Knowledge

USBKill

Source đź“ť

43: 618: 114: 34: 604: 434:, Ulbricht was distracted and got up to see what the problem was, whereupon the female agent grabbed his laptop while the male agent restrained Ulbricht. The female agent was then able to insert a flash drive into one of the laptop's USB ports, with software that copied key files. According to Joshuah Bearman of 355:
For those reasons, law enforcement now attempts to apprehend suspected cybercriminals with their computers on and in use, all accounts both on the computer and online open and logged in, and thus easily searchable. If they fail to seize the computer in that condition, there are some methods available
332:
from computers or storage media. In more extreme circumstances where it was likely that the targets could get advance notice of arriving police, judges would grant "power-off" warrants, allowing utilities to turn off the electricity to the location of the raid shortly beforehand, further forestalling
375:) that they believe is being used improperly is first to physically separate the suspect user from the computer enough that they cannot touch it, to prevent them from closing its lid, unplugging it, or typing a command. Once they have done so, they often install a device in the USB port that 531:
In addition to its designed purpose, Hephaest0s suggests other uses unconnected to a user's desire to frustrate police and prosecutors. As part of a general security regimen, it could be used to prevent the surreptitious installation of
528:, "and it does it pretty well." As a further precaution, he suggests users rename it to something innocuous once they have loaded it on their computers, in case someone might be looking for it on a seized computer to disable it. 333:
any efforts to destroy evidence before it could be seized. These methods were effective against criminals who produced and distributed pirated software and movies, which was the primary large-scale computer crime of the era.
521:
serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines. " is designed to do one thing," wrote Aaron Grothe in a short article on USBKill in
421:. When they had enough evidence to arrest him, they planned to catch him in the act of running Silk Road, with his computer on and logged in. They needed to ensure he was unable to trigger 356:
to bypass password protection, but these may take more time than police have available. It might be legally impossible to compel the suspect to relinquish their password; in the
540:
on, or copying of files from, a protected computer. It is also recommended for general use as part of a robust security practice, even when there are no threats to be feared.
360:, where many computer-crime investigations take place, courts have distinguished between forcing a suspect to use material means of protecting data such as a thumbprint, 365: 364:, or key, as opposed to a password or passcode, which is purely the product of the suspect's mental processes and is thus protected from compelled disclosure by the 805: 723: 490:. The user may also choose what actions the computer will take if it detects a USB device not on the whitelist (by default, it shuts down and erases data from the 641: 820: 269:, during which U.S. federal agents were able to get access to incriminating evidence on his laptop without needing his cooperation by copying data from its 371:
The usual technique for authorities—either public entities such as law enforcement or private organizations like companies—seizing a computer (usually a
668: 428:
In October 2013, a male and female agent pretended to have a lovers' quarrel near where Ulbricht was working at the Glen Park branch. According to
997: 340:
to facilitate their crimes, so they needed to remain online most of the time. To do so, and still keep their activities discreet, they used
623: 592:
through the boot device (i.e., the flash drive) three times a second to see if it is still mounted and reboots the computer if it is not.
246:
if the computer on which it is installed should fall under the control of individuals or entities against the desires of the owner. It is
1002: 743: 336:
By the 2010s, the circumstances of computer crime had changed along with legitimate computer use. Criminals were more likely to use the
440:, a third agent grabbed the laptop while Ulbricht was distracted by the apparent lovers' fight and handed it to agent Tom Kiernan. 992: 399: 636: 449: 224: 127: 1012: 899: 556:
that included a feature that allowed the program to shut down a network when a non-whitelisted USB is inserted into any
418: 93: 448:
In response to the circumstances of Ulbricht's arrest, a programmer known as Hephaest0s developed the USBKill code in
67: 257:
The program's developer, who goes by the online name Hephaest0s, created it in response to the circumstances of the
852: 524: 461: 251: 186: 517:
It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a
483: 410: 281:
ports; if a device not on that whitelist connects, it can take actions ranging from merely returning to the
262: 258: 216: 174: 561: 498:). Users need to be logged in as root. Hephaest0s cautions users that they must be using at least partial 329: 698: 560:. Nate Brune, another programmer, created Silk Guardian, a version of USBKill that takes the form of a 491: 744:"The FBI staged a lovers' fight to catch the kingpin of the web's biggest illegal drug marketplace" 169: 42: 511: 799: 717: 577: 557: 553: 341: 294: 877: 748: 589: 436: 430: 414: 322: 239: 181: 134: 850:
Grothe, Aaron (Winter 2015–16). "USBKill: A Program for the Very Paranoid Computer User".
581: 573: 564:, he "remade this project as a Linux kernel driver for fun and to learn." In the issue of 507: 499: 376: 314: 270: 113: 585: 380: 325: 318: 986: 457: 403: 357: 266: 247: 1007: 407: 361: 669:"The USBKILL anti-forensics tool – it doesn't do *quite* what it says on the tin" 821:"Police can demand fingerprints but not passcodes to unlock phones, rules judge" 603: 487: 392: 345: 293:, or wiping all data on the computer. However, it can also be used as part of a 282: 243: 609: 599: 572:
Jack D. Ripper, explained how Ninja OS, an operating system designed for live
422: 388: 290: 286: 53: 20: 952:
Ripper, Jack D. (Spring 2016). "Another Solution to the USBKill.py Problem".
927: 872: 569: 495: 476: 274: 159: 151: 33: 384: 349: 337: 973: 780: 197: 102: 904: 631: 537: 533: 518: 503: 302: 298: 900:"Simple Code Turns Any USB Drive Into A Kill Switch For Your Computer" 977: 931: 784: 702: 676: 453: 372: 220: 19:
This article is about the computer software. For the USB device, see
502:
along with USBKill to fully prevent attackers from gaining access;
305:
or the clandestine duplication of files, according to its creator.
465: 232: 147: 143: 469: 413:, learned that he often ran the site from his laptop, using the 236: 737: 735: 733: 479:
of devices that are allowed to connect to the computer via its
480: 278: 228: 139: 475:
The program, when installed, prompts the user to create a
387:, or keyboard, preventing the computer from going into 321:
arrests in the 1990s, they would often ask judges for
297:
regimen to prevent the surreptitious installation of
