Today’s blog is a little different, as we will be discovering ingenious techniques employed by hackers to attack security systems by using an ordinary-looking USB cable.
I’m going to start by telling you a story.
Our tale begins in a very non-suspicious way.
USB Cable on your door-step- How Hackers Attack
One ordinary day, a simple USB cable appears out of nowhere. You may find it lying near your desk or even by your car. But it looks brand new, and it is not damaged, so why not take it you think? At some point, you decide to test it and check if it works, so you plug it into your computer and connect your phone. To your delight, the cable works perfectly. The charging icon on your phone appears and a happy buzz is emitted. What a happy ending, right? At this point, not a single thought goes through your mind that something is very, very wrong.
The days and weeks pass and one fateful morning, you notice something different. This time when you plugged the cable into your phone it didn’t begin to charge. Hmm, you think. You fiddle with the connector, plug the cable in, take it out again a few times, and then try the same with the USB port on the computer. After a while, you test another cable, and everything works fine. It must be the cable you picked up that is not working. Oh well, not a biggie you think, while you disconnect the cable and toss it to the bin.
Another few days go by uneventfully but then out of the blue, it all goes terribly wrong. Your hard-earned money has been stolen, your confidential company data has been shared on the internet, and all your internal emails are exposed to anyone who wants to read them. There’s only one question on your mind, and on the minds of everyone at your company. How did the hackers attack?
This real-life horror story sounds like the beginning of a James Bond movie, with a supervillain attacking some unsuspecting high-profile victim to obtain the latest codes to a satellite network or maybe blackmail a high-profile YouTube Influencer. But this story could be about you.
So, How Do Hackers Attack?
Let me explain, in simple terms how hackers attack.
The cable you picked up was not an ordinary cable. Oh no, this was a super sophisticated hacking tool and what it can do is genuinely scary.
Inside the cable are a few super tiny components that create one of the most sophisticated Swiss army knife solutions. On the outside the cable looks and feels just like any other USB cable. Inside is very different.
First, the cable has a built-in wireless access point. It has a keylogger, global keymap, geofencing, space for up to 200 payloads, and a self-destruct function. Wow, right?
Okay, let me explain what that all means minus the techno-speak. I will start with the Wireless Access Point.
When you connect the cable to your computer or a laptop, the cable is activated. It starts with the Access point. If you check the list of all wireless networks on your device, you will suddenly see a new network on the list. And if the hacker is near your computer, they will be able to log in to their Wireless Network and start attacking your computer.
Now, you might think, if I am in front of my computer then I will see if someone taking control and I can raise the alarm. And if I leave the computer unguarded then within a few seconds my screen is locked and to access it you must put in my password, so it must be safe, right?
Well, no, unfortunately, you’re not. First, the cable has the built-in ability to emulate a keyboard and a mouse. With that, your OS or operating system is tricked into thinking you have connected an external keyboard and mouse. So, when you leave your computer, the script is executed, and your mouse moves just a tiny amount like a few pixels. To the human eye that is something you would not notice, but for your computer it is a sign that you, a user, are still in front of the keyboard and the lock screen function is therefore not enabled as it is being constantly reset. When you leave and head for lunch, the hacker can then access your unlocked computer. Ingenious and frightening. But wait, there is more…
The cable also has a Build in Keylogger. This means whatever you type on your keyboard can be captured and stored. At some point, you will type your username and password and those will be captured. Think for a second about what you type on your keyboard. Let’s say you want to log on to the bank. First, you will click on your web browser then, you will type www.myBank.co.uk and press enter. Then you move your mouse to log on to your account, you click on it then you would type “My username” and that will follow by a string of letters and numbers, which is easy to assume would be your password. All of that is saved for hackers to simply copy from the internal storage within the cable so they can attack. Scary!
Invisibility, Geo-Fencing and Payloads
Next, Stealth! When was the last time you heard that antivirus software is checking USB cables for the presence of a virus? Well, me neither. This means the cable can stay undetected for a very long time, lurking in the background and collecting information about you.
