Slashdot Mirror
USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device
Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.
we coulda had in school
Doesn't TrueCrypt support full drive encryption and USB-based hardware keys for decryption? That sounds like all this "invention" does. It doesn't actually kill your computer.
I mean my USB hub never drops my mouse connection or anything like that. So there is no chance of a false positive.
I am Slashdot. Are you Slashdot as well?
Then the drive is still encrypted and they can't use it. Am I supposed to end this with, bitch?
Too bad that's not installed by default on the two most used desktop operating systems.
Get free satoshi (Bitcoin) and Dogecoins
http://etherkiller.org/
Here's the source:
https://github.com/hephaest0s/...
What's next - a tutorial on how to press the power button?
So it's a deadman's switch basically.
"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States. Afterwards, assuming you have a winning complexion, charges are fabricated and officers exhonorated.
Our prosecution also works similar to a firehose. Typically if youre arrested for loitering or driving while black, youll be charged with resisting arrest and a large slew of other charges that may not even apply to your specific encounter. Once in jail a member of the prosecution team will approach you with a laundry list of offenses and the threat of decades of years in jail. Mercifully they will offer a plea bargain that, should you choose to simply plead guilty, youll only spend a fraction of that time in prison. If you cant afford a lawyer, and dont have a firm grasp of legal proceedings yourself, this option is generally chosen.
Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences. Indefinite forcible detention at border checkpoints without charges, for example, befell moxy marlinspike. computing chicanery in general that goes beyond the relm of 'good consumer' will find you hounded to the end of your days, as was the case of the late Aaron Schwartz. Given my options, id rather feign ignorance than quietly activate a duress payload.
Good people go to bed earlier.
If you're that worried just work on a remote machine in a secure location via an encrypted remote desktop session. Nothing in local ram or disk. Anyway, since when does "kill" equal "shutdown nicely"? *sigh*
How do you pee if this is attached to you? Do you keep a bunch of one-gallon jugs next to your desk?
usually they do everything they can to keep the power on including splicing into the power cables or pulling the socket from the wall and hooking it up to a phase locking UPS so they can take the computer still powered on. This is usually combined with a mouse wiggler to keep screensavers and sleep from kicking in.
For reference:
http://www.cru-inc.com/product...
So your worried about security but not running something with a working IOMMU?
No sir I dont like it.
Even if you aren't guilty of whatever they were believing that the evidence on the computer would incriminate you for, that's still a crime, and not a very lightly taken one.
File under 'M' for 'Manic ranting'
Well, there's new thing called a laptop, which has some newfangled technology called like a bartier or battery or some shit like that. I don't know, it all goes way over my head, but as I understand it, it allows you to unplug a computer from the wall without it turning off. I'll tell ya man, it's true what they say, the future is now.
s/killswitch/shutdown/
Yeah, but that's what a normal killswitch that you see on a jetski or a lawnmower does.
Slightly misleading but the point is that if you remove power and have full encryption then they need the password to turn it back on.
hes saying that if you keep all your ports filled at all times, and someone removes something to start coping or what-not, then it just shuts down
I assume that your technique requires that the computer be powered on.
I am very small, utmostly microscopic.
I read the introduction, and was expecting a Mission: Impossible-style "This computer will self-destruct in 5 seconds" with smoke and everything...
Remove the battery and wrap the power cord around your leg. When the cops pull you away from the computer, or delicately unwrap you and try to move it to a battery, it shuts off immediately without any BS.
You have it attached to your person as you are knocked to the floor. Pretty much a slam (your head) dunk (against floor).
You're looking for quotes? See my journal.
And are you going to tie that battery to your wrist as well?
Reminds me of something I wrote back around 1981. Working with the early IBM PC at the machine code level several flaws surfaced and for fun I packaged them all together in the boot sector of a 5 1/4" floppy which we put in a "break glass" box and put on the wall (There were no hard drives yet, the XT wasn't out yet). If you placed the floppy in the boot drive it would destroy the hardware in a few seconds. First, there was a bit on the original IBM display adapter (mono text only) which would lock the horizontal sweep on the standard IBM monitor forcing the horizontal output power transistor to overheat and burn out. You would see the display image collapse while the monitor would squeal while smoke (literally!) would come out the sides and back, and die with a $200 repair to fix it. Second, there were no stops on the head movement on those original floppy drives - with the right loop they would step out until the heads fell off inside the case with a pair of clunks if you had a 2 drive system. (Not a difficult repair, but you had to know what your were doing and get into the floppy drives themselves to fix it.) Finally, the speaker ran off of a shift register which could be loaded with a really nasty PWM sound and set to free run. With interrupts disabled and the CPU halted, the machine sat there smoking with a very loud nerve-rattling siren, completely dead and unable to boot. It would require major physical repairs to get it working again. The monitor would stink for weeks afterwards.
