In July 2013, GCHQ forced journalists at The Guardian to completely obliterate the memory of the computers on which they kept copies of top-secret documents provided to them by former NSA contractor and whistleblower Edward Snowden.
GCHQ took it several steps further than just destroying the hard drive and instructed Guardian editors to destroy parts of multiple MacBook Airs’ trackpad controllers, power controllers, keyboards, CPUs, inverting converters, USB drives, and more.
The Way GCHQ Obliterated The Guardians Laptops May Have Revealed More Than It Intended
TheIntercept_Glenn GreenwaldFeaturesUnofficial SourcesDocumentsAbout & Contactsft First Look Media. All rights reservedTerms of usePrivacySitemapTheIntercept_Unofficial
_Sourcesft45Photo: John Stillwell/PA Wire/APThe Way GCHQ Obliterated The Guardians Laptops May Have Revealed More Than It IntendedJenna McLaughlinJenna McLaughlin2015-08-26T15:05:36+00:00Photo: John Stillwell/PA Wire/APIn July 2013, GCHQ, Britains equivalent of the U.S. National Security Agency, forced journalists at the London headquarters of The Guardian to completely obliterate the memory of the computers on which they kept copies of top-secret documents provided to them by former NSA contractor and whistleblower Edward Snowden.
However, in its attempt to destroy information, GCHQ also revealed intriguing details about what it did and why.
Two technologists, Mustafa Al-Bassam and Richard Tynan, visitedGuardian headquarters last year to examine the remnants of the devices. Al-Bassam is an ex-hacker who two years agopleaded guilty to joining attacks onSony, Nintendo, and other companies, and now studiescomputer science at Kings College; Tynan is a technologist at Privacy International with a PhD in computer science. The pair concluded, first, that GCHQ wanted The Guardianto completely destroy every possible bit of information the news outlet might retain; and second, that GCHQs instructions may have inadvertently revealed all the locations in your computer where information may be covertly stored.
Editors of The Guardian chose to destroy the files and the devices they lived on after the British government threatened to sue them and halt further reporting on the issue, including stories on how GCHQ utilized data collected by the NSA on communications from many major Internet companies.
Footage ofGuardian editors physically destroying their MacBooks and USB drives, taken by Guardian executive Sheila Fitzsimons, wasnt released until months later, in January 2014. The GCHQ agents who supervised the destruction of the devices also insisted on recording it all on their own iPhones.
The Guardians video reveals editors using angle-grinders, revolving drills, masks thatGCHQ ordered them to buy, and a degausser, an expensive piece of equipment provided by GCHQ, which destroys magnetic fields and thereby erases data. The procedure eliminated practically every chip in the device, leaving almost no recognizable piece of machinery behind. The whole process lasted over three hours.
But while Paul Johnson, The Guardians deputy editor, chalked the exercise up to purely a symbolic act of power on the part of the British government given that copies of the Snowden files still existed in New York there may be more to it.
At a speech given at the Chaos Communication Camp technology conference a few weeks ago in Germany, Al-Bassam and Tynan explored the details surrounding GCHQs decisions about how to destroy the devices, and hypothesized about what the governments intentions might have been beyond intimidation.
Normally people just destroy the hard drive, said Al-Bassam. But GCHQ took it several steps further. The spy agency instructed Guardian editors to destroy parts of multiple MacBook Airs track pad controllers, power controllers, keyboards, CPUs, inverting converters, USB drives, and more.
According to Joint Services Publication 440, a 2001 British government document released by WikiLeaks, the U.K. Ministry of Defense mandates total destruction of top-secret information in order to protect it from FISs [foreign intelligence services], extremist groups, investigative journalists, and criminals.
However, when Al-Bassam and Tynan sent an email asking the British government for the HMG (Her Majestys Government) Information Assurance Note 5, the government-wide document thatcontains the U.K.s sanitization policies i.e., the specific steps necessary to destroy top-secret data the government denied their request. The sanitization policies of the other members of the so-called Five Eyes intelligence alliance the U.S., New Zealand, Canada and Australia are public, and appeared to have very similar requirements to the techniques used to destroy The Guardians computers.
But in allowing The Guardians editors to destroy the devices themselves, and hold onto the remaining shards of computer dust, the British government essentially revealed those policies by making it possible for people like Al-Bassam and Tynan to analyze just why they might have destroyed each part in such a specific way.
What Al-Bassam and Tynan theorized was that the government may have targeted parts of the Apple devices that it doesnt trust: pieces that can retain bits of electronic information even after the hard drive is obliterated.
The track pad controller, they said, can hold up to 2 megabits of memory. All the different chips in your computer from the part that controls the devices power to the chips in the keyboard also have the capacity to store information, like passwords and keys to other data, which can be uploaded through firmware updates. According to the publicdocuments from other members of Five Eyes, it is incredibly difficult to completely sanitize a device of all its content. New Zealands data deletion policiesstate that USB memory is only destroyed when the dust is just a few millimeters in length. This wasnt a random thing, said Tynan, pointing to a slide displaying a photo of a completely destroyed pile of USB chip shards.
These hidden memory storage locations could theoretically be taken advantage of, Tynan and Al-Bassam said, by a computers owner, hackers, or even the government itself, either during its design phase or after the computer is purchased. The Russian cybersecurity firm Kaspersky Lab haspresented evidencethat an organization it calls Equation Group, which isreportedlylinked to the NSA, has developed ways to create an invisible, persistent area hidden inside [a computers] harddrive that would be virtually undetectable by the computers owner.This area could be used to save exfiltrated information which can be later retrieved by the attackers.
Other technologists and computer experts agreed with Al-Bassam and Tynan that significant data could theoretically be stored on a computers various chips. Its actually possible to store quite a bit of data in a small space look at Micro SD cards! wrote Dan Kaminsky, a computer security specialist, in an e-mail to The Intercept. But generally these other data stores are small. [They] can certainly store cryptographic keys pretty much anywhere though; those things are minuscule.
Steve Burgess, a computer forensics and data recovery expert, echoed Kaminskys technical points: Certainly data could be stored on any kind of flash memory or SSD (if there was one), or on the computers BIOS, and of course on the hard disks rotating media and its own on-board flash storage.
But in terms of GCHQs intentions, Kaminsky thinks the answer lies somewhere between a power play and protocol based on real concern on the part of the agency. I think GCHQ was doing half theater and half genuine threat response here. The likelihood that The Guardian had anything hidden in the trackpad was low, but from GCHQs perspective theyd hide something in the trackpad so why wouldnt anyone else?
To Tynan and Al-Bassam, the methods GCHQ used revealed just how little control we have over our data, and how difficult it is to permanently delete it when necessary. When the pair asked various companies, including Dell and HP, how different parts of the devices are designed to store information and which chips could potentially betray us, none were willing to reveal any specifics publicly, they said. When a member of the audience asked Tynan what laptop hed recommend for journalists and activists who rely on privacy and control of their data, he didnt have an answer.
From a privacy perspective, we need to empower users with knowledge about what their devices do, Tynan concluded.
Correction: August 26, 2015A previous version of the article stated that Kaspersky Lab suspects what it calls the Equation Group is connected to theNSA. While Kaspersky Labreportedearlier this year that the Equation group has interacted with other powerful groups, such as theStuxnetandFlameoperators (which in turn are reportedly projects of the United States and Israel), Kaspersky Lab emphasized in email toTheInterceptthat we dont have hard proof to attribute the Equation Group or speak of its origin.
Contact the author:Jenna McLaughlinjenna.mclaughlin@theintercept.comt@JennaMC_Laugh 45 Comments