If I wanted to do something like this I'd create open WiFi access points called something like "DeadDrop". They wouldn't be connected to the internet. Instead they'd forward you to a locally hosted site that let you download and upload from local storage.
WiFi has a lot of advantages. You eliminate the risk of USB attacks, physical damage to the device, and the actual location is unknown. The downside is that it would require power.
The Pirate Box[1] firmware is the perfect thing for this. The problem is finding power to keep the box running, but with wifi, you can hide the box somewhere out of site.
I have always thought it would be cool to set up a piratebox somewhere running from a solar panel. Then in daylight hours the dead drop would be there, but it would be gone at night.
Radio direction finding is well known and easily performed. The location may not be immediately obvious, but a knowledgeable person could find it without much difficulty.
I wonder if you could use Bluetooth Low Energy instead of WiFi as the power saving can last years. iBeacons have the potential to last years on a single battery. Probably not ideal for transferring large amounts of information though.
I've often wondered about how much power it would take to run a wireless SD card (enough to be solar powered?) and how the software could be extended to allow uploads.
> If you spot a USB flash drive cemented into a wall or kerb, you may have stumbled across a Dead Drop, part of a global art project borrowing tricks from the world of espionage
Or, you might have stumbled across 240VAC wired to a USB connector.
The article mentions USB attacks/exploits...but even more dangerous would be child pornography,at least in the US such a crime does not require intent (as automatic as it gets in a criminal context) simply being in possession or even constructive possession would lead to a conviction and a lifetime registration on the sexual offender list.
I'm not sure that it does. The countermeasures mentioned are for protecting against good old file-based executable exploits. I don't think they even understand the concept of firmware exploits.
Since the BadUSB exploit is a MITM for data going through the USB interface, it's existence doesn't increase the risk. All the executable files could just be infected to start with.
It's pretty much the worst idea to execute random files you find in the street anyway so the risk probably isn't that high in the first place.
So I found one of these in my city. The Dead Drops homepage has a list of all known locations: https://deaddrops.com/. Took a while to find the exact spot, and when I plugged in... nothing. The drive was completely exposed to the elements without much protection, so it was rusty and as far as I could tell useless. I have a hunch that most of them suffered similar fates.
A more surreptitious spy would have a piece of hardware that can manipulate a USB drive without needing a full laptop. Any small USB host would do, from an old MP3 player to a Sony PSP.
Something like the Raspberry Pi would probably work well.
It's small, can be powered from a battery pack, you can add some scripts that automount the USB stick and copy everything off (and/or add some things of your own)
As far as small USB hosts, an Android phone with a USB OTG cable would be a pretty nice way to connect to something like this and copy files back and forth. I don't think they're very vulnerable to most of the usual potential nastiness of a malicious USB device.
But no matter what sort of device you're using, it's pretty far from anything an actual spy might use. Any actual spy would want something discrete enough that you could be watched, videotaped, and photographed from multiple angles while making or picking up the drop, and even with endless analysis of the recordings, still have the security service not know that anything happened.
Some of Tom Clancy's books are pretty decent on realistic spy tradecraft, even if they're dicey on other subjects.
If we're talking about general tradecraft, in a how would you do it vein. I suspect a small internet-enabled device set to randomly transmit some time in the next few days or so, that sends OTP encrypted messages to as many people as it can, including the destination, and that self-destructs... releases acid or whatever into the chips... once it's done or if it's tampered with, would be hard to trace back the sender.
Throw it in a bin along with your morning coffee in a place thousands of people go a day - it'll get mixed in with all the other trash in a landfill somewhere and then good luck finding whose trash it went there with....
I was really into this about a year ago, so I placed one in a brick wall near my apartment. The device probably made it three days before being completely covered in rust.
i'm pretty sure this is an old concept from the early usb storage days... (found this on archive.org from 2010 https://archive.org/details/Net_At_Night_175 )
wonder why its becoming a "thing" again
Or you can raise suspicion, get caught on surveillance camera and have a talk with a police officer. Yeah, there might be ways to avoid that, but in case of failed attempt there will be one more thing to explain.
