It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Pentagon Computers Attacked With Flash Drive

page: 2
10
<< 1    3 >>

log in

join
share:

posted on Aug, 26 2010 @ 08:08 PM
link   

Originally posted by Agit8dChop
reply to post by crisko
 


Dude, if a foreign government spent x amount of money creating super'spy'flashdrives you don’t think they'd have some sort of super-secret method of immediately infecting and activating once plugged in?

they aren’t using Microsoft drivers to infect government systems now.. it will be something you or I have never even thought of.



It doesn't work like that... it's not that simple.

When you plug a USB device in a computer, the computer first has to read the hardware ID of the device and then search for a device driver on the computer that would allow the computer to communicate with the USB device. If the USB device is unique and requires a unique driver that isn't already found on the computer, then the device wont run. However, if the USB device is not unique, the computer will find a generic driver that would work with the device.

The only way to make a USB device work on a computer that you can't upload device drivers to, is to make use of generic drivers already installed on the computer. You would have to know or guess which drivers are already installed on the computer. My guess is they used a generic driver and generic USB drive.

Once a USB device is connected, there are no packets sent or received until instructions from the computer are sent to the driver. In layman terms, nothing will happen until someone on the computer initiates it.

HOWEVER, Windows has a special feature called AutoRun. When devices are first plugged in, Windows will automatically search for a file called AutoRun.inf on the device. If the file is there, it will read it and follow the instructions with in. Usually it just points to an executable application ont he device that should be automatically executed by the computer (like a virus.exe).

Most people just don't turn off the autorun feature on their windows installation.

I think this is really low-tech, and just a lucky chance, nothing high-tech.

Besides the above, there is NOTHING you can do to a USB device to automatically infect a computer. The computer always has to initiate the process, and that is not automatic.

-edit to add-

I forgot to mention that a properly configured USB device can also automatically install files when the computer is first booted up, only IF the computers motherboard is capable of "booting from a USB device". This option is fairly new in the computer world because it involves having drivers installed in the computers ROM (BIOS) which run the USB ports, and generic drivers for the USB devices plugged in. I doubt the laptop had this feature.


[edit on 26-8-2010 by IsALL]




posted on Aug, 26 2010 @ 08:23 PM
link   
reply to post by IsALL
 


I'm pretty sure microsoft doesnt provide drivers for cyberwarfare.

'' Hi Microsoft? Im a super secret chinese spy, my flashdrive with my supersecret hacking tools isnt installing because of your driver configurations. can you please give me asssitance? ''


... dude, all im saying is if your dumb enough to believe a country would hack a governments computers by 'waiting' for the flash drive to install, get drivers and get managed by windows your definately not thinking like a government spy.

im pretty sure with all the hacking capabilities, they can develoup something that activates and forces the PC to transmit the instant its plugged in.



posted on Aug, 26 2010 @ 08:29 PM
link   
stop the internet, stop them ... it is their fault



posted on Aug, 26 2010 @ 08:46 PM
link   

Originally posted by Agit8dChop
reply to post by IsALL
 


I'm pretty sure microsoft doesnt provide drivers for cyberwarfare.


Maybe it's your lack of knowledge of this subject, or something else, but you don't make sense at all.

There is a thing called "Generic Drivers". Ever since Windows 2000, Windows Operating Systems came included with a large set of "Generic Drivers" which take advantage of common USB protocols used in almost all USB devices. This includes USB Mass Storage devices.

You know all those different versions of USB devices? Well 95% of them all follow the same protocol and all of them can use the same exact device drivers.

For example... My USB keyboard is a very special keyboard. If I plug it into a Windows computer I can use it as a normal keyboard instantly because Windows uses "Generic Drivers" already installed on the computer. However, I can not use my keyboards special features (extra buttons) until I install the drivers that came with the keyboard.

I just got done telling you that the USB flash drive used to hack the Pentagon computer must have taken advantage of Generic Drivers, meaning it most probably was a generic flash drive.



Originally posted by Agit8dChop
'' Hi Microsoft? Im a super secret chinese spy, my flashdrive with my supersecret hacking tools isnt installing because of your driver configurations. can you please give me asssitance? ''


That is not funny at all, especially after I just got done telling you how they must have used GENERIC DRIVERS and a GENERIC USB DEVICE so they would have ZERO PROBLEMS.



