 Hello, thank you for coming to our talk this by the storm So this talk is going to be about a strange event that occurred In the basement of the Guardian office in London in the summer of 2013 Where the Guardian were instructed by GCHQ to destroy laptops containing the Snowden vials So I'm going to be talking for 15 minutes and which is going to be talking for 15 minutes And we're going to open up to Q&A So when I usually talk about this subject, I usually Start by mentioning and describing who Edwin Snowden is, but I don't really think I need to for this audience So a bit of background the Guardian was one of the newspapers that had access to some of the raw copies of the Snowden vials and Of course, they had to take great measures to actually protect those files and make sure that they don't fall into the wrong hands like GCHQ So Some of the security measures they took was that of course they stored the files on an encrypted hard drive and They also air-grab the machines To make sure that there's no internet connection and nothing no signals can get in and out And it was actually a secure room where no one was allowed to take in a device That had any internet connectivity So you had to leave all your devices outside and go into the room to make sure that there's no way that Information can digitally leave the room And of course the British government wasn't actually happy about the fact that the Guardian was releasing The files from the intelligence agency so as a result the cabinet secretary pressured the Guardian to present the documents and The reason why they wanted to do this according to the National Security Advisor was to conduct forensics Presumably to strengthen the legal case against Edwin Snowden for example to figure out which files he had actually taken and How many files and also possibly to strengthen the legal case against the Guardian and the reporters who Viewed the files and reported on the files Initially the Guardian ignored the threats and didn't take them seriously, but the harassment continued and Heywood who's the cabinet secretary said we can do this nicely or grow or we can go to the law a Lot of people in government think you should be closed down and The National Security Advisor said if you won't return it we will have to talk to other people this evening And I don't know about you but to me that sounds something from the Russian mafia rather than a British government So in order to protect protect the documents the Guardian decided that it can't continue reporting on the documents from his London offices Because the threats were too much So they said that they would destroy the documents In his London office and but continue to report on documents from other locations However, GCHE wanted to actually inspect the material before it was destroyed Destroy it themselves and take back the pieces which is pretty weird And the Guardian said no we can't have that so the mutual agreement that came up with was that the Guardian would destroy the documents themselves But GCHE would supervise them in doing so and tell them exactly how to destroy it Presumably because GCHE did not trust the Guardian to destroy it properly so the Guardian was instructed to buy Entire shopping list of destruction equipment ankle and grinders Dremels and masks and GCHE also provided their own degausser because that was too expensive and GCHE supervised the entire instruction process and guided the Guardian on how to destroy the laptops and witch chips to destroy And in addition to that Two GCHE technical experts recorded the entire process on the iPhones So this is a video of parts of the destruction process So about six months after that We actually went to the Guardian to try and see what we could learn about how GCHE supervised the Guardian in the destruction process because potentially there could be quite a lot to learn About from GCHE about how to properly eradicate a device Maybe there's things that they know about our devices that we don't because the interesting thing was that Many non-obvious components on the device were destroyed Including components in the keyboard trackpad and the battery controller Which is pretty strange because normally people would just destroy the hard drive rather than components other components on the machine So this is a before and after picture of the trackpad controller that was destroyed and you can see here The red chip highlighted the red was destroyed and that turned out to be an actual actually a serial flash chip that can store up to two megabits of memory and you can see here that the yellow and orange chips were left intact and it turns out that There's a lot of chips on your machine that can store data for example, even your trackpad has can actually have a firmware update and in fact Even your battery controller has to kind of have firmware and you can get firmware updates for your battery controller if you've got a Mac so this is a sort of concept taken from a Dan Kaminski talk in Defcon and It's called Zibbit's iron law of computer architecture and it basically states that the biggest lie about your computer Is that it's just one computer because in fact your computer is actually many computers all network together and Each of those computers have its own firmware and as a consequence the own storage and you know a lot of people say Well, what if GCHQ is just this spreading misinformation? What if they just told the Guardian to destroy all these random chips just to mess with our minds and you know, it could it sounds at first it sounds like a credible theory because GCHQ have this group called the joint threat research intelligence group Well, and it says the scope of GCHQ's mission includes using dirty tricks to destroy Deny degrade and disrupt enemies by discrediting them planting misinformation and shutting down their communications And one of the Guardian staff members said that it was purely a symbolic act We knew that just in case you knew that and the government knew that But the real question I think here is I think he probably was symbolic act from a political standpoint But was it a symbolic act from a technical standpoint? Because GCHQ are still bound to government bureaucracy and the government the British government has a Whole bunch of documents to