Let the games begin. We are looking for a new challenge. Are you a CTO/CIO interested in testing your endpoint security? Think your employees are trained and your ports secure and willing to let us test it? We will find a way in. The cost to you will be $100 to cover the cost of the materials and shipping, in return you will get a breakdown of information regarding any endpoint security breach, including the username of the person who plugs the device in, computer name, internal network address and IP address, all of which will be confidential and only shared with you. We may ask to publish anonymous aggregated statistics regarding the test, but this will be left up to you. Nothing malicious will be deployed to the system or network and only the information stated will be collected. In addition we will provide additional information regarding how we were able to compromise the network as well as steps to mitigate the risk. If you are interested in more information please contact us.
posted by akuma @ April 30, 2007 11:37 pm
We knew it was coming, although I am a little skeptical regarding the source of this story. Supposedly Check Point regional directory Nick Lowe mentioned during the InfoSec show that a group of “USB Hackers” spread USB drives with malware throughout a parking lot in London with the hopes of gaining banking information form those who plug the devices into their systems. However, he was not able to go into specifics regarding it as there is an “ongoing investigation”. Granted we know more than anyone the threats posed by these tools, however I for one would like to know more about the case, it just sounds a little to close to a recent Dark Reading story to me. The fact that he even mentioned the case in the first place when there is a pending investigation is suspect. Paranoia is a great marketing tool.
Evidence
Let’s assume that the attack is real. Odds are that the tool used is a variation of something like USB Switchblade, or possibly a keylogger type application. However the data will need to be delivered somewhere. In many of the basic tools this usually goes to an anonymous email account, an SSL tunnel, VPN connection, or various backdoors such as HTTP RAT. The snag is that there is always a trace left. There is a way that obfuscates communications by utilizing the Tor network and if the email is sent to a anon email account they are sure to use Tor or other obfuscation techniques to block tracing of their IP…if they were smart. My guess is that the best evidence in this case will come from an old fashioned method. Fingerprints.
From Russia?
Many of my Russian friends are a bit angry with The Register due to the fact that in their story of this they state “Banking Trojans are written for profit and sold through Russian language websites and elsewhere for between $2,000 and $5,000″. This was a bit of irresponsible journalism really, especially since there is no additional information provided regarding this attack, they don’t know where the code came from so how is it that they know if came from Russia? I think The Register can expect some free USB drives in the mail shortly signed “from Russia with love”.
People Are People
As we know USB hacking tools and hacking tools in general are freely available on the web. Heck we have quite a few right here on our site (although not the really really nasty ones), for the sole purpose of educating the industry of the risks posed and to provide them with the tools to test their networks to make sure their mitigation approaches work. These tools are not rocket science either, there is no port scanning, decryption or sophisticated approaches that need to be taken with regards to this sort of attack. The bulk of the attack relies on the naivety of the target and as we know humans are the weakest link in our security chain. There will be more attacks like this and I am willing to bet that there already have been, we just have not heard about them.
posted by akuma @ April 29, 2007 12:33 am
Professor Venkatesan Renugopalakrishnan of the Florida International University has developed a way to store information on a protein layer, made from tiny genetically altered microbe proteins. This technique could allow DVDs and other external devices to store terabytes of information, it is assumed that a simple Flash drive could contain 50 Terabytes worth of information.
We probably won’t see an actual commercial bug drive for a few years, but even Renugopalakrishnan sees potential misuse stating “Unfortunately science can be used and abused. Information can be stolen very quickly.One has to have some safeguards there.”
Source: ABC Australia
posted by akuma @ April 25, 2007 11:03 pm
OK this is the funniest marketing idea I have seen in a while, for USB Glue. Using SuperGlue in USB ports has actually been a solution IT admins have used to prevent the security issues related to USB ports. Los Alamos Nuclear Labs is the most recent “adopter” of this technique after their latest data breach involving USB flash drives that appeared in a trailer during the raid of a meth lab. The drives were full of top secret data regarding various nuclear programs. As a response they apparently ordered
I love the three easy steps to endpoint security:
posted by akuma @ April 13, 2007 9:43 am