Originally posted by Agit8dChop
... dude, all im saying is if your dumb enough to believe a country would hack a governments computers by 'waiting' for the flash drive to install, get drivers and get managed by windows your definately not thinking like a government spy.




Windows comes with pre-installed device drivers. This means there is no "waiting" or "installing" required. You just plug the device in, and it's already detected and ready to go.

Obviously you don't know a whole lot about computers, and didn't understand my last post.



Originally posted by Agit8dChop
im pretty sure with all the hacking capabilities, they can develoup something that activates and forces the PC to transmit the instant its plugged in.


Well, I'm pretty sure you have no idea how a USB handshake works, let alone computers in general.

There is absolutely NOTHING they can do to make a USB device force a computer to do something automatically, besides the two ways I described in my last post. A USB handshake just does not allow it. The only way is to have something already installed on the operating system which I already said was probably no that case.

I'm sorry but you are living in a fantasy world.


[edit on 26-8-2010 by IsALL]



posted on Aug, 26 2010 @ 08:49 PM
link   
How did this evil person get access to the super secret military computer?

This may just be a landed on a bad porn sight thing, or a now we have to check every ones flash drive sort of thing...
I just don't trust the military or the .gov when they admit to this sort of thing..
They normally don't admit to their mistakes...

Your papers (and your flashdrives) please!



posted on Aug, 26 2010 @ 08:56 PM
link   

Originally posted by Danbones
How did this evil person get access to the super secret military computer?


It was a laptop, meaning, someone probably took the laptop out of the Pentagon for use at home or on the field (where it was compromised), then returned it to the Pentagon at a later date where it infected other computers when it connected to the Pentagon network.

My uncle worked for the Navy, and his job required him to carry a laptop around for field work. The laptop was hilariously labeled "Property of the US Navy", I always thought it was a stupid idea to advertise such a thing. I figured it would be a little more secretive.

It happens...



posted on Aug, 26 2010 @ 09:03 PM
link   

Originally posted by Agit8dChop

I'd dress up in some bright shorts and shirt with a local IT businesses logo plastered on it. You know, real young typical sweet looking handout person. Fake promo's everywhere.

[edit on 26-8-2010 by Agit8dChop]


Did you ever read 2600 the old hackers magazine?
What your suggesting is exactly the kind of thing that they would write about.

It's much easier to compromise security through social engineering then trying to get through a well maintained security system, the human operating the computer is almost always the weakest link in the security chain.
A lot of people for example still write their passwords down on post it notes on their monitor (especially if the company has a strict password expiration date and length policy)
Another way I remember being suggested in 2600 is to find the internal number of an employee and call them up saying "Hey this is Dave from IT, were just doing an audit on our password security levels, could you please tell us your password so we can see if we have it recorded correctly" You would think that no one would fall for something that stupid, but they do.



posted on Aug, 26 2010 @ 09:05 PM
link   
The incident was from 2008 and involved a laptop which was apparently "compromised" whilst said user was in the Middle East (Iraq, if memory serves).

That it was configured for or had network privileges to Pentagon systems seems to have been the big dealio here.

Intranet privileges/accessibilities can prove Far more intrusive than mere Internet connectivities.

I'd have to think SomeOne, or Several, have been dealt with via provisions within the UCMJ.


... behind closed doors, of course, can't have their ass chappins being made public as well.




[edit on 26-8-2010 by 12m8keall2c]



posted on Aug, 26 2010 @ 09:17 PM
link   
reply to post by silent thunder
 


Many condition needs to be met, #1 what was the military laptop doing without any supervision, which allowed someone to insert a USB in it.

#2. The system must have a pretty BS physical + software security for someone to inject a spyware in it without any detection. If the files of the network is so restricted, usually even companies put locks on USB drives.

It is not cheap, someone has to create the stealth software which wasn't detected I suspect, but somehow detected later I suspect, somehow is the key word, how did they find it if it was stealth in the first place.

I'm suspecting who ever wrote this article is positioned somewhere in the network security and trying to boost the investment in the security which will hopefully give him a pay rise.

Just like Virus Removal companies build Viruses, security management contractors etc, create such scenario, knowing how precious the data and information is to those who hired him/them, therefore will certainly increase the funding.



posted on Aug, 26 2010 @ 10:07 PM
link   
reply to post by IsALL
 


dude, what im saying is.
Chinese spy agency designed flashdrives, will not be so basic and common as to need windows driver installation.