Geo-fencing – Imagine that the hacker got a bit of bad luck and all they want is to steal from your business not your home. If the cable is connected at a different location all the functionalities can be switched off. However, many hackers are opportunists and will not care about this, as long as they can put their hands on your money, they will not fret if those funds come from your personal account or your business.
200 payloads. What is that about? Well, each attack can be different, and the hacker can prepare different scenarios. They might optimise the attacks for Windows or Mac computers. They might target specific vulnerabilities. What is the worst situation from a hacker’s perspective? Getting access to your computer is a success for them and it can take a very long time to get there, so the last thing they want is to realise they are missing the right tool. With space for 200 different payloads, this gives the hacker a maximum number of different ways to attack you and achieve their end goal.
But the hacker’s hard labour could be spoiled by a small thing such as international characters. Let’s say that your password has a character from the French, German, Russian or Chinese alphabet. If you type “ã” or “ź” and the hacker’s tool only copies and pasted this as “a” or “z” then the password would not work. So, to overcome this issue the tool comes with 192 international keymaps. That would mean if you press “ã” or “ź” it would be saved as “ã” or “ź”.
So, what is happening when this cable collects all this data? There is a way to extract it or get it back. What is especially scary is that this can be done even in airgap environments.
Arigap-tight Environment and How Hackers Can Attack It!
What is an airgap-tight environment?
Also known as an air-gapped environment or air-gapped network, this refers to a highly secure and isolated computer or network system that is physically and logically disconnected from external networks or the internet. The term “airgap” refers to the absence of any physical or network connections between the isolated system and the outside world.
However, with the built-in Wireless Access point, hackers can extract the data with relative ease. All they have to do is be close enough for the access point built into the cable to connect to their computer and within a few seconds they are able to copy all the stolen data and passwords.
Covering their tracks. Once the data is stolen, the hacker can easily cover their tracks thanks to the technology in this ingenious cable. This is necessary because the payloads and configurations can expose data which could potentially expose a hacker’s identity.
How Do Hackers Cover Tracks of Their Attacks?
It is all about attention to detail when it comes to covering tracks by hackers of their attacks.
One of the most famous examples of criminals being tracked down would be catching the creator of the Silk Road. The man behind the illegal website where you could buy drugs, counterfeit items, or even hire a hitman. Unfortunately for him, he made one small mistake, very early in the process of setting up the website, he sent one (just one) post with his personal email address. As far as I know/remember from the story, he didn’t make any more errors but that was sufficient for the authorities to uncover who he was and subsequently prosecute him. So, what the hacker can do now to avoid this is execute self-destruct mode, where all data is wiped out from the cable.
Additionally, the cable stops working as a USB cable which leads to the situation where the victim throws away the lead thinking it is just faulty and thus preventing the discovery of how the heist was done. What you need to realize is that the hacker does not have to use the stolen data immediately, they can wait to increase the chances that the evidence is destroyed and act a few days later.
As you can see, the world of IT security is boring and predictable! Haha! Far from it, clearly! Working in this field for two decades, I have learned that expecting the unexpected is a good approach. You must be vigilant and question what you experience and see. Your gut feeling that something is not right should never be ignored. Always think, what is the worst-case scenario if I ignore this? And what is the worst if I take action?
Generally, if you listen to your instincts and act whenever you spot any potential “red flags” in your mind then the worst that could happen is that an IT professional will spend a few minutes investigating what is happening and tell you everything is okay. And that, in my opinion, is a small price to pay. So next time you are worried please don’t think you are crazy. Listen to your gut and contact your friendly team of IT support experts. We’re here to help. Click here to get in touch.
Pick up the phone and call someone you trust, if you don’t know anyone give me a call or someone from our team.
I hope you enjoyed today’s blog (otherwise known as Tom’s story time!). Remember to follow and subscribe for more expert advice and guidance on everything IT straight to your inbox each week.
Sign up below to join the Operum newsletter