[aphyr]

Each night she wipes every one of her web accounts and deletes every email in her inbox. She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.

And people call me paranoid. :)

[wildmXranat]

>Each night she wipes every one of her web accounts and deletes every email in her inbox ...

If that is true, online account operators, email providers could link this type of behavior to one of their members quite quickly.

[SageRaven]

I don't know... what came to mind after reading "deletes every email in her inbox" was POP, which pretty much always deletes your remote mail once it's been retrieved. How many millions of people still use POP over IMAP or webmail? Quite a few I would guess.

For 5+ years, I've been downloading my email with fetchmail, which deletes the message on the server. Once a minute. I don't like the thought of my emails sitting in the cloud for too long.

[storborg]

Not to mention that she gave a lot of personal history surrounding her parents and family history. That might not uniquely identify her, but it does narrow the search considerably. My guess: if he/she is even a single real person, much of this is fabricated.

[antihero]

I think it reeks of fabrication. It's probably some geek living out their alter ego or something.

[jackolas]

Though getting it into Forbes is quite brilliant especially if it all revolves around a real person.

[JanezStupar]

Someone is having quite a blast at the moment, unless Forbes made the whole thing up.

[ChuckMcM]

That is what I was thinking. Ya know, you probably don't want to disclose your operational security procedures because well, they aren't common and not being common, their trackable.

And then I was thinking about how the police sometimes "leak" that the suspect in some crime is weak, pathetic, individual which nobody really cares about, in hopes that they will offend the real suspect who will then self identify in defense of their honor. If you thought the Anonymous ring leader on the HBGary hack was some teenage guy then the best way to provoke a response would be to either call him gay or a girl it seems.

I wonder how well the E-book Ars put out is selling. And more importantly, if its really successful I wonder if these people who did this are comfortable with someone getting rich off their exploits?

You see? The twisted depths to which you go if you start down these paths. Sheesh.

[golden_apples]

> how the police sometimes "leak" that the suspect in some crime is weak, pathetic, individual

Except that the "you just got hacked by a 16-year old girl" taunt was apparently started in Anonymous circles soon sfter the attack. Not to say any of this is true or not fabricated, just that its not likely being fabricated from outside for those kinds of reasons.

[drinian]

Yeah, no mention of encryption, even. This doesn't smell right.

[oniTony]

I figure that such setups could employ a number of cron scripts to spread out actions and/or generate noise. E.g. every <random_range> minutes delete a random email out of a set of everything older than 24 hours. Adjust the constants to match the volume of information.

[SageRaven]

In light of recent Anon-related police raids, I would hope that anyone supposedly as savvy as "k" would rely on full-disk crypto as opposed to foolishly going the destruction of evidence route.

I've used FDE for many years simply out of precaution against theft.

[Retric]

In the US fill disk crypto is useless. They will just hold you in jail until you hand them the password.

[oniTony]

This is where TrueCrypt comes in. If you are being extorted to reveal a password, you supply one that loads a "clean" OS/filesystem.

[colanderman]

I've never understood this. Wouldn't a competent security professional know of the existence of TrueCrypt, who would then ask a competent psychologist to determine if you were withholding information (I sure as hell wouldn't be able to keep a straight face), who would then ask a competent interrogator to get the real password from you?

I don't even think plausible deniability would hold in court -- claiming that a large blob of random data on your hard drive is just there for no reason at all is not plausible.

[oniTony]

Sure it's plausible. The suggested _secure_ way of wiping a harddrive is to override it with random data (since a typical delete simply drops an entry from a table, making data retrieval trivial (in the current context)).

What I don't understand is that in a context of a court (and this group of competent professionals), password disclosure _should_ be considered self-incrimination (although there was at least one case in the UK where a judge came up with some loophole reasoning around that). Disclosure of multiple passwords ("we didn't like what we found, do you have any other passwords?") would certainly be obtained under great duress.

[mcpherrinm]

A large part of the design of Truecrypt is that nobody CAN prove there's an alternate partition. Or, you can decrypt your secondary alternate partition under duress to reveal your real hidden one. Maybe put some token warez on it or something.

To make sure that you can't distinguish free space from encrypted noise, you have to write random noise everywhere as part of the filesystem creation process.

The one thing Truecrypt is vulnerable to is that you can note what parts changed -- say they raid your house twice and image it between when you used it. Then they'll know that free space isn't really free.

[ronnoch]

Couldn't they just attempt to fill the "outside" partition up? I mean, let's say you have a 1TB partition with a 100GB hidden volume inside. What happens if somebody tries to write more than 900GB into the outside partition?

[reven]

If they have access to your computer at any time they might as well install a evil maid

http://www.schneier.com/blog/archives/2009/10/evil_maid_atta...

[skore]

http://en.wikipedia.org/wiki/Rubberhose

Assange has your back.

[stef25]

I wonder what wiping of a web account exactly involves. Email, FB? Sounds like something a journalist would say without really knowing what they are talking about.