outline how they should destroy properly eradicate information And the other thing that's worth noting here is that GCHU didn't actually intend For the destruction process to be public Initially, they just wanted to have a copy of the files so that they can conduct forensics on them So was GCHU dispelling this information? Maybe but even if they were The evidence suggests that actually there are potentially valid reasons for destroying these ships So after we published our original post we had a number of comments that we can't validate But they do have some interesting theories That seemed that could be valid so one of the first comment was Back when I worked for Apple converges One of the main things was that we could not bring in our own peripherals to use my keyboard, etc The issue is that one in theory could customize it for storage covertly and copy customer client information Which that doesn't make sense because these chips have firmware updates You can actually update their firmware from your computer so you could actually put information on these chips and Another person who works in data destruction or claimed to Says that I have destroyed the brand new i devices of senior government personnel because they plugged it into a classified network To charge it for less than a minute The law is law. I actually had a wall of digital devices which will de-course etc So what is the law regarding destruction? So this document is documented from the British government called government security classifications that defines top-secrets And it's that model and from that they can they derive how top-secret information should be destroyed So here top-secret information is defined as Her Majesty's most sensitive information requiring the highest level of protection From the most serious threats For example where compromise could cause the widespread loss of life Else or else threaten the security of our economic well-being of the country or from the nations And this is another document created by the communications electronic security group Which is a group within gchq that advices the bit that advices governmental organizations How to maintain their electronic security and here they've got a clip flowchart on how they actually prioritise and Present risks depending on the threats So in step two you've got identify and assess threat sources and set for you've got identify and assess threat actors So based on the top-secret classification What are the top-secre what are the threats threat actors and sources and it's also defined in that document too It says the threat profile for top-secret reflects the highest level of capability Deployed against the nation's most sensitive information and services It is assumed that advanced state actors will prioritize compromising this category of information or services using significant technical Financial and human resources over extended period of periods of time How do you bespoke and targeted attacks may be deployed blending human sources and actions with tech non-technical attacks? Very little information risk can be tolerated Which I think begs the question well What highly bespoke and targeted attacks can be deployed against this and you could also look at the sudden leaks So the NSA have this catalogue of of hardware implants That they can put into all sorts of places on the machine So this is a hot. This is a one type of hardware implant that they can put into a keyboard that basically allows them to illuminate the keyboard with the radar or your machine with radar and Your your the keyboard shape will reflect the keystrokes. So it's essentially a keylogger hardware implants Although in this particular situation This is Information is being exfostrated I'm not stored on the device. So it wouldn't make the sense to destroy the device in this this way for this particular hardware implant But it's not hard to be creative and think of what other that could be other hardware implants that do actually Distort information temporarily on device itself for collection after So there are two documents that I know of that counter Government the government counter compromised measures There's the HMG information insurance note 5, which is a data destruction standard used by the British government This isn't a public document, but I Email just a sheet to ask for it because you know who knows maybe if you ask nicely they will give it to you for a change But of course they refuse because their policy is that this document is only available to UK public sector organizations But funny enough at the end of the email They said they stated communications with DCSQ may be monitored and or recorded for system efficiency and all the lawful purposes So at least they're nice enough to tell me this time that they're surveilling us And the other document was the joint service publication 440, which is a 2000 page restricted manual by the Ministry of Defense Unfortunately that was leaked by WikiLeaks a few years ago It contains a table that describes how you should destroy different types of chips depending on how sensitive the information is So you've got the baseline standard and the enhanced standard enhanced standard is for more sensitive information so for EP ROM for example, you've got Chip erase and then overwrite read that Overwrite or destroy Which is what they did particularly here They incinerated the chips Funny enough this document also has a paragraph that describes What the security measures are aimed for and it says the security measures in this chapter are aimed primarily to cover contracts Made in CSS arrays that have been drawn up to protect the individual from action by FIS is extremist groups investigative journalists and criminals So they taught investigative genials and criminals in the same group Thanks, Massafa So as Massafa said we couldn't get hold of all the documents that we needed to be able to figure out what they were actually doing But we wanted to find if there was any other Documents which would explain How they were operating why they were operating the way they were and so we went and had a look at all the five eyes countries and it turns out that all but the UK make very public the Procedure that they would use in order to actually destroy information the first slide here talks about sanitization and There's a very interesting point here that No matter what you do to a hard drive according to GCH Q once that That hard drive that piece of hardware contained top-secret information. It always remained top-secret Because there was no effective way in their words that it was almost it was almost it was difficult or impossible to totally sanitize and I think that's very interesting from the fact that we all have these devices ourselves and In some cases we may actually need to delete some very very sensitive information So what we did was we had a look at the five eyes and I picked out what I think are the relevant components from each one of their manuals for how they go about destroying Hardware and I'll just go through some of them now But it's important to see here that they have to make a distinction between volatile storage for example RAM and also for hard drives They then go on to explain What are the permissible destruction methods for the individual type of material and I've highlighted here the grinder cutting and digouser section and some of the interesting things are that for some semiconductor memory None of them are actually relevant for the destruction Moving on to the actual meat of what destruction means to these type of agencies for things like USB sticks and Memory and various other things to store information They require that after the process the size of the individual bits of dust Must be less than a particular size Because if they were bigger they would potentially an adversary would be would potentially be able to recover the information from even the bits that were left and as you can see here that a material or a Electronic device that contain top secret material That was shredded, but that each component was greater than 12 millimeters Still retain the classification of secret So even going to the 12 millimeter standard in their eyes wasn't sufficient because We think they themselves would have been able to recover information from such a device And if you look further over to the left of the Of the the table there you can see that Only when the dust was less than or equal to three millimeters Would it be considered properly and adequately destroyed? and as Mustafa said the the whole process in the Guardian was supervised by two agents and interestingly enough the five eyes Manual for or some of the five eyes country's manuals for how to destroy information Requires that two agents must be present with top secret security clearance If the information that they're going to be destroying is top secret and this seems to resonate quite closely with what we actually saw In GCHQ two agents coming in to supervise the destruction There's some more interesting bits when you look at things like volatile memory such as RAM and the There's an interesting line where it says that most people might think that if if you had RAM you power it off In about 30 seconds it'd be very very difficult to extract information from it There's plenty of people friends at guys who would then freeze it in nitrogen which might actually buy them some more time However, if you see here that when you have an operating system that stores cryptographic keys in memory in the same location In memory you can get what's called burning of the key and even after the power is removed Some of those cryptographic keys could be recovered and so as part of their threat model The GCHQ were were I suppose thinking that what happens if China or Russia got a hold of this Material after it was destroyed and were potentially able to get back the cryptographic keys That might have been used to encrypt the or that could have been used to decrypt the material on the drives the second thing is that Even your hard drive non-volatile storage also has areas where no matter what you do there is pretty much Information always going to be retained in individual chips And I just like to show you now the reflection of this in the actual devices that they destroyed So this is what they did to four RAM sticks. You can see that one two three four. They're in horizontal It's a bit difficult to make out but Based on the fact that the memory could have The memory could have contained some of the the cryptographic keys This is what they felt they had to do in order to keep their information secure from anybody who may have got hold of these These components and in relation to the hard drive. They not only went after the platters that were internal within the hard drive They also went after certain chips on the hard drive itself And I don't know if we'll touch on this later on but some researchers have shown I think it was the equation group where they showed how malware could store information in these individual chips from the operating system Which may potentially have allowed recovery of that information later on by a third party or fourth party in this case And this is what they did to the individual platters within the hard drives They dig out them and then went over them with drills And there are many more components that I hope I have time to to show you but there's another interesting thing here when it talks about flash memory and It basically says that No matter what you do again. They must always remain at the individual classification for Or depending on what the information was contained on the device originally so top secret remains top secret and they also I've put in the slides here to show the the mirror between what New Zealand state and what now the Australians state in terms of how they destroy information or how they Determined destruction of top secret information ought to be carried out. And finally we have Canada and the USA USA has a very big document Up on crypto, which you can read yourself which goes into what proper destruction of documents or of components should be and They mirror very very closely if not exactly all the other documentation that we were able to find from New Zealand Australia Canada and now the USA and Canada has the same two millimeter edge length for Secure information or for top secret information. We were also able to find Information of companies who provide Outsourced destruction of these types of devices and even though as mustapha said we were refused access to what the British