43:
618:
114:
34:
604:
434:, Ulbricht was distracted and got up to see what the problem was, whereupon the female agent grabbed his laptop while the male agent restrained Ulbricht. The female agent was then able to insert a flash drive into one of the laptop's USB ports, with software that copied key files. According to Joshuah Bearman of
355:
For those reasons, law enforcement now attempts to apprehend suspected cybercriminals with their computers on and in use, all accounts both on the computer and online open and logged in, and thus easily searchable. If they fail to seize the computer in that condition, there are some methods available
332:
from computers or storage media. In more extreme circumstances where it was likely that the targets could get advance notice of arriving police, judges would grant "power-off" warrants, allowing utilities to turn off the electricity to the location of the raid shortly beforehand, further forestalling
375:) that they believe is being used improperly is first to physically separate the suspect user from the computer enough that they cannot touch it, to prevent them from closing its lid, unplugging it, or typing a command. Once they have done so, they often install a device in the USB port that
531:
In addition to its designed purpose, Hephaest0s suggests other uses unconnected to a user's desire to frustrate police and prosecutors. As part of a general security regimen, it could be used to prevent the surreptitious installation of
528:, "and it does it pretty well." As a further precaution, he suggests users rename it to something innocuous once they have loaded it on their computers, in case someone might be looking for it on a seized computer to disable it.
333:
any efforts to destroy evidence before it could be seized. These methods were effective against criminals who produced and distributed pirated software and movies, which was the primary large-scale computer crime of the era.
521:
serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines. " is designed to do one thing," wrote Aaron Grothe in a short article on USBKill in
421:. When they had enough evidence to arrest him, they planned to catch him in the act of running Silk Road, with his computer on and logged in. They needed to ensure he was unable to trigger
356:
to bypass password protection, but these may take more time than police have available. It might be legally impossible to compel the suspect to relinquish their password; in the
540:
on, or copying of files from, a protected computer. It is also recommended for general use as part of a robust security practice, even when there are no threats to be feared.
360:, where many computer-crime investigations take place, courts have distinguished between forcing a suspect to use material means of protecting data such as a thumbprint,
365:
364:, or key, as opposed to a password or passcode, which is purely the product of the suspect's mental processes and is thus protected from compelled disclosure by the
805:
723:
490:. The user may also choose what actions the computer will take if it detects a USB device not on the whitelist (by default, it shuts down and erases data from the
641:
820:
269:, during which U.S. federal agents were able to get access to incriminating evidence on his laptop without needing his cooperation by copying data from its
371:
The usual technique for authorities—either public entities such as law enforcement or private organizations like companies—seizing a computer (usually a
668:
428:
In
October 2013, a male and female agent pretended to have a lovers' quarrel near where Ulbricht was working at the Glen Park branch. According to
997:
340:
to facilitate their crimes, so they needed to remain online most of the time. To do so, and still keep their activities discreet, they used
623:
592:
through the boot device (i.e., the flash drive) three times a second to see if it is still mounted and reboots the computer if it is not.
246:
if the computer on which it is installed should fall under the control of individuals or entities against the desires of the owner. It is
1002:
743:
336:
By the 2010s, the circumstances of computer crime had changed along with legitimate computer use. Criminals were more likely to use the
440:, a third agent grabbed the laptop while Ulbricht was distracted by the apparent lovers' fight and handed it to agent Tom Kiernan.