This appears to be the functional equivalent of a holding down the power switch, maybe a little quicker. Just what one needs. Well, probably not, but if you're that paranoid, you either have a mental condition or otherwise engage in behaviors that merit paranoia.
What everyone in this thread is overlooking is it basically does a 'shutdown now'.
trivially could be done with a power button and changing the acpi power settings to shutdown instantly rather than prompt you then shutdown.
The function of this device is grossly overestimated in the comments
Just set up a script on the machine looking for a specific USB device, start shutdown if the device is not present. This is pretty common stuff, hell my old Lenovo laptop has a smartcard slot in it that would do the same thing if the card was removed.
In fact if you look you can find the same thing all over the place for the last decade on many hacking sites, even back in the late 90's this kind of stuff was on the "scene" I had back to back modems in telcom rooms inside boxes that if the box was opened it dumped 110V into the modem logic boards so that when discovered they would self destruct.
Most "hackers" today probably dont even own a buttset.
Do not look at laser with remaining good eye.
All true apart from the 'usually.' Those devices are expensive, and few police forces have specialists trained in their use. This means calling in support from another force and even more expense. This is enough of an issue that they are not used in routine cases - they'll only bring them out if you are either involved in an exceptionally high-severity crime (Child abuse images, terrorism, large-scale narcotics) or if you are specifically suspected of a computer-related crime and they have reason to believe you have taken security precautions that would require the use of such equipment.
You would be right in the pre-'Frozen Precipitation' era.
nosig today
But no Windows support?
Or could be done with a pin protected smart card on a cord to your wrist. Pull it out and they system is out.
Never
Fucking
Mind.
www.wavefront-av.com
Maybe, but, I like this better personally because its more immediate. "USB attached to the wrist" scenario is a clear winner because it means the system is shutting down before they even realize what just happened and they have little or no time to respond, there is precious little they can really do to prevent that stick from being pulled.
In the past a friend of mine and I were musing about a setup like this, but our idea was a bit more drastic and less portable.... no battery at all, and power wired to a switch that opens or closes with the door to the room, so just opening the door to the room would kill the system
"I opened my eyes, and everything went dark again"
you need to download update for your PYTHON AND DOT NET to continue.
lol are you all retarded here?
Yes, I suppose a baton would work well in the immediacy of the moment. However for any country that isn't part of the 3rd world, you can reasonably expect to get your day in court, so saying 'lawyer' might get your head beat in a bit, but it's still probably the right thing to do. Evidence obtained because you got beaten with a baton would be inadmissible in US courts at very least. And given the current publicity about cops using excessive violence these days, I think it's unlikely the police would stoop to those sorts of behaviors against someone who's only resistance to them is not answering self incriminating questions.
In a bit of shameless internet panhandling, I accept Litecoin Donations at Lbd2oH9QsthD1GfuUXPyka12YxvWJYnBVf
(Along with hardware methods like some kind of RFID reader built in to the keyboard/mouse which locks things up if the RFID ring/bracelet/patch on your hand goes out of range, etc.)
Already exists based on the blue tooth in your phone. Walk up and it logs you in. Walk off and it locks the screen.
A usb stick on a neck lanyard is quite common. The stick came out when you tackled me. I wasn't running USBkill. Prove I am lying.
I am very small, utmostly microscopic.
The fact that you have a Xyloc RFID card on your person is rather telling. Much more so than the fact that there is a USB stick on a neck lanyard laying there on the floor next to the spilled coffee.
Nothing like leaving evidence around (evidence that only serves one purpose).
I am very small, utmostly microscopic.
