Slashdot Mirror

← Back to Stories (view on slashdot.org)

USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device

Posted by timothy on from the content-scrambling-system dept.

Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

36 of 288 comments (clear)

  1. this already exists by slashmydots · · Score: 2

    Doesn't TrueCrypt support full drive encryption and USB-based hardware keys for decryption? That sounds like all this "invention" does. It doesn't actually kill your computer.

    1. Re:this already exists by Orestesx · · Score: 5, Informative

      This is to be used in conjunction with TrueCrypt. The summary is alluding to the arrest of the alleged founder of Silk Road at a public library. He was using a computer with full disk encryption, but they physically separated him from the laptop before he could power it off. Attach this to your wrist, and the machine will be powered off when the USB drive is removed from its port.

    2. Re:this already exists by bluefoxlucid · · Score: 2, Interesting

      Which opens you up to all kinds of high circumstantial evidence prosecution. Evidence that you may have been involved in a crime coupled with a psychotic behavior in which you put your computer data at severe risk to handle an unexpected seizure? If they have weak evidence showing your involvement in a crime, the corroborating behavior provides circumstantial evidence supporting their weak evidence; either by itself may be inadmissible.

      --
      Support my political activism on Patreon.
    3. Re:this already exists by Dunbal · · Score: 4, Insightful

      If they have a tactical team breaking into your house you are pretty much fucked on circumstantial evidence anyway... It might mean the difference between 5 years in prison and life in prison though. "We're sure he had 'x' on his hard drive" is a lot weaker than "we found 'x' on his hard drive"...

      --
      Seven puppies were harmed during the making of this post.
    4. Re:this already exists by Orestesx · · Score: 2

      This doesn't prevent suspicion and it doesn't prevent your from being arrested. The police arrest you and seize your property because they think you've committed a crime - at that point, there's no convincing them that you didn't. This is about avoiding conviction or keeping highly sensitive information secret. Of course, if the information on your computer isn't highly sensitive and you aren't doing anything illegal, and you are not super paranoid about your privacy, then you probably shouldn't be using this, because it is suspicious. This isn't for the general public. This is for people who REALLY need to keep their data secret. Even at the risk of raising suspicion.

    5. Re:this already exists by Orestesx · · Score: 3, Insightful

      Maybe. But getting caught with incriminating data is almost certain to get you convicted. Think about it this way. You're a defense lawyer. Would you rather explain your defendant's suspicious behavior, or an excel spreadsheet showing how much coke he's sold this month?

  2. Of course USB is a perfect system by OzPeter · · Score: 4, Insightful

    I mean my USB hub never drops my mouse connection or anything like that. So there is no chance of a false positive.

    --
    I am Slashdot. Are you Slashdot as well?
    1. Re:Of course USB is a perfect system by SecurityGuy · · Score: 4, Informative

      No real risk, beyond that of inconvenience. All it does is shut your computer down. It's not wiping anything or physically damaging the hardware, it's just turning it off and relying on you using full disk encryption to actually protect your data.

    2. Re:Of course USB is a perfect system by Moof123 · · Score: 5, Interesting

      That is probably a tactic to be used by the authorities. If they get a hold of the laptop and sneak in some piece of hardware to make the USB drop every now and then, the suspect will pretty soon disable it.

      Way back when I worked for a 3 letter acronym this was a pretty low tech solution often employed to circumvent alarms of all sorts. Just randomly trigger the alarm a every few hours at night and within a few days it will be turned off out of disgust or at the orders of any cops that have been dispatched the last half dozen times. Now you can waltz in and do your dirty work.

  3. Re:Except they just turn the power off by ckatko · · Score: 2

    Then the drive is still encrypted and they can't use it. Am I supposed to end this with, bitch?

  4. Er...all this does is "shutdown -r now" by xxxJonBoyxxx · · Score: 4, Insightful

    Here's the source:
    https://github.com/hephaest0s/...

    What's next - a tutorial on how to press the power button?

  5. Deadmans Switch by Liquidretro · · Score: 5, Insightful

    So it's a deadman's switch basically.

    1. Re:Deadmans Switch by DigiShaman · · Score: 2, Informative

      No. A deadman's switch is when you have a PC constantly asking for password verification ever X amount of minutes. At the time you don't respond when expected, the logic is that you're "dead", and thus commences the process of self-destruction.

      --
      Life is not for the lazy.
    2. Re:Deadmans Switch by smallfries · · Score: 4, Informative

      No. A deadman' switch is an idea that has been around in analogue fail-safe systems for a long time. It is typically a device that you have to hold onto in order to keep the machine running. What you describe is one software implementation of that idea, but the GP is correct that this is another.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  6. works differently in the states. by nimbius · · Score: 5, Interesting

    "In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States. Afterwards, assuming you have a winning complexion, charges are fabricated and officers exhonorated.