If a flashdrive can be read from the BIOS during post, its fact that the device CAN be read and initialised without windows.

use your imagination, not your ego.



posted on Aug, 26 2010 @ 10:24 PM
link   

Originally posted by Agit8dChop
reply to post by IsALL
 


dude, what im saying is.
Chinese spy agency designed flashdrives, will not be so basic and common as to need windows driver installation.



"Dude".... what I am saying is that the flash drive will have to be basic in order for the laptop to be able to read it without installing additional software. Do you understand yet?



Originally posted by Agit8dChop
If a flashdrive can be read from the BIOS during post, its fact that the device CAN be read and initialised without windows.


Like I already stated... Back in 2008 there was a very small selection of laptops capable of "booting from USB". The ones that were capable of doing this task had to have GENERIC DRIVERS already installed in order to read and use USB devices. If this is the case, the USB device would have to be generic in order to work. I doubt very much that they installed drivers first, so I am pretty sure they took advantage of GENERIC DRIVERS.

A device can only do what the device drivers are capable of doing. A device is limited by it's drivers.

A "super advanced secret USB device" wouldn't be any better than a normal USB device if they both use the same generic drivers provided by the laptop. I doubt they installed a driver first, then plugged the device in.

They must have used generic drivers, meaning their device was generic.


Originally posted by Agit8dChop
use your imagination, not your ego.


No I will not use my imagination, I will use my advanced knowledge of computer science. I have made USB devices before which control microprocessors. I know what I am talking about.

What you are talking about is imaginary science fiction. What I am talking about is science fact.

I highly suggest you read about the Universal Serial Bus standards;
en.wikipedia.org...

USB has many limits of functionality. I suggest you understand them, then come back later.

[edit on 26-8-2010 by IsALL]



posted on Aug, 26 2010 @ 10:46 PM
link   
sigh.. i swear some people just cant use their minds to comprehend they might not know everything about something. Computer science? woo hoo for you.. what if some 50yr old leader of a blackops chinese cyber hacking team came up and told you that you were wrong.
would you tell him NO, because you study computer science and the basic laws to which you understand can never be broken?



governments love people like you...

you believe because of your knowledge something cannot be done..

.. this is the perfect example of someone getting caught with their pants down, because someone proves them wrong.

im done arguing this point. I was merely suggesting an idea.

.... actually, just for your interest this tactic HAS been tried and proven to work. Companies often leave USB flash drives in the carpark of competitors and gain access to their networks even though they have security setup.




posted on Aug, 26 2010 @ 11:09 PM
link   
reply to post by IsALL
 


Yah dude, trust me...You don't need drivers on a PC to run specific "applications" from a thumbdrive. THAT is all a super-spy thumbdrive is.... APPLICATIONS that are LOCATED on a thumbdrive. The computer has generic drivers that allow the thumbdrive to INTEGRATE with the PC. It's the APPLICATIONS that do the bulk of data-theft work. Trust me...Go research the USB Switchblade, it's a special that HAK5 (an IPTV show) did. I've EXPERIMENTED with the USB Switchblade myself on my residential network. I plug it in, 20 seconds later I'm provided a complete open "door" into the physical system. As an example (and to prove you completely wrong) I'll provide you with a quote from the Wiki on the USB switchblade.




# Dump System Info # Dump Network Services # Dump Port Scan # Dump Product Keys # Dump SAM (Via PWDump or FGDump) # Dump Wifi Hex # Dump Network Passwords # Dump Cache # Dump Messenger Passwords # Dump Firefox Passwords # Dump IE Passwords # Dump Mail Passwords # Dump LSA secrets # Dump Updates-List # Dump URL History # Dump External IP (to the log file) # Install HakSaw # Install VNC


SOURCE - Hak 5 WIKI

Any questions?


Conclusion: With 20 seconds and PREPARED U3 USB device setup with a PREPROGRAMMED (That's the key) application, you can extract ANY data you want from the target system.... so long as their security measures aren't monitoring that specific data. Which is a HUGE hole when it comes to security, but I digress...

Go research it yourself if you don't believe me......DRIVERS HAVE NOTHING TO DO WITH THE APPLICATIONS THAT A THUMBDRIVE RUNS!!!!

