Shh, the National Security Agency has developed a software tool that detects thumb drives or other flash media connected to a network, and any federal agency can get a copy free -- no box tops or coupons required.
The NSA provided a brief tantalizing description of its USBDetect 3.0 Computer Network Defense Tool in the unclassified part of its fiscal 2011 budget request.
The software, the NSA said, provides "network administrators and system