Jump to content

USB scattered around office


Recommended Posts

Have any of you guys done this lately Are you using the rubber ducky instead? I am pondering with the idea after Management approval to put a few out in the parking lot. Just thinking about having it email me that it was plugged in and from where.

Thx,

Tyler

Link to comment
Share on other sites

If they take it home and do it, that may be considered illegal wire tapping in some places, since you breached a system not your own, and made it do something without permission of the end user. I'd get advice from someone like the EFF before doing a "call home" type thing. If all you did was display a message, like, "You inserted an unknown USB Device from 'insert work name here' and this is a warning to all employees to think before you act" type thing, then I think that would be probably ok and not an issue, but the dialing home, etc, type stuff, might be breaking some laws depending on where you live.

Link to comment
Share on other sites

  • 2 months later...

I think if they tried to sue you for wiretapping, you could counter sue for theft of personal or company property. I think blat was a command line email tool used by the USB hacksaw or switchblade to email, you could use that, or some similar tool. Another option would be using some kind of hacker socket which is very hard to track to exfiltrate the data. I am not exactly sure how they do that. Some kind of SSL, or VPN? TOR upload?

Link to comment
Share on other sites

  • 1 month later...

What are you trying to achieve?

Presumably, you either want to convince management to block USB drives, or you're running some kind of user awareness scheme.

I would look to secure a trial of some USB control software (most enterprise AV vendors have a module), scatter some completely benign devices with recognisable device IDs, and then use the software's monitoring/logs to show management or users your results on how many were plugged into company systems. That way you limit ethical concerns and still prove your point.

Using software like this would also have the benefit of logging the use of non-authorised USB devices that you didn't plant. Finally, it would potentially show how many USB devices are legitimately used for business, helping you to budget for encrypted or authorised devices to replace them.

Link to comment
Share on other sites

If they take it home and do it, that may be considered illegal wire tapping in some places, since you breached a system not your own, and made it do something without permission of the end user. I'd get advice from someone like the EFF before doing a "call home" type thing. If all you did was display a message, like, "You inserted an unknown USB Device from 'insert work name here' and this is a warning to all employees to think before you act" type thing, then I think that would be probably ok and not an issue, but the dialing home, etc, type stuff, might be breaking some laws depending on where you live.

That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest"

:)

Link to comment
Share on other sites

That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest"

:)

Digip is exactly right though, it is too much of a grey area. Sure, the finder may simply be stealing a memory stick, but who's to say they didn't just plug it in to identify the real owner in order to return it? Or maybe they had one that looked exactly the same as your one and thought they dropped it. There's a fine line. Safer and more ethical to not have any payload that could get you or your employer into trouble.

Link to comment
Share on other sites

Digip is exactly right though, it is too much of a grey area. Sure, the finder may simply be stealing a memory stick, but who's to say they didn't just plug it in to identify the real owner in order to return it? Or maybe they had one that looked exactly the same as your one and thought they dropped it. There's a fine line. Safer and more ethical to not have any payload that could get you or your employer into trouble.

All good points. Users for the most are on their own they pick something up and plug it in, but its also the people that aren't aware of the dangers, and as such, might infect their system, if in fact they found it at they office and thought it might be someone else's and wanted to return it. Yes, they should hand them in at the front desk or whatever, but not everyone outside of IT is going to think twice about what they should do with a thumb drive. I find computers out by the trash all the time, and bring them home and fix them. I've also found things we'll just say, of a nature that no one should ever see, and I wipe the drives. Others, might use that info for ill gotten gains. Same with a thumb drive. Some people are good Samaritans who want to get it back to the owner but naive as to the dangers, others just want a free drive, and others, might be looking for them on purpose, ie: company boss drops one near his parking space and an attacker wants info on the company, its like dumpster diving for info, so it falls into a number of categories, and not everyone is going to know the dangers of plugging something into their machine.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...