Personal safety in our community - warning

This was originally written as an email to a private mailing list, apologies about style.

I thought long and hard before emailing this in, as the last thing I want is to be an alarmist. The precipitating factor is that in a recent closed-doors conference in the US, at the evening drinks one of us got roofied (verified), and their laptop has been accessed, logs deleted. They woke up the next morning in a ditch outside the bar.

While generally, this kind of thing is NOT SEEN in our community, and this COULD HAVE likely been an unrelated event, I wanted to email in and speak about personal safety.

There are three parts to this email:

1. Protecting your stuff

2. Protecting yourself and your friends

3. Threat level assessment

Let's get started.

1. Protecting your stuff

While some of us may care more, and some less. And while some of us may be targeted, while the vast majority of us are not. It has become clear that attacks such as physically accessing a laptop and replicating the hard drive (especially when dealing with security professionals you don't want to risk your toolset on), are happening more.

When traveling, please consider some counter measures, depending on your level of threat assessment. Examples, from high paranoia to low:

a. Drug dealer method (use burners)

b. Do not leave your electronic equipment in the room/away from you

c. Encrypt your hard drives (on Macs, make sure you hybernate your machine)

2. Protecting yourself and your friends

While I want to stress these things have not been seen in our community, especially when on "friendly soil", and the case I know of could have been random, please consider adopting some basic personal security habits, such as women have used their whole lives.

Example habits to adopt:

a. Do not leave your drink unattended. Assume it has been tampered with if you have

b. Watch how much you drink in such settings

b. Use the buddy system. Always have a friend watching over you to see how much you drink, and that you get home safely

3. Threat level assessment

Far be it from me to assess how much of a threat each of us may be under, but I personally believe the threat level on the equipment front is medium, and on the personal front, it is very low.

It may seem odd, but I do not personally take most of these precautions. Our meetings are a trusted space with many long-time friends. We just need to watch out for one another.

It was important to me, after much deliberation, to email with a general warning so that people are aware that (a) people's machines are in fact being accessed, beyond just a possible risk, and that (b), there has been a recent escalation, even if it might have been a random coincidence, which shows we need to at the very least watch out for each other. Then, (c) making sure you have some ideas on things you should consider doing.

As to the person who got attacked, it wasn't me - they are well - although they cut it close. They will speak on this and what they learned, when they are ready.

Thank you,

Gadi.