192: 180: 168: 158: 133: 123: 92: 66: 52: 277:of devices allowed to connect to the computer's 845: 843: 841: 642:List of free and open-source software packages 774: 772: 770: 768: 766: 662: 660: 658: 656: 8: 568:following Grothe's article, another writer, 26: 16:Software to protect from unknown USB devices 804:: CS1 maint: numeric names: authors list ( 722:: CS1 maint: numeric names: authors list ( 510:that will not be present when the computer 391:, from which it would usually return to a 112: 41: 32: 25: 873:"The Rise and Fall of Silk Road Part II" 652: 797: 715: 273:after distracting him. It maintains a 7: 624:Free and open-source software portal 486:, which it checks at an adjustable 742:Bertrand, Natasha (May 29, 2015). 425:or delete evidence when they did. 73:1.0-rc4 / January 18, 2016 14: 616: 602: 395:which would require a password. 328:, to deny their targets time to 819:Vaas, Lisa (November 3, 2014). 697:Hephaest0s (January 18, 2016). 576:, handles the issue. It uses a 400:Federal Bureau of Investigation 242:. It is designed to serve as a 47:A USBKill installation in Linux 998:Software using the GPL license 464:and currently runs under both 1: 871:Bearman, Joshuah (May 2015). 667:Ducklin, Paul (May 8, 2015). 637:List of data-erasing software 417:available at branches of the 330:delete incriminating evidence 898:Mills, Chris (May 5, 2015). 544:Variations and modifications 456:in 2014. It is available as 419:San Francisco Public Library 1029: 1003:Computer security software 853:2600: The Hacker Quarterly 462:GNU General Public License 252:GNU General Public License 187:GNU General Public License 18: 552:article, Grothe shared a 219:software distributed via 88: 62: 40: 31: 406:, founder of the online 993:Anti-forensic software 562:loadable kernel module 317:agencies began making 250:, available under the 398:Agents with the U.S. 75:; 8 years ago 781:"Hephaest0s/usbkill" 402:(FBI) investigating 1013:2014 establishments 779:Hephaest0s (2016). 452:and uploaded it to 379:minor actions of a 28: 582:resident in memory 570:going by the name 506:suggests using a 415:wireless networks 342:computer security 295:computer security 240:operating systems 210: 209: 1020: 962: 961: 949: 943: 942: 940: 938: 923: 917: 916: 914: 912: 895: 889: 888: 886: 885: 868: 862: 861: 847: 836: 835: 833: 831: 816: 810: 809: 803: 795: 793: 791: 776: 761: 760: 758: 756: 749:Business Insider 739: 728: 727: 721: 713: 711: 709: 694: 688: 687: 685: 683: 664: 626: 621: 620: 619: 612: 607: 606: 431:Business Insider 206: 203: 201: 199: 135:Operating system 116: 111: 108: 106: 104: 83: 81: 76: 45: 36: 29: 1028: 1027: 1023: 1022: 1021: 1019: 1018: 1017: 983: 982: 970: 965: 951: 950: 946: 936: 934: 928:"Silk Guardian" 925: 924: 920: 910: 908: 897: 896: 892: 883: 881: 870: 869: 865: 849: 848: 839: 829: 827: 818: 817: 813: 796: 789: 787: 778: 777: 764: 754: 752: 741: 740: 731: 714: 707: 705: 696: 695: 691: 681: 679: 666: 665: 654: 650: 622: 617: 615: 608: 601: 598: 546: 508:virtual machine 500:disk encryption 446: 366:Fifth Amendment 326:search warrants 315:law enforcement 311: 196: 119: 101: 84: 79: 77: 74: 48: 24: 17: 12: 11: 5: 1026: 1024: 1016: 1015: 1010: 1005: 1000: 995: 985: 984: 981: 980: 969: 968:External links 966: 964: 963: 944: 918: 890: 863: 837: 825:Naked Security 811: 762: 729: 689: 673:Naked Security 651: 649: 646: 645: 644: 639: 634: 628: 627: 613: 597: 594: 588:that cycles a 586:watchdog timer 545: 542: 445: 442: 344:features like 319:computer crime 310: 307: 208: 207: 194: 190: 189: 184: 178: 177: 172: 166: 165: 162: 156: 155: 137: 131: 130: 125: 121: 120: 118: 117: 98: 96: 90: 89: 86: 85: 72: 70: 68:Stable release 64: 63: 60: 59: 56: 50: 49: 46: 38: 37: 15: 13: 10: 9: 6: 4: 3: 2: 1025: 1014: 1011: 1009: 1006: 1004: 1001: 999: 996: 994: 991: 990: 988: 979: 975: 972: 971: 967: 959: 955: 948: 945: 933: 929: 926:Brune, Nate. 922: 919: 907: 906: 901: 894: 891: 880: 879: 874: 867: 864: 859: 855: 854: 846: 844: 842: 838: 826: 822: 815: 812: 807: 801: 786: 782: 775: 773: 771: 769: 767: 763: 751: 750: 745: 738: 736: 734: 730: 725: 719: 704: 700: 693: 690: 678: 674: 670: 663: 661: 659: 657: 653: 647: 643: 640: 638: 635: 633: 630: 