Sometimes a watch or locket -- or even a pair of cufflinks -- might not be what it seems.
In this video, learn how new USB gadgets and gizmos could be used to siphon off your sensitive data.
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
USB gadgets and gizmos present data-theft risks
Tony Dearsley: Hello. My name is Tony Dearsley, I am the head of
computer forensics at a company called Kroll Ontrack UK Limited.
Today, what I would like to talk about is some of the devices that
are on the market currently which can be used for that theft
of data. Let us look at a couple of examples of what these
USB devices look like.
For example, this pen. Although slightly larger than normal, it
does not look out of place. It is a pen, it actually writes, but it is
actually a video camera. It contains a video lens, but also
contains a USB device for transferring data that simply plugs
into the PC and you can copy off 2 gigabytes of data regardless
of whether this is a camera or not, it is a data storage device. I
think this is something that we miss.
In other areas, we have the pendant; this is a smaller and
cheaper example of a pendant you can get. It is a heart-shaped
locket which a crystal side to it, yet if you pull the two halves
apart, it is a USB device. Again, it is 4 gigabytes of data, and
when you look at 4 gigabytes of data that is a lot of data in terms
of numbers of documents, in terms of it could be a sizeable
database fitting 4 gigabytes. Of course there are other devices as
well, this watch, for example, is a high definition video camera and
it contains 8 gigabytes of data storage. It does not even look like it
has got a USB port, or connector to it. There is a very tiny connector
on the side with a very discreet plug. This watch was 58
pounds off of eBay. This pen cost me 10 pounds. This locket cost
me 25 pounds. That is not a lot of expenditure when you consider
that data in which you can copy onto them can actually be worth
hundreds of thousands of pounds, in terms of intellectual property
or data. These cuff links, again, these look like normal cuff links,
possibly slightly larger than normal, KO engraved on them, for Kroll
Ontrack. When you pull the top off of them, you have a 4 gigabyte
The other thing that USB devices lend themselves to is that our
keyboards and mice are now connected through the USB port,
which allows us to introduce simple things like this. This is what is
known as keylogger, which can be placed between the keyboard
and the PC, and will record every keystroke that you ever put into it.
You are unlikely to see one of these at home, but certainly I have
come across them in the commercial workplace of some people,
where someone was a making a deliberate attempt to steal data
and obtain passwords. What can we do? From an investigation
point of view, every time one of these devices plugs into a PC,
then it leaves a trace as to the date and time it was connected.
It leaves a trace of possible a serial number that we can then
follow up on, so we can at least tell that devices have been plugged
in. Once we get to that stage of where we are taking computer forensic
investigations, we can sometimes, more often not, identify what files
were copied at that time. There is a whole piece of information that we
can actually find post-event, if we suspect this has happened.
Are other ways to deal with this? There is a prevention aspect, as
well. Software is a variable which actually will monitor the use USB
port once, particularly in a network environment. It is also available
to lock host USB ports down to make them read-only, or to disable
them completely. Other methods of dealing with it are using
authorized devices only, so that each individual USB device will
have a serial number when plugged in will authenticate against a
central server. Also, use of encryption, the use of encryption will be
spoken to machine that it is plugged into. It means that that data
will only ever be able to be read on that machine, as well. I am not
saying that everybody walking down the street with a big watch
and a set of flashy, shiny cuff links is likely to steal your data,
but that remains a possibility no matter how unlikely it is to happen,
it is a possibility and I have seen it happen. It is just a question of
when it is going to happen and if you strike unlucky with the staff
or people you employ. Just be careful, be vigilant.