My computer is compromised, now what?

Besides the surface war in the Ukraine, another war is being waged in cyberspace. Both sides have zero-day exploits that they’ve been waiting for the right moment to use and you may be affected by some of the shrapnel. Here tell you some simple ways to be prepared for a personal cyber Holocaust.

Your computer may be infected with one of those worms that encrypt the hard drive. If you detect this kind of activity (for instance, your mechanical hard drive is heard working constantly even though you didn’t do anything), the best thing is to cut the power. Then unplug any network card or devices to make sure nobody but you has access to your machine when you turn the power back on. Turn off your local Internet. You can attempt to boot with a different operating system, which hopefully won’t contain the worm when it loads. I’ve found some versions of Linux that can be loaded on a flash drive and boot even Mac computers. I’m partial to Puppy Linux, and I even made my own version of it, some time ago, which has saved me in some dicey situations.

You should be able to see and use the files that were not encrypted, whether by a worm or by the operating system itself (so, think twice before you tell the OS to encrypt your drive for further security; you may lock yourself out if you do). But this will work so long as you stay off the network; the moment you connect, the same thing that got you the worm can happen again.

Do some research from another computer to learn if other people are being hit also, and whether anyone has come up with tools to scan for the worm and remove it. With luck, you can find it and disable it before you connect again. But this is going to take some time and you still need to use your files and communicate with others. What’s to be done?

If you want to access the Internet, you’ll have to use a different computer. By the way, using a public computer, such as those in libraries, won’t help too much since those often have key loggers installed in order to monitor possible illegal activity. Sometimes you can reboot one of those with your secure operating system, but often they will ask you for a special password before you can do that, and you won’t have it if you don’t own the machine. Other computers at your place of work may be just as compromised as yours. You may lose friends if you ask them to use their private machines after you’ve been targeted.

You know all this, of course, and may be tearing out your hair at this very moment because it looks like there’s no way out. But think again; there are two things you can still do: you can process with your own machine (but not connect to the outside), and you can connect to the outside with any other machine, even if compromised, so long as that machine never sees anything that is of value to an attacker. Therefore, the solution is to encrypt anything that must go out before it leaves your machine, put it in a flash drive, and send it out from another machine, requesting that replies be similarly encrypted. It does not matter that the sending machine may be full of spyware so long as you don’t do any encryption or decryption there, or type anything confidential.

This is called “air-gapping“. You can find plenty of advice online on how to air-gap your computer, including some actions fit only for the ultra-paranoid. But they all assume that your computer is not compromised when you start. Here we are assuming that both your machine and any other machine you have access to may be compromised. The one piece of advice they mention that I haven’t mentioned yet is the need to keep the drive you use for shuttling data back and forth free from further infection. In practice, this means not loading any executables on it, only passive data files. It may also help to scan it for hidden files whenever you connect it to your machine or are about to disconnect it, to make sure the malware is not passing a payload that you cannot see. For instance, anything like the CIA-developed Brutal Kangaroo, which infects air-gapped computers running Windows (one more reason for using your own OS).

Do your normal, confidential work on your machine, and then encrypt the result you want to transmit before you load it on the flash drive. If you receive anything through the outside computer, it must also be encrypted, and kept that way as you load it on the flash drive in order to decrypt it at your machine. The flash drive must carry encrypted files only.

Ah, but encryption requires both sides to share a secret, doesn’t it? And here we’ve been hit by surprise. How can I possibly get a password out to my friends without it being sniffed by those that don’t want our good? Luckily, there are at least two solutions to this quandary.

  1. The first is to use public-key encryption, such as PGP or PassLok. I’m partial to PassLok, of course, because I am its developer and the newest version is capable of encrypting much larger files than before. With this kind of encryption, you send your friends your Public Key (PassLok uses the term “Lock” for this) through insecure channels, while keeping your Secret Key to yourself. After you have exchanged Public Keys with a friend, you can encrypt so that only that person can decrypt, and he/she can encrypt so that only you can decrypt. The codes work quite well but there’s a fairly steep learning curve, especially if you are not using PassLok.
  2. The second is a variant of two-factor authentication. In regular two-factor authentication you use “something your know” (a password), and “something your have” (your fingerprint, or a physical USB drive, or whatnot). Well, it turns out we have more digital things in common with other people than we think at first. Consider, for instance, all the SMS texts, pictures posted on social media or shared via mobile devices, and files shared through “the Cloud”. Many of these will contain a hefty number of kilobytes, which can be used for encryption. Hopefully some of these can be referred to over an insecure channel in a way that the recipient will know which files you are talking about without listeners knowing that as well. As in “The picture of my cat I sent you last month” (because you don’t send too many cat pictures, do you?).

Then, you use that cat picture as a key to encrypt other files. I’ve written a little utility, called BytePad, to do this on a regular browser. Download it and run it from the saved file in your private computer. Go ahead and be paranoid, and read its pretty short code before you run it. BytePad takes a key file (the cat) and turns it into random-looking data that you can use to encrypt a plain file (your banking records, your covid vaccination card, or whatnot), by xoring them together.

The result is also random-looking and almost impossible to crack because the entropy of the key is very large (especially if it’s a cat, since there are so many of them jumping around the Internet), so long as you never reuse the processed key file. But you can keep using the same cat picture for quite a while because BytePad lets you use different portions of it via a “cut” percent parameter, which you can transmit to your friends in plain text without much loss of security, plus it automatically uses different pieces of the key as the size of the material to be encrypted changes. For more details on BytePad, check out this post.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.