Banks and Endpoint Security
As you can guess we get a lot of inquiries regarding the tools on this site and USB security in general. A lot of people ask for help with various projects, ranging from academic papers, security penetration tests and even a few black hats looking for assistance with their packages. However, I think the more interesting ones are those that ask us to help someone create a special package to aid in compromising bank systems or other illegal acts, many using their real names. And to save you the suspense the answer is no, we do not commit, nor do we condone illegal acts. Our goal here is not to help hack systems or assist in committing criminal acts, but instead to help raise awareness of endpoint security threats. The tools on this site are kittens compared to some others that are out there in the wild.
This raises some interesting security questions though. I remember on one occasion while sitting in a bank (a credit union actually) at a desk. In front of me was a desk where a loan officer was filling out some paperwork on his computer. He had his computer on top of his desk with the back facing me…and some lovely shiny USB ports winking at me. The offices all shared printers outside the office, every time he printed something he left the office, walked a bit down the hall and into another cube, sometimes waiting a bit while the printer finished the job. In my right hand were my keys with USB flash drive (never leave home without it) chock full of some particularly tasty tools.
I never actually considered doing it, but the scenario did run through my mind. The particular banker we were dealing with was a manager. He probably has access to only customer records, but probably lots of other systems and tools, if his system were compromised with a backdoor trojan or even data I could slurp off his system in a matter of seconds it could lead to a larger compromise of the network and the bank itself. We have heard of banks being compromised in pen tests using USB drives, simply scatter infected drives around the parking lot and wait for the employees to pick them up and open them on their computers. Human curiosity is the hackers greatest tool.