Miguel Oyarzo O escribió: > > > Estimados, > > Solo es un tema de conversacion... quizas resulte interesante: > > Policia del cibercrimen de Chile (Investigaciones) llegó a Punta > Arenas a revisar una denuncia de delito > de hackeo contra un servidor publico. > > El hacker borró toda la información en su PC y formateó el equipo > desde donde atacó y reinstalló todo > desde 0. Esto lo hizo para poder dormir en paz, pues nadie lo pillaría > asi.
Capaz que dejo huellas, te dejo la siguiente info de algun articulo que tengo sobre el tema, disculpa que no lo traduzca pero creo que es bastante entendible para cualquiera que sepa un poco de ingles. Forensic recovery techniques normally consist of making a mirror image of a hard disk and searching it for compromising words. These techniques are available to anyone with physical access to your computer (i.e., just about anyone who really wants to). Deleting a file is not safe in this respect, because all the data contained in the file remains on the hard disk (see following point). Data that has been deleted and overwritten several times on your hard disk can still be recovered, although this involves the use of advanced facilities (clean-rooms similar to those used for semiconductor manufacturing, as well as special electronic equipment). In other words, here we are talking about NSA, FBI, KGB, the security services of most developed countries, major technological industries, and a few of the most advanced universities (updated information: a modified atomic-force microscope can be used for this purpose, at a material cost probably not exceeding US$ 50,000, which puts this operation within the reach of small laboratories and determined individuals). I shall not discuss here the technology involved. Just how many passes (i.e., successive overwritings) can be regarded as safe is impossible to tell. A single pass effectively prevents the application of techniques normally used for forensic recovery. Four passes are known to allow an easy recovery through special techniques. Eight passes are recommended by the Pentagon for low-security erasing. Data recovered after 22 overwriting passes has been used as court evidence against computer-related crimes in the United States. Thirty passes or more should be safe, unless the opponent is exceptionally motivated to recover the data. Physical destruction of a hard disk, through a complex procedure (involving high temperature and grinding to dust the whole hard disk with abrasives), is required by the Pentagon for hard disks used to store sensitive data. There are several file and disk wiping programs available. I recommend two: BcWipe (available as freeware from Jetico Corp <http://www.jetico.sci.fi/>.) and PGP file and disk wipe, which is part of the PGP package (available from the manufacturer <http://www.pgp.com/> or the replay server <ftp://ftp.nl.monster.org/pub/crypto/pgp>). I use both, because neither of them does everything I need. You must use these programs intelligently, and be aware that they do not automatically provide privacy. In particular, you must be aware that sensitive information may be contained on several locations of a hard disk, in addition to a file. In particular, remember these locations: * temporary files created automatically by word processors and other programs * free disk space resulting from the automatic deletion of the above files * the swapfile * the file slack at the end of each file * the cache of web browsers Disk encryption programs are especially useful, because they create encrypted partitions or encrypted virtual drives on a physical drive. You cannot encrypt your whole hard disk, because the operating system cannot boot or operate from such a disk (it could if it were designed to do so, but so far there has been no interest by the software industry, because of likely opposition by the authorities). Nonetheless, the use of an encrypted virtual disk is a considerable help toward privacy. The programs I have tested and found to work on Windows NT are Sentry 2020, Encryption 4 Masses (which is freeware), BestCrypt <http://www.jetico.sci.fi/> and PGPdisk <http://www.pgp.com/>. I use PGPdisk. An interesting characteristic of disk encryption is that you don't have to worry about overwriting the data occupied by deleted files, because all the contents of an encrypted disk - including unused areas and unused directory entries - are encrypted. The pagefile is still a security concern, however, unless it is also stored on an encrypted disk. Typing on a keyboard generates electromagnetic pulses which can be intercepted from a distance of several tens of metres and through building walls. The necessary equipment can fit in a suitcase (in other words, no particular need to park a large van right under your window). I would expect that a broadband generator of radio noise is an effective countermeasure, but I have no concrete information on this. Having a few computers close to each other and running simultaneously, as frequent in office environments, might also provide some protection (as long as they all use the same screen resolution and refresh frequency, see below). Computer monitors emit electromagnetic radiation that can be intercepted and used to reconstruct the picture displayed on the screen. I don't know whether this applies to LCD screens as well, but would expect so. The equipment and possible countermeasure are similar to those described under the preceding point. The military and security agencies use so-called Tempest terminals, which are shielded against electromagnetic emissions (in case you wonder, a home-made Tempest shield for your computer is unlikely to be effective). Special fonts, called Tempest fonts, have been developed for reducing the above problem. Instead of having sharp edges, they are "fuzzy" (in particular, their higher harmonics have been eliminated through a two-dimensional FFT transform), so that their potential for generating radio emissions is substantially reduced. From normal reading distance, these fonts are perfectly readable. Later versions of PGP provide the option of using a "secure reader" that employs this technology when decrypting text messages. A related technology adds high-frequency harmonics to video signals in order to generate a display that looks normal but generates large amounts of radio signals. These signals can be used to transmit information (e.g., file contents or keystrokes) to a remote listener without the knowledge of the computer user. ============= Bueno no se que tecnologia tendria a mano el cyberpolicia en cuestion, pero un simple formateo por lo que te mostre no es muy seguro, ademas fijate todas las otras posibilidades que existen para compromoter la seguridad de la informacion que hay en una pc. Yo me inclino para una instalacion de alta seguridad por un sistema de archivos criptograficamente seguro, el uso de monitores LCD llamadados Tempest terminals, con Tempest fonts, todo dentro de una jaula de Faraday para empezar, y la configuración de los archivos temporarios de todas las aplicaciones en ram o en particiones criptograficamente seguras aunque se pague con caida de performance. > > El policia, tipo joven y bien preparado, solo sonrió, saco unos > programas confeccionados > especificamente para la institución y a modo de pelicula en camara lenta > reprodujo todas las digitaciones de teclas que el atacante habia dado en > las ultmas semanas. La evidencia fue abrumadora en su contra y suficiente > para acusarlo de delito. > > Segun las palabras del detective: TODO queda en el computador, sea > Linux o Windows y por largo tiempo. > Solo hay que saber como armar los pedazos como un rompecabezas. > > > Saludos > > ======== > Miguel Oyarzo > INALAMBRICA > Punta Arenas > Chile > Guillermo O. Burastero Bahia Blanca, Argentina. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.6 - Release Date: 05/12/2004
