Watch Out for Conference “Freebies”

For those of you that use the freebie USB memory sticks and other computer peripherals given away at conferences, you should read an interesting article in The Register yesterday. I write this as I look at a few used memory drives I have laying around, so I am in the same boat.

According to the article, a security company was hired to try and break into a client’s firewall without detection, but they weren’t allowed to use social engineering tactics (like a phone call with tech support or phishing) nor were they allowed to have physical contact with the client’s computer system to gain entry. They had to think up another way to break in without setting off alarms.

To get around these barriers, the company came up with an  ingenious  idea: a mouse laden with hidden tools that would allow the company to have access without the client knowing. The mouse’s internal system was reconfigured, and a hidden memory drive inside was designed to disable the security detection software in the computer and ensure that no notification was given to the user. They were able to get the user to install the mouse by sending it to an employee disguised as some type of special freebie promo.

Now, I obviously wouldn’t expect that any domain companies would be brazen enough to do something like this (or have any interest in doing something this malicious), but you should always watch what you put into your computer. Hackers may leave a flash drive laying around or may even manipulate one of the free drives given away at conferences. I am sure there are many ways this can be done effectively.

I’ve heard rumors of wifi snooping at conferences in the past, and I wouldn’t put it by someone to try something like this. You never know.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

10 COMMENTS

  1. I would love to hear from a techie on this point.

    1. Can someone gain access or install a virus from a mouse or USB drive?

    2. Can anyone hack into your computer if you are using free wifi at a hotel domain conference?

    3. Can anyone hack into your computer from a wifi connection?

  2. Beware of the guy with the turbin giving out flash drive with list of his 35000 domains. It installs bonet software that creates clicks to ads on his names accredited to your ip.

  3. @ Rob. Im not really a techy, but the answers to your questions 1,2,3 are a combination of easily yes, and very easily yes. Its a jungle out there 🙂

  4. Anything sent over wifi can be intercepted by a 3rd party with easy to find software and off the shelf equipment. All but the most strongest encryption is breakable within human timeframes. Also the ‘very strong’ commercial algorithms like RSA were broken years ago, and the WEP/WPA weak algos actually have built in backdoors.
    There is also the ‘fake base station’ exploit whereby the hacker simply sets up ‘Free WiFi’ as their SSID and sniffs every packet passing through THEIR hardware. The 99% unsuspecting user notices nothing, as they are online and think everything appears fine.
    If the hacker actually has physical hardware access to the system, eg with a usb or mouse then taking the PC is far easier still.
    These attack risks can be mitigated by common sense and AV/other security software but cant be eliminated.

  5. I think this is the original article:
    http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/

    I’m on the mailing list for the security firm who did this (Netragard); they sent this out on Friday the 24th.

    Here’s the relevant portion of the email:
    I just finished writing a blog entry that I thought you’d find particularly interesting (typo’s included).

    The article is about a hacking technique that has been around for about a year, but is not well known outside of hacking circles. This technique turns USB devices into attack plaforms through which hackers can infect and/or compromise entire network infrastructures. This is very different from the oterhwise well known USB hacking methodologies, and there’s no easy way to defeat the attack once a tainted device is plugged in.
    Let me know what you think and of course if you have any penetration testing requirements that we might be able to help you satisfy we’d be more than happy to help.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Slice Acquires Slice.com After 8 Years

1
Slice is a company that helps independent pizzerias with technology, marketing, and operations solutions. In fact, I have used Slice when ordering from our...

Afternic: Pending Sync

1
I hand registered 29 domain names at GoDaddy two days ago. I registered them in two swaths - 20 names and 9 names. Afternic...

Candy.com Acquired by Hilco Digital

8
In 2021, the Candy.com domain name was sold for an undisclosed sum in a deal brokered by Andrew Miller of Hilco Digital and Amanda...

Darpan Munjal Doing AMA on X

1
I have always appreciated how Atom.com CEO Darpan Munjal has been willing to share data freely. It's helpful to see what types of domain...

Results from One Month with Afternic Boost

20
Afternic began charging for its upgraded "Boost" features on September 4th. Instead of paying 15% commission for selling a domain name via Afternic with...