Don't steal the laptop. :) Break into the room - clone the drive, leave the laptop in place. Use the exfiltrated encryption key to decrypt the cloned disk at your leisure.
-----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, 24 December 2012 3:37 AM To: NT System Admin Issues Subject: Re: Disk encryption killer: Anyone see this? Good point. (Although I bet stealing the laptop would be prone to being uncovered, too. ;-) (Yes, I get that it's before vs after the data theft. :) ) ) On Sun, Dec 23, 2012 at 7:03 AM, Ken Schaefer <[email protected]> wrote: > Do you mean, snag the clear-text version of the user's files? If the user has > 500GB of data on their laptop, that could take a while to exfiltrate. > > Suppose you are Chinese/US/whatever intelligence. You wish to get the > contents of the laptop belonging to a visiting business leader/dignitary/etc. > The laptop is protected with Bitlocker or some other FDE technology. > > If you can trick them into installing this software, then exfiltrate the key, > then you can break into the guy's/gal's hotel room, clone the disk, and > decrypt it at your leisure. The other alternative, of exfiltrating all the > data whilst the laptop is online, might be tedious, not be complete by the > time the person leaves, and probably more prone to be uncovered. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
