[HN Gopher] Federal Charges Against Stanford University Research...
___________________________________________________________________
Federal Charges Against Stanford University Researcher Expanded
Author : Raymondfx
Score : 36 points
Date : 2021-02-19 21:10 UTC (1 hours ago)
(HTM) web link (www.justice.gov)
(TXT) w3m dump (www.justice.gov)
| Raymondfx wrote:
| Grand Jury Adds Obstruction, Alteration of Records, and False
| Statements to Visa Fraud Charges Against Visiting Researcher
| Alleged to Be Member of China's People's Liberation Army
| throwawaysea wrote:
| How widespread are cases like this? I'm not an expert on this
| topic but from reading this it feels like such an investigation
| is expensive and time consuming. I imagine for every person
| identified there must be many more whose secret affiliations with
| the foreign powers won't be uncovered.
| iscrewyou wrote:
| On the other hand, I also wonder how easy it is to connect her,
| ways of doing things, contacting other people, to other secret
| entities. And they can even watch anyone who was spooked after
| the news and anyone who went silent. Because detection works
| both ways.
|
| I recently read somewhere that secret angencies likely watch
| suspects and see when they turn off their phones or when they
| turn them back on for example when they have a meeting. This is
| a good way to narrow in on other people connected to the
| suspect by watching their patterns.
| FpUser wrote:
| Was she out of her mind keeping this kind of stuff? Can't believe
| the stupidity.
| crb002 wrote:
| Seems a bit racist. Israel/Finland/Germany all have universal
| conscription so they don't get harassed like the Chinese.
| TavsiE9s wrote:
| Germany actually halted military service a couple of years ago.
| There are talks of reintroducing a more universal service but
| so far that has not happened.
| finiteseries wrote:
| The relationship between the United States and Israeli,
| Finnish, and German militaries is slightly different to the one
| with the Chinese.
| Jtsummers wrote:
| As I understand it, the issue is the false claims in the visa
| application more than the military service. If they'd known she
| was an (apparently) active member of the Chinese military, she
| wouldn't have gotten the visa in the first place. In her visa
| application she admitted to prior military service and still
| received the visa so military service itself is not a
| fundamental blocker for Chinese visa applicants.
| nradov wrote:
| This is one reason why US visa application forms include a
| question which basically asks "Are you a spy?". Which might
| seem silly because obviously a real spy would never answer
| yes. But the real point of the question is that if the
| government finds later that someone lied on the form it
| becomes easier to charge them with a crime or deport them.
| kevinventullo wrote:
| _The superseding indictment alleges that she then attempted to
| delete a digital folder of documents on an external hard drive
| that she possessed containing records relating to her military
| service and visa fraud, including:_
|
| _- A digital version of a letter from Song, written in Chinese
| and addressed to the People's Republic of China consulate in New
| York, in which Song explained that her stated employer, "Beijing
| Xi Diaoyutai Hospital" was a false front, and that because
| relevant approval documents were classified, she had attempted to
| mail them;_
|
| _- An image of Song's PLA credentials, with a photograph of her
| in military dress uniform, covering the time period from July
| 2016 to July 2020; and_
|
| _- A digital version of a resume for Song, written in Chinese,
| again with a photograph of her in military dress uniform and
| listing her employer as the Air Force General Hospital._
|
| Yikes, that sounds pretty damning. I'm not an expert in digital
| forensics but I wonder why she wouldn't destroy the hard drive
| after. Or is that not enough?
| lopatin wrote:
| Follow up question, as someone who knows even less about
| forensics, what kind of traces stay on a hard drive if you just
| delete a file?
| aliceryhl wrote:
| Generally when you just delete a file, its contents are
| marked as "unused", but not actually erased. This is why
| deleting a large file takes the same time as deleting a small
| file. Then, whenever a new file is created, it might be put
| (partially) on top of the old file, overwriting the old
| contents for good.
