Security Conference Gifts are Viruses

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Jan 11, 2018.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    Messages:
    48,664
    Joined:
    May 18, 1997
    Thank you for coming today, we appreciate you being here, please accept this free virus as a sign of our gratitude. If nothing else this sound serve as a warning to never access a strange USB flash drive with a computer that you even remotely care about.


    The Criminal Investigation Bureau has admitted that it handed out 54 malware-infested thumb drives to the public at a data security expo hosted by the Presidential Office from Dec. 11 to Dec. 15 last year.

    An employee at the company used the affected computer to transfer an operating system to the drives and test their storage capacity, transmitting the malware to 54 units, the bureau said.
     
  2. RogueTadhg

    RogueTadhg [H]ard|Gawd

    Messages:
    1,231
    Joined:
    Dec 14, 2011
    Also; I want a thumb drive like that in the photo.
     
  3. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    I would prefer one that said "Not a Virus" on it. :D
     
    DoubleTap and Wrecked Em like this.
  4. U-238

    U-238 Limp Gawd

    Messages:
    133
    Joined:
    Aug 14, 2008
    How has this never been done before? Seriously this would be a brilliant idea just to help drive home the point. Obviously in this situation it wasn't intentional but think of this: You show up for a security conference, get handed a free usb drive as a grab-bag freebie, you plug it into your laptop, and bam, you get a page-hijack that is basically a web page that says "hey stupid, don't ever put usb's you don't trust into a computer you ever care about!".
     
  5. BSmith

    BSmith Limp Gawd

    Messages:
    382
    Joined:
    Nov 9, 2017
    Oh no, I like the "virus" one. Think about it. How many people would consider picking it up and walking away with it? :)

    I do have to laugh at the irony of it.
     
  6. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    Well... I would... :D I'd pop it into a non-networked expendable machine that I could blow away the OS on, format it, and then I have a free USB device that says Virus on it. :p

    I wouldn't actually take it if it wasn't mine... I'm usually on the receiving end of that one...
     
    Chupachup and BSmith like this.
  7. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,072
    Joined:
    Oct 16, 2011
    Physical trojan horses are still a thing.

    People can't fucking learn from history so they are doomed to repeat it.
     
  8. Master_shake_

    Master_shake_ [H]ardness Supreme

    Messages:
    4,256
    Joined:
    Apr 9, 2012
    a smart guy would have put a cryptocoin miner on there.
     
    Jackal_X, DoubleTap and Chupachup like this.
  9. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    Indeed! Some of that new KodakCoin maybe. :p
     
    Master_shake_, cyclone3d and BSmith like this.
  10. Nolan7689

    Nolan7689 Gawd

    Messages:
    558
    Joined:
    Jun 5, 2015
    That’s what I was thinking. Honestly I had to reread the post to realize they didn’t do this intentionally.

    It would be a great publicity stunt, and important lesson to some.


    The funny thing is having worked at Nukes, the typical policy is that we aren’t allowed to plug ANYTHING into a PC that hasn’t already been checked out and approved by their cyber security team. Anything meaning, anything down to the 3.5mm Aux.
     
  11. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,372
    Joined:
    Jun 1, 2004
    how much of this is intentional so they have a backdoor again after all the leaks caused backdoors to start getting fixed. there were memos like "hey we should distribute this app so people create a trojan for us..."
     
  12. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    "on accident" :D
     
    oROEchimaru likes this.
  13. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    11,904
    Joined:
    Aug 16, 2004
    Really surprised that this hasn't been posted yet.

    [​IMG]
     
    Kyle_Bennett, Master_shake_ and J3RK like this.
  14. Sikkyu

    Sikkyu I Question Reality

    Messages:
    2,627
    Joined:
    Jan 21, 2010
    its not malware, its a feature.
     
    Master_shake_ likes this.
  15. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    Malware with features.
     
  16. Daarken

    Daarken [H]Lite

    Messages:
    69
    Joined:
    Jan 3, 2006
    In the 90's I purchased some CAD software on a 3.5 floppy disk that had a sticker on it. "Hermetically Sealed"
     
  17. TwistedAegis

    TwistedAegis [H]ardForum Junkie

    Messages:
    8,889
    Joined:
    Oct 7, 2009
    Hmm, a better virus to take home than what could occur with some of what is being discussed in the Buy anything with crypto thread...
     
  18. Schtask

    Schtask Limp Gawd

    Messages:
    388
    Joined:
    Nov 29, 2011
    I will say this. If you attend SHOT Show, CES, Defcon, Blackhat, pharmaceutical, aerospace, defense, rapid prototyping, or any other trade show that shares an industry with the PRC...You are a target. Especially if you are a vendor. I've been in situations personally where co-workers have left the conference to grab their laptops out of their room and keep them on their person due to the behavior being exhibited by some of the attendees.
     
