Hackers penetrate secure network through the use of a jerry-rigged mouse


In the security world, there are two kinds of hackers – there’s the black hat hackers, or the bad dudes, then there’s white hat hackers, aka the good guys. White hat hackers basically do the same things that black hat hackers do, except they’re usually hired by corporations to legally break into their defenses to test it. It was under this particular premise that penetration testing firm Netragard was hired to pierce a company’s firewall. The job was a bit different than they were used to, because the client has specifically forbade against the use of social networks, telephones, and other social-engineering vectors as well as physical contact with the machines.

Never one to back away from a challenge, the guys at Netragard came up with an ingenious solution – they modified an off the shelf mouse with a custom micro-controller (which is essentially a small computer) that ran an attack code on whatever computer the device was plugged into. The firm then sent the mouse to an employee that they knew would use the mouse, under the guise of a promotional campaign. Long story short, Netragard was able to penetrate the firm’s firewall, and three days later, the malware contained on the mouse connected to a server controlled by Netragard.

Aside from giving network admins another layer of paranoia, this particular feat of network penetration should serve as a cautionary tale for many. Even the biggest firewalls and the best equipment isn’t a guarantee that you’ll never be penetrated if the guys on the ground start plugging in every foreign device that they happen upon in your network without being cleared first.

Source: The Register