Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dead Drops P2P File Sharing Spreads Around Globe

Posted by Soulskill on from the will-someday-enable-a-revolution-in-dystopia dept.

Lucas123 writes "After beginning as an art project 3 years ago in Manhattan to thwart government online spying and offer a physical depiction of our digitally-connected society, a trend of embedding USB thumb drives in walls has caught on and spread to every continent but Antarctica. Dead Drops, as the anonymous P2P files sharing network is called, now has more than 1,200 locations worldwide and has morphed as participants have become more creative in not only where they place the drives, but how they share files, including creating WiFi locations. The thumb drives, which range in size from a few megabytes to 60GB, have allowed people to share music, video, personal photos, poetry, political discourse, or artwork anonymously. Dead Drops creator, German artist Aram Bartholl, said the project is a way to 'un-cloud' file sharing."

11 of 174 comments (clear)

  1. Why yes! by Frosty+Piss · · Score: 5, Insightful

    I'd be happy to plug my netbook / phone / multimedia device into this unknown thumb drive. Why not? I've got anti-virus...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Why yes! by i+kan+reed · · Score: 4, Insightful

      Yes, windows blows, but a smart operating system doesn't protect you. A known flaw in the drivers for a USB drive could still allow execution of arbitrary code.

    2. Re:Why yes! by Anonymous Coward · · Score: 5, Funny

      Not a thing. I have no idea how I am even making this post.

    3. Re:Why yes! by Hobadee · · Score: 5, Interesting

      You are making a pretty big assumption there that what you are plugging in is actually a storage device. It could easily be a device which shows up as an HID device and plays back a macro. "Alt-F2, 'xterm', Enter, 'rm -rf /', Enter" would be pretty devastating on your secure Linux box which doesn't run anything from removable media.

      Just because it looks like a thumb drive, doesn't mean it is one!

      --
      ...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
    4. Re:Why yes! by jkflying · · Score: 5, Informative

      You're thinking software. Try thinking hardware.

      I bet by hooking the other end of the USB up to 220V I could do some pretty nasty things to your computer.

      --
      Help I am stuck in a signature factory!
  2. Better idea by MrEricSir · · Score: 4, Informative

    While it requires power, something like the PirateBox seems like a safer alternative. It relies on wifi, which means you don't have to be in one physical spot to use it, and you don't run the risk of pluggin your computer into something you can't see. You never know, it could be a 240 volt power line attached to that USB plug.

    --
    There's no -1 for "I don't get it."
  3. What a great idea! by Russ1642 · · Score: 5, Funny

    The technological equivalent of having unprotected sex through a glory hole at a Quebec truckstop.

    1. Re:What a great idea! by Russ1642 · · Score: 4, Funny

      When trying to depict something as seedy make it French. I didn't make up the rules.

    2. Re:What a great idea! by Rockoon · · Score: 4, Insightful

      If you're running a system that is vulnerable to infected USB devices or media files, that's pretty much on you.

      Sigh.. there is no technical reason why a untrusted USB device couldnt present itself as a Human Interface Device (HID - keyboard, mouse, both, ..) and then open up a shell on your *nix box and run arbitrary shell commands.

      There is in fact concern that future USB drives will be manufactured to "phone home" using such techniques.

      --
      "His name was James Damore."
  4. Ah... Sneakernet. by fahrbot-bot · · Score: 4, Informative

    Sneakernet, for you youngsters, is like the Internet, but with more walking.

    [ Links make things "Informative"... :-) ]

    --
    It must have been something you assimilated. . . .
  5. Re:And it never occured to anyone ... by blueg3 · · Score: 4, Informative

    How do they "load software to track who is downloading"? Do thumb drives now have the capability to execute software on their own?

    Sometimes! But let's use an easier attack. Put a thumb drive plus some custom hardware into a thumb drive case. Easy to do. The hardware enumerates as both a thumb drive and, say, a USB audio-device driver that is present on most stock Linux distributions and has a particular buffer overflow vulnerability that allows arbitrary code execution. That sort of vulnerability is reasonably common and has happened in the past. Engineering that hardware is not hard. When the system enumerates the USB audio device, it loads that driver and the driver performs setup by talking to the USB device and requesting information. The evil device sends back responses to the driver that trigger the buffer overflow and execute device-provided code.

    You could make this fairly system-independent by putting a number of fake devices in there that exercise different vulnerabilities. Or you could determine what the connecting operating system is (and what drivers it has available) by looking at how it enumerates. You can even have your device use soft reconnects to try out different vulnerable drivers. (You would have the computer-facing port actually connect to a hub. Also easy to engineer up.)

    Can that software access your files and ID you over a USB port?

    So, yes.

    Don't assume that because something looks like a flash drive, it actually is. And don't connect unknown peripherals to your computer -- they talk directly to drivers.