A better idea is an RFID reader and an implanted RFID chip. Separate user from computer and shutdown, or better yet, lock and start shutdown timer unless unlocked. A pain in the ass when you want a sammich, or you want to keep downloading files when you're AFK, but security has always required a sacrifice of convenience. Use a separate computer for "everyday" tasks, and one for sensitive tasks.
While this article is targeted at legal seizures, there are everyday uses as well, like preventing theft of your device on the subway from translating into theft of your data, or preventing corporate espionage. Of course it's an arms race, so if deadman's switches ever became common, then thieves will be sure to remove your implant (ouch) or just bring you along. The next step would be implanted computers, and removing or retrieving information from those will raise all sorts of constitutional issues.
https://www.eff.org/https-everywhere
Your honor, they were screaming at me, with guns pointed at me, to 'put your hands up! put your motherfucking hands up, or I will fucking shoot you dead!'
So I put my hands up. I wasn't about to risk death to explain to them that this would cause my computer to shut down.
Vintage computer games and RPG books available. Email me if you're interested.
I've wondered why those who care don't wire up a motion sensors inside their servers/desktops as well as sensors to detect obvious case opening and start wiping memory (and perhaps some of the disk as desired to wipe encrypted keys - obviously the file system would be encrypted in these cases) followed by a system reset to make this Law Enforcement attack less successful. Generally, Law Enforcement will move the computer to another site and detecting the exact nature of the sensors and disabling them without tripping the motion sensors could raise the cost/time a lot.
Of course, one doesn't want make the motion sensors too sensitive if one lives in California!
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
She thinks she turns off her computer by pressing the power button on her monitor. she also calls the internet...AOL.
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
Oh really? Just utter the words "child pornography" and everything you ever do to a suspect is fine. In fact, you could get into trouble for NOT torturing it. Some kid's wellbeing is on the line, after all. Usually computer + crime = child porn so neckbeards are fair game. Nobody likes them anyway. They're creepy and unpleasant, and nobody wants them around. Especially around children.
If anyone needs someone to talk on how intimidating such a situation can be, they can just ask my wife, she has ended up in situations like this a couple of times just trying to get to work.
Here in Boston the local public transit (MBTA) thugs have a serious TSA hard on. They actually run random bag swabbing checkpoints at stations. In theory, you can refuse and leave, walk right out. In practice, when my wife tried to say no, she had one officer yelling "we have a resistor" as she was suddenly surrounded by people telling her what to do and found herself being railroaded to the the swabber and into the station....so much for a right to refuse and walk out.
Its amazing how intimidating a gang of armed men yelling at you can be.
"I opened my eyes, and everything went dark again"
Sadly in a cases like that I kind of which it would happen to me. I can be a big enough ass hole that I would follow up with a Deprivation of rights under color of law case. As an added bonus you can go directly after the party or parties involved and they don't get government protection. I really wish more people would peruse these types of cases against government officials' overreaches.
Time to offend someone
You could get a 240V circuit (hot-hot-ground) and in code violation wire it to a NEMA 5-15 or 5-20 receptacle, and use a power supply capable of handling 240V 60Hz, so that when they splice in they brown-out the machine and it shuts off...
Do not look into laser with remaining eye.
Oh if I had known enough at the time we would have. Unfortunately it happened a couple of times and she waited a while to tell me, mostly because she knew how mad it would make me and she was right, no sooner did she tell me than I was pulling out my phone and calling up their complaints department.
Pretty quickly they got me to someone at their police department who tried to justify the program etc. I did manage to make him go quiet for a second when I called it a jobs program, he just had nothing at that.
"I opened my eyes, and everything went dark again"
Forensic ram dumps don't trip new hardware detection logic. They use DMA only and copy everything down.
They have to plug into a port.
Every port is occupied. They have to unplug something to plug their gadget in. When they do that, *poof* pupu go byebye.
In the free world the media isn't government run; the government is media run.
On trains they call those devices 'dead man switches' - when the engineer's foot comes off the spring-loaded switch, the locomotive slows down.
Ken
This seemed like a neat idea so I just now wrote a 16-line script to lock my screen whenever any usb device is plugged/unplugged. I'm not that paranoid so I saw no need to shutdown the computer, and I don't often plug/unplug devices so I saw no need for a whitelist, but even if I did implement a whitelist, I can't image it adding up to the 172 lines of code that is in the python version from the fine article.
