Dead Drop USB devices

This article and site/project has been reviewed by Boing Boing, Hack A Day and Make: Online, as well I’m sure as plenty of others.  But I’m going to present it a little different.

I refuse to call this a straight up dead drop.  The only thing you can leave in this dead drop is information in electronic form.  Pure and simple.

First, I’m going to explain to you what exactly a dead drop is and a little bit of the background of it.

A dead drop according to is:

a location which two people can use to pass off information without ever meeting in person. A classic dead drop is a commonplace public location where comings and goings would not be observed, with information being hidden in things like trash cans, toilet tanks, holes in tree trunks, and so forth. The espionage community has also developed more sophisticated dead drop systems which rely heavily on technology, theoretically making them more challenging to identify.

Basically, it’s a secret place that one or more people know of that they can pass information secretly.

Another way of putting it is over at the Spy Dictionary at

Anything can be a dead drop. For example, a cavity in a tree, or under a bench in a park. But anywhere where you can easily hide and retrieve messages, without drawing attention to yourself, will work.

On another location, known as the “signpost” a spy would leave some mark to signal the fact that a dead drop was made. When this sign (which can be just about anything both spies have agreed upon) is spotted, the 2nd spy would then go to the dead drop to collect.

A dead drop can be behind a loose brick in a wall, under a rock somewhere, under a loose board along a porch or boardwalk, in a fake wall socket, fake light switch, etc.  They’ve also been known to be in a dead drop spike, or film canister, plastic envelope, even a tupperware (or similar) container.

Any part of a spy, covert operator, intelligence officer, even police and private investigators use dead drops.  Criminals use them, law enforcement, everyone.  Anyone with something to hide, secrets to keep, etc.

It’s one of the ‘spy-craft’ tools that you learn when you go through any of the ‘spy’ agency ‘schools’.

Places like the BoingBoing Bazaar and ITS Tactical sell dead drop spikes for a fairly reasonable price.

They can also be purchased at places  like Dereu & Sons Mfg. Co. along with ‘spy coins’ which have hollow centers to hold items such as microfilm or small messages.

Dead drops were used in conjunction with signals such as chalk marks, marker marks, even crayons, pencils, lights, flags, etc.  They would signal when a drop was made so the recipient could pick it up.  Usually the marks were made in several locations so a pattern couldn’t be identified.  Sometimes, adds in a newspaper or radio or even since the invention of the internet, an e-mail or a post on a blog or a notice on a bulletin board or inside of a game.

Well, all that being said, the history, etc, will give you an idea on what this could be used for.  The ‘techno dead drop’ is a new concept that Aram Bartholl started.  From his website:

I am pleased to preview ‘Dead Drops’ a new project which I started off as part of my ongoing EYEBEAM residency in NYC the last couple weeks. ‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. I am ‘injecting’ USB flash drives into walls, buildings and curbs accessable to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your favorite files and data. Each dead drop contains a readme.txt file explaining the project. ‘Dead Drops’ is still in progress, to be continued here and in more cities. Full documentation, movie, map and ‘How to make your own dead drop’ manual coming soon! Stay tuned.

What he’s doing is taking this:

And this:

And make this:

His idea is to make a spot for anyone with a laptop or USB accessible device to upload, download, etc software, files, just about anything that would fit on the device.  It’s completely anonymous (not quite so) and completely free (in a matter of speaking).  It was also mentioned on some of the blogs that it would be almost impossible (barring a special injunction or search warrant) for the legal system to get a hold of any of these files.  Now, that right there is wrong.  If it’s free, anonymous, etc, then anyone, ANYONE that could access it could get the data.  The only way to track someone with it would be to make a little program/application that would hide on the device, install when someone connects to it and then tracks their movement via MAC address, etc where they go on the internet, where their devices are connecting, what is on the devices.

I’ve used applications that gather information off of computers quite a few times in an analysis of what is happening on the device.  I could see how it could be used for a maliscious intent.

I personally suggest that if you would be using one of these (currently several located around NYC), to please use a USB extension cable so you don’t either break the device off so no one else could use it, or worse yet, destroy the USB slot in your device.  I’d also suggest making the USB port on your device only accessible to a virtual machine with no external connection to your hard drive so in case there is some kind of malicious software in the device, that it doesn’t start spreading on your device.

I could see law enforcement, or intelligence agencies using this for their own purpose, as well as criminals using it to sneak secrets or industrial espionage information back and forth.  It wouldn’t be in such an obvious place however; more like under a park bench where no one would see you connecting to, just thinking that you’re sitting on a bench playing a game, surfing the web, etc.

For criminals, it would be easy to slip data back and forth anonymously.  Stolen identities, credit card numbers, illegal mp3’s, stuff like that.  With encryption programs out there that are virtually unbreakable, it would be an easy way to pass information fairly securely.

All in all, if you do make one of these, or if you use one of these, make sure you follow a few simple rules to keep your data and your computer safe.

  • Use a virtual machine
  • Use anti-virus
  • Use a ‘disposable’ operating system/computer
  • Use a CD/DVD operating system when dealing with the device itself
  • Use a USB extension cable to prevent damage to the device or your computer

I could also see this being a ‘front’ for a larger system.  An example would be in a wall on the side of a building, this USB connection is sticking out.  It looks like it’s just another USB dead drop.  The back of it however; actually is a cable that runs into a larger computer system that houses said USB connection.  That computer has terabytes of data storage and a fast processor with a large amount of RAM.  On this computer, is software that tracks, categorizes, cross references, etc into a huge database.  This database is then monitored for usage, users, all kinds of things.  Using special software (not really all that special, you can find it anywhere), you would be able to make the device read only.  Or you could make it so the people that want to use the device would leave a request for access with an e-mail address that they would receive the user id/password.  This of course would take out the whole anonymous, random thing, but you get the idea.

Overall, I think it’s a great idea and a great time for it to come about.  I think I may start planning to place a few of my own and making them more of a ‘geo cache’.  Not sure, I’ll have to think about it.

Either way, check out the full story and information (including locations) over at his web site.

~ by Normanomicon on November 1, 2010.

2 Responses to “Dead Drop USB devices”

  1. […] Dead Drop USB devices « Normanomiblog It was also mentioned on some of the blogs that it would be almost impossible (barring a special injunction or search warrant) for the legal system to get a hold of any of these files. Now, that right there is wrong. … Stolen identities, credit card numbers, illegal mp3′s, stuff like that. With encryption programs out there that are virtually unbreakable, it would be an easy way to pass information fairly securely. All in all, if you do make one of these, … Jan 01, 1970 12:00am […]

  2. […] Dead Drop USB devices November 2010 1 comment […]

Comments are closed.

%d bloggers like this: