lyonrt Posted May 2, 2013 Share Posted May 2, 2013 Have any of you guys done this lately Are you using the rubber ducky instead? I am pondering with the idea after Management approval to put a few out in the parking lot. Just thinking about having it email me that it was plugged in and from where. Thx,Tyler Quote Link to comment Share on other sites More sharing options...
digip Posted May 3, 2013 Share Posted May 3, 2013 If they take it home and do it, that may be considered illegal wire tapping in some places, since you breached a system not your own, and made it do something without permission of the end user. I'd get advice from someone like the EFF before doing a "call home" type thing. If all you did was display a message, like, "You inserted an unknown USB Device from 'insert work name here' and this is a warning to all employees to think before you act" type thing, then I think that would be probably ok and not an issue, but the dialing home, etc, type stuff, might be breaking some laws depending on where you live. Quote Link to comment Share on other sites More sharing options...
imaginaryfool Posted August 1, 2013 Share Posted August 1, 2013 I would label it "Wire Tapping Device" since that won't stop anybody from plugging it in. I have thought of using it with some of my usb sticks with sensitive info on it so that it can be tracked down. Quote Link to comment Share on other sites More sharing options...
overwraith Posted August 1, 2013 Share Posted August 1, 2013 I think if they tried to sue you for wiretapping, you could counter sue for theft of personal or company property. I think blat was a command line email tool used by the USB hacksaw or switchblade to email, you could use that, or some similar tool. Another option would be using some kind of hacker socket which is very hard to track to exfiltrate the data. I am not exactly sure how they do that. Some kind of SSL, or VPN? TOR upload? Quote Link to comment Share on other sites More sharing options...
Dec100 Posted September 4, 2013 Share Posted September 4, 2013 What are you trying to achieve? Presumably, you either want to convince management to block USB drives, or you're running some kind of user awareness scheme. I would look to secure a trial of some USB control software (most enterprise AV vendors have a module), scatter some completely benign devices with recognisable device IDs, and then use the software's monitoring/logs to show management or users your results on how many were plugged into company systems. That way you limit ethical concerns and still prove your point. Using software like this would also have the benefit of logging the use of non-authorised USB devices that you didn't plant. Finally, it would potentially show how many USB devices are legitimately used for business, helping you to budget for encrypted or authorised devices to replace them. Quote Link to comment Share on other sites More sharing options...
Stevie Posted September 4, 2013 Share Posted September 4, 2013 If they take it home and do it, that may be considered illegal wire tapping in some places, since you breached a system not your own, and made it do something without permission of the end user. I'd get advice from someone like the EFF before doing a "call home" type thing. If all you did was display a message, like, "You inserted an unknown USB Device from 'insert work name here' and this is a warning to all employees to think before you act" type thing, then I think that would be probably ok and not an issue, but the dialing home, etc, type stuff, might be breaking some laws depending on where you live. That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest" :) Quote Link to comment Share on other sites More sharing options...
Dec100 Posted September 4, 2013 Share Posted September 4, 2013 That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest" :) Digip is exactly right though, it is too much of a grey area. Sure, the finder may simply be stealing a memory stick, but who's to say they didn't just plug it in to identify the real owner in order to return it? Or maybe they had one that looked exactly the same as your one and thought they dropped it. There's a fine line. Safer and more ethical to not have any payload that could get you or your employer into trouble. Quote Link to comment Share on other sites More sharing options...
digip Posted September 4, 2013 Share Posted September 4, 2013 Digip is exactly right though, it is too much of a grey area. Sure, the finder may simply be stealing a memory stick, but who's to say they didn't just plug it in to identify the real owner in order to return it? Or maybe they had one that looked exactly the same as your one and thought they dropped it. There's a fine line. Safer and more ethical to not have any payload that could get you or your employer into trouble. All good points. Users for the most are on their own they pick something up and plug it in, but its also the people that aren't aware of the dangers, and as such, might infect their system, if in fact they found it at they office and thought it might be someone else's and wanted to return it. Yes, they should hand them in at the front desk or whatever, but not everyone outside of IT is going to think twice about what they should do with a thumb drive. I find computers out by the trash all the time, and bring them home and fix them. I've also found things we'll just say, of a nature that no one should ever see, and I wipe the drives. Others, might use that info for ill gotten gains. Same with a thumb drive. Some people are good Samaritans who want to get it back to the owner but naive as to the dangers, others just want a free drive, and others, might be looking for them on purpose, ie: company boss drops one near his parking space and an attacker wants info on the company, its like dumpster diving for info, so it falls into a number of categories, and not everyone is going to know the dangers of plugging something into their machine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.