The National Security Agency says it now has tech to spot USB keys being used to steal data from PCs.
Any network stretching across a few offices or locations is easily exposed to the threat of a naive or disgruntled employee, competitor or worse, worming their way in and slapping a USB dongle in the back of a machine. Once on, a well-crafted program can strip data, plant listening tools or more destructive code on the network.
Aware of the threat, the NSA has built a tool (
22 page PDF link here) to report such activity,
simpler summary story, here. The only problem, at the moment, is that it is only available for US government agencies to deploy. But the amount of corporate data being strip-mined by rivals/foreign competitors and other agencies is serious enough to warrant a commerical version or for someone else to develop one.
With some genuinely horrifying stories out there of corporate data theft, the issue is one that all companies should take steps to address, with or without the help of big brother. From Mexican police finding data from the Los Alamos Nuclear National Laboratory to tales of admins tracking down terabytes of data to foreign servers, the threat is very real.
Hardened admins and technically-minded wags can suggest policies and settings to limit the damage, or point holes and workarounds in the NSA's defences, or suggest the old chestnut of moving off Windows. But, as a belated alert to anyone not worried about data security, its a solemn reminder. And given that this is version 3.0, perhaps it has already been in use for some time.