I got a pretty good response from the coworkers I sent this link to from Bruce Schneier’s blog. He talks a bit about USBDumper, a program that silently copies all the contents of any USB drive inserted into the machine. The comment discussion is pretty interesting as well, pointing out legitimate uses for it, such as auditing what people are plugging into the USB ports of your business PC’s, but it is also really scary to think that someone with just the ability to unzip a file and run an executable could be grabbing all the data from a USB drive. As Bruce points out, salespeople or people doing presentations commonly plug drives into a customer’s PC. The attorneys where I work do it quite often at a client’s office, or when they are presenting evidence, and commonly have a lot more stuff on there than just what they are showing that client. Despite our best education efforts, I’m sure some of them even take unencrypted confidential client data off-site with a USB drive and plug that same drive into remote machines. (Which also brings losing the drive into the risk equation!)
It’s an issue we’ve been working on, trying to find the right solution along with trying to convince management of the need to implement it. I can’t help but wonder if we installed this on one of our pool laptops and started grabbing data and then presented that data back would it then become a higher priority?