Skip to content

Latest commit

 

History

History
86 lines (59 loc) · 3.37 KB

border-security.md

File metadata and controls

86 lines (59 loc) · 3.37 KB

Device Security at the Border

Field Reports

February 10, 2017 | "Canadian Muslim grilled about her faith and view on Trump at US border stop," The Guardian

She said they also examined her phone and asked questions about Arabic videos on the device. Alaoui told them they were videos of daily prayers she had received from friends, to help her and her son as he went through chemo. An agent later explained that the videos were why she was being blocked from entry.

January 30, 2017 | "Travelers Affected By Trump Ban Forced To Unlock Phones, Computers," Vocativ

President Trump’s confusing, chaotic executive order against travelers arriving from seven Muslim-majority countries has prompted federal agents to demand travelers — some of them legal residents — hand over access to their electronic devices and social media accounts to be searched, their lawyers say.

September 9, 2013 | "The Border Is a Back Door for U.S. Device Searches," Thee New York Times

Newly released documents reveal how the government uses border crossings to seize and examine travelers’ electronic devices instead of obtaining a search warrant to gain access to the data.

Tactics

  1. Security on a scale. Parity of resources. Common breaches:

    • State actors, with near unlimited resources.
    • Sustained but temporary attention at places like the border.
    • Opportunistic agents that target obvious “soft” spots.

  2. Attack vectors, threat modeling. Understand your vulnerabilities. The importance of physical access. Virtual is real. Thinking about location. Cloud vs. local vulnerabilities. Hardware, software, vs. social vectors.

  3. Hardening. Common strategies. Two factor authentication. Encryption.

  4. Obfuscation. Multiple accounts. Separating work from personal, by year, or place.

  5. Operational security and hygiene. Security is a practice, not something to be done once. Good habits:

    • Using multiple accounts / platforms
    • Logging out
    • Two factor authentication
    • Prevent password dependencies
    • Limit use of social media

  6. Canary. Buddy system. Currier drops. Backups.

  7. Dry runs. Wipe and restore phone and laptop accounts. Institute a protocol. Review it with a friend and/or expert. Practice before traveling, when not under duress.

  8. Limiting access. Travel devices.

Threat Topography Exercise

  1. Make a map of all of your services, platforms, devices, accounts (no IDs).

  2. Visualize vectors of attack. Discuss in your group.

  3. Make a plan for hardening. Redraw the map to expose only a narrow "band" of the topography when traveling.

Further Reading & Resources