drdrb.net
    Thumb Up

    Fricosu Keys

    I use LUKS to do disk encryption. While good, it lacks what I call a Fricosu key. This is a separate key, setup during initialization, which when entered while under duress in Colorado, causes LUKS to silently and permanently forget the real decryption key. You won't get your data back, but neither will anyone else. It only works if the Governm...(I mean the bad guys) haven't already made a forensic copy of your drive.

This topic is closed for new posts.

Other stories you might like