Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: 'Dead Drops' Hidden USB Sticks Around the World SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
'Dead Drops' Hidden USB Sticks Around the World

We received this article from Joe an ISC contributor about USB sticks hidden in various places around the world such as walls, padlocks, etc. where anyone can connect to them using a laptop. The article indicates that for the moment the only thing on it is "[...] a readme.txt file explaining how the project works." [2] However, I think I would be a bit paranoid not knowing if something "darker" might be loaded on these USB sticks placed in public places. I can think of a key logger collecting and reporting your data, banking Trojan, tracking software, etc.

My question is, have you seen some of these USB sticks and would you access such a device if you see one?



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


511 Posts
ISC Handler
Apr 6th 2015
USB "dead drops" are part of a 5-year old art project. How is this now relevant?
True, the project started in November 2010 but how can you be assured you can fully trust the files loaded on these sticks?

511 Posts
ISC Handler
With the revelations that came with "Bad USB" how can you even trust the device, let alone the files?
1 Posts
I have known about these for years though I have never seen one. However, if I ever did see one I would never use it unless I had a junker laptop to plug it in to.

11 Posts
This particular one? No. However one that parallels this story. As we all know one if not the largest problem is PEBKAC (Problem Exists Between Keyboard And Chair) aka the user. Many times either through contracting or full time hire it was an uphill battle on computer protocols for me. Everyone one thinks it is “their” PC and they can play in any sandbox they wish. As we are aware, it was not "their" machine but a company asset. After numerous Malware & Scare-ware issues I decided to take drastic matters in my own hands. The President was the only person that was informed of the machination that was about to take place.
I have a “spoof” program that once combined with a batch file and is executed via USB drive or Optical access, the machine would reboot and give the illusion that the existing OS (XP @ the time) was being over-written over by Windows 7 & they were unable to stop it, even if they tried to pull the media, it was too late. Another nice feature, no AV tagged it as bad, since it had a legit install Windows routine.
Yes, the program was totally benign; you let it go through the process, got a fake Windows 7 desktop and looked like the OS was updated. All one had to do, remove the media, hard boot and back to XP.
Sadly in today’s world it takes shock value for users to understand their actions. Each user was logged and the President addressed each of them. They were not written up but they learned a valuable lesson, so much even if vendors came in, nobody would load their USB stick in the PC’s without calling first.
Again, drastic, depends on what side of the fence you are on.

63 Posts
My thought is who's going to be the first to be charged with vandalism? If I caught someone chipping away at my brick wall, I would be pretty pissed. I like the padlock though.

25 Posts

Sign Up for Free or Log In to start participating in the conversation!