Physical Security
tag: [Security Specialist, Operations & Strategy]
Physical security is an often overlooked but crucial aspect of operational security, especially for individuals and organizations involved in cryptocurrency. This section provides guidelines on how to protect yourself, your digital assets, and your organization from physical threats and attacks.
Best Practices
- Random USB storage devices should not be plugged into your devices. Dropping malicious USB sticks and hoping for someone to pick them up and insert them into their computer is a real threat. On the subject of USB, do not plug in your device into an untrusted charger (e.g., on a bus or airplane) without a data blocker.
- Do not click on links from untrusted sources, as they may lead to malicious websites or legitimate websites that have been compromised. In the event that you’re asked to take action on a website through, for example, email, visit the website manually (e.g., discord.com) rather than clicking the link.
- Avoid scanning QR codes as they could potentially contain exploits.
- Be wary of websites pushing pop-ups that make it seem that you need to install software to upgrade or secure your computer, these are often malware.
- If you receive a suspicious message, try reaching out to the person via a different channel.
Secure Traveling
Preparation
- Travel with the minimum number of devices necessary. Leave non-essential devices at home.
- Backup all important data before traveling. Store backups in secure, separate locations.
- Remove sensitive data from devices before traveling. Consider using travel-specific devices with minimal data depending on the country you're visiting.
During Travel
- Keep your devices with you at all times. Use secure storage options when necessary.
- Avoid using public Wi-Fi networks. If necessary, use a VPN to secure your connection.
- Avoid using untrusted charging stations. Use a USB data blocker or carry a portable charger.
Border Security
- Encrypt your devices to protect data in case they are inspected or seized.
- Carry minimal data across borders. Be aware that some countries may require decryption of devices.
- Be prepared for device inspections. Consider using travel-specific accounts and removing sensitive information.
Preventing "Wrench Attacks"
A "wrench attack" refers to the scenario where an attacker uses physical force or coercion to gain access to your assets.
Mitigation Strategies
- Use multi-signature wallets that require multiple parties to authorize transactions.
- Distribute parts of cryptographic keys among trusted individuals or locations.
- Use decoy wallets with small amounts of cryptocurrency to satisfy attackers without compromising significant assets.
- Establish clear policies for responding to physical threats in your project, including non-compliance and emergency contacts.
Home Security
- Use strong locks, security doors, and window bars to prevent unauthorized entry.
- Install security cameras and alarm systems. Monitor the premises regularly.
- Use safes or locked cabinets to store devices and sensitive documents.
Device Protection
Hardware Security
- Use laptop locks and secure your devices to immovable objects when in public or shared spaces.
- Use tamper-evident seals on devices to detect unauthorized access attempts.
- Regularly check devices for signs of tampering or unauthorized access.
Environmental Considerations
- Protect hardware wallets or other devices from extreme temperatures, humidity, and physical shocks.
- Store hardware wallets or other important devices in fire-resistant safes and ensure that your environment has appropriate fire detection and suppression systems.
Emergency Contacts
Maintain a list of emergency contacts, including law enforcement, cybersecurity experts, and team contacts.