Title: Interesting new DLP evasion and theft device...
Post by: nightmare44 on October 30, 2009, 09:16:06 AM
I ran across a discussion on another forum about some new data theft device. Although i'm still skeptical of it's legitimacy. The poster was introduced to it in either China or Korea. Here is his post from the forum:
Features of this data theft product:
- Looks like a typical video adapter
- Plugs into your DVI/VGA port, has another DVI/VGA port on the other end for relay of video signals.
- Does not use USB port
- Comes with 16GB/8GB storage
- No wireless comms
- No built-in power, draws power from video output port, no energy signature when unplugged.
Mode of usage:
1. Plug this data theft product into your video output port.
2. For PCs, connect to the actual monitor for a PC for display relay.
3. For laptops, enable display to external video output port by pressing the on-board function keys.
4. Open a restricted document which you have access to but your DLP software has blocked copying, sending, printing and screen capture.
5. Scroll down the restricted document.
6. When viewing the restricted document, display signals are stored onto the data theft product's 16GB storage.
7. Remove the data theft product
8. Connect it to the decoding machine to replay the display of the restricted document, presumably outside the controlled premises.
Why is it so DANGEROUS?
a) Easy to bypass physical checks
Most guards will not suspect that this "DVI/VGA video adapter" comes with storage capabilities, especially when there is no USB connector.
b) Non-detection by OS and DLP products
This is not a USB drive.
For PCs, there is absolutely no detection whatsoever by the OS.
For laptops, the OS detects an external display, not an external storage.
DLP products do not block main or secondary video display.
Hence, DLP products are totally useless against this product.
c) Capitalise on essential business usage patterns.
Business-wise, it may not be acceptable to block access to the laptop's external video port as it will render business presentations from the laptop impossible.
d) Camera-free sites are now susceptible.
As this product has no camera or lenses, it will not be blocked by the guards for being a camera-capable device.
e) Peer detection is not easy
It can be attached to a third party's PC video output port for espionage as the PC's video output port is usually out of sight from the user.
Usage on a laptop is also inconspicuous. People sitting beside a perpetrator won't find the data theft device suspicious. This is more stealth than data theft through camera phones as the perpetrator looks normal, just handling the computer mouse and keyboard (no suspicious devices like camera phones)
f) Affordable cost
It is made and sold somewhere in Asia, your typical base of low cost production.
The video device only stores the raw VGA/DVI signals and does not encode into a video file. It still requires an adapter to extract the stored signals and a client PC software to encode the signals into a playable video file.
Gaining device power through VGA/DVI is nothing new but the recording of RAW video stream with only 8gb/16GB of flash memory seems questionable. The other thing he mentioned is that there is no internal CPU. There are VGAtoUSB/WiFi/just about anything out there now but they require software on the machine and are rather large. And they are not cheap....
Title: Re: Interesting new DLP evasion and theft device...
Post by: former33t on October 30, 2009, 06:00:23 PM
I'm with you on being dubious. Raw video is a lot of information to store. I can't imagine how much data you can actually store in 8 or 16G. I also agree that if this is for real, it would be prohibitively expensive. Still, if it is the only way to get through DLP, it might be worth it.