| bsamuels wrote:
| the whole file is still there until it gets overwritten by
| new data
| bsder wrote:
| A lot.
|
| You need to write a drive with zeros(minimum)/random
| data(preferably) at least once to make forensic recovery
| difficult. I know all about the "5 times" rule, but I've
| _never_ heard of anyone recovering a drive after even a
| single overwrite.
|
| Personally, I just hammer a screwdriver through the platter.
| It generally converts it into glass shards--the drive sounds
| like a maraca afterward.
|
| Flash, of course, is different. I suspect that writing
| zeros/random once is probably enough. However, I tend to just
| use diagonal cutters and slice through the chips.
|
| If someone wants to reconstruct my drive after I've
| physically destroyed it, they've probably got enough money to
| just fabricate the evidence against me anyway.
| astrange wrote:
| > Flash, of course, is different. I suspect that writing
| zeros/random once is probably enough.
|
| SSDs won't necessarily actually erase a block when you tell
| them to, due to wear-leveling and weird internal RAID
| setups they could be doing anything in there.
| desine wrote:
| I have a few HDs with bullet holes in them, and the
| platters are still intact. I've messed around with a lot of
| drives and never shattered a disk like glass. I've heard
| that there's labs that specialize in reading disks without
| even needing to spin them, but information seems to be
| tightly guarded about the processes.
| daniel_reetz wrote:
| The platters I've seen are aluminum alloy.
| [deleted]
| Jtsummers wrote:
| https://en.wikipedia.org/wiki/Data_remanence
|
| That link has a bit more, but the main issue is what the
| others wrote. Deleting a file from your disk may not actually
| _delete_ it. It can leave an entry in the file system that
| marks it as deleted (for undeletion later) or it may just
| remove the entry, in which case the data is still on the disk
| and recoverable.
| Sylamore wrote:
| On most file systems, just deleting a file simply deletes the
| link between the filename and the data on disk, the actual
| data remains fully intact until the blocks are overwritten by
| new data. It's trivial to recover recently deleted files, and
| often not much more effort to recover less recently deleted
| files. It only becomes a challenge if the data has been long
| deleted or was intentionally overwritten before deletion (or
| the disk wiped using random data), in some cases becoming
| effectively impossible to recover.
| desine wrote:
| The file is still there. A regular delete just tells the disk
| that the segments of memory are available to be overwritten.
| Zeroing out (or /dev/urandom) the memory is an option, but
| even that is not 100% safe, especially when it comes to
| forensic labs with the ability to read and analyze platters
| removed from a complete, sealed disk. Really safe deleters
| will overwrite the segments of memory multiple times to
| scramble magnetic signatures
| noir_lord wrote:
| The world has moved on.
|
| You can't transplant a platter into another reader, the old
| days of Guttman method don't really apply anymore, density
| is so high that outside of research settings it's just not
| practical.
|
| That said I still put a drill through mine before disposing
| of them, because close to zero isn't zero.
| astrange wrote:
| > but even that is not 100% safe, especially when it comes
| to forensic labs with the ability to read and analyze
| platters removed from a complete, sealed disk.
|
| No, this is completely impossible and noone has ever done
| it. (An exception would be HDDs with bad block mapping
| because they might not actually erase some sector.)
|
| SSDs don't even have platters and you could probably
| recover things from the flash, but you can avoid this with
| disk encryption by simply losing the keys.
|
| > Really safe deleters will overwrite the segments of
| memory multiple times to scramble magnetic signatures
|
| Deletion programs do this because it looks cool. It's not
| necessary - literally noone has ever recovered anything
| from a zeroed out HD sector.
| desine wrote:
| >No, this is completely impossible and noone has ever
| done it.
|
| Pedantic devil's advocate - nobody has claimed to do it.
| When dealing with international espionage and possibly
| the DoD or DHS examining the drive, I wouldn't bet on
| that assumption.
___________________________________________________________________
(page generated 2021-02-19 23:00 UTC)