The threat to information systems posed by visitors or disgruntled employees, vendors, etc. who might bring USB thumb drives to your facility is growing as these devices not only have grown in capacity to hold many GB of data, but also are showing up in many "disguised" forms, such as a "lipstick", or this ballpoint pen/USB drive. Adding to the problem, there are complete operating systems (sometimes called "LiveDistros", such as Damn Small Linux) now for these drives that permit the user to mount the drive, boot into the OS on the thumb drive, conduct business using a variety of apps he brings with him (for instance, there's a complete VOIP PBX/soft phone called "[email protected]" you can run, complete with the OS and Apache server, from a 2GB drive) and then he carries virtually every crumb of the evidence of his activity away with him instead of leaving it on the computer whose USB port he uses. There's a thumb drive, incidentally, that has the jacks required for a microphone and ear buds that you can use with the VOIP application to make Internet phone calls from your parasite machine. These things, together with the LiveDistros and the apps they can implement, are becoming very scary. Even if you just used such a device in an old-fashioned dead-drop operation, it wouldn't take but a few drops to transfer the important content from a research lab system right out the front door. And you'd probably chuckle when you stop at the front desk to sign the security log as you leave...using your USB thumb drive/pen.
If only Sandy Berger had had one of these and one of the tiny USB-ported pocket scanners, he wouldn't have had to stuff documents from the National Archives down the front of his pants. So much more elegant...
If only Sandy Berger had had one of these and one of the tiny USB-ported pocket scanners, he wouldn't have had to stuff documents from the National Archives down the front of his pants. So much more elegant...

Comment