USB Switchblade: Stealing Passwords, History, and Valuable Data!
Posted on 14. Dec, 2008 by Trond in Hacking
USB Switchblade‘s goal is to silently steal information from the Windows system by primarily going through the computer’s USB drive.
USB Switchblade is a tool that takes advantage of weaknesses already inherent in the Windows security system and enables a hacker to steal password files, LSA secrets, autofill information, IP information, credit-card history, and other private data.
This is what is known as an “endpoint threat.” An endpoint threat steals private information from computer systems and is very popular with hackers today. According to those who specialize in computer security, this is very simple for knowledgeable, and ruthless, hackers to do. After gaining access to your computer, they will then execute virtual network computing, or VNC, to change the configuration of the PC and capture the data they are searching for. This kind of hacking, using USB Switchblade, is often seen in a call center, office, or bank setting. It is a very dangerous practice and is often impossible to detect.
USB Switchblade requires a system running Windows that is logged in with administrative privileges. The danger of this tool is that it can run silently without displaying any signs of network traffic. Given that there are no outward signs that the tool is there, USB Switchblade can run invisibly. This tool takes advantage of a security hole already existing in the U3 drives that permits the origination of a virtual CD-ROM drive, which in turn, allows the autorun feature to work. The way that this affects the USB drive is that some USB keys use a U3 technology so that Windows will see the drive as a CD-ROM drive and can autorun the software on that. This security hole is coupled with the fact that there are already problems in how Windows stores its passwords. If a password is less than 15 characters, Windows uses an old hash algorithm that makes it simple for a hacker to decode your password.
To understand how this works, it is best to have a little background on how Windows stores your passwords. Windows stores passwords by using two different representations, which are commonly called “hashes.” When you change a password that contains less than 15 characters, Windows creates a LAN Manager hash (LM hash), and a Windows NT hash (NT hash), of that password. These passwords reside in the local Security Accounts Manager database. However, the LM hash is considered weak and easy to attack-that is why it is critical to prevent Windows from storing the LM hash password. There are ways to get Windows to store the stronger NT hash only.
There are three basic ways to prevent your computer from storing the LM hash password:
- Use the NoLMHash policy by using Group Policy
- Edit the registry
- Make sure your password is at least 15 characters long
Using Group Policy
To disable the storage of the weaker LM hashes, use either Local Group Policy (XP or 2003) or Group Policy in Active Directory (2003 only). You can find the exact steps and advice on how to do this on the Microsoft website.
Editing the Registry
It is very important to first note that if you incorrectly modify the registry, you may cause very serious problems with your system. For added protection, you must back up the registry before you make any changes to it. Then you can easily restore the registry if you find that you have caused severe problems. It is important to note that this modification will prevent new LM hashes from being created but it cannot clear the history that is already stored on your computer. Existing LM hashes that are already on your computer will only be removed as you continue to create new passwords. Again, you should first go to the Microsoft website for thorough instructions on how to modify the registry to protect yourself against tools such as USB Switchblade.
Create a Password That is at Least 15 Characters Long
The easiest way to prevent LM hash passwords from being stored is to make sure that your passwords are at least 15 characters long. It is best if you begin this practice while also safeguarding your system with one of the two options mentioned here.
With USB Switchblade, it is simple to extract password hashes from a target system and then load them to a drive for later use. With USB Switchblade installed, it is simple for someone to plug-in to the open USB port and quickly walk away with all the computer’s secrets. After downloading the USB Switchblade from the Internet and then installing it onto a USB device, the hacker can conduct his business from any remote site. This tool also finds all browser history and since it will sniff out all autofill information it will have valuable data, such as social-security numbers and credit-card information. USB Switchblade can also be used to create a ghosted admin account that can be used to get into the system if there is not a firewall.
USB Switchblade is always evolving to try to keep up with current anti-virus protection software making it a very serious security threat. And this tool can be used in very devious ways, often being given to an unsuspecting party who believes that they are installing a game patch or some other such software, when instead they are installing the USB Switchblade application. Watch for any evidence that these tools have appeared on your computer. In addition to USB Switchblade, there are Max Damage, Amish, iPod, Gandalf, Kapowdude, Silvrenion, and HackBlade, among others.
It is important to be aware of all of the endpoint threat techniques, such as USB Switchblade, that are available to the malicious hacker today. Protect your computer by keeping up-to-date with current information and make sure you safeguard your computer to the fullest extent in order to protect your precious computer data and identity.
Related posts:
Download my latest book now!
Recent Comments