Graeme’s

You can get new post notifications through RSS, email, Twitter or Facebook

How to get someone (innocent) jailed

Posted by Graeme in Politics,Software at 3:55 pm on Monday, 13 September 2010

The fact that people can be convicted using evidence that only exists in electronic form makes it stunningly easy to frame someone, if you can get brief physical access to their computer, or you can fool them into inserting a malicious CD or USB drive into their computer. Here are some methods of doing it.

There are all comparatively simple attacks that require no real technical knowledge. A hacker could come up with many more, a lot of which someone with limited knowledge could pull of with some effort. This is not a guide from an expert: the point is that these attacks were devised, and could be implemented, by an inexperienced amateur.

These methods are untested, and are probably not the best, but I am pretty sure they will work.

Easy: most home Windows PCs

The easiest targets are home PC running Windows with auto-run enabled. This is the commonest case as most home users are not sufficiently savvy to turn auto-run off.

All you need do is to burn a CD containing:

  1. a hidden folder of incriminating material,
  2. a short program to copy the hidden folder to “Documents and Settings” (or to somewhere less obvious if the target may have hidden folders shown), and,
  3. An “autorun.inf” file that will start the copy program (instructions).

One nice thing about this is that it does not require you to start the program: it will work by itself while you show the target some legitimate files on the CD.

In some cases you can auto-run from USB storage as well as a CD, but I am not familiar enough with Windows to known when and how.

A bit of effort: no auto-run

Presumably if, someone is worth framing, its worth making a bit of effort do it. Autorun can be turned off, and I have not seen how it works on newer versions of Windows (for example, if there is any warning for users). In addition, you still need to be able to attack Linux and MacOS.

The simplest approach is to write two programs to do the copying. One for Windows, the other for Linux and MacOS.

One program should do for Linux and MacOS as both usually come with a number of scripting languages involved, many of them common to both. The safest option is probably a bash shell script. If you keep it simple it will probably work in the (very rare) case of Linux systems that do not have bash installed (because they will have another, largely compatible, shell installed instead).

For Windows a batch (.bat) file should do.

Note the simplicity of this. The languages used are simple enough to learn, well enough for this purpose, from scratch (i.e. no prior experience of any kind of programming)  in a matter of hours, and the programs could be written in minutes.

Disguises

The weakness of the last approach is that you need to explicitly run it. This could be disguised by adding a line to it that launches some program that you have a legitimate reason for running on the target computer.

Depending on circumstances and operating system this may openly run off the CD or USB, or it may be disguised as a a “document” (e.g. an MS Word file) that is in fact:

  1. a program that does the copying and opens the document (so that the target thinks all it does is open the document), or,
  2. contain an embedded script that does the copying ( for example, using Visual Basic in an MS Office document).

Researching how to implement this is left as an exercise for the reader. It should not be that difficult.

Bootable USB: difficult but works anywhere

If you want to do this, you are going to have to do a lot of research for yourself. There is plenty of info on the web: of course that means that you may leave a trail. If you are in the EU let six months elapse between planning and execution so its too late for the police to get your browsing history from your internet service provider. Otherwise you should find a way to browse anonymously (or using some else’s connection).

The idea in outline is to make a bootable USB drive. There are lots of tutorials on how to do this, most commonly to set them up to run a rescue or installation system. I have one that I used just a few days ago to fix a PC with a boot problem.

Here, we are interested in a more sinister system. You need to configure it to:

  1. Start up fast without any indications that anything different from the usual is booting,
  2. Copy the files.
  3. Delete everything on the USB drive (preferably “shredding” the files).
  4. Reboot.

The step that will require research is the first one. You probably want Linux, GRUB 2, and Plymouth, setting the Plymouth splash screen to be blank, or to show a copy of the target’s operating system’s usual splash screen.

If it can show some message explaining the slow boot (e.g. the “check hard disk”), all the better. The reboot will still be a problem, but most people will disregard it as a glitch. A more sophisticated approach (e.g. loading the real OS in a virtual machine under your malicious version) could solve this, but that is well beyond a mere blog post.

This approach is likely to work even against people who are security concious. Turning off USB boot, and locking the BIOS, and locking the login whenever away from the computer would be a complete defense — but who does all that? Whole disk encryption would also probably work work, but very few people do that.

Join the police

As they have demonstrated on many occasions, the cops are in the best position to frame someone. Putting files on a computer is a lot easier than traditional approaches such as planting heroin on them.

It also has the advantage that it is much less likely to leave traces that might cast doubt on the evidence, or even lead to you being caught.

This is particularly well suited to mobile devices, which can, in many countries, be “searched” on the street, or are easily taken after an arrest.

Mobile devices

“Smart” mobile phones, MP3 players, and the like are incredibly easy targets. All you need is an excuse to connect them to your computer (swapping pictures, for example), or even a mobile phone with USB host (i.e. you can write to USB storage from it).

It may be helpful to write a program that transfers the files as soon as it detects the device is connected.  Not too much of a challenge on   your own computer, or even a smartphone.

Success stories

Obviously, no one why has framed someone successfully is going to be known. However, there are cases of near, or partial, successes. The best example is Neil Weiner’s attempt to frame his boss, which failed only because he was stupid enough to:

  1. tell people his plans,
  2. give the police an anonymous tip-off from a mobile phone that could be traced to him,
  3. keep possession of the evidence.

Despite his incompetence he was able to have his victim arrested, and did enormous, probably irreparable, damage to his reputation.

Getting the incriminating material

Neil Weiner’ choice of material was the best. Even if your target is found innocent in a court of law, the odds are that they will never be innocent in the, equally powerful, court of public opinion. You may not get them jailed, but, you can still ruin their lives.

I have no intention of researching how one gets hold of this stuff. We are constantly told by the media how easy it is, so I assume that if you really want to, then you can.

If the target belongs to the right ethnic or religious minority, or has the right political leanings, then you may be able to use other material. It is easy enough to find Al-Quaeda training manuals and the like on-line. A collection of such material would be hard to explain away.

Possible defences

The target is very likely to claim that they have been framed — but so can anyone who is actually guilty. Unless you have been careless enough to leave a clear trail, the situation will be indistinguishable from someone who is guilty, especially given that someone who is guilty may well leave a false trail to make it look like they have been framed.

The target is in the position of having to prove their innocence. That is very difficult for an accusation of possession, given that they are, in fact, in possession, albeit unknowingly.

The only defence is to be paranoid about security, and very few people will do that given that most people do not expect to be targets.

Comments (2)

Comments(2)

Comment by Joel Johnson at 7:44 am on 17 April 2013 at

I think that you underestimate how difficult it is to gain access to another person’s computer, unless you’re a relative or roommate. You also underestimate obtaining the planted material without leaving a trace by either your own computer, unless you can figure a way to get incriminating evidence without using your computer or one that can be traced to you (e.g., public computers you must sign in on). I’d like to hear if there are any success stories of someone who has done this “stunningly easy” frame-up.

Comment by Graeme at 5:46 pm on 14 August 2013 at

We obviously would not know of successful attempts.

The Neil Weiner attempt linked to above came very close to success.

It does not matter if you leave a trace on your own computer unless you are suspected and your computer is forensically examined.

Many people do want to hurt relatives and others they are close to: look at the incidence of domestic murder vs other types.

Also, note I qualified the “stunningly easy” with the requirement to get brief access or persuade them to insert malicious media.

The proliferation of smart phones and tablets (most of which are pretty insecure) since I wrote this makes the attack much easier.