Search
X

Common Search Terms
Defensive Gun Use DGU Shooting
Stay Informed!
X

Get EBGC Gun News sent directly to you!
Email:
GUN NEWS
ebgc
X
Are USB devices helping Chinese Intelligence?

Resource: http://jesterscourt.cc/2014/03/14/what-would-i-do-if-i-was-in-the-chinese-pla/
Do you know anyone who "vapes"? Vaping is the use of the electronic cigarettes and vaporizers that are starting to pop up everyone.

Would your friends be interested to know they may be helping Chinese intelligence services to hack into America's cyber networks and collect data on American citizens, American companies, and American governments?

According to @th3j35t3r (the Jester), a well known cyberwarrior that may be exactly what they are doing. In an article called "What would I do if I was Chinese PLA", Jester lays out the case that "this is a theoretical scenario, theoretical but entirely possible, if not probable".



A compelling case is laid out about the popularity of vaping - as well as all the cool little USB charging coolers, nerf guns, and other assorted products "Made in China". He starts specifically talking about e-cigarette chargers:




The one you see above comes with the ‘eGo’ kit freely available in the US and ‘handily’ comes with a detachable wall socket bit, because we all know it’s easier to just throw it in our PC right? After all it’s only a charger for a vape pen, what harm can it do?

Well it’s Model number: EK-928-C and it’s ‘Made In China’.

And I’d like to know why every time I plug it into my freaking Windoze PC, a TCP connection opens up to Chinese IP space, from a service or persistent process that is present on most Windows PC’s that resides in a well-known area of a Windows filesystem?





























Jester delves into some technical details explaining what happened every time he plugged that charger into a USB port. Long story short for the non-technical crowd, the charger loads a common looking application and connects through the web to a Chinese IP address.

Could it be harmless? Sure. But if it looks like a duck and quacks like a duck... it's probably Peking Duck.


But it gets worse, you know all those desk toys, like the coffee warmer, and the mexican jumping bean thing, all those ‘office toys’ you can get from ‘thinkgeek.com’ and similar, that only come with a little USB plug you have no choice but to drop in you PC (whichever PC you are near) they are all made in China.

Ask yourself this. Where’s the wall adapter, and why is it so convenient that I plug this purely ‘power charging’ device into my PC, its got no storage, or phone home capability? Right?

This shit has already been done, why we never learned from the greeks trojan horse, I’ll never know.

















Read the full article and take a step back and think before plugging anything into your USB port. There's a reason secure facilities of the government, military, and corporations have banned USB sticks and started getting computers without the ubiquitous ports.

We have an upcoming series called Hidden Heroes that will features people who have and / or continue to operate in the shadows to protect our freedoms. Jester is the first person we're profiling. That article was going to come out next week but sometimes the world doesn't wait for our schedule. We thought this recent post by Jester was worth getting out immediately and not something to hold off on until we post the profile.

Posts: News / Are USB devices helping Chinese Intelligence?

Posted By: Tisiphone
03/14/14 12:05 PM

I promised on Facebook I would write a bit about this, so here we go. :)

FIrstly, there are exactly 10 infosec people who enjoy being called a 'cyberwarrior'. Eight are in the military. Everybody else who does cyber type things in the military giggles every time the phrase is used. ;)

I also feel it necessary to point out that @th3j35t3r is not only famous, but occasionally infamous. By reposting this you have unintentionally picked a side in the woefully neverending 'j35t3r vs anti j35t3r vs who the hell is j35t3r dispute. His credibility is a matter of contention. I liked the post (and enjoy reading his posts) but a many in security would not agree.

This is a really interesting speculative article. However, I fear that it may mask a real problem that exists right now. Industrial espionage using computers is very real, happening right now, and a bigger problem than most people realize. This includes everybody from governments and corporations and design firms, to their employees and vendors. It doesn't take a sophisticated device to be targeted, to spy on ambient sound or video, or to break into a network in general. There are enough latent weaknesses in our defenses currently that such things are frequently unnecessary. Attributing all of these attacks to the PLA is also popular, but perhaps a bit of a leap. There are plenty of cybercrime organizations in Asia and Eastern Europe who are creating as or more sophisticated malware than nation states, and they're just about as scary as any government. Many of these organizations are happy to sell stolen data to the highest bidder.

Something important to take away is that not only are criminals interested in stealing our own personal data, but that we also may be targeted as part of our affiliated organizations. If I were to target a company's data, a first thing I'd do is research their employees and their habits, and target them when they were in less defensible locations. This might mean a phishing email to their personal address that includes their child's school name, or mailing them an infected USB drive as a 'promotional item'. Studies show people tend to be more than willing to plug any USB drive in. My own experience agrees.

We absolutely always need to consider the devices we plug into our computers at home and work; even more if we are carrying them across networks. What is laid out in this article is technically feasible. However, from an infosec perspective, the much bigger and totally real problem in industrial espionage is the total lack of regard employees have for plugging USB devices into anything on any network, and thereby constantly carrying malware (or in cases like Flame malware, exfiltrated data) between them. This is mostly ordinary mass storage devices in our flash drives, phones, and MP3 players. By doing this, we're doing the hacker's work for them. A compromised home or contractor network can easily become a compromised company. We saw this situation in the Target breach, where a small contracting vendor was breached in order to access their entire network.

USB hygiene is a very real problem, but we don't need to put on our tin foil hats to delve into it. Its here, and industrial espionage using this and other methods is causing massive headaches for security teams, now. Just yesterday news articles pointed out that secrets stolen from Lockheed computers in 2007 just showed up on a Chinese stealth fighter.

Jason, I like how you finish this post - you're also bringing us full circle to the fact that USB devices of all sorts are a problem right now. We must not lose sight of this.

I wrote a bit more about this problem at a high level here: and I'm happy to discuss it more.

Sorry for the rant! This is the stuff that keeps me awake at night.
Posted By: Jason
03/14/14 01:10 PM

Never apologize for ranting. Especially when you know your shit.

I agree that @th3j35t3r is a lightning rod but, given the background of what is known and commonly accepted about him (i.e. former SOF soldier, deployments overseas, etc), I'm comfortable that he is the exception to the rule and defines a cyberwarrior whereas I would venture most of USCYBERCOM can't meet that definition but love being called that. I don't mind picking a side in that battle because I believe you can often tell a lot about a person by their enemies.

Jester's article is speculative, as he admits, but helps to highlight just how open the problem is. That's what I liked about it. If you tell people their Chinese made USB is helping out the Triads, they look at you like you're an idiot because Joe Blow doesn't realize the level of technical sophistication that criminal organizations have reached. And really, if they've watched any movie they should know the Chinese guy is the hacker... sheesh.

Your comment about promotional items and your article you linked to got me thinking about SHOT Show in January. How many USB's were given out? I know that one of our friends (an admitted collector of all things free at SHOT) came home with close to a terabyte of storage on hundreds of USB's. Considering I saw digital files still in Word (who releases a file in Word anymore... PDF much?) on these drives it's likely no one took the time to see if the lowest bidder played with any of the drives that they were screenprinting with firearms company logos.

At the very least it would be an interesting research project for another day.

I didn't hear about the Chinese J20 upgrades and data theft until you posted it, so thank you. Let's hope that works as a good enough reminder for people in the defense industry to consider data security an actual threat to national security.

And, I'm just saying, you could write a blog post here about the basics of digital data security for those of us who aren't industry experts on data security. Just... saying.