Sydney airport detains software developer Nathan Hague, seize devices, crack passwords, grab his files: Reports

Originally published at: https://boingboing.net/2018/08/24/sydney-airport-detains-british.html

3 Likes

For those who do travel with sensitive information on their devices or value their privacy, this is a good guide for passing through any international border:

13 Likes

I’m sorry this happened to him.

It sucks we’ve got to that place in history.

But why anyone would knowingly cross a national frontier carrying anything other than a dumb “burner” phone is beyond me.

11 Likes

Hm. IT would be interesting for a developer to set up files on their devices that could be cracked and copied on purpose so that they could then bork them thoroughly. Not that i’m saying someone should do this, but as a thought experiment it would be an interesting exercise.

13 Likes

“It’s not my fault that my device was infected with viruses.”

12 Likes

Don’t piss off the lady (or man) at the airport.

I strongly suspect there are three classes of people who’ve already tried this:

  1. People who actually want to blow up airplanes. Great way to get a get handle on border and/or airport security, right?
  2. Spies. This kind of thing could be pretty useful to them.
  3. IT security professionals. I know several who couldn’t resist the opportunity.
6 Likes

My experience with Australian border security is that they will only conduct searches like this if they know in advance who they are going to be investigating. For some reason they saw this guy coming.

I doubt it had anything to do with border security staff being pissed off. I have never seen them behave in the petty fashion associated with the TSA in the US.

6 Likes

It sounds like their excuse for why they did this was “Because we can.” Also “Reasons.”

5 Likes

Maybe it has something to do with this? https://nathanhague.com/ «I make software weapons». WTF.

5 Likes

…and here’s my wordpress template…

Now I wonder what they found on his laptop. 1001 lame things to write in PHP?

3 Likes

FYI, y’all: disk space is cheap and /dev/random and /dev/urandom run all night. No harm in having a few totally worthless files to encrypt and scattering them about. By all means do use your good keys, too – a lot of cracking depends on statistical analysis and loads of random noise makes the stats unhappy.

3 Likes

They have done this to security researchers in the US as well so its nothing new

1 Like

He also believes software was installed on his phone, but the Australian Border Force said previously that “no software was put onto the mobile device”.

Fine, firmware then.

4 Likes

Hague says his laptop password was cracked

Sydney airport has a quantum computer on premises?

I’m going to assume this is a joke I just don’t get.

Being completely humorless though, for the moment:

  • Password cracking doesn’t require quantum computing
  • Even if it did, there is no reason the computer would need to be on prem

And in a month or so, their border security will be announcing the roll-out of new IT software.

1 Like

I ask the same question every time a news article like this comes up. There are so many ways to avoid this scenario and keep your data from prying eyes. I advise my friends and family to leave their devices at home.

2 Likes

Perhaps that’s easy if you’re rich. Ordinary people don’t have so many options. I actually need to have access to an actual computer running a real operating system (not some sort of Fisher Price rubbish) when I’m traveling. And I can’t afford to buy a new computer and do a fresh install of things every time I travel somewhere.

A reasonably secure password should be rather difficult to crack. If the storage devices were actually encrypted and the device powered down, it shouldn’t have been a simple matter to ‘crack’ the password. Now if the drive were not encrypted, then, sure, it would be a relative simple matter.