Imagine that the authorities have an interest in what’s on your computer.
It might not be that you’re an online criminal hacking into servers, writing malware, or running an underground website like the Silk Road. It could equally be the case that you’re a political activist, a journalist or a whistleblower.
Whatever the reason, it might be the case that you have a very good reason for not being that keen for law enforcement agencies or other adversaries to seize your computer and find out what you’ve been doing on it.
And, because of that, you might want a method for quickly disabling your computer and preventing others from accessing any information that you wished to remain private.
It’s that requirement that a developer calling themselves Hephaest0s has attempted to address with a recently-published Python script.
The code, called USBKill, is designed to effectively prevent forensic analysis by rapidly shutting down a computer.
“USBKill keeps watch on the computer`s usb ports, and if any change is observed it will shut down (kill) the computer. This means that if you add or remove a usb drive, the computer (running usbkill) will immediately crash.”
Of course, just shutting down a computer may not be enough to prevent a trained investigator from determining what you were doing on it. You should really have ensured that your hard disk is fully encrypted too or ensured that any work you wish to remain secret is done inside a virtual machine that refreshes to a safe, non-incriminating version when the computer is restarted.
Nonetheless, a facility like USBKill could certainly be a nuisance for computer cops, who typically – after raiding a suspect’s address – use a USB “mouse jiggler” to prevent PCs or Macs from entering sleep mode or activating a password-protected screensaver, so they can recover information about what is currently running on the computer or in its memory.
Hephaest0s says that if you are particularly concerned about such a scenario, you might want to take measures to increase the chances that your laptop will immediately shut down if you are raided:
Tip: Additionally, you may use a cord to attach a USB key to your wrist. Then insert the key into your computer and start usbkill. If they steal your computer, the USB will be removed and the computer shuts down immediately.
In addition, Usbkill might help protect your data from other risks.
For instance, if an unauthorised USB stick is plugged into the computer it could initiate a rapid shutdown, preventing a third party from stealing data or implanting malware.
So, it’s probably incorrect to assume that USBKill would only be of interest to criminals – it does have legitimate uses too.
But before you rush to install it on your personal computer, be sure to think about the possible consequences. After all, it would be an awful shame if you accidentally wiped out the work you were doing because you forgot the software was installed and either pulled out your USB stick or plugged a new one in which hadn’t been whitelisted.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 27, 2024
December 24, 2024
December 19, 2024