Geocaching & Cybersecurity

Offbeat Public Network Could Be a Geocaching Tool

Apr 12, 2011

This article is from "The Joy of Geocaching". Here is a variation on geocaching.

Dead Drops is an anonymous story-sharing network that uses a simple approach to exchanging information. As the site explains, “USB flash drives are embedded into walls, buildings and curbs accessible to anybody. Everyone is invited to drop or find files. Plug your laptop into a wall, house or pole to share your favorite files and data.” In other words, plug in and share your story in any format – text, audio or video – and others may come along and retrieve it.

We think this could have great application to geocaching. Many multi-stage caches use interim waypoints that feature coordinates written in marker. What if those waypoints could include stories or puzzles, too? You plug your laptop or tablet into an exposed USB port and get your information about the next coordinate that way.

UPDATE!! Please be warned that with all things -- there is a good side and a dark side. Unfortunately, the concept of USB dead drops has the potential to be a really bad idea as malicious actors can rig the USB drive to contain a malware payload and can render your computer inoperable or infected with malware.

USB Drop Attacks Continue to Cause Cybersecurity Incidents

USB drop attack definition: A USB drop attack is a type of cyber-attack where a USB drive, typically pre-loaded with malware, is physically left in a location with the intent that an unsuspecting individual will pick it up and plug it into a computer.

In other words, a USB drop attack is the digital equivalent of the well-known Trojan Horse story, in which a seemingly innocuous object harbors a hidden danger. Just like the wooden horse that the Greeks used to infiltrate Troy, the USB drive appears harmless, even useful. But once it’s plugged into a computer, the malicious software hidden inside springs into action, compromising your system and potentially even your entire network.

USB drop attacks can be subdivided into various categories, each with its own unique method of operation and end goal. Here are some examples of USB drop attack types to help you understand just how diverse and dangerous these attacks can be.

Malware infection: This is by far the most common goal of USB drop attacks, and it can be achieved in several different ways. For example, a USB drive can be loaded with self-executing malware, or it can contain seemingly legitimate documents that are actually booby-trapped with malicious code, such as ransomware.
Keylogging: In this case, the USB drive’s main function is to record every keystroke made on the infected computer. The data is then either stored on the USB drive for later retrieval or, in more advanced setups, transmitted to a remote server. This could lead to the capture of sensitive data like passwords or financial information.
Human Interface Device (HID) spoofing: Ordinary USB drives can be programmed to impersonate a keyboard or another input device. When plugged in, it can execute a sequence of keystrokes to perform specific actions on the computer, such as opening a terminal window to enter commands that disable the machine’s defenses or enable remote access.
Hardware destruction: Sometimes, destruction is the end goal rather than information theft or system compromise. Devices like USBKill are designed to physically damage a computer once plugged in. These malicious USBs deliver an electrical surge into the USB port, frying internal components and rendering the machine unusable. This attack is often performed by malicious insiders, especially disgruntled employees.