Keeping Your Documents Safe In a Digital Age

  • Keeping Your Documents Safe In a Digital Age
    By BinaryShinigami
    	Everyone has something they want to hide from others, whether it is porn, hacked account lists, confidential work information, or even just that secret book you have been writing in your free time that you believe will be the next best seller.  In the world today, almost everything we do involves storing information like this on computer hard drives, most of us assume this is perfectly safe, after all we marked the folder as hidden or gave it privileges that ensure only we can access them right?  Wrong, leaving anything on the hard disk in plain text means that others can get their hands on it easily.  
    	It doesn't matter what file attributes or permissions you have given the file, someone can find it and will get around those permissions.  Windows permissions mean nothing to a Linux environment and if you run a live Linux CD as root, any Linux permissions will be null and void because root has full access to all files and folders on a Linux system.  This means that if you are traveling, lose your laptop or thumb drive, or just leave your PC unattended for a couple hours, if someone wants your information they can get it if you don't take the proper measures.  Taking these measures and ensuring your documents are safe is what this article is about.
    	So how does one go about keeping your documents safe you ask?  Well the first thing you should do is encrypt all of your important documents.  There are tools available to make this easy, my personal favorite is a utility called TrueCrypt.  TrueCrypt is an open source utility that has been ported to many different operating systems and makes it very easy to store files in encrypted containers and drives.  With TrueCrypt encrypting your data is as easy as copy and pasting a file or saving it onto the drive, TrueCrypt does the rest for you.  You can obtain a copy of TrueCrypt for free  from  Download it and install it on your system. 
    	The first thing you should do when you are getting started is read the tutorial and the documentation on the program as much as possible.  When you are just getting started experiment with encrypted file containers.  These are files which will hold your data in an encrypted format and when mounted through TrueCrypt will appear as a external drive or partition.  These are great for some things not so great for others.  First they stick out like a sore thumb, having large file containers means that they can easily be found, while some may not expect much of you and not think of encryption, others will assume that its an encrypted file container and try to force you through intimidation tactics to reveal your password. I utilize encrypted file containers for documents that I want to keep from the average Joe and don't store anything important in them.  
    	The next thing you should experiment with is hidden encrypted file containers.  These are encrypted file containers inside other file containers, not like regular files though, they are actually part of the file container itself so they are not exposed even if you decrypt the first layer of encryption.  These are great and impossible to tell that you have in place.  They use a separate encryption key and algorithms then the first container so you can safely decrypt the first layer and the other layer will not be exposed without you using the second password.  The first container will show up as the full file containers size so there is no way to tell that the file contains another secret container, which is actually smaller than the first, but a word of warning, writing to the first layer a lot can actually cause you to overwrite parts of the hidden container making it useless.  It is highly advised that you store some files that look like you may want to keep from prying eyes in the first container before you create the second and only store files in the second.  I personally modify the time stamps of the files in the first and have never overwritten any of the hidden container doing so.  This makes it look like you work regularly with the files in the first layer so people don't get suspicious of a second hidden container. 
    	The concept I would like to inform you of is the fact that just because you use encrypted file containers does not make your information 100% safe.  There are problems that come with any modern computer system that the end-user is often unaware of that make true security difficult.  The first is the data cache.  When your computer works with information a lot, such as that of the key in a encryption algorithm it stores this information in a place called the cache.  The cache consists of a secondary storage that is slightly faster than RAM and allows the CPU to perform operations with that data faster than if it had to access the RAM constantly for that information.  To get around this TrueCrypt has a nice option that will automatically clear the passwords from cache when you dismount the drive.  Make sure you utilize this option as it is extremely important to keeping your information safe.
