Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Kandula's laptop was seized by the police and the script used to carry out the deletions was found on it.

full disk encryption is a thing. it's amazing how people who are otherwise technically competent leave such obvious incrementing evidence on computer



I assume he had to give up the decryption credentials when he handed the laptop for the investigation. Not complying with the investigation can make it worse for you in some places.


Cant you just forget decryption credentials during the investigation?


Sure. They may not believe you, though.

Related example: https://en.wikipedia.org/wiki/H._Beatty_Chadwick


I'd rather have the 14 years of my life than $2.5 million I can't even use. People are weird.


There are double encryption systems. You give your "password" and they access a volume, where another encrypted volume isn't even apparent.


You can, but depending on the justice system in your area, you might not want to.


That's why you have two decryption keys. One for the real stuff, one that decrypts to a decoy.

https://veracrypt.eu/en/VeraCrypt%20Hidden%20Operating%20Sys...


Yep. All very good advice on how to better conceal your crimes.


Or hide anything you wish to from those who want to use the wrench method. You're allowed to have things to hide without being a criminal.


Plausibly deniable encryption exists for a this very reason.


> incrementing evidence

It just keeps piling up!


>full disk encryption is a thing.

Just actually get rid of the evidence. Throw your laptop into a shredder and buy a new one. At least get a new hard drive.


I can't speak for Singapore's specifics, but outright destroying evidence is often its own crime.


Good luck proving it!


In a country where possession of chewing gum is illegal and 14 grams of heroin geets you a death sentence, I'm not sure I'd want to test the practical limitations of the burden of proof on that sort of thing.


But you already committed the crime, surely that alone will be much worse than a completely unprovable charge of destruction of evidence.


Some legal systems permit inference of guilt ("spoliation inference") based on attempts to destroy evidence; you might wind up with just extra convictions this way.


probably easiest to buy a second hand laptop, do the thing and then low level format the disk with a hammer.


For this individual, it's a little late to close the barn door.


Intent: thinking through this from a problem-solving perspective. Don't do this crap, kids, lest ye end up in prison or worse.

Or at least do a full wipe (including backups) and reinstall. "Here's my FDE key, but I erased everything after I left that place and I don't have their stuff anymore."


Use a throwaway disk or device, get rid of that and leave the official one alone.

I discourage this behavior but there could be many cases when this could be useful.


With SSD drive it’s enough to simply wipe the drive clean.


Remember: sometimes a simple 'rm' may not be good enough, that's why the gods of GNU gave us 'shred': https://linux.die.net/man/1/shred


Well, the file was found on his laptop and laptops are pretty much exclusively using SSDs. On SSDs a simple `rm` is enough. On an SSD:

    1. You run rm
    2. Your filesystem uses trim to mark the pages as invalid
    3. The drive's garbage collector finds blocks containing invalid pages and consolidates valid pages into new blocks and marks the old blocks as invalid.
    4. Then the drive resets the block to empty and marks it as available.
This improves write performance because SSDs can only write to empty pages (they cannot overwrite pages that have already been written, instead they'd have to first reset the page and then write a new page) so by proactively resetting pages, they have pages ready to be immediately written.

But this also means that the blocks containing your deleted file will be proactively reset/emptied which means it will uncharge the cells which is equivalent to all the bits being `1`, thereby destroying the file.

Source: https://kcall.co.uk/ssd/index.html


Cool, I learned something interesting today, thanks!


i dunno what privacy/civil laws are like there, but couldn't the police or courts compel Kandula to surrender the password?


I suspect so.

https://en.wikipedia.org/wiki/Caning_in_Singapore

https://en.wikipedia.org/wiki/Human_rights_in_Singapore#Priv...


I assume Kandula was a microsoft user and it's widely suspected there's a backdoor for law enforcement.


On built in disk encryption? I'd be surprised if security researchers hadn't found that target. Got a source? Who credible suspects this?


NSA and FBI both approached previous bitlocker devs to insert backdoors in the early days. It's no secret Microsoft cooperates with federal government branches to ensure the government keeps using their products. Further because bitlocker is closed source, there hasn't been any outside research done on the code.

https://boingboing.net/2013/09/11/how-the-feds-asked-microso...

Some good comments here:

https://old.reddit.com/r/sysadmin/comments/26vm25/why_is_the...

There's more resources on google and I remember attending a talk at either blackhat or defcon on why you shouldn't be using bitlocker.


Run a VM on a portable linux distro, delete the VM, easy days.


Easier to run tails or other live distros that don't store anything on disk and then run memtest afterwards.


He was googling for "how to delete VMs script" to do the initial attack, I think you overestimate his opsec capability.


He had an opsec capability? I assumed he'd never heard of opsec.


lol 34 people replied to this. I think this ranks in the top 10 of my most replied to posts ever. But no change in votes.


Probably thought he was safe in his country. You can be tech literate and international criminal law illiterate.


He moved back to Singapore, where he committed the crime.


Not just moved back there, but used the company Wi-Fi network!


My bad. Should have rtfa. Guess he's just an idiot.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: