Spy recording devices can be thwarted by portable USB security policy

As technologies evolve, devices that can be used for stealing sensitive data are becoming both harder to detect and less expensive. However, having good security policies and practices in place can help mitigate many new threats.

Spend 10 minutes talking with Tony Dearsley, and he'll have your paranoia levels soaring.

Soon you'll be wondering if that pen a colleague is holding is all that it seems, or whether it conceals a hidden USB storage device. Could his wrist watch be a secret spy camera? And is that pretty crystal pendant worn by his female companion capable of capturing your whole customer file when you're not looking?

 It is very simple to monitor USB ports, and it's possible to stop most or all of these threats using readily available tools.
Tony Dearsley
Computer forensics managerKroll Ontrack Ltd.

As computer forensics manager for security firm Kroll Ontrack Ltd., Dearsley makes it his business to stay abreast of any new gadgets appearing on the market that could threaten corporate security. And he says that it has never been easier, or cheaper, to buy the gear to carry out data theft.

"Just take a stroll down Tottenham Court Road or go on eBay, and you'll soon see all sorts of disguised USB devices," Dearsley said during a recent interview at his office overlooking the Tower of London. Reaching into his jacket pocket, he first pulls out a pen that doubles up as a fully functioning video camera, capable of storing about an hour of footage. "I bought this on eBay for £15," he said.

He then brings out an impressive looking wrist watch, another of his spy recording devices. "See if you can spot where the camera is in that," he said. Only a careful inspection of the watch face reveals a tiny hole which acts as a lens, allowing someone to capture about two hours of sound and video on its 8 GB memory. The price was £60.

Dearsley's final flourish is a crystal heart-shaped pendant that pulls apart to reveal a USB connector. The device can store 4 GB, costs around £30 and is easy to find with a quick Internet search.

He also worries about easily available software that can help a malicious insider. For instance, a package called Evidence Eliminator can be downloaded for around $80, and promises to quickly and thoroughly remove sensitive data from a computer, even beating forensics tools such as Guidance Software Inc.'s Encase Forensic.

Or perhaps, Dearsley suggests, take a look at the website of SpyCatcher, based in London's Knightsbridge. There you will see all sorts of equipment for the aspiring thief, ranging from body armour and handcuffs to sophisticated surveillance equipment.

Among its products is a USB stick called The Ultimate Keylogger, which it promotes as being "perfect for parents who need to keep an eye on their children's Internet activities, employers who suspect their staff is up to something or private investigators who need to gather information."

The device contains keylogger software, which it claims will remain undetected by antivirus programs, including Symantec Corp.'s Norton Antivirus, McAfee Inc., CA Inc. and most online free spyware detection tools. You just load the software, remove the USB stick and then the keylogger software does its work until the user plugs the thumb drive in again, at which point the software uploads its findings to the thumb drive. Obviously, as well as helping worried parents and employers, it is the perfect tool for the malicious insider.

Dearsley said security professionals need to be aware of these gadgets, but insists that many of the threats can be prevented by basic good security practices. For example, there are plenty of tools available that will allow companies to monitor and control the use of USB ports, and increasing portable USB security could help them avoid many of the threats posed by his gadget collection.

"It is very simple to monitor USB ports, and it's possible to stop most or all of these threats using readily available tools," Dearsley said. "Most companies just don't understand the value of their data, and how much it would cost them to recover [the data] if they lost it."

He is also amazed how many companies fail to make use of system logs, or even turn off the logs to save disk space. Well-managed logs can help determine who did what and when, and can be invaluable as evidence if employers need to dismiss or prosecute employees for offences ranging from over-use of the Internet to data theft.

"You can also prevent a lot of trouble by applying a need-to-know principle," he said. "Think about who needs access to information and restrict access to just those people."

Michael Cobb, a founder and managing director of Cobweb Applications Ltd in Devon, said the level of sophistication and ease of use of some of these products makes it hard for organisations to protect themselves. "In high-security places like GCHQ, they inspect people entering the building, but that could be a bit heavy-handed in your average commercial establishment," Cobb said.

Cobb's advice is to adopt basic security best practices, such as blocking USB ports and stopping people adding new applications. "It's good to be aware of this new stuff, and it can help to highlight the need for good security, such as operating a clear-desk policy so that material cannot be stolen or photographed," he said.


Read more on Hackers and cybercrime prevention