992:
399:
636:
449:
224:
127:
1012:
899:
556:
that included a feature that allowed the program to shut down a network when a non-whitelisted USB is inserted into any
418:
93:
448:
In response to the circumstances of
Ulbricht's arrest, a programmer known as Hephaest0s developed the USBKill code in
67:
257:
The program's developer, who goes by the online name
Hephaest0s, created it in response to the circumstances of the
852:
524:
461:
251:
186:
517:
It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a
483:
410:
281:
ports; if a device not on that whitelist connects, it can take actions ranging from merely returning to the
262:
258:
216:
174:
561:
498:). Users need to be logged in as root. Hephaest0s cautions users that they must be using at least partial
329:
698:
560:. Nate Brune, another programmer, created Silk Guardian, a version of USBKill that takes the form of a
491:
744:"The FBI staged a lovers' fight to catch the kingpin of the web's biggest illegal drug marketplace"
169:
42:
511:
799:
717:
577:
557:
553:
341:
294:
877:
748:
589:
436:
430:
414:
322:
239:
181:
134:
850:
Grothe, Aaron (Winter 2015–16). "USBKill: A Program for the Very
Paranoid Computer User".
581:
573:
564:, he "remade this project as a Linux kernel driver for fun and to learn." In the issue of
507:
499:
376:
314:
270:
113:
585:
380:
325:
318:
986:
457:
403:
357:
266:
247:
1007:
407:
361:
669:"The USBKILL anti-forensics tool – it doesn't do *quite* what it says on the tin"
821:"Police can demand fingerprints but not passcodes to unlock phones, rules judge"
603:
487:
392:
345:
293:, or wiping all data on the computer. However, it can also be used as part of a
282:
243:
609:
599:
572:
Jack D. Ripper, explained how Ninja OS, an operating system designed for live
422:
388:
290:
286:
53:
20:
952:
Ripper, Jack D. (Spring 2016). "Another
Solution to the USBKill.py Problem".
927:
872:
569:
495:
476:
274:
159:
151:
33:
384:
349:
337:
973:
780:
197:
102:
904:
631:
537:
533:
518:
503:
302:
298:
900:"Simple Code Turns Any USB Drive Into A Kill Switch For Your Computer"
977:
931:
784:
702:
676:
453:
372:
220:
19:
This article is about the computer software. For the USB device, see
502:
along with USBKill to fully prevent attackers from gaining access;
305:
or the clandestine duplication of files, according to its creator.
465:
232:
147:
143:
469:
413:, learned that he often ran the site from his laptop, using the
236:
737:
735:
733:
479:
of devices that are allowed to connect to the computer via its
480:
278:
228:
139:
475:
The program, when installed, prompts the user to create a
387:, or keyboard, preventing the computer from going into
321:
arrests in the 1990s, they would often ask judges for
297:
regimen to prevent the surreptitious installation of
192:
180:
168:
158:
133:
123:
92:
66:
52:
277:of devices allowed to connect to the computer's
845:
843:
841:
642:List of free and open-source software packages
774:
772:
770:
768:
766:
662:
660:
658:
656:
8:
568:following Grothe's article, another writer,
26:
16:Software to protect from unknown USB devices
804:: CS1 maint: numeric names: authors list (
722:: CS1 maint: numeric names: authors list (
510:that will not be present when the computer
391:, from which it would usually return to a
112:
41:
32:
25:
873:"The Rise and Fall of Silk Road Part II"
652:
797:
715:
273:after distracting him. It maintains a
7:
624:Free and open-source software portal
486:, which it checks at an adjustable
742:Bertrand, Natasha (May 29, 2015).
425:or delete evidence when they did.
73:1.0-rc4 / January 18, 2016
14:
616:
602:
395:which would require a password.
328:, to deny their targets time to
819:Vaas, Lisa (November 3, 2014).
697:Hephaest0s (January 18, 2016).
576:, handles the issue. It uses a
400:Federal Bureau of Investigation
242:. It is designed to serve as a
47:A USBKill installation in Linux
998:Software using the GPL license
464:and currently runs under both
1:
871:Bearman, Joshuah (May 2015).
667:Ducklin, Paul (May 8, 2015).
637:List of data-erasing software
417:available at branches of the
330:delete incriminating evidence
898:Mills, Chris (May 5, 2015).