    Our prosecution also works similar to a firehose. Typically if youre arrested for loitering or driving while black, youll be charged with resisting arrest and a large slew of other charges that may not even apply to your specific encounter. Once in jail a member of the prosecution team will approach you with a laundry list of offenses and the threat of decades of years in jail. Mercifully they will offer a plea bargain that, should you choose to simply plead guilty, youll only spend a fraction of that time in prison. If you cant afford a lawyer, and dont have a firm grasp of legal proceedings yourself, this option is generally chosen.

    Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences. Indefinite forcible detention at border checkpoints without charges, for example, befell moxy marlinspike. computing chicanery in general that goes beyond the relm of 'good consumer' will find you hounded to the end of your days, as was the case of the late Aaron Schwartz. Given my options, id rather feign ignorance than quietly activate a duress payload.

    --
    Good people go to bed earlier.
    1. Re:works differently in the states. by infolation · · Score: 4, Informative

      Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences

      Better than in the UK, where it's a criminal offence punishable by two years imprisonment. (Regulation of Investigatory Powers Act 2000, Part III)

      And people are really locked up for that here.

    2. Re:works differently in the states. by ScentCone · · Score: 3, Insightful

      "In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States

      I see. You live inside a bad television episode? How many hacker apartment door breakdowns followed by "hailstorms of bullets" can you cite from this month, here in this country of over 300,000,000 people? Please be specific.

      --
      Don't disappoint your bird dog. Go to the range.
    3. Re:works differently in the states. by fustakrakich · · Score: 2

      That's right. It never happens. The police always knock three times and leave quietly if nobody answers. You know what's sad about the summary there is that we have to fear the cops as much as any other common thief.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:works differently in the states. by ScentCone · · Score: 2

      Why do you need a source for something that happens constantly.

      Because everyone knows you're selling a myth that it "happens constantly." That's why you can't point to a list of examples of it happening "constantly" and instead go right for the race card in order to distract.

      --
      Don't disappoint your bird dog. Go to the range.
  7. How do you pee? by mveloso · · Score: 4, Funny

    How do you pee if this is attached to you? Do you keep a bunch of one-gallon jugs next to your desk?

  8. Re:Except they just turn the power off by Loconut1389 · · Score: 4, Informative

    usually they do everything they can to keep the power on including splicing into the power cables or pulling the socket from the wall and hooking it up to a phase locking UPS so they can take the computer still powered on. This is usually combined with a mouse wiggler to keep screensavers and sleep from kicking in.

  9. Re:Except they just turn the power off by Loconut1389 · · Score: 2

    For reference:

    http://www.cru-inc.com/product...

  10. Re:Usefull... by Anonymous Coward · · Score: 2, Funny

    Well, there's new thing called a laptop, which has some newfangled technology called like a bartier or battery or some shit like that. I don't know, it all goes way over my head, but as I understand it, it allows you to unplug a computer from the wall without it turning off. I'll tell ya man, it's true what they say, the future is now.

  11. Re:The right way to do this: by Gizan · · Score: 2

    hes saying that if you keep all your ports filled at all times, and someone removes something to start coping or what-not, then it just shuts down

  12. Re:Wouldn't using this if it were seized... by DarkOx · · Score: 2

    Its kind of grey area. Full disk encryption could itself be though of in those terms. I mean why are ciphering literally every block of information your store? Certainly it must be because you have something to hide right.

    If you immediate start destroying the equipment when the cops show up that is a problems but in the case we have a device that has a normal operating behavior of putting itself into a secured state (by shutting down) whenever your wrist leave its proximity. Its not illegal (yet) to use a secure device. I would expect a good lawyer could spin this one to your favor.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  13. Re:Python script, eh? by stooo · · Score: 2

    Python is cross platform, you can use it on any OS.

    --
    aaaaaaa
  14. Not the first, but more useful for today by eastjesus · · Score: 5, Interesting

    Reminds me of something I wrote back around 1981. Working with the early IBM PC at the machine code level several flaws surfaced and for fun I packaged them all together in the boot sector of a 5 1/4" floppy which we put in a "break glass" box and put on the wall (There were no hard drives yet, the XT wasn't out yet). If you placed the floppy in the boot drive it would destroy the hardware in a few seconds. First, there was a bit on the original IBM display adapter (mono text only) which would lock the horizontal sweep on the standard IBM monitor forcing the horizontal output power transistor to overheat and burn out. You would see the display image collapse while the monitor would squeal while smoke (literally!) would come out the sides and back, and die with a $200 repair to fix it. Second, there were no stops on the head movement on those original floppy drives - with the right loop they would step out until the heads fell off inside the case with a pair of clunks if you had a 2 drive system. (Not a difficult repair, but you had to know what your were doing and get into the floppy drives themselves to fix it.) Finally, the speaker ran off of a shift register which could be loaded with a really nasty PWM sound and set to free run. With interrupts disabled and the CPU halted, the machine sat there smoking with a very loud nerve-rattling siren, completely dead and unable to boot. It would require major physical repairs to get it working again. The monitor would stink for weeks afterwards.