629: 625: 614: 611: 605: 600: 595: 593: 591: 587: 583: 579: 575: 571: 567: 563: 559: 555: 551: 543: 541: 539: 535: 529: 527: 526: 520: 515: 513: 509: 505: 501: 497: 493: 489: 485: 482: 478: 473: 471: 467: 463: 459: 458:free software 455: 451: 443: 441: 439: 438: 433: 432: 426: 424: 420: 416: 412: 409: 405: 404:Ross Ulbricht 401: 396: 394: 390: 386: 382: 378: 374: 369: 367: 363: 359: 358:United States 353: 351: 347: 343: 339: 334: 331: 327: 324: 320: 316: 308: 306: 304: 300: 296: 292: 288: 284: 280: 276: 272: 268: 267:Ross Ulbricht 264: 260: 255: 253: 249: 248:free software 245: 241: 238: 234: 230: 226: 223:, written in 222: 218: 217:anti-forensic 214: 205: 195: 191: 188: 185: 183: 179: 176: 175:Anti-forensic 173: 171: 167: 163: 161: 157: 153: 149: 145: 141: 138: 136: 132: 129: 126: 122: 115: 110: 100: 99: 97: 95: 91: 87: 71: 69: 65: 61: 57: 55: 51: 44: 39: 35: 30: 22: 957: 953: 947: 935:. Retrieved 921: 909:. Retrieved 903: 893: 882:. Retrieved 876: 866: 857: 851: 828:. Retrieved 824: 814: 788:. Retrieved 753:. Retrieved 747: 706:. Retrieved 699:"usbkill.py" 692: 680:. Retrieved 672: 574:flash drives 565: 549: 547: 530: 523: 516: 474: 447: 435: 429: 427: 408:black market 397: 370: 362:retinal scan 354: 352:protection. 346:lock screens 335: 312: 256: 212: 211: 164:15.6 KB 54:Developer(s) 960:(1): 48–49. 937:February 5, 860:(4): 10–11. 488:sample rate 393:lock screen 283:lock screen 271:flash drive 244:kill switch 202:/hephaest0s 107:/hephaest0s 987:Categories 884:2016-10-20 648:References 610:Law portal 460:under the 423:encryption 389:sleep mode 309:Background 291:hard drive 287:encrypting 124:Written in 94:Repository 80:2016-01-18 58:Hephaest0s 21:USB Killer 548:With his 496:swap file 477:whitelist 411:Silk Road 275:whitelist 263:Silk Road 152:Unix-like 800:cite web 718:cite web 596:See also 558:terminal 385:touchpad 350:password 338:Internet 323:no knock 265:founder 227:for the 204:/usbkill 150:, other 109:/usbkill 974:usbkill 911:June 4, 905:Gizmodo 830:May 31, 790:May 29, 755:May 30, 708:May 29, 682:May 29, 632:BusKill 580:script 538:spyware 534:malware 519:lanyard 512:reboots 504:Gizmodo 303:spyware 299:malware 213:USBKill 193:Website 182:License 154:systems 78: ( 27:USBKill 978:GitHub 932:GitHub 785:GitHub 703:GitHub 677:Sophos 584:based 454:GitHub 450:Python 377:spoofs 373:laptop 259:arrest 235:, and 225:Python 221:GitHub 198:github 128:Python 103:github 878:Wired 554:patch 484:ports 466:Linux 437:Wired 381:mouse 313:When 233:Linux 148:macOS 144:Linux 954:2600 939:2024 913:2016 832:2016 806:link 792:2016 757:2016 724:link 710:2016 684:2015 590:loop 578:bash 566:2600 550:2600 525:2600 494:and 470:OS X 468:and 348:and 289:the 237:OS X 200:.com 170:Type 160:Size 105:.com 1008:USB 976:on 536:or 492:RAM 481:USB 444:Use 301:or 285:to 279:USB 261:of 229:BSD 215:is 140:BSD 989:: 958:33 956:. 930:. 902:. 875:. 858:32 856:. 840:^ 823:. 802:}} 798:{{ 783:. 765:^ 746:. 732:^ 720:}} 716:{{ 701:. 675:. 671:. 655:^ 514:. 472:. 383:, 368:. 254:. 231:, 146:, 142:, 941:. 915:. 887:. 834:. 808:) 794:. 759:. 726:) 712:. 686:. 82:) 23:.

Index

USB Killer
The words "USBkill" in exclusively lowercase letters, in white on a black background. To the left is the USB symbol.
A screenshot of a command-line interface operating within a window. Many green lines of text, with some red ones, culminate in a large "usbkill" written in ASCII at the bottom
Developer(s)
Stable release
Repository
github.com/hephaest0s/usbkill
Edit this at Wikidata
Python
Operating system
BSD
Linux
macOS
Unix-like
Size
Type
Anti-forensic
License
GNU General Public License
github.com/hephaest0s/usbkill
anti-forensic
GitHub
Python
BSD
Linux
OS X
operating systems
kill switch
free software
GNU General Public License

Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.

↑