544:Variations and modifications
456:in 2014. It is available as
419:San Francisco Public Library
1029:
1003:Computer security software
853:2600: The Hacker Quarterly
462:GNU General Public License
252:GNU General Public License
187:GNU General Public License
18:
552:article, Grothe shared a
219:software distributed via
88:
62:
40:
31:
406:, founder of the online
993:Anti-forensic software
562:loadable kernel module
317:agencies began making
250:, available under the
398:Agents with the U.S.
75:; 8 years ago
781:"Hephaest0s/usbkill"
402:(FBI) investigating
1013:2014 establishments
779:Hephaest0s (2016).
452:and uploaded it to
379:minor actions of a
28:
582:resident in memory
570:going by the name
506:suggests using a
415:wireless networks
342:computer security
295:computer security
240:operating systems
210:
209:
1020:
962:
961:
949:
943:
942:
940:
938:
923:
917:
916:
914:
912:
895:
889:
888:
886:
885:
868:
862:
861:
847:
836:
835:
833:
831:
816:
810:
809:
803:
795:
793:
791:
776:
761:
760:
758:
756:
749:Business Insider
739:
728:
727:
721:
713:
711:
709:
694:
688:
687:
685:
683:
664:
626:
621:
620:
619:
612:
607:
606:
431:Business Insider
206:
203:
201:
199:
135:Operating system
116:
111:
108:
106:
104:
83:
81:
76:
45:
36:
29:
1028:
1027:
1023:
1022:
1021:
1019:
1018:
1017:
983:
982:
970:
965:
951:
950:
946:
936:
934:
928:"Silk Guardian"
925:
924:
920:
910:
908:
897:
896:
892:
883:
881:
870:
869:
865:
849:
848:
839:
829:
827:
818:
817:
813:
796:
789:
787:
778:
777:
764:
754:
752:
741:
740:
731:
714:
707:
705:
696:
695:
691:
681:
679:
666:
665:
654:
650:
622:
617:
615:
608:
601:
598:
546:
508:virtual machine
500:disk encryption
446:
366:Fifth Amendment
326:search warrants
315:law enforcement
311:
196:
119:
101:
84:
79:
77:
74:
48:
24:
17:
12:
11:
5:
1026:
1024:
1016:
1015:
1010:
1005:
1000:
995:
985:
984:
981:
980:
969:
968:External links
966:
964:
963:
944:
918:
890:
863:
837:
825:Naked Security
811:
762:
729:
689:
673:Naked Security
651:
649:
646:
645:
644:
639:
634:
628:
627:
613:
597:
594:
588:that cycles a
586:watchdog timer
545:
542:
445:
442:
344:features like
319:computer crime
310:
307:
208:
207:
194:
190:
189:
184:
178:
177:
172:
166:
165:
162:
156:
155:
137:
131:
130:
125:
121:
120:
118:
117:
98:
96:
90:
89:
86:
85:
72:
70:
68:Stable release
64:
63:
60:
59:
56:
50:
49:
46:
38:
37:
15:
13:
10:
9:
6:
4:
3:
2:
1025:
1014:
1011:
1009:
1006:
1004:
1001:
999:
996:
994:
991:
990:
988:
979:
975:
972:
971:
967:
959:
955:
948:
945:
933:
929:
926:Brune, Nate.