government will Say is required many of the companies actually state what is in IA 5 So if you look at the I think it's the third the last line where they talk about reducing things down to the particle size of 6 millimeters or 2 millimeters and that resonates quite clearly with the Australian New Zealand and Canada and USA side of things. So it's very very interesting that the the the other Four eyes are willing to publish the Sanitization and destruction procedure, but the UK isn't I just thought that was quite interesting So moving on to what the actual keyboard controller that was done to it In in From from people we spoke to this can retain some information about what keys you press which may contain passwords Or which may contain past phrases that could be used to unlock private keys So if somebody got their hands on that they might be able to figure out what the or what the past phrases might be for for the keys mustapha went through The trackpad controller and this is the full smashed up trackpad of a MacBook Air 13 inch and Zooming in on the bottom as he said there's a chip. I hope you guys can see that it's on the left It's on the right hand side and they drilled out specifically this chip where both the keyboard and mouse Goes through this chip and and it can store up to two megabytes of information it's sorry make a bit two megabits of information thanks and that's quite a lot of information and If somebody had entered in various different bits or various different passwords again This might be the place where an adversary could recover those those passwords that were entered in As you'll see later on there's people who have contacted us with theories about malware which you know You can you can you can accept them if you want But there are there are many theories which we'll look at later on the other interesting thing They did was they destroyed the battery controllers of all the Apple MacBook Air's that had That had top-secret documents on them and they were very specific This is just one but all three of them were destroyed in exactly the same way This is the front side and as you can see on the left there was one specific chip that was destroyed And we've seen some recent research where people have been able to derive What you're doing based on power usage and if this chip was potentially recording information In theory you might be able to recover what the user was doing on the laptop just based on the power draw Historical power draw over a period of time and this is the front side So the again this chip which is just on the left-hand side And I just put a 5p coin so that you guys could see the scale of what we're talking about and they were very precise They came in with their shopping lists and said drill this chip Turn it over drill that chip Some of the other ways in which we've seen from the trade shows that that we we sneak into there are Hardware vendors which will sell big shredders where you can put entire machines in the Guardian won't let them do that And so to the best of our knowledge This is the first time we've had a laptop with containing top-secret information that was sanitized by GCHQ and has been left in the public domain They were also interested in in a in a component called an inverting converter again This is relate in relation to power and many people were stumped by why they would actually go for this specific piece And again of the three laptops that were destroyed they destroyed this on all of them and It can contain I think up to 256 kilobits of information and Again that might be able to be used to recover what was actually been done on the laptop and depending on how Apple Used that chip because in reality. We simply don't know How that chip was configured on that circuit board what information went through it and Apple were not very forthcoming in telling us What the chips actually did? This is what they did to the CPU They simply cut it in half. They didn't do any more Any further destruction in terms of turning it to dust But so if you guys have a CPU containing information that Or you have a machine containing information that you don't want somebody to be able to recover that This might be a good idea to do The next was the SSD and the SSD as you'll see later on there's been some people who've been doing research on Malware for SSDs and where you can store information and basically they went through and destroyed every single component That was on the SSD. This is not as interesting because I think most people if they thought they had to get rid of information in a hurry If they had they were a journalist source or a journalist and there was a knock at the door I'm sure the SSD or the hard drive would be the very first thing people would think of To put in the fire or to do something to get rid of it in terms of USB sticks, which I think probably everybody in this room has and Maybe everybody in this room has had information on a USB stick, which they wouldn't want to fall into the wrong hands We'll go on later on to show what they say about USB sticks, but they're almost impossible to adequately sanitize and so if you're transferring information around on USB sticks it Maybe a good idea to completely destroy it afterwards if it's a matter of life and death and we'll go on and talking about The kind of threat models that some of our partners face in Latin America and Africa Again, just to show the consistency in the way they were operating. This wasn't a Random thing where they went in and just destroyed Random chips on each USB stick. This is a different model of USB. I'm sorry. This is a little bit blurry My camera skills Are not the best and so when I took that picture obviously didn't come out too well But I hope you can see that every single bit where every single chip on that USB stick was completely removed and in the next Slide you'll actually see what they did to every single chip that they removed from the devices They turned them into very very small people very close to dust and you can see how the Australia New Zealand Canada and US Regulations for how you adequately destroy hardware that has contained Top secret information is reflected in in this slide in particular so I Just want to recap a little bit on on some of these things that unfortunately I didn't have time to go through all the other bits There was HP monitors that were destroyed And we're working to with people to try and figure out any of the other components what their storage capabilities were How how it will be possible to maybe put information into the chip that? maybe Wouldn't happen in normal operation maybe with malware or maybe through a fault in the operating system But one of the things that I think is kind of important is that GC HQ don't seem to trust Apple with their top secrets So maybe we shouldn't I mean if these Laptops contained information that were a matter of life and death for an activist in Uganda and Nigeria or Columbia And they absolutely had to get rid of this information Unfortunately, it seems like this might be something they could consider and it's difficult to know where Just pressing the delete key secure arrays and actual physical destruction where is the Practical solution dependent upon the risk in some cases obviously maybe delete if it's just your recipes or your family photos But in other cases it's a little bit unclear about What you may actually have to do to delete information from your from your machines And and the thing here is we have a roadmap for The components we know that any component that could have contained top secret information needed to be pulverized to to a a Square that was three millimeters by three millimeters and That's public for the five for the four eyes But what happens in relation to a Dell our Lenovo laptop Dell laptop We don't have a roadmap for all the components in these computers That can contain that information and we're trying to through foi Tried to figure out how they found the information out from Apple what they actually did and if there's any more information that they can give us About other models of computers. I'm not sure how successful will be because gchq are exempt from freedom of information This is a thing from Chris the going who mentioned it to me last night Who said what they actually should have done as you can see when the terminator needed to be destroyed and all his Circuitry needed to be destroyed. They simply put it into a very hot molten lava pit In reality, this is probably what they should have done But as I said earlier on the Guardian wouldn't let that happen. They wanted to keep the laptops They did the destruction themselves. It wasn't gchq doing it It was the Guardian employees acting on the instructions of precisely which chip to destroy so After this we decided to contact some of the companies and Dell was quite interesting because we contacted them about their keyboards and they were very reluctant and To tell us anything about what their keyboard circuitry would do and they Said that it was Dell confidential information so It seems a bit weird that you know, we have this patent system where Companies can actually engage in innovation and they get a monopoly on on the innovations that they that they do for Somewhere from 10 to 20 years depending on which country you're in But the corollary of that or that the other side of that is by getting the patent They also have to make it public. So it seems like we're not getting the best about worlds They can be completely non transparent around what their devices do but still get The confidential patents and keep that what they're what their devices do Incredibly secret and not have to tell us how we might be at risk or how their devices might betray us HP was another very weird one So we were in the process. We actually had a very good dialogue many back-and-forth pieces of information or very good back-and-forth emails and Then one day we got an email that had in really really bold letters underlined Confidential and there was a two lines in there saying that we needed to engage in this very Confidential process and and I responded to say well, I'm not doing this for the goodness of my own health I mean, I am curious. I'm extremely curious around what they were doing Why they picked those chips and what other chips in computers would be could potentially betray us with information that we might want to get rid of and After I said listen, this is this is this needs to be a transparent process. We're gonna make everything you guys say to us public communication stopped and that was very very disappointing because You know, we thought we were actually gonna get somewhere and maybe get some information from them about how their devices Behaved but we certainly didn't want a privacy international. We didn't want that information just residing in my head It's no use in my head. We wanted to share it with the public so the wider public could know if An individual component could contain information that they might want to leave my want to lead it so as Mustafa said we we were contacted with some very very elaborate theories and Some of them are some of them are good. Some of them are a bit out there. I'll leave it to you guys to maybe See which one you think is best and maybe throughout the course of tonight or tomorrow You can come to us and maybe give us your own theories No theory is necessarily invalid and may actually be the right one And so some people thought this was purely a symbolic show of power And they went in and just acted completely randomly and just said we're gonna destroy random chips here random chips there and That was essentially it While that may be so they destroyed the same chips on all the same computers that the MacBook Air's So there seemed to be some Reason or motivation or or logic behind what they were doing and many of the chips in fact most of the chips that they were were destroying would have contained things like firmware which could have been updated by the operating system or Could have been updated via other means And some people contacted us to say We're being idiots. I mean this is this is obvious I've been working in the security community for many years and When I had info when I had laptops with top secret information on it these this is exactly what I did But again, this is only specifically for the MacBook Air This is not for any of the other laptops that I see most people around here seem to have Lenovo laptops What do we do with them? And where can that information be be stored? some of the other Again further out there ones were that GCHQ were actually destroying traces of malware that they themselves had inserted and That were in many of the Guardian computers for quite a while and That they were just going in and destroying so that there was no evidence of what they had put there. I'm not saying that's right I'll leave it to yourselves to see if you think that resonates with you and They were also removing things where they thought other states may have put malware or malware on the machine May have been able to dump the sensitive files into these chips so if the Guardian subsequently disposed of them in five years or whatever that the adversary could come in and Recover the information from the chips if they weren't destroyed in accordance with the procedure that we saw in Some of the documents and again as I said if you guys have any theories, I'd love to hear them So why is this important? I think from a privacy perspective we need to Empower users with knowledge about what their devices do where they store the information and more importantly when we want to destroy our information we should have a right to actually destroy it and be sure it's gone and for most Well when I was going through my IT training in university It was like I thought that a leaky was enough and then I found out that well Actually the leaky is not enough because it doesn't erase things from the hard drive and then you use things like secure arrays so in theory that information should be gone, but as we saw from the manuals from Australia and New Zealand and the USA they can actually recover information from it even after that process has been has been conducted and We also need verification tools so that we know that firmware that comes from or that's on our machines actually comes from the vendor So that if Apple or Lenovo or anybody else wants to be complicit in this kind of surveillance They're gonna have to backdoor those things And they're gonna have to sign them with very strong Cryptographic keys so that I can in some way Verified that all firmware on my machine actually came from where I think it came from and that it hasn't been altered in any Way and as we've seen some of the latest research we've seen things like Thunderstrike 2 Where it can infect the bootloader and potentially insert malware into the operating system before it loads Mentioned early we've got things like equation group where they were able to infect the hard drive controllers themselves to potentially then Alter files as they were read from the the hard drive and finally Karsten Null who I think presented here on the first night on SS7 He was also involved in I hope people here will remember the thing of bad USB where Using a specific USB you could you could flash the firmware and do some pretty funky things with a USB device And then give it to other people and potentially infect them We're in Germany at the moment and when we conducted this we were in the UK For many people around the world Deletion of their information is a matter of life and death Many activists have very very sensitive information that can lead to them being in trouble or any of their sources and in some cases They have to get rid of the information and I really don't want to have to advise them That the only way to be sure to get rid of this information is to actually start taking out an angle grinder To a very expensive laptop that they probably got a grant for And then are left with nothing afterwards We ought to be able to have verifiable deletion of our information and know that that information is gone because the consequences there can be highly highly damaging So I'll finish off with some of the open questions Again this talk was unfortunately if people came here expecting answers I think the work that we've done so far has thrown up more questions and answers and if any of you in the audience Can answer these for us. It will be really really helpful because As long as you're willing to have us make that public And I think people ought to know that the full extent of the information That's on their laptop and where it's contained and when they want to get rid of it. What did they do? And as Adam or fundamental level Do we have a right to delete our information and If we do and if people in the room believe we do have a right to information Then we ought to be able to know exactly where it's stored and to have verifiable ways of just of Going into each one of these chips and ensuring that any information that's contained in there that could cause us damage Is in fact deleted Do we own our devices or our devices? Essentially primed to betray us and what can we do moving forward so that we don't have to go to the extreme length that GCHQ went through To ensure that documents that were leaked to them didn't fall into the wrong hands So I wish I had more time to go through some of the other photos, but we needed to keep it within time We're going to be releasing some of the other photos and some analysis of The various different components over the the next few months And I hope if anybody has information Specific information about the components or a similar component you might like to get in touch and feel free to get in touch over Twitter Because as I said this process is very public. No theory is too outlandish too weird Feel free to voice it So that it may be the right one and it may be so it may be a missing piece of the puzzle that we've missed and We'd love to hear What you guys think so thanks very much for coming back in spite of the rain And thanks very much to the guys here for getting the the setup back so quickly. It was absolutely amazing And if you have any questions be willing to take them now Before we take questions just a quick update The plans have changed slightly the next talk TLS interception considered harmful is not going to happen today It was moved to tomorrow at 12 45 in this tent So now we actually do have 20 more minutes if you want to show pictures just go ahead you have 20 more minutes if you want Okay, okay, then we just go straight to Q&A There's mics there and there just line up at the mics if you do have any questions We'll I'll just tell you when to talk Stage right, please. That's you. Yeah, I think the audience not on yet stage right Yeah, thanks, thanks very