London Hackers Deploy USB Payloads?
We knew it was coming, although I am a little skeptical regarding the source of this story. Supposedly Check Point regional directory Nick Lowe mentioned during the InfoSec show that a group of “USB Hackers” spread USB drives with malware throughout a parking lot in London with the hopes of gaining banking information form those who plug the devices into their systems. However, he was not able to go into specifics regarding it as there is an “ongoing investigation”. Granted we know more than anyone the threats posed by these tools, however I for one would like to know more about the case, it just sounds a little to close to a recent Dark Reading story to me. The fact that he even mentioned the case in the first place when there is a pending investigation is suspect. Paranoia is a great marketing tool.
Evidence
Let’s assume that the attack is real. Odds are that the tool used is a variation of something like USB Switchblade, or possibly a keylogger type application. However the data will need to be delivered somewhere. In many of the basic tools this usually goes to an anonymous email account, an SSL tunnel, VPN connection, or various backdoors such as HTTP RAT. The snag is that there is always a trace left. There is a way that obfuscates communications by utilizing the Tor network and if the email is sent to a anon email account they are sure to use Tor or other obfuscation techniques to block tracing of their IP…if they were smart. My guess is that the best evidence in this case will come from an old fashioned method. Fingerprints.
From Russia?
Many of my Russian friends are a bit angry with The Register due to the fact that in their story of this they state “Banking Trojans are written for profit and sold through Russian language websites and elsewhere for between $2,000 and $5,000″. This was a bit of irresponsible journalism really, especially since there is no additional information provided regarding this attack, they don’t know where the code came from so how is it that they know if came from Russia? I think The Register can expect some free USB drives in the mail shortly signed “from Russia with love”.
People Are People
As we know USB hacking tools and hacking tools in general are freely available on the web. Heck we have quite a few right here on our site (although not the really really nasty ones), for the sole purpose of educating the industry of the risks posed and to provide them with the tools to test their networks to make sure their mitigation approaches work. These tools are not rocket science either, there is no port scanning, decryption or sophisticated approaches that need to be taken with regards to this sort of attack. The bulk of the attack relies on the naivety of the target and as we know humans are the weakest link in our security chain. There will be more attacks like this and I am willing to bet that there already have been, we just have not heard about them.