Physical Attacks

In order to access files that you may have encrypted, it is possible to run a physical attack on your laptop in a manner that is difficult to detect.

The classical example of this is leaving your laptop in your hotel while you leave.

There is a video online of a stuffed animal camera that a businessman left next to his laptop so he could see if anyone tampered with his laptop while he was in China on business. The video shows hotel employees going in, doing their normal thing making the bed and other hotel staff duties while talking with the Chinese letter agencies snooping about the businessmans stuff.

The funny thing is they recognized the stuffed animal as having a camera built in and two DIFFERENT letter agencies in the room were accusing the other of placing that stuffed animal there without notifying the other letter agency. It did not cross their mind that the businessman had placed it there.

The businessman saw this video, and what they were saying, and got out of China real quick.

One attack vector on your laptop here is a virus installed into the BIOS of the laptop. Generally this would be a keylogger. This is a piece of software that records everything that you type. After installing this virus the attacker would leave the laptop how it was and come back another time to retrieve the recorded key-presses, thus gaining any passwords you used between when the keylogger was installed and retrieving the logs.

There are a couple of tricks to mitigate this, such as placing an object next to your USB ports on your laptop. The attacker would either have to move the laptop or the object to plug in the necessary USB device to install the keylogger. This can be made more secure by taking a picture of the laptop and object. Then when you return to the laptop, take a second picture from the same position and compare.

There is an app (unaffiliated) by Clint Emerson called Photo Trap that actually helps you do this by highlighting differences in two photos. It's called "Photo Trap Change Detection" from "Escape the Wolf LLC" on the iPhone app store. Keep in mind though, an attacker can use the same app to put everything back as best he can so that it wouldn't be detected by you.

Adding some lint between the hotel room door and the doorjam as you leave is an old Tradecraft trick to see if anyone has passed that door. If falls when you open the door after getting back then someone passed through that door, if it doesn't fall than either someone with experience saw it as it happened and replaced it as best he could or no one has passed. Using this trick multiple times, such as under your object and laptop in addition to the Photo Trap app adds multiple layers of security.

In a hotel, bring your laptop out with you if at all possible. If you must leave it behind such as to reduce the chances of being mugged, try these old Tradecraft tricks to check for potential physical attacks on your equipment.