
Dead Drops: what to do if you see a USB stick sticking out of a wall - TuxMulder
http://www.theguardian.com/artanddesign/shortcuts/2015/mar/08/dead-drops-what-to-do-if-you-see-a-usb-stick-sticking-out-of-a-wall
======
driverdan
If I wanted to do something like this I'd create open WiFi access points
called something like "DeadDrop". They wouldn't be connected to the internet.
Instead they'd forward you to a locally hosted site that let you download and
upload from local storage.

WiFi has a lot of advantages. You eliminate the risk of USB attacks, physical
damage to the device, and the actual location is unknown. The downside is that
it would require power.

~~~
adventureloop
The Pirate Box[1] firmware is the perfect thing for this. The problem is
finding power to keep the box running, but with wifi, you can hide the box
somewhere out of site.

I have always thought it would be cool to set up a piratebox somewhere running
from a solar panel. Then in daylight hours the dead drop would be there, but
it would be gone at night.

[1]: [http://piratebox.cc/](http://piratebox.cc/)

~~~
rkda
There's an Android version in case you have old smartphones lying around.
They're more powerful than the OpenWRT routers and they do have their own
power. You need to root your phone first though.

[http://piratebox.cc/android](http://piratebox.cc/android)

------
dr4g0n
> If you spot a USB flash drive cemented into a wall or kerb, you may have
> stumbled across a Dead Drop, part of a global art project borrowing tricks
> from the world of espionage

Or, you might have stumbled across 240VAC wired to a USB connector.

~~~
pavel_lishin
I wonder if that would be worse than carefully crafted malware.

~~~
vanderZwan
Since sharing USB flash drives is pretty much the equivalent of having digital
unprotected sex anyway, I'm sure you'll get that soon enough.

And it can get much, much worse than plain old viruses too:

[https://www.youtube.com/watch?v=nuruzFqMgIw](https://www.youtube.com/watch?v=nuruzFqMgIw)

------
will_brown
The article mentions USB attacks/exploits...but even more dangerous would be
child pornography,at least in the US such a crime does not require _intent_
(as automatic as it gets in a criminal context) simply being in possession or
even constructive possession would lead to a conviction and a lifetime
registration on the sexual offender list.

~~~
speakeron
>The article mentions USB attacks/exploits

I'm not sure that it does. The countermeasures mentioned are for protecting
against good old file-based executable exploits. I don't think they even
understand the concept of firmware exploits.

------
speakeron
Not a good idea. This risks getting owned from the BadUSB exploit.

~~~
tach4n
In the article it's said that's explicitly part of the idea - it's supposed to
be dangerous.

~~~
onion2k
It's supposed to _appear_ dangerous. The first time anything actually
dangerous happened the user would immediately stop using them. Or worse,
they'll end up in prison. Copying a random zip file of the Anarchist's
Cookbook on to your PC will get you a few hours of questioning by the police
and a caution not to be so stupid as to be a pretend spy again; why you
downloaded an archive of several thousand child porn pictures is quite a bit
harder to explain away as a bit of fun.

~~~
wyager
> Copying a random zip file of the Anarchist's Cookbook on to your PC will get
> you a few hours of questioning

Not in the US. I could download a hundred copies from every sketchy warez site
on the internet without violating any laws.

~~~
onion2k
The same is true here in the UK. It's not a crime to have the file, but it'd
be reason enough for the police to request you 'voluntarily' answer some
questions about where you got it from and why. If you refuse to answer
questions however, then it's a crime.

~~~
Starwatcher2001
Since when has it been a crime in the UK to refuse to answer questions from
the police?

------
polymathist
So I found one of these in my city. The Dead Drops homepage has a list of all
known locations: [https://deaddrops.com/](https://deaddrops.com/). Took a
while to find the exact spot, and when I plugged in... nothing. The drive was
completely exposed to the elements without much protection, so it was rusty
and as far as I could tell useless. I have a hunch that most of them suffered
similar fates.

------
freehunter
A more surreptitious spy would have a piece of hardware that can manipulate a
USB drive without needing a full laptop. Any small USB host would do, from an
old MP3 player to a Sony PSP.

~~~
MaximillianII
Tutorial? :)

~~~
xenophonf
Start here:

[http://youtu.be/D8Im0_KUEf8](http://youtu.be/D8Im0_KUEf8)

See also:

[http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-
de...](http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-devices-with-
python.html)

[http://travisgoodspeed.blogspot.com/2012/10/emulating-usb-
df...](http://travisgoodspeed.blogspot.com/2012/10/emulating-usb-dfu-to-
capture-firmware.html)

[http://goodfet.sourceforge.net/hardware/facedancer21/](http://goodfet.sourceforge.net/hardware/facedancer21/)

------
spiritplumber
Looks like a pretty good way to break the USB connector off. Wouldn't a short
length of wire be better?

~~~
Roritharr
It seems you are already one step ahead of german law enforcement:
[http://www.express.de/image/view/2015/1/23/29952904,31875408...](http://www.express.de/image/view/2015/1/23/29952904,31875408,highRes,maxh,480,maxw,480,01K+22_71-80870384_ori.jpg)

m(

(From the german tabloid article: [http://www.express.de/koeln/eingemauert-in-
einer-fassade-bom...](http://www.express.de/koeln/eingemauert-in-einer-
fassade-bomben-bauplan-auf-oeffentlichem-usb-stick-in-der-koelner-
suedstadt,2856,29952848.html) )

------
hamitron
I was really into this about a year ago, so I placed one in a brick wall near
my apartment. The device probably made it three days before being completely
covered in rust.

------
ende
So its a USB glory hole?

------
nodata
Or you might fry your laptop.

------
chewyfruitloop
i'm pretty sure this is an old concept from the early usb storage days...
(found this on archive.org from 2010
[https://archive.org/details/Net_At_Night_175](https://archive.org/details/Net_At_Night_175)
) wonder why its becoming a "thing" again

~~~
jacobwcarlson
The article explicitly states that this project started in 2010.

~~~
chewyfruitloop
fair cop....still wonder why its come back up again after so long

------
naoru
Or you can raise suspicion, get caught on surveillance camera and have a talk
with a police officer. Yeah, there might be ways to avoid that, but in case of
failed attempt there will be one more thing to explain.

------
freehunter
This is a meta comment, but does it seem like this post is attracting a more-
than-usual amount of new posters? Maybe the site in general is getting more
popular, I don't know, but on ~30 comments, there are four useless comments
from green accounts, and the submitter is a green account. Just seems to be
more than average.

------
cgtyoder
tl;dr: Admire the ingenuity of it all for 10 sec; move along.

------
JoeAltmaier
e-geocaching

------
sigzero
I'd take it. Free USB stick! /s

