USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device

Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

Of course USB is a perfect system

[OzPeter]

I mean my USB hub never drops my mouse connection or anything like that. So there is no chance of a false positive.

Re:Of course USB is a perfect system

[SecurityGuy]

No real risk, beyond that of inconvenience. All it does is shut your computer down. It's not wiping anything or physically damaging the hardware, it's just turning it off and relying on you using full disk encryption to actually protect your data.

Re:Of course USB is a perfect system

[Moof123]

That is probably a tactic to be used by the authorities. If they get a hold of the laptop and sneak in some piece of hardware to make the USB drop every now and then, the suspect will pretty soon disable it.

Way back when I worked for a 3 letter acronym this was a pretty low tech solution often employed to circumvent alarms of all sorts. Just randomly trigger the alarm a every few hours at night and within a few days it will be turned off out of disgust or at the orders of any cops that have been dispatched the last half dozen times. Now you can waltz in and do your dirty work.

Er...all this does is "shutdown -r now"

[xxxJonBoyxxx]

Here's the source:
https://github.com/hephaest0s/...

What's next - a tutorial on how to press the power button?

Deadmans Switch

[Liquidretro]

So it's a deadman's switch basically.

Re:Deadmans Switch

[smallfries]

No. A deadman' switch is an idea that has been around in analogue fail-safe systems for a long time. It is typically a device that you have to hold onto in order to keep the machine running. What you describe is one software implementation of that idea, but the GP is correct that this is another.

Re:this already exists

[Orestesx]

This is to be used in conjunction with TrueCrypt. The summary is alluding to the arrest of the alleged founder of Silk Road at a public library. He was using a computer with full disk encryption, but they physically separated him from the laptop before he could power it off. Attach this to your wrist, and the machine will be powered off when the USB drive is removed from its port.

works differently in the states.

[nimbius]

"In case the police come busting in" is a condition typically followed by a hailstorm of bullets here in the United States. Afterwards, assuming you have a winning complexion, charges are fabricated and officers exhonorated.

Our prosecution also works similar to a firehose. Typically if youre arrested for loitering or driving while black, youll be charged with resisting arrest and a large slew of other charges that may not even apply to your specific encounter. Once in jail a member of the prosecution team will approach you with a laundry list of offenses and the threat of decades of years in jail. Mercifully they will offer a plea bargain that, should you choose to simply plead guilty, youll only spend a fraction of that time in prison. If you cant afford a lawyer, and dont have a firm grasp of legal proceedings yourself, this option is generally chosen.

Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences. Indefinite forcible detention at border checkpoints without charges, for example, befell moxy marlinspike. computing chicanery in general that goes beyond the relm of 'good consumer' will find you hounded to the end of your days, as was the case of the late Aaron Schwartz. Given my options, id rather feign ignorance than quietly activate a duress payload.

Re:works differently in the states.

[infolation]

Wiping the contents of your laptop, or refusing to give a password in the US, is generally met with unfavourable consequences

Better than in the UK, where it's a criminal offence punishable by two years imprisonment. (Regulation of Investigatory Powers Act 2000, Part III)

And people are really locked up for that here.

How do you pee?

[mveloso]

How do you pee if this is attached to you? Do you keep a bunch of one-gallon jugs next to your desk?

Re:Except they just turn the power off

[Loconut1389]

usually they do everything they can to keep the power on including splicing into the power cables or pulling the socket from the wall and hooking it up to a phase locking UPS so they can take the computer still powered on. This is usually combined with a mouse wiggler to keep screensavers and sleep from kicking in.

Not the first, but more useful for today

[eastjesus]

Reminds me of something I wrote back around 1981. Working with the early IBM PC at the machine code level several flaws surfaced and for fun I packaged them all together in the boot sector of a 5 1/4" floppy which we put in a "break glass" box and put on the wall (There were no hard drives yet, the XT wasn't out yet). If you placed the floppy in the boot drive it would destroy the hardware in a few seconds. First, there was a bit on the original IBM display adapter (mono text only) which would lock the horizontal sweep on the standard IBM monitor forcing the horizontal output power transistor to overheat and burn out. You would see the display image collapse while the monitor would squeal while smoke (literally!) would come out the sides and back, and die with a $200 repair to fix it. Second, there were no stops on the head movement on those original floppy drives - with the right loop they would step out until the heads fell off inside the case with a pair of clunks if you had a 2 drive system. (Not a difficult repair, but you had to know what your were doing and get into the floppy drives themselves to fix it.) Finally, the speaker ran off of a shift register which could be loaded with a really nasty PWM sound and set to free run. With interrupts disabled and the CPU halted, the machine sat there smoking with a very loud nerve-rattling siren, completely dead and unable to boot. It would require major physical repairs to get it working again. The monitor would stink for weeks afterwards.

Re:this already exists

[Dunbal]

If they have a tactical team breaking into your house you are pretty much fucked on circumstantial evidence anyway... It might mean the difference between 5 years in prison and life in prison though. "We're sure he had 'x' on his hard drive" is a lot weaker than "we found 'x' on his hard drive"...

Re:Except they just turn the power off

[TheCarp]

If anyone needs someone to talk on how intimidating such a situation can be, they can just ask my wife, she has ended up in situations like this a couple of times just trying to get to work.

Here in Boston the local public transit (MBTA) thugs have a serious TSA hard on. They actually run random bag swabbing checkpoints at stations. In theory, you can refuse and leave, walk right out. In practice, when my wife tried to say no, she had one officer yelling "we have a resistor" as she was suddenly surrounded by people telling her what to do and found herself being railroaded to the the swabber and into the station....so much for a right to refuse and walk out.

Its amazing how intimidating a gang of armed men yelling at you can be.

Re:Except they just turn the power off

[Bob+the+Super+Hamste]

Sadly in a cases like that I kind of which it would happen to me. I can be a big enough ass hole that I would follow up with a Deprivation of rights under color of law case. As an added bonus you can go directly after the party or parties involved and they don't get government protection. I really wish more people would peruse these types of cases against government officials' overreaches.