922:
919:
907:
906:
901:
894:
891:
880:
879:
874:
867:
864:
859:
855:
854:
846:
844:
842:
838:
826:
822:
815:
812:
807:
801:
786:
782:
775:
773:
771:
769:
767:
763:
751:
750:
745:
738:
736:
734:
730:
725:
719:
704:
700:
693:
690:
678:
674:
670:
663:
661:
659:
657:
653:
647:
643:
640:
638:
635:
633:
630:
629:
625:
614:
611:
605:
600:
595:
593:
591:
587:
583:
579:
575:
571:
567:
563:
559:
555:
551:
543:
541:
539:
535:
529:
527:
526:
520:
515:
513:
509:
505:
501:
497:
493:
489:
485:
482:
478:
473:
471:
467:
463:
459:
458:free software
455:
451:
443:
441:
439:
438:
433:
432:
426:
424:
420:
416:
412:
409:
405:
404:Ross Ulbricht
401:
396:
394:
390:
386:
382:
378:
374:
369:
367:
363:
359:
358:United States
353:
351:
347:
343:
339:
334:
331:
327:
324:
320:
316:
308:
306:
304:
300:
296:
292:
288:
284:
280:
276:
272:
268:
267:Ross Ulbricht
264:
260:
255:
253:
249:
248:free software
245:
241:
238:
234:
230:
226:
223:, written in
222:
218:
217:anti-forensic
214:
205:
195:
191:
188:
185:
183:
179:
176:
175:Anti-forensic
173:
171:
167:
163:
161:
157:
153:
149:
145:
141:
138:
136:
132:
129:
126:
122:
115:
110:
100:
99:
97:
95:
91:
87:
71:
69:
65:
61:
57:
55:
51:
44:
39:
35:
30:
22:
957:
953:
947:
935:. Retrieved
921:
909:. Retrieved
903:
893:
882:. Retrieved
876:
866:
857:
851:
828:. Retrieved
824:
814:
788:. Retrieved
753:. Retrieved
747:
706:. Retrieved
699:"usbkill.py"
692:
680:. Retrieved
672:
574:flash drives
565:
549:
547:
530:
523:
516:
474:
447:
435:
429:
427:
408:black market
397:
370:
362:retinal scan
354:
352:protection.
346:lock screens
335:
312:
256:
212:
211:
164:15.6 KB
54:Developer(s)
960:(1): 48–49.
937:February 5,
860:(4): 10–11.
488:sample rate
393:lock screen
283:lock screen
271:flash drive
244:kill switch
202:/hephaest0s
107:/hephaest0s
987:Categories
884:2016-10-20
648:References
610:Law portal
460:under the
423:encryption
389:sleep mode
309:Background
291:hard drive
287:encrypting
124:Written in
94:Repository
80:2016-01-18
58:Hephaest0s
21:USB Killer
548:With his
496:swap file
477:whitelist
411:Silk Road
275:whitelist
263:Silk Road
152:Unix-like
800:cite web
718:cite web
596:See also
558:terminal
385:touchpad
350:password
338:Internet
323:no knock
265:founder
227:for the
204:/usbkill
150:, other
109:/usbkill
974:usbkill
911:June 4,
905:Gizmodo
830:May 31,
790:May 29,
755:May 30,
708:May 29,
682:May 29,
632:BusKill
580:script
538:spyware
534:malware
519:lanyard
512:reboots
504:Gizmodo
303:spyware
299:malware
213:USBKill
193:Website
182:License
154:systems
78: (
27:USBKill
978:GitHub
932:GitHub
785:GitHub
703:GitHub
677:Sophos
584:based
454:GitHub
450:Python
377:spoofs
373:laptop
259:arrest
235:, and
225:Python
221:GitHub
198:github
128:Python
103:github
878:Wired
554:patch
484:ports
466:Linux
437:Wired
381:mouse
313:When
233:Linux
148:macOS
144:Linux
954:2600
939:2024
913:2016
832:2016
806:link
792:2016
757:2016
724:link
710:2016
684:2015
590:loop
578:bash
566:2600
550:2600
525:2600
494:and
470:OS X
468:and
348:and
289:the
237:OS X
200:.com
170:Type
160:Size
105:.com
1008:USB
976:on
536:or
492:RAM
481:USB
444:Use
301:or
285:to
279:USB
261:of
229:BSD
215:is
140:BSD
989::
958:33
956:.
930:.
902:.
875:.
858:32
856:.
840:^
823:.
802:}}
798:{{
783:.
765:^
746:.
732:^
720:}}
716:{{
701:.
675:.
671:.
655:^
514:.
472:.
383:,
368:.
254:.
231:,
146:,
142:,
941:.
915:.
887:.
834:.
808:)
794:.
759:.
726:)
712:.
686:.
82:)
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.