Hacker News new | past | comments | ask | show | jobs | submit login

And I work at a European cybersecurity company and we are routinely tasked to inspect USB drives and devices EU politicians receive at conferences, so I guess we've come full circle.

I'm sure the NSA has implants in the EU systems but they're not dumb enough to just hand them out on USB drives that can be traced back to them.




>I'm sure the NSA has implants in the EU systems but they're not dumb enough to just hand them out on USB drives that can be traced back to them.

Why not? The US was found to be spying on Merkel and nothing seemed to come from that.


That's a good point. How much tracing back can be done if, say, I stuck the drive in my workstation and it proliferated over the DG's intranet? Assuming it's at least vaguely sophisticated wouldn't it obfuscate things like how long it's been on the system for?


What kind of tools do you use for that? Would they catch BadUSB-like malware?


Lasers, electron microscopes and x-ray scanners used for testing and verification in the semiconductor manufacturing industry plus loads of custom and open source tools.


Yes, x-ray scanners seem to of made big inroads and only recently I learned that companies use them to verify phones as in the past they would visual check them - but copies have gotten so good that xray is the only real way now.

Though even then, you have to have something to compare it with and also know what you are looking at and able to eliminate what should and shouldn't be there.

Though when you have multilayer flash, the possibility to have a nefarious layer, sandwiched between good layers, makes things way harder.

All that said, as a rule, I'd just downright ban any non-company/entity USB drive or any tech. Keyboards and Mice, more so.


Can it really be economically viable to have these scanned rather than just toss them out? I would imagine that anyone high enough in the EU to be a target is only using drives provided to them


The economical viability of things is way above my pay grade but if I were to hazard a guess it could be just to know who is "out to get you" or it could also be one of many forms of corporate welfare the same way the US shovels money into the F-35 bonfire to keep its arms industry afloat, the EU could be doing similar thing to keep its own security critical industries going, especially since Snowden. My €0.02


It's not so much about being able to use a free USB drive; more about knowing if someone is distributing malware.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: