Hackers Use Rogue Mouse to Crack Firewall

Hackers Use Rogue Mouse to Crack Firewall

www.livescience.com

"The microcontroller acts as if there's a person sitting at the keyboard typing," Desautels told The Register. "When a certain set of conditions are met, the microcontroller sends commands to the computer as if somebody was typing those commands in on the keyboard or the mouse."

Although this particular hack penetrated a Windows machine, Desautels said the mighty mouse could be used on a variety of operation systems.

(visit the link for the full news article)

Mighty Mouse is here to wreck your day!!!

Just think... One of these devices could be switched in store, simply by removing one mouse from the package and adding the "mighty mouse" into the package. Some poor sod would come up, buy the new mouse, carry it home and totaly give up control to any and everything on his/her system.

Scary thought... What if you threw a couple of these out around millitary bases? There is a good chance that some serious classified information could be obtained. Just think of all the places you would NOT want one of these devices. And... who would ever suspect it?



www.livescience.com
(visit the link for the full news article)

Very spooky, but if you checked your computer I'm sure they'd notice that the mouse or software isnt the same as stated on the box.

lol I thought about this and spoke with people about this about 5 years ago.

They said it couldn't be done.

Originally posted by BigBruddah
Very spooky, but if you checked your computer I'm sure they'd notice that the mouse or software isnt the same as stated on the box.

Ahh but... The mouse can be made from any modern, new model mouse. That's the scary part. It would look like any other mouse.

Forget mice and keyboards. I wonder how many computers come from the factory ridged like this. And do not forget printers, cell phones , PDA, ePicture frames, flash drives, SD cards and I could go on all night. No data is 100% safe.

Originally posted by BigBruddah
Very spooky, but if you checked your computer I'm sure they'd notice that the mouse or software isnt the same as stated on the box.

Simple. You buy a mouse, Take it home and to the upgrade. Then take it back and tell them you want you money back of some reason. They then just put it back on the shelf and resell it.
I have caught stores putting stuff that I took back that was broke back on the shelf to be resold again. Every wonder why they make so much fuss about keeping all the packaging for a returned product. That is do they can try and sell it again.

This sounds like a way to have fun.

Go to your public library and use you cell phone to photograph the mouse they use then set up using the same type.

Then swap set up ones for there's and you have a complete record of anyone password and logon names for any sites they may frequent.

Since many people tend to use the same logon names and passwords you many be able to track them all over the web.

Originally posted by fixer1967
They then just put it back on the shelf and resell it.

I see what you're saying, but that wouldn't work in the story in the OP.

The article didn't really explain how they got the rigged mouse into the target network, but it certainly didn't happen by sitting on a shelf somewhere hoping someone from the target would come and buy it. The method they used to deliver the mouse is part of the hack, and they aren't sharing that detail.

They don't say who the client is either but I can understand that.

I've said it before and I'll say it again. I only know of one way to prevent a remote hack of a computer or server. Don't connect it to the internet and keep the location physically secure, with security protocols in place for access, etc. The only way that would have failed in this case is if they got the mouse into the secure location, and if the mouse had a transmitter. But there are "bug detectors" that can be used in secure locations to see if anything is transmitting.

That is/could be happening to me . My mouse has a mind of its own. Sometimes I look back over what has been written and it is changed or wrong. The mouse and what I am able to write is being governed by the sensitivity of the info . Normally the arrow starts to move wildly up and down , but I have watched it point itself to a whole sentence recently. They didnt like what I wrote . But I was serious about it and posted it anyway. The mouse gaining a mind of its own trick can be foiled by pressing standby : annoying but it rids it for a short while. Its blinkin annoying when trying to manage a new thread or when posting links. This is a message for them : ye are the fools and you are on the side of the losers. There are powers much higher than yours.

Originally posted by Grey Magic
lol I thought about this and spoke with people about this about 5 years ago.

They said it couldn't be done.

I guess you spoke to the wrong people

I was wondering if someone has tried embedding a microSD (or other) memory card into a USB keyboard or mouse so when it's connected for the first time it automatically executes or copies over a trojan, app, script, etc..

Nothing can be safely connected to a system without the risk of compromise.

Originally posted by fixer1967
Forget mice and keyboards. I wonder how many computers come from the factory ridged like this. And do not forget printers, cell phones , PDA, ePicture frames, flash drives, SD cards and I could go on all night. No data is 100% safe.

I'll bet a lot of them do. Check this. I work on computers for a partial living. A few weeks ago a lady brought be a new E-Machines desktop. Windows 7 Ultimate. She said it had a problem. I hooked it up, and sure enough, when it booted, it didn't boot like Windows normally does, it booted in verbose mode, like Linux. When it finally did boot, you could not go online, service was denied. I checked ports with some software I have, and found a game port, and an FTP port open. I unplugged the Ethernet line, the computer froze.
I ended up erasing the HDD and doing a fresh install of Windows Vista Home Edition, she likes it way better now. Bought my wife a new Toshiba Satellite with 7 on it. Right away it began to have some problems. Very slow boot up procedure. Buggy performance, frequent freeze ups, sometimes it even rebooted itself. I tried for three days to install Linux on it, everything from Ubuntu to Fedora to PC Linux to no avail. Couldn't make the Realtek wireless work. Closest I came was with Ubuntu. I got the Windows driver installed, but then the mouse froze, and I couldn't do anything but start again. I ended up installing Windows Vista Home on it.

I'm not saying the problem is with Windows 7, but, it is a known fact the the NSA wrote a back door into all Windows since ME. ADAPTI.NSA.KEY.DLL is one, find it in C/Windows/System/Drivers. So it could be that source code is written into some computers. At the same time my wife got her Toshiba, her sister bought one just like it, in fact it was sitting beside it in the store. Hers never gave a a problem, it is still running Windows 7 and she has no complaints. I have had a lot of service denials with Dell computers of late too. What people do not realize is that a keylogger can be installed in the background that will record every key stroke you make, that includes log ins, passwords, email addresses, system logs, etc. This is all then sent to the owner of the Trojan using Sendmail, another background service using Telnet. No computer hooked up to the WWW is safe anymore.

Originally posted by matito
I was wondering if someone has tried embedding a microSD (or other) memory card into a USB keyboard or mouse so when it's connected for the first time it automatically executes or copies over a trojan, app, script, etc..

It's getting to the point that nothing can be safely connected to a system without the risk of compromise.

Getting to the point? It's been there since we had floppy disks....

reply to post by HunkaHunka


I meant... getting to the point of NOTHING AT ALL. Not even USB, hdmi, dvi, vga, eSata, etc or any kind or peripherals or devices. Maybe even eventually a RJ-45 NIC card. It will eventually get to the point where unsecured building network cables can't be trusted.

The OP's source demonstrates the emerging risk with devices that were previously regarded as safe. When a company buys a mouse, printer, keyboard or digital camera are they opening it up to verify that it has not been tampered with? I doubt it. Until peripherals and other devices become a known threat, they will not be checked thoroughly. They will continue being a disregarded, yet potential threat.

Multifunction ports like USB will become very prone to compromise by embedded stealth technology.

Originally posted by autowrench
I'm not saying the problem is with Windows 7, but, it is a known fact the the NSA wrote a back door into all Windows since ME. ADAPTI.NSA.KEY.DLL is one, find it in C/Windows/System/Drivers.

I was unable to find that on any of my PCs, nor was i able to confirm that with a Google search. The only thing the search turned up is that there was an export restriction at one time on the more advanced encryption and the alternate version for export was approved by NSA or something along those lines.

This article claims that the "Malicious Software Removal tool" may contain a backdoor, citing a Microsoft reference that "even revealing its name could give cyber criminals a clue on how to thwart it" and he thinks it fits the profile of the software used to bust the cybercriminals. I don't know if anyone really uses that "Malicious Software Removal tool".

Microsoft Discloses Government Backdoor on Windows Operating Systems

It's hard to confirm any of these allegations, but whether that's the software Microsoft used to spy or not, that does seem to be an interesting admission by Microsoft that they definitely have something installed on windows to spy with, to catch cyber criminals or do other things. It is a little annoying to have armies of zombie PCs out there attacking us, but I'd hope they could fix that problem without installing backdoors.

That's interesting about the e-machines coming pre-rigged with open ports, did it come straight from emachines that way? I read somebody bought one and disconnected the CD drive and was able to get power consumption down to 20 watts. I think that guy deleted what came with it and installed the OS from scratch too. I'd love to have a low power draw PC like that I could leave on 24/7, but I never heard of anyone running any other modern PC on 20 watts.

reply to post by ZIPMATT


A new mouse is chaep. Get a new one.

Originally posted by ZIPMATT
That is/could be happening to me . My mouse has a mind of its own.

Is that on a laptop by any chance?

I had the same thing happen to me. Chances are it's not an attack like what's described in the OP because they would make that clandestine so you wouldn't see it.

In my case, it was like a ghost took over the mouse at times. But I figured out the problem. Every time the cooling fan came on, is when it happened. so the circuitry for the mouse was inadequately shielded. It was a Dell laptop still under warranty and they didn't want to fix it because it was major but they ended up replacing the entire motherboard, so I guess the defective (inadequately shielded) circuits were built into the laptop motherboard. Replacing the mouse wouldn't have helped, that was just the symptom, not the cause.

That was a terrible problem, it almost deleted a file one time, it was not only moving the mouse it was clicking it too, it got as far as a confirmation screen asking if I was sure I wanted to delete that file!!!! That was scary! But it was clicking in random places so it didn't click on "yes" in the confirmation screen, thank goodness.

reply to post by fixer1967


sound advice thanks !