much for the talk Just on the point about the the battery Monitoring chips, so I have a little bit familiarity with these and I don't think that they would be necessarily Backing much history if at all that because that's not really what they kind of designed to do that Learning about the Things like the internal resistance of the battery open circuit voltage and things like that However, they do have lots and lots of space for things like Authentication keys and things like that though you could store stuff in there If you wanted to put it somewhere where it wouldn't be found it found found easily Okay, cool. Thank you very much Please stage left, please Okay, I don't have a question, but possibly it's also a question I would say it's pretty obvious that they're not going about malware or anything of course It could also be we don't know but they were simply trying to destroy all the chips We're at Snowden would have been able to store some information in what do you think about that? Yeah, not by accident or by history or by keys being recorded, but in Intentionally have stored hidden information. It looks like they destroyed basically everything where you can store stuff in You know, I agree with that. I don't think it's very likely that they destroyed these ships because they had malware on it I think they destroyed it exactly Because of what you said because they could have they could store information So yeah, I would not be afraid that my battery or my trackpad controller records everything I do in a usual day use of my computer Of course that might be if the NSA has prepared it But basically that I can store things there if I want to and they expected at possibly did that Yeah, you can store of actually information on the battery because you can get you can update the firmware of the battery And you can also store a sense of information there But I think that the reason why they destroyed all of these chips Isn't necessarily because they had they knew that Edward Snowden could have or has the information there. I think It was purely a bureaucratic reason they were doing so because they did they have to do that to every single device because they have to Take precautionary method measures and because there is the potential and they have to do this for Top-secret material, so absolutely if it could have stored information there either intentionally I guess one of the things that are one of the theories that that we were working off initially was that It may have stored information there simply by the ordinary run-of-the-mill operation of the Apple device and the unique thing with An Apple device obviously is they control the hardware and the software So we were actually in a good position to try and ask Apple. Well, you're the ones with the schematics for the motherboard You're the ones who bought the chip, you know exactly what that chip does What information goes through there and what information can be stored there just through normal operation? Not because somebody might have stored other information there and that was one of the theories We were working off but absolutely take the point that it could have been An intentional storage of secret information there that they may have wanted to get rid of Stage right, please That's you. Yes, wasn't it useless to destroy the laptop all the information could have been moved somewhere on the net So I didn't get the first part of that question. Can you repeat so wasn't it pointless to destroy the laptop? Are we all the information could have been moved somewhere on the internet? I'm so is is your question. Why did they destroy the laptop? Yes Well, so when they went in they had to destroy it because it contained top-secret information. Oh I think your question was why they destroy if it was a regular internet All the information could still exist somewhere. Oh, and it did exist We knew it was in or they knew it was in New York as well. Yeah, that's that's the thing GCHQ knew That copies of the information existed elsewhere, so I'm pretty sure they knew when they was it went when they were destroying these documents It would have no impact of reporting and I think that's another question that's not a topic for debate because It is a it is a pretty point is X and it was a symbolic acts but I think likely reason for that was bureaucracy GCHQ just had to follow bureaucratic proceedings and it has to destroy the hardware anyway anyway Hey It seems to me that they destroyed over here It seems to me that they destroyed every single chip that they could find was there any chip that they did not they did not touch They didn't destroy every single chip they could find so if I go back to the keyboard controller actually I'm sick. Do you still recommend to use computers? If yes, which ones? So you can see here they They in this trackpad they only destroyed the chip highlighted in red and they didn't destroy the chip highlighted in yellow and orange So they seems to me that they only destroyed chips that could have the capability to destroy information and the CPU Yeah, and I there's another one here, which is very interesting Which is actually on the motherboard of the the MacBook Air I'm not sure if you're gonna be able to see it from the photos And I'm sorry if this is making you dizzy by going through this very very fast But there's actually a chip Down if you see the white diagonal strip on the top left of the image Just below that is is what's called a Thunderbolt controller, and they didn't destroy that So they were going after very very specific Chips and not just simply getting rid of everything. I Hope that answers your question Could we please go to stage right and please really eat the mic because it's raining and it's really hard to understand if you don't so Yes, so Yeah, actually, I would like to go back to the question where you mentioned, you know, do we own our devices? so the thing is Everything on in your computer is pretty much proprietary. It's closed source Do you like would you actually support like, you know, maybe people who need to deal with sensitive informations To use an open source device, you know where people actually has gone through Design it made it made like, you know the chips or the algorithms public Would you actually like recommend them to