  19. Blakestr

    Blakestr [H]ard|Gawd

    Messages:
    1,934
    Joined:
    Aug 11, 2004
    I exhibited at ITSEC in Orlando this past November- if you walk around, there are like 20-30 suited security guards, who mostly stair at their phones or tell you that you can't get back in if you go out those doors. Then I read through the agreement for exhibitors when they tell you, "We will not protect any of your shit".... I get that they can't be on the hook if ninja's break in and steal Boeing's new Rocketpack but come on...I'm paying this facility a hundred dollars a square foot and some of that is going to these yahoos who won't do anything at all to protect my stuff. Call me paranoid but I packed up everything I couldn't afford to lose into my Pelican 1690 and took it home every single night of the trade show.
     
    Schtask and Kyle_Bennett like this.
  20. Wrecked Em

    Wrecked Em [H]ere for the GangBang

    Messages:
    4,249
    Joined:
    Sep 14, 2004
    Yeah, but it was free. I wonder how big the drive was?
     
  21. deton8

    deton8 Limp Gawd

    Messages:
    231
    Joined:
    Sep 27, 2007
    I was hoping it was shaped like an actual human thumb before I clicked on the link.

    Disappointed.
     
  22. katanaD

    katanaD Limp Gawd

    Messages:
    476
    Joined:
    Nov 15, 2016
    wow.. and they didnt even have to go to the effort of throwing a bunch around on the ground

    nice
     
  23. J3RK

    J3RK [H]ardness Supreme

    Messages:
    7,399
    Joined:
    Jun 25, 2004
    One JiggaBytes.
     
  24. Schtask

    Schtask Limp Gawd

    Messages:
    388
    Joined:
    Nov 29, 2011
    Yup. My experiences exactly. Don't even get me started on the honey pots hanging out in the hotel lobbies and bars after hours. "Yeah lady...You're way to hot to be interested in what I do or say.... How much is the PRC paying you?"
     
  25. DrLobotomy

    DrLobotomy [H]ardness Supreme

    Messages:
    5,246
    Joined:
    May 19, 2016
    I assume the 'dirty' thumb drives are a distraction from the fact all the phones are getting owned.
     
  26. Blakestr

    Blakestr [H]ard|Gawd

    Messages:
    1,934
    Joined:
    Aug 11, 2004
    And that's when the attack comes, not from the thumb drive you never used, but from the phone you always had.
     
  27. rudy

    rudy [H]ardness Supreme

    Messages:
    8,145
    Joined:
    Apr 4, 2004
    Should they have to ? I mean I have never understood the whole deal with USB based malware.

    I have these really simple questions.

    What is the point of even having USB drives which are designed to move data physically between computers if we cant trust them at all anyway?
    How is it possible that after 20 years of using these things the OS and antivirus do not have solid protections by default in place to stop these devices from auto play, or whatever the heck is allowing them to infect machines.

    I mean seriously but then again I view pretty much all the products we use in this manner. People like to say things like don't browse bad web sites. UMM why on earth is an internet browser even open to these attacks. There should be a clear point where anything that could harm your computer or install anything on it requires elevated privileges. And at no point should anything ever pop up or prompt you automatically to install anything when you are surfing the web unless you specifically click a link to do so.

    Security buffs are always trying to blame their clients for the failures of the software and hardware they use. They hired you because they don't know what they are doing don't be a moron and push the blame off on to them. Make it secure. That is the point of security if the clients could handle it all we wouldn't need security.
     
    WhoMe likes this.
  28. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,072
    Joined:
    Oct 16, 2011

    There's only so much you can do to prevent normal people from doing batshit insane stuff.

    https://www.theregister.co.uk/2016/04/11/half_plug_in_found_drives/

    SOCIAL ENGINEERING WILL ALWAYS BE THE WEAKEST LINK!!
     
  29. rudy

    rudy [H]ardness Supreme

    Messages:
    8,145
    Joined:
    Apr 4, 2004
    So I don't know what the point of your link is, once again I reiterate that the mere fact you plug a usb drive in should not be a security risk no matter where it comes from. A properly secure OS should be able to handle plugging any USB drive in laden with thousands of malware and only the act of running a program and elevating privileges should be a security risk.
     
  30. Chas

    Chas [H]ardness Supreme

    Messages:
    5,708
    Joined:
    Oct 31, 2005

    Years ago, for the D&D 4th Edition at GenCon, they were passing out electronic tools for character generation on these little black thumb drives that were like 1MB.

    Basically everyone who had got one in my party and tried to plug in had their AV go apeshit.
     
Tags: