Regular USB Drives - A Spy’s Best Friend

News in the Nordic countries have featured heads of military and policy intelligence issuing stark warnings on the usage of unknown unsecure USB drives used for industrial espionage and foreign intelligence services.

Both PST in Norway and MUST in Sweden have on separate occasions in 2013 highlighted the threat of these dangerous USB drives. The data and warnings correlate both with our own surveys here at BlockMaster and also with the famous drop test that Homeland Security did in the US.

The current threat that is highlighted is giveaway USB drives or simply USB drives found on the street or laying around. Several incidents have been reported in Sweden and Norway where these drives have been plugged into computers and infected networks using malicious software. At the Swedish military intelligence branch, Klas Eklund also points out that a regular USB drives can load more data than used to be stored in one of the old secure data centers back in the day.

But when it comes to the drop-and-infect, the method to make someone plug the infected drives follows is simply to give a free USB drive to and employee or to drop it outside their office. Human curiosity takes care of the rest. BlockMaster’s survey showed that 76% would plug and unknown device in. And in the Homeland Security droptest in the parking lot of the Pentagon they achieved a 90% plug in rate by having an official looking logo printed on the device.

Given that the Homeland Security test is from 2011 little has changed in user behaviour, it is simply not a problem that will be solved without a technical solution. The solution is to lock down the network and not allow unknown USB drives and instead rely on secure USB drives for data transport. The SafeConsoleReady secure USB drives that we at BlockMaster power are all hardened against infections. Furthermore BlockMaster offers a low-price USB port control that locks out the dangerous drives.

Sources:

http://www.expressen.se/nyheter/dokument/spionchefen-som-jagar-usb-stickor/

http://www.gsnmagazine.com/article/23705/usb_ploy_dhs_exposes_curiosity_security_flaw