This is a meta comment, but does it seem like this post is attracting a more-than-usual amount of new posters? Maybe the site in general is getting more popular, I don't know, but on ~30 comments, there are four useless comments from green accounts, and the submitter is a green account. Just seems to be more than average.
[+] [-] driverdan|11 years ago|reply
WiFi has a lot of advantages. You eliminate the risk of USB attacks, physical damage to the device, and the actual location is unknown. The downside is that it would require power.
[+] [-] adventureloop|11 years ago|reply
I have always thought it would be cool to set up a piratebox somewhere running from a solar panel. Then in daylight hours the dead drop would be there, but it would be gone at night.
[1]: http://piratebox.cc/
[+] [-] task_queue|11 years ago|reply
[+] [-] arbitrage|11 years ago|reply
[+] [-] martin-adams|11 years ago|reply
[+] [-] admax88q|11 years ago|reply
[+] [-] adolph|11 years ago|reply
http://www.monoprice.com/Product?c_id=117&cp_id=11709&cs_id=...
See previous commentary: https://news.ycombinator.com/item?id=6195627
[+] [-] p00b|11 years ago|reply
[+] [-] dr4g0n|11 years ago|reply
Or, you might have stumbled across 240VAC wired to a USB connector.
[+] [-] pavel_lishin|11 years ago|reply
[+] [-] will_brown|11 years ago|reply
[+] [-] speakeron|11 years ago|reply
I'm not sure that it does. The countermeasures mentioned are for protecting against good old file-based executable exploits. I don't think they even understand the concept of firmware exploits.
[+] [-] speakeron|11 years ago|reply
[+] [-] upofadown|11 years ago|reply
It's pretty much the worst idea to execute random files you find in the street anyway so the risk probably isn't that high in the first place.
[+] [-] tach4n|11 years ago|reply
[+] [-] yk|11 years ago|reply
[+] [-] cplease|11 years ago|reply
[+] [-] polymathist|11 years ago|reply
[+] [-] freehunter|11 years ago|reply
[+] [-] tehmaco|11 years ago|reply
It's small, can be powered from a battery pack, you can add some scripts that automount the USB stick and copy everything off (and/or add some things of your own)
[+] [-] ufmace|11 years ago|reply
But no matter what sort of device you're using, it's pretty far from anything an actual spy might use. Any actual spy would want something discrete enough that you could be watched, videotaped, and photographed from multiple angles while making or picking up the drop, and even with endless analysis of the recordings, still have the security service not know that anything happened.
Some of Tom Clancy's books are pretty decent on realistic spy tradecraft, even if they're dicey on other subjects.
[+] [-] 6d0debc071|11 years ago|reply
Throw it in a bin along with your morning coffee in a place thousands of people go a day - it'll get mixed in with all the other trash in a landfill somewhere and then good luck finding whose trash it went there with....
[+] [-] ekianjo|11 years ago|reply
[+] [-] MaximillianII|11 years ago|reply
[+] [-] spiritplumber|11 years ago|reply
[+] [-] Roritharr|11 years ago|reply
m(
(From the german tabloid article: http://www.express.de/koeln/eingemauert-in-einer-fassade-bom... )
[+] [-] fennecfoxen|11 years ago|reply
[+] [-] hamitron|11 years ago|reply
[+] [-] ende|11 years ago|reply
[+] [-] nodata|11 years ago|reply
[+] [-] chewyfruitloop|11 years ago|reply
[+] [-] jacobwcarlson|11 years ago|reply
[+] [-] naoru|11 years ago|reply
[+] [-] freehunter|11 years ago|reply
[+] [-] cgtyoder|11 years ago|reply
[+] [-] JoeAltmaier|11 years ago|reply
[+] [-] haiman|11 years ago|reply
[deleted]
[+] [-] haiman|11 years ago|reply
[deleted]
[+] [-] sigzero|11 years ago|reply