[HN Gopher] Federal Charges Against Stanford University Research... ___________________________________________________________________ Federal Charges Against Stanford University Researcher Expanded Author : Raymondfx Score : 36 points Date : 2021-02-19 21:10 UTC (1 hours ago) (HTM) web link (www.justice.gov) (TXT) w3m dump (www.justice.gov) | Raymondfx wrote: | Grand Jury Adds Obstruction, Alteration of Records, and False | Statements to Visa Fraud Charges Against Visiting Researcher | Alleged to Be Member of China's People's Liberation Army | throwawaysea wrote: | How widespread are cases like this? I'm not an expert on this | topic but from reading this it feels like such an investigation | is expensive and time consuming. I imagine for every person | identified there must be many more whose secret affiliations with | the foreign powers won't be uncovered. | iscrewyou wrote: | On the other hand, I also wonder how easy it is to connect her, | ways of doing things, contacting other people, to other secret | entities. And they can even watch anyone who was spooked after | the news and anyone who went silent. Because detection works | both ways. | | I recently read somewhere that secret angencies likely watch | suspects and see when they turn off their phones or when they | turn them back on for example when they have a meeting. This is | a good way to narrow in on other people connected to the | suspect by watching their patterns. | FpUser wrote: | Was she out of her mind keeping this kind of stuff? Can't believe | the stupidity. | crb002 wrote: | Seems a bit racist. Israel/Finland/Germany all have universal | conscription so they don't get harassed like the Chinese. | TavsiE9s wrote: | Germany actually halted military service a couple of years ago. | There are talks of reintroducing a more universal service but | so far that has not happened. | finiteseries wrote: | The relationship between the United States and Israeli, | Finnish, and German militaries is slightly different to the one | with the Chinese. | Jtsummers wrote: | As I understand it, the issue is the false claims in the visa | application more than the military service. If they'd known she | was an (apparently) active member of the Chinese military, she | wouldn't have gotten the visa in the first place. In her visa | application she admitted to prior military service and still | received the visa so military service itself is not a | fundamental blocker for Chinese visa applicants. | nradov wrote: | This is one reason why US visa application forms include a | question which basically asks "Are you a spy?". Which might | seem silly because obviously a real spy would never answer | yes. But the real point of the question is that if the | government finds later that someone lied on the form it | becomes easier to charge them with a crime or deport them. | kevinventullo wrote: | _The superseding indictment alleges that she then attempted to | delete a digital folder of documents on an external hard drive | that she possessed containing records relating to her military | service and visa fraud, including:_ | | _- A digital version of a letter from Song, written in Chinese | and addressed to the People's Republic of China consulate in New | York, in which Song explained that her stated employer, "Beijing | Xi Diaoyutai Hospital" was a false front, and that because | relevant approval documents were classified, she had attempted to | mail them;_ | | _- An image of Song's PLA credentials, with a photograph of her | in military dress uniform, covering the time period from July | 2016 to July 2020; and_ | | _- A digital version of a resume for Song, written in Chinese, | again with a photograph of her in military dress uniform and | listing her employer as the Air Force General Hospital._ | | Yikes, that sounds pretty damning. I'm not an expert in digital | forensics but I wonder why she wouldn't destroy the hard drive | after. Or is that not enough? | lopatin wrote: | Follow up question, as someone who knows even less about | forensics, what kind of traces stay on a hard drive if you just | delete a file? | aliceryhl wrote: | Generally when you just delete a file, its contents are | marked as "unused", but not actually erased. This is why | deleting a large file takes the same time as deleting a small | file. Then, whenever a new file is created, it might be put | (partially) on top of the old file, overwriting the old | contents for good. | bsamuels wrote: | the whole file is still there until it gets overwritten by | new data | bsder wrote: | A lot. | | You need to write a drive with zeros(minimum)/random | data(preferably) at least once to make forensic recovery | difficult. I know all about the "5 times" rule, but I've | _never_ heard of anyone recovering a drive after even a | single overwrite. | | Personally, I just hammer a screwdriver through the platter. | It generally converts it into glass shards--the drive sounds | like a maraca afterward. | | Flash, of course, is different. I suspect that writing | zeros/random once is probably enough. However, I tend to just | use diagonal cutters and slice through the chips. | | If someone wants to reconstruct my drive after I've | physically destroyed it, they've probably got enough money to | just fabricate the evidence against me anyway. | astrange wrote: | > Flash, of course, is different. I suspect that writing | zeros/random once is probably enough. | | SSDs won't necessarily actually erase a block when you tell | them to, due to wear-leveling and weird internal RAID | setups they could be doing anything in there. | desine wrote: | I have a few HDs with bullet holes in them, and the | platters are still intact. I've messed around with a lot of | drives and never shattered a disk like glass. I've heard | that there's labs that specialize in reading disks without | even needing to spin them, but information seems to be | tightly guarded about the processes. | daniel_reetz wrote: | The platters I've seen are aluminum alloy. | [deleted] | Jtsummers wrote: | https://en.wikipedia.org/wiki/Data_remanence | | That link has a bit more, but the main issue is what the | others wrote. Deleting a file from your disk may not actually | _delete_ it. It can leave an entry in the file system that | marks it as deleted (for undeletion later) or it may just | remove the entry, in which case the data is still on the disk | and recoverable. | Sylamore wrote: | On most file systems, just deleting a file simply deletes the | link between the filename and the data on disk, the actual | data remains fully intact until the blocks are overwritten by | new data. It's trivial to recover recently deleted files, and | often not much more effort to recover less recently deleted | files. It only becomes a challenge if the data has been long | deleted or was intentionally overwritten before deletion (or | the disk wiped using random data), in some cases becoming | effectively impossible to recover. | desine wrote: | The file is still there. A regular delete just tells the disk | that the segments of memory are available to be overwritten. | Zeroing out (or /dev/urandom) the memory is an option, but | even that is not 100% safe, especially when it comes to | forensic labs with the ability to read and analyze platters | removed from a complete, sealed disk. Really safe deleters | will overwrite the segments of memory multiple times to | scramble magnetic signatures | noir_lord wrote: | The world has moved on. | | You can't transplant a platter into another reader, the old | days of Guttman method don't really apply anymore, density | is so high that outside of research settings it's just not | practical. | | That said I still put a drill through mine before disposing | of them, because close to zero isn't zero. | astrange wrote: | > but even that is not 100% safe, especially when it comes | to forensic labs with the ability to read and analyze | platters removed from a complete, sealed disk. | | No, this is completely impossible and noone has ever done | it. (An exception would be HDDs with bad block mapping | because they might not actually erase some sector.) | | SSDs don't even have platters and you could probably | recover things from the flash, but you can avoid this with | disk encryption by simply losing the keys. | | > Really safe deleters will overwrite the segments of | memory multiple times to scramble magnetic signatures | | Deletion programs do this because it looks cool. It's not | necessary - literally noone has ever recovered anything | from a zeroed out HD sector. | desine wrote: | >No, this is completely impossible and noone has ever | done it. | | Pedantic devil's advocate - nobody has claimed to do it. | When dealing with international espionage and possibly | the DoD or DHS examining the drive, I wouldn't bet on | that assumption. ___________________________________________________________________ (page generated 2021-02-19 23:00 UTC)