USB 'Dead Drops'

Okian Warrior writes "Aram Bartholl is building a series of USB dead drops in New York City. Billed as 'an anonymous, offline, peer to peer file-sharing network in public space,' he has embedded USB sticks as file cache devices throughout the city. Bartholl says, 'I am "injecting" USB flash drives into walls, buildings and curbs accessible to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your files and data.' Current locations (more to come) include: 87 3rd Avenue, Brooklyn, NY (Makerbot), Empire Fulton Ferry Park, Brooklyn, NY (Dumbo), 235 Bowery, NY (New Museum), Union Square, NY (Subway Station 14th St), and West 21st Street, NY (Eyebeam)"

Yeeeahhh

[Anonymous Coward]

Turn off AutoPlay first, kids. You'll thank me later.

Dead drops?

[nebaz]

Is that kind of like a Glory Hole? Probably the same number of viruses.

Engineering aspects:

[gblackwo]

Ok, so they chose to leave the male end sticking out of the wall- and instead of using some sort of extension cord plug the laptop directly in. It will not take much wobbling of the laptop to create a large amount of shear stress on the usb stick leading to failure.

Also I'm sure many will complain about the possible dangers of viruses but imagine worse. How much damage could you do with a usb stick? It wouldn't be impossible to rig a car battery to the contacts from the other side of the wall.

Re:Sounds great!

[entotre]

kudos to the person who will find them all and format to ext4 file system.

So this is what passes for clever these days

[Night Goat]

What the heck is the point of this? Sometimes I hate artists. Here's an idea, just give someone a USB drive when you want to share files with them. Or mail it. Or I guess call it art and attach USB drives to walls. Move over Van Gogh, there's a new master in town!

Re:Sounds great!

[MichaelSmith]

A better way would be to build a simple open wifi AP. No internet connection, just storage.

Although

[ani23]

It's kinda pointless and possibly dangerous there's something cool about a USB port in a brick wall. It's like plugging into the unknown

How stupid can you get?

[gweihir]

Apparently, this person is willing to expose himself as a complete moron, just to get a bit of publicity. This is not even original, security experts have been using something very similar as network penetration technique for years.

Re:Yeeeahhh

[HungryHobo]

Ya I would have thought an open wifi network connected to a little ftp server (but for fun not the internet)would make a far better dead drop.
for one you wouldn't have to be so obvious about connecting to it.
Sitting in a coffee shop across the street would be far less conspicuous.

It's like the 70's and 80's

[WED Fan]

...its like the era of near anonymous sex, eventually people started dying after hooking up. How long before we see people killing their computers, or going to jail because they plugged in and xferred something really illegal?

This is REALLY smart.

Re:Cool

[Andy Smith]

He would KICK ASS... with a cool voice.

Re:Yeeeahhh

[TheScreenIsnt]

YOU, sir or madam, have the idea. I'm disappointed by the modded-up comments on this one. Of course the idea as implemented is pretty much a disease vector with no utility. The interesting question is what would happen if we had local public wifi darknets sitting around. Of course they would be plagued by malware as well, but /. starts to sound like The Man when it wants to shoot down a nice anarchical idea because it's obviously not secure. Net neutrality goes away, your precious torrents become unavailable, and all of a sudden we have good reasons to go local and dark. "But how would you know that you're actually connecting to..." ...I know, but let's not be too safe, here. There is such a thing.

Cops Will Not Like This...

[IonOtter]

From a geek perspective, I think this is awesome. It combines all the fun of geocaching with the rewards of actually getting something. I do think that viruses would be a concern, yes, but at the same time, anyone looking for one of these things is going to expect that, and will either be protected somehow, or will be using a machine they can keep in quarantine.

From an art perspective, I think this is awesome. It's funny, fresh and gets people outside, exploring their world. It's using available materials to change the way people look at common, everyday items.

From an engineering perspective, all I can see is broken USB hubs stuck in my port because I sneezed too hard. Or shorted out the port because it was wet on the inside of the plug. Or someone thought they were cute and put some WD-40 in there, instead of electrical contact cleaner.

But from an societal point of view, I see strangers walking up to a building and holding their computers up against the wall. That's fine for things like monuments, park statues and maybe even trees in a park? But doing that outside a business might get you in trouble.

Do it anywhere near someplace the NYPD consider "sensitive", and you might just become the latest headline news.

Re:It's like the 70's and 80's

[suso]

Exactly, what a bunch of idiots.

People doing this are going to discover that cops may not care much when you transfer copyrighted files over the net from the privacy of your own home, but they will care and will take notice when people start acting suspiciously in open public areas. People will probably start being arrested on suspicion of trading drugs, planting bombs, etc.

Re:cfdisk /dev/sdb; mkfs.ext4 /dev/sdb1

[havardi]

Partition the usb drive into two. sdb1 is a tiny ntfs partition with some barney pics, and sdb2 is ext3 with all the awesome stuff on it. Windows won't even know how to access the 2nd partition AFAIK. Last time I checked Windows wouldn't even let you partition a usb thumbdrive w/ more than 1 partition.

Re:Yeeeahhh

[w0mprat]

+1 Better yet, randomly vary the transmit power to prevent simple triangulation of the wi-fi access points location. I considered this some time ago, I figured it would also need some code to figure out who was getting too close to the hidden antenna and drop transmit power or the connection outright to mask the actual location. I also figured the network would need to occasionally switch off and vanish if devices nearby were lurking and not sharing, even with that, no way to defeat passive wifi sniffing.

Promiscuously connecting your laptop or mobile device to USB drives is a sure fire way to get pwned. OSes generally do not have the same level of protection to a physically connected storage device as they do to their network devices.

Stay away!

[rock56501]

Just wait until someone drops kiddie porn on it or the latest malware!!

He seems to be forgetting something

[AlfaMike]

The guy obviously overlooked the "people are assholes" factor. Some jerk will eventually show up with a hammer and destroy the thing just for the hell of it.

Re:cfdisk /dev/sdb; mkfs.ext4 /dev/sdb1

[redhog]

I can confirm that this works - I have a usb drive w one fat partition and one ext3. The fat one contains putty, winscp and stuff like that, plus a private ssh key. The ext3 one contains another private ssh key, plus a private gpg key. Never had any problems with windows trying to do anything with the ext3 partition. Linux mounts both of them :)

Re:Good way to get your laptop attacked

[Nyder]

And here is an article on this exploit technique:

http://www.dailytech.com/USB+Drive+Malware+Exploit+Windows+7+Flaw+in+Apparent+Espionage+Effort/article19065.htm

http://www.dailytech.com/USB+Drive+Malware+Exploit+Windows+7+Flaw+in+Apparent+Espionage+Effort/article19065.htm [dailytech.com]

What, you can't actually make a link?

Why is parent +5 Insightful?

[RichiH]

> I figured it would also need some code to figure out who was getting too close to the hidden antenna and drop transmit power or the connection outright to mask the actual location.

1) If I sniff only, you will not detect me
2) No matter what you do, unless you switch positions, I can find you over time

> I also figured the network would need to occasionally switch off and vanish if devices nearby were lurking and not sharing, even with that, no way to defeat passive wifi sniffing.

How will you find out that I sniff when I only sniff? I will send _nothing_.

You did not consider all attack vectors

[RichiH]

I can put a JPG, MP3, PDF, anything that exploits a zero-day (or known) vulnerability on the drive. As you will not only _copy and store_ but _open_ the files...

Also, what stops me from emulating a keyboard and entering a load of crap? "Windows-c (?) deltree c:\\ /y\n" comes to mind.