Corporate and government computer networks are being compromised in several ways to deliver intelligence and economic advantages to the perpetrators of such attacks. Mechanisms include the installation of malicious softwares that open communication backdoors, trojans and worms, all intended to steal sensitive information or execute tasks not intended by the owners of the targeted equipment.
One class of attacks involves using peripheral devices that are connected to computer terminals or personal computers that might be part of corporate or government networks. Embodiments of such peripherals can be as varied as computer mice, keyboards, or personal flash drives that connect to the host computer via some kind of communication bus such as the Universal Serial Bus (USB). Examples of this class of attack follow in the next three paragraphs.
To siphon sensitive information off of an insulated network, an attacker may create a hidden volume on a USB flash drive to which sensitive information is stored when the USB drive is attached to a host computer. Once the victim attaches the USB drive to a computer outside the insulated computer network, the stored files are surreptitiously uploaded to a server where the attacker can access them.
To combat an organization's personnel from intentionally storing sensitive data on USB enabled peripherals, organizations have disabled common operating system features, such as the auto run feature for USB mounted drives, or even disabled mounting USB enabled storage peripherals. However this presents significant convenience issues to personnel and no longer suffices to thwart newly evolved methods of obtaining the data.
The elementary security counter-measures just mentioned have been eclipsed by more involved schemes that involve the use of a customized USB peripheral. The USB device, outwardly masquerading as a USB storage device, instead identifies itself to the host computer as a keyboard. Once it is allowed to connect, the USB device sends the host a preconfigured set of malicious commands. The host then trusts the keyboard as the origin of the commands and processes the commands inputted to the computer operator. The attack is analogous to allowing an extremely fast-typing hacker to use the keyboard of a computer.