Exactly.... All of these tactics that prevent authorities from gaining access to your locked / encrypted data are only marginally effective in most real-world scenarios.
It may be true that nobody can really *force* you to give up a pass-code that you've only stored in your own head. But they don't barge in, confiscate your hardware AND arrest you if they don't feel they've already got a pretty good case against you. (If it really hinges only on them getting to see the data on your computer's drive that's password protected, they don't have enough evidence to arrest and hold you.)
I'd venture to say that in most computer-related arrests made these days, they gathered most of the evidence based on data they were able to see transmitted over the Internet or viewed at a remote destination someone sent it to. (EG. Microsoft's current court case against a guy who they claimed massively pirated copies of Windows 7 by illegally activating them. They've got evidence on the Microsoft activation servers that point to his IP address, uploaded by the computers he was activating. Being unable to see anything on his PC is pretty irrelevant at this point for investigators, I'm sure.)
You're overestimating what this "kill switch" does. To shut down the computer you pull out the USB stick. That's it. No killing. No detecting forensics. Just a shutdown switch.
How TF did this make the front page? It's a fscking on/off (well, off-only) switch done via USB. What's next, "Dell introduces amazing new kill switch on latest laptops, labelled 'Power'"?
This won't work. I have cats.
Use the same USB trick, but run your OS in a VM under the TreVisor hypervisor. When the USB device is removed simply put the machine to sleep.
TreVisor only stores your encryption key in the debug registers of the processor. It places restrictions on running op-codes to read these registers or to overwrite itself via DMA. It encrypts both the disk and inactive pages of memory.
Once the CPU suspends, the debug registers are lost and you have to enter your passphrase before the guest VM can do anything at all.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I assume that when they clip in their backup thingy, it would detect the 240VAC as a fault. If *I* was doing it, I would check the voltages with a multimeter before hooking anything up out of habit.
As far as protecting a system versus this kind of tampering, if it is home built then there are all kinds of things which can be done so that it shuts off when removed from the location.
USB ports are very protected so while you could perhaps destroy a port the computer wouldn't have any problem. But there are ways... http://kukuruku.co/hub/diy/usb...
Also you are talking of something that fucks with the computer when one plug it in, the story is about a device that does something when removed.
The USB is attached to your wrist so the cops are certain to find it and put it in their computer, not so you can shut the system down by raising your hands.
It sounds like the plan is to tether a USB key to your wrist that when you pull away from it the device is removed. This then triggers the machine to shut down, allowing your encrypted drive to be "locked".
Alternatively, you could tie a string to your ankle to the power cord, when you remove that device from the "socket" the machine will also shut down, and has no risk of hanging processes which would delay the "power off"
How is turning your computer off "destruction of evidence"?
If you were looking at child porn or cracking someone's online bank account, then turning your computer off most certainly destroys the (immediate) evidence of what you were doing.
Just because something has legitimate uses doesn't mean it can't have illegitimate ones as well.
To have a right to do a thing is not at all the same as to be right in doing it
Alternatively, just watch some swatting videos on youtube. It's pretty scary.
Couple that with 'no-knock' warrants....
Vintage computer games and RPG books available. Email me if you're interested.
The Macintosh I had no lid.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I forget which case it was, but there was one in the news a little while back. Some dark market guy, living on his Uni campus and doing his thing. Apparently the bust tried to do the DPR thing, but he had an encrypted, battery-less laptop and he was able to yank the power cord out.
Mercury switches and C4, boo-yah!
(User trips and bumps into the table, kaboom!)
Explosives have the disadvantage of lacking non-destructive testing.
My favorite implementation for this sort of thing is a reed switch and externally mounted magnet. Tie the reed switch into the reset signal which is available in two different places, the front panel header and the power supply power good signal, and mount the reed switch so that either a magnet mounted to the floor or table under the chassis or inside of something sitting on the chassis is necessary for proper operation. The reed switch could also be used to disable a USB port though so operation would be through USBKill.
Well good on you for at least trying to do something. Far too many people just take it. It is like the people who stop at the door of stores when the anti theft alarm goes off. I just keep walking as I did pay for everything and if they do try to detain me they had better evidence other than the false positive machine at the door because then it becomes a case of false imprisonment. Yet far too many people just take it and don't do anything.
Time to offend someone
Beer, or cola as the case may be.