    	The next topic I would like to cover is the paging file or swap file.  Modern computer systems have space reserved for what is known as the swap file, swap partition, or paging file.  These are sections on the hard disk that the computer uses to swap locations from memory to when the memory currently isn't needed.  This means that if you leave a password in memory for a encrypted drive or container and you are using another program that doesn't require the use of the encryption scheme, the data for the encryption scheme can be stored on the hard disk in the swap file.  Now this is really bad, anytime something is stored on the hard disk it is extremely difficult to get rid of.  In fact the US DoD (that's Department of Defense) has entire documents dedicated to the proper methods required to securely erase a hard disk.  Because this process is time consuming and difficult I highly recommend that you either disable the swap file or paging file on your system, this can be done easily but I won't go into detail on how to do this as its OS specific, encrypt the entire system drive, this is one of the  best options as it will ensure that the entire disk is encrypted as TrueCrypt will stay in the background ensuring that any writes to hard disk is encrypted and reads are decrypted, or do what I feel is the best and safest option and take the hard disk out, boot from a thumb drive or live CD and store all of your private information on a encrypted thumb drive.  I personally believe the last option is the best and you should do that if you are truly paranoid like I am.
    	A final subject I would like to cover about the use of encryption for keeping your data safe is dealing with RAM.  You may think that anything stored in RAM is wiped clean as soon as you turn off your computer, that's 100% false.  Your computer does not go through the RAM and wipe the contents from memory, when you turn off the computer, the power is gone from the RAM which is how it functions correct, but there are still charges held in RAM that can take minutes to dissipate, during this time it is possible to put the RAM in special devices meant to read these charges and read the data contained in the RAM thus allowing a agency to obtain the passwords to any containers you may have had mounted before you shut down.  Typically law enforcement agents are trained to keep a computer system in place when they find it and if its powered on leave it as it is, this allows experts to come in and take the proper measures to ensure the data isn't erased.  There have even been studies done that show that freezing the RAM sticks will cause them to hold their charge longer allowing for transport and reading data later on.  While the extents of this aren't 100% clear the threat is there and needs to be in your mind when you are storing private data.
    	While encrypting your OS may make you feel 100% safe, know that you can still be safer.  Encrypting your system drive means that your data is fairly safe as long as the people trying to get the data follow the law and aren't corrupt.  If they are they can still torture you and use other intimidation techniques to make you reveal your password.  Just as with the encrypted file containers you can store hidden encrypted operating systems inside of your encrypted operating system.  It works much like the hidden encrypted file system and is impossible to find without knowing the password, with this method though, you do not risk writing over your hidden OS, this is because the hidden OS will look like an encrypted partition, this partition will be a container that you can store files on just like your other containers and hidden within that container is the OS.  Now if you write a lot to the container you can overwrite your hidden OS, but if you just use touch to change the timestamps you will be safe.  You should use the external encrypted OS as much as possible to show that its been used frequently and keep some files on it so that those who make you reveal the password don't get suspicious.  Only use the hidden OS when you are doing operations that require you to.  You should be offline to make sure the hidden OS is safe from being hacked.  If you are not do not store files that will appear in server logs and then cannot be found on the external OS as this may make the viewer suspicious that you have another system that you haven't revealed and could get you in deep trouble. I would only utilize this for things that you do not need to be online for such as development of secret programs or utilities, designs or schematics, or backing up files safely so that if you lose the first resource you don't lose the hidden OS version.  
    	Other ways that individuals may get your information include router cache and logs, printer cache and RAM, hardware key loggers and hidden cameras.  You can stay safe with router cache and logs by encrypting all of your traffic through SSH tunnels or SSL, printer caches aren't as easy, your best bet would be to get an older printer that can't handle much data at a time so it won't have many fancy features that require it to have a lot of storage space.  Hardware key loggers and cameras are in their own field and require you to physically inspect your hardware and surroundings, even laptops can have hardware key loggers installed on them today so take nothing for granted.  Getting sloppy is what leads to information leaks that expose your security measures in place.
    	Having reached the end of this article I sincerely hope you have learned something and take your documents security seriously.  As always I would like to thank you for taking the time to read this article and want to let you know that if you have any recommendations or ideas for future articles please shoot me a PM or message by AIM, my SN is BinaryShinigami.  Don't forget to do your research and you will have a long and happy hacking career.  Your information will be safe and you can rest assured while you are away from your terminals that when you get back no one will have snooped around successfully.  Take your time, have fun and never get sloppy.