How to dump all USB files without the user knowing

Posted by Martin in Operating Systems, Windows  Tags: , ,

15

Sep



USBdumper runs silently as a background process once started and copies the complete content of every connected usb device to the system without the knowledge of the user. It creates a directory with the current date and begins the background copying process. The user has no indication that his files are copied from his USB drive unless he does know that USBdumper is running on the system. (or accidentally find the directory with the copied files).

Just imagine this tool running on a public computer with no access to the task manager or a software like process explorer. You would not know that the files are copied. What could you do to protect against this program ? You could encrypt your data, if you use a tool like true crypt for example. Even if the files are copied they are useless unless the “attacker” knows your passphrase.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

10 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
tash says, September 15th, 2006   

Interesting.. Though if someone has a number of large files on their usb drive, they might notice the led on it being in use more than it should be. And the thing about truecrypt or any encryption; if someones willing to copy all your files, they can easily run a keylogger with it.. The encryption becomes useless(assuming you accessed the encrypted files.. if you don’t type your password, you’re still safe)

Martin says, September 15th, 2006   

tash that is true of course. If a keylogger is running as well and the encrypted files are accessed the “hacker” will have everything he needs.

Remember that some usb devices don’t have leds, especially those small ones that are plugged into a port on the back..

If you want 100% security don’t use them at computers that you can’t check. Buy a second one with unimportant data only and use that one on public terminals.

Chris mankey says, September 16th, 2006   

But true crypt allows you to use keyfiles, so If they have the password but not the keyfile it would be useless for them!

Martin says, September 16th, 2006   

Right Chris this would work at home but not on public terminals. The keyfile would be stored on the stick as well.

Quasimodo says, September 16th, 2006   

Simple lesson:
Don’t use public computers for personal things.
Ever.

tash says, September 16th, 2006   

Quasimodo has a good point =]

Ken Westin says, September 17th, 2006   

Here is the original source of the video and more info/links etc:

http://www.watchyourend.com/2006/09/15/usbdumper-endpoint-security-hack-video-demonstration/

Chris mankey says, November 3rd, 2006   

Right Chris this would work at home but not on public terminals. The keyfile would be stored on the stick as well.

True, but you better have alot of files on the stick so they can’t figure out which one you used! Better yet, do private things in private!

Ike says, November 4th, 2006   

HI
do any of you know if there is a new version USBdumper program out there???,- the first version does not work any more once you update your antivirus program! It just delete the USBdumper.exe from your devise! If any of you know please post it here
thank you
Ike

Akuma Kigen says, November 4th, 2006   

Welll there are similar versions here as well as some that do a whole lot more damage:

http://www.usbhacks.com

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.