    1. Re:Not the first, but more useful for today by PRMan · · Score: 2

      I used to work at a place that got a virus similar to your code. A user got it from a bad floppy and the EGA monitors kept blowing up (the user's and 2 more I hooked it up to). I finally hooked it to a Hercules monochrome monitor and the screen came up. I looked up the virus on a virus vendor's BBS system and printed removal instructions and removed it.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  15. Re:Usefull... by maliqua · · Score: 3, Informative

    What everyone in this thread is overlooking is it basically does a 'shutdown now'.

    trivially could be done with a power button and changing the acpi power settings to shutdown instantly rather than prompt you then shutdown.

    The function of this device is grossly overestimated in the comments

  16. Why so difficult? by Lumpy · · Score: 2

    Just set up a script on the machine looking for a specific USB device, start shutdown if the device is not present. This is pretty common stuff, hell my old Lenovo laptop has a smartcard slot in it that would do the same thing if the card was removed.

    In fact if you look you can find the same thing all over the place for the last decade on many hacking sites, even back in the late 90's this kind of stuff was on the "scene" I had back to back modems in telcom rooms inside boxes that if the box was opened it dumped 110V into the modem logic boards so that when discovered they would self destruct.

    Most "hackers" today probably dont even own a buttset.

    --
    Do not look at laser with remaining good eye.
  17. Re:oh the fun by TheCarp · · Score: 2

    Even back then I knew stealing was wrong.... but unauthorized writing of new files never bothered me.

    So I used a race condition I found in the Macintosh security software at school and used it to copy icons of porn over all the desktop icons, so anyone trying to launch word got tits.

    And of course, I did it as my person Senior year prank, on the way out the door when all the other classes still had a couple of weeks, on the last day for seniors I slipped unnoticed into the computer lab, did my deed, and slipped out, and walked out of the building.

    They never suspected someone without the password did it (a bunch of people had the password of course).

    I ran into some of the guys from the lower class years later and got a "wow that was you!"

    --
    "I opened my eyes, and everything went dark again"
  18. Re:Except they just turn the power off by TheCarp · · Score: 2

    Maybe, but, I like this better personally because its more immediate. "USB attached to the wrist" scenario is a clear winner because it means the system is shutting down before they even realize what just happened and they have little or no time to respond, there is precious little they can really do to prevent that stick from being pulled.

    In the past a friend of mine and I were musing about a setup like this, but our idea was a bit more drastic and less portable.... no battery at all, and power wired to a switch that opens or closes with the door to the room, so just opening the door to the room would kill the system

    --
    "I opened my eyes, and everything went dark again"
  19. Re:Except they just turn the power off by SuiteSisterMary · · Score: 2

    Your honor, they were screaming at me, with guns pointed at me, to 'put your hands up! put your motherfucking hands up, or I will fucking shoot you dead!'

    So I put my hands up. I wasn't about to risk death to explain to them that this would cause my computer to shut down.

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  20. Re:Except they just turn the power off by TheCarp · · Score: 4, Interesting

    If anyone needs someone to talk on how intimidating such a situation can be, they can just ask my wife, she has ended up in situations like this a couple of times just trying to get to work.

    Here in Boston the local public transit (MBTA) thugs have a serious TSA hard on. They actually run random bag swabbing checkpoints at stations. In theory, you can refuse and leave, walk right out. In practice, when my wife tried to say no, she had one officer yelling "we have a resistor" as she was suddenly surrounded by people telling her what to do and found herself being railroaded to the the swabber and into the station....so much for a right to refuse and walk out.

    Its amazing how intimidating a gang of armed men yelling at you can be.

    --
    "I opened my eyes, and everything went dark again"
  21. Re:Except they just turn the power off by Bob+the+Super+Hamste · · Score: 4, Informative

    Sadly in a cases like that I kind of which it would happen to me. I can be a big enough ass hole that I would follow up with a Deprivation of rights under color of law case. As an added bonus you can go directly after the party or parties involved and they don't get government protection. I really wish more people would peruse these types of cases against government officials' overreaches.

    --
    Time to offend someone
  22. I have cats by AndyKron · · Score: 2

    This won't work. I have cats.