The only thing the drivers provide are "integration" for the HARDWARE(USB Thumbdrive) to connect with the system. After that, it's ALL up to the applications LOCATED on the USB THUMBDRIVE to decide just what programming/payload they run on the target PC

/end technology rant (hoping SOMEONE ((anyone)) learns)



posted on Aug, 26 2010 @ 11:14 PM
link   

Originally posted by Agit8dChop
sigh.. i swear some people just cant use their minds to comprehend they might not know everything about something.



Sigh... I can't believe someone like you who knows absolutely NOTHING about this topic is trying to tell a professional what can and can't be done with USB.

I just told you, I HAVE MADE USB DEVICES.

I swear.. some people just can't use their minds to comprehend that someone just might know EVERYTHING about something.

I know EVERYTHING about USB devices.... TRY ME.

I am a "hacker"! DUH!



posted on Aug, 26 2010 @ 11:17 PM
link   
reply to post by ElijahWan
 


Everything you said I ALREADY KNOW.

The point I was trying to make is that the USB device is not "some super spy device".. IT IS JUST A GENERIC THUMB DRIVE.

How do I know this?? Because it must have used GENERIC DRIVERS in order for whatever virus/worm application that was on the drive to even get on the computer.

You entire post is irrelevant, and shows that you didn't read any of my posts.



posted on Aug, 26 2010 @ 11:17 PM
link   
reply to post by IsALL
 


Clearly not if you thought that the "drivers" on a PC determined what kind of applications can be run a target PC. A thumbdrive can potentially do ANYTHING on a PC since it's the APPLICATIONS that determine what the "thumbdrive" does when plugged in, NOT the drivers *SHEESH*



posted on Aug, 26 2010 @ 11:19 PM
link   

Originally posted by IsALL
reply to post by ElijahWan
 


Everything you said I ALREADY KNOW.

The point I was trying to make is that the USB device is not "some super spy device".. IT IS JUST A GENERIC THUMB DRIVE.

How do I know this?? Because it must have used GENERIC DRIVERS in order for whatever virus/worm application that was on the drive to even get on the computer.

You entire post is irrelevant, and shows that you didn't read any of my posts.


My entire post is RELEVANT since your point about "Drivers" and what not has nothing to do with the topic at hand. Point is, with a PREPROGRAMMED Thumb-drive and PHYSICAL ACCESS to a machine, it takes roughly 20 seconds to have access to ALL data that the machine/user account has access to, depending on the quality of their "security policies" ect.

AKA

POINT IS:

All China has to do is make a USB Switchblade, and gain physical access to the LAPTOP and BOOM they have state secrets....So please clarify how I'm not being relevant?



posted on Aug, 26 2010 @ 11:23 PM
link   
reply to post by ElijahWan
 


PLEASE FREAKING LEARN TO READ!

My first post on this topic was a reply to Agit8dChop's post that they must have used some "super spy device that can just instantly control the computer"...

I was explaining that they most probably didn't use any special device, they had to have used a GENERIC THUMB DRIVE, because they would have had to use GENERIC DRIVERS.

I KNOW that the entire operation is relying on the application (virus/worm) to be installed on the computer.... but the ONLY way for the application to make it onto the computer is via the GENERIC DRIVERS.

GENERIC DRIVERS of USB devices are VERY LIMITED in functionality. I do not know one single generic USB device that can instantly control a computer once it is plugged in.

OMG obviously I'm talking to people who have NO CLUE and ZERO KNOWLEDGE of this subject, or what I am talking about.

GEEESSH!!! ATS is a pile of crap these days.



posted on Aug, 26 2010 @ 11:23 PM
link   
understanding this info is old
I still have to laugh at the inabilities of our government.

these are the rulers of the USA



posted on Aug, 26 2010 @ 11:26 PM
link   
reply to post by ElijahWan
 


Please, learn to read... I was reply to Agit8dChop's post, not the topic.

Your entire post is a bunch of rant to me.

Again... I was explaining the LIMITATIONS of a USB DEVICE.

There is only TWO ways to automatically load a program on a computer, and I already mentioned both of those ways.

You post is irrelevant to what I was discussing with Agit8dChop.



new topics

top topics



 
10
<< 1    3 >>

log in

join