According to Der Spiegel, Israel's intelligence service planted a Trojan horse on the laptop computer of a Syrian government official. This act ultimately led to the 2007 bombing of the Al Kibar complex (supposedly a nuclear reactor). One way to have prevented this would have been the use of full disk encryption. However, there are dissenting groups as well.
The Syrian official had left his laptop computer behind at his hotel. This allowed the Mossad, the Israeli intelligence agency, to gain access to the computer and plant a Trojan that stole data. The information gleaned from this move proved to be invaluable, with photographs of Al Kibar at various stages of construction and other works in progress. They were even able to identify a North Korean scientist, in charge of the Hermit Kingdom's nuclear program, on site. Of course, if disk encryption had been used, the Mossad would have had a heck of a time trying to get into the computer, and planting Trojan wouldn't have been easy.
The Syrian official had left his laptop computer behind at his hotel. This allowed the Mossad, the Israeli intelligence agency, to gain access to the computer and plant a Trojan that stole data. The information gleaned from this move proved to be invaluable, with photographs of Al Kibar at various stages of construction and other works in progress.
They were even able to identify a North Korean scientist, in charge of the Hermit Kingdom's nuclear program, on site.
Of course, if disk encryption had been used, the Mossad would have had a heck of a time trying to get into the computer, and planting Trojan wouldn't have been easy.
As security guru Bruce Schneier pointed out though, the use of whole disk encryption may not have been enough. "Remember the evil maid attack," is his rallying cry. What is this evil maid attack? Well, the idea is that an evil maid at the hotel (or a janitor, bellboy, the hotel security guy, whatever) can come in; plant a password reader into the MBR of an encrypted computer; and retrieve the password later. The MBR is the master book record of a fully encrypted hard disk drive, and is the only place that's not encrypted on an encrypted disk. Since figuring out the encryption key is extremely hard, an evil maid attack can be used to find the passwords. It goes on to show that whole disk encryption cannot protect one against instances where laptops are left alone. (Disk encryption is meant to protect the contents of a computer if it gets stolen. If the computer is eventually recovered...well, you can't just use it as if nothing ever happened. You'll have to have it wiped if it needs to be secure.) The problem with evil maid attacks, though, is that they require multiple access to the targeted computer, once to install the password reader and again to retrieve said password. If the Syrian official screwed up just once and left the laptop unattended that one time, the evil maid attack wouldn't have worked (this being the Mossad that's involved, maybe it would be more accurate to say retrieval would have presented some challenges). Heck, I bet they could have done something else to bypass the encryption software, like maybe use hacked hardware like compromised DRAM.
As security guru Bruce Schneier pointed out though, the use of whole disk encryption may not have been enough. "Remember the evil maid attack," is his rallying cry.
What is this evil maid attack? Well, the idea is that an evil maid at the hotel (or a janitor, bellboy, the hotel security guy, whatever) can come in; plant a password reader into the MBR of an encrypted computer; and retrieve the password later. The MBR is the master book record of a fully encrypted hard disk drive, and is the only place that's not encrypted on an encrypted disk.
Since figuring out the encryption key is extremely hard, an evil maid attack can be used to find the passwords. It goes on to show that whole disk encryption cannot protect one against instances where laptops are left alone. (Disk encryption is meant to protect the contents of a computer if it gets stolen. If the computer is eventually recovered...well, you can't just use it as if nothing ever happened. You'll have to have it wiped if it needs to be secure.)
The problem with evil maid attacks, though, is that they require multiple access to the targeted computer, once to install the password reader and again to retrieve said password.
If the Syrian official screwed up just once and left the laptop unattended that one time, the evil maid attack wouldn't have worked (this being the Mossad that's involved, maybe it would be more accurate to say retrieval would have presented some challenges).
Heck, I bet they could have done something else to bypass the encryption software, like maybe use hacked hardware like compromised DRAM.
Related Articles and Sites:http://www.sophos.com/blogs/gc/g/2009/11/06/mossad-hacked-syrian-laptop-bombing-nuclear-facility/http://www.spiegel.de/international/world/0,1518,658663-2,00.htmlhttp://www.schneier.com/blog/archives/2009/11/mossad_hacked_s.html