do something like that or would you ask them to buy a cheaper computer? Say a Raspberry Pi and a very very cheap monitor it because yeah, that's it. That's a great question I'm not sure I'd be comfortable recommending any laptop There is a There is the novena laptop project, which is you know trying to create an open source Laptop, there's also purism, which is creating the Libre N Which is all but I think The boot some there's a binary blob in the bootloader that they can't Intel won't Release or allow them to release the source code for but every other chip The firmware for it is open source not to get too conspiratorial, but We're we're the supply chain is also a very very interesting topic we've seen the NSA infiltrating the supply chain of say Cisco routers to reflash things before they get to to their end their end user and I'm not sure we could at this point recommend an individual laptop or an individual device as one being more secure than any other one I'm sorry. I just don't know maybe there is somebody out there with knowledge about so much knowledge about One particular laptop that they might be able to say is very very good. There is the The other one from What is it the IBM? Thinkpad t60 which you can repurpose with pure free software from the free software foundation as well So that might be another avenue as well, but again Whether that's more secure or less secure or the components in there are okay I simply can't make that call. Yeah, unfortunately, there isn't we seem to be that many open source hardware laptop solutions out there And I definitely think there needs to be more more of that because Right now when people buy a machine from there from a shop It is essentially a black box that they're trusting with random chips and they're trusting their entire life with it You know and companies aren't being transparent about what exactly what's inside? What's inside that black box? In fact, they don't want you to reverse engineer it And that's why when we email them they refuse to tell us anything and I don't know if people were familiar with Oracle's chief security officer who mentioned that she was not comfortable with people reverse engineering her products or their products To find bugs in it. So I'm not sure how Dell or Apple or any of the hardware manufacturers would take the reverse engineering of them I'm not saying that's a reason not to do it. I'm just saying that's what you may be up against in terms of trying to figure out I'm reverse engineer and find the faults in there Yeah, I like to I mean share my opinion on that question like do we own our devices? I think that we don't own anything we don't understand. So, yeah But that's those are very good points. I feel that well if in Like if you really want to say make the destruction of you know, computers a Little bit easier. Maybe a Raspberry Pi hooked up to a monitor would be a better solution than they're using your personal Mac Yeah Possibly you may you may be right stage left, please. That's you Okay, so you already mentioned that you at this point don't really know how You would go about destroying a laptop, but since not everyone has an industrial class grinder at home What would be your basic recommendation giving the knowledge that you have right now just to make it explicit? What what would you do to a laptop if you had to destroy it with your current knowledge? so with the current knowledge what I would do is if I absolutely had to get rid of a laptop I would Do what was done to the Terminator seriously. Thanks to Chris It would be in some the entire thing the motherboard Every single component would have gone into one of these industrial sized traders which are very expensive by the way upwards of £2,000 to buy one of these things. They will destroy a hard drive They'll turn an entire hard drive into dust in about two minutes. So Those might be the kind of steps. However, if you talk to people who who do threat modeling and risk for a living Obviously that might net be necessary Depending upon the information that you've had on the laptop and that might be extreme However, I think your question might be if you were a source that had information and absolutely had to get rid of it Maybe this is the option because the kind of people who are going to be in the prosecution Against you are going to the people who have the technical capabilities and resources to potentially be able to recover as much information as possible from these chips and Without the manufacturers Being honest with us and transparent with us about what they do It's very very difficult for us not to simply just give the advice of Drop it into an industrial sized shredder and make sure everything is all the bits that come out are less than two millimeters I would say that that was one of the theories that I advanced in the previous talk we gave and Somebody made a very valid point that not not with Apple because I think I don't think they use this But some of the motherboards if you turn them to dust the dust may actually be toxic. So I would just give that as a another Factor that you might consider in terms of whether you actually do it or not Okay, the last question is also coming from the left. I think Hey, have you seen the good bios talk at the 33? It's from the main maintainer of Corboud some open source bios replacement farmer He went through all his laptops schematics and picked out what each chip is doing and Yeah, this is I haven't seen it myself, but that sounds interesting. So I think I'll watch that. This is core boot Yeah, but it's so it did some of the bootloaders as I understand it and please correct me if I'm wrong Still rely on certain binary blob. There is a binary blob. Yes But he went through which chip is connecting to where and which chip could have access to the main memory And all the things which are really important. He also pointed out which pins you could disconnect So these chips won't have access to the memory as far as I remember and was that for a specific More than I think but it's 60 It's a core to do a processor and you can work on this device But you need to have lots of technical knowledge to use it great appreciate that Okay, thank you that concludes the talk for today. So please once again, thank our speakers Mustafa and Richard