Research from Crash Alive – USB Hacking
Note – Potential Spoilers Below: This is a blog post diving into parts of the research for my new thriller, Crash Alive. I’ve done my best to avoid spoilers, but if you haven’t read the book and want to go in fresh, you might want to bookmark this one.
Crash Alive kicks off with a USB hack, a surprisingly-common form of hacking that is still widely used today. It’s seems like a stretch to think that someone would use a simple USB stick to gain access to another system; in fact, one of my beta readers told me “that would never happen,” which told me that I needed to go back in and add some more detail (which I quickly did.)
The short version of this post can be summed up with the following: if you see a random USB drive lying around, don’t grab it. Don’t pick it up. And certainly don’t think “Score … free USB drive!”, run home, and plug it into your computer.
USB drives have been a hacker staple for years. In fact, one version of the Stuxnet story —a virus created by the U.S. and Israeli governments that shut down Iran’s Natanz nuclear facility— says that the virus originated from American operatives leaving infected USB drives in Internet cafes around the nuclear plant. Nuclear engineers simply found the devices lying alone on random tables, pocketed them for their own use, and eventually plugged them into machines connected into the nuclear facility’s network.
A few popular pieces of USB hardware include:
- The Rubber Ducky: http://hakshop.myshopify.com/products/usb-rubber-ducky
- Etherkiller: http://hackaday.com/2015/10/10/the-usb-killer-version-2-0/
The next time you see a random USB drive on the sidewalk or in a Starbucks, don’t wonder what’s on it. Wonder if someone left it there on purpose.
Here’s some additional reading:
- from Gizmodo: Watching a USB Hack in Action Makes Me Never Want to Leave My Computer
- Komando.com: This Nightmare USB Hack Toasts Your Computer in Less Than Two Seconds
- Wired: An Unprecedented Look at Stuxnet, the World’s First Digital Weapon
- Ars Technica: This Thumbdrive Hacks Computers: “BadUSB” Exploit Makes Devices Turn Evil
- Wired: Chrysler Catches Flak for Patching Hack with Mailed USB
Thanks again for reading. Next up in this blog series will go deep into the redwood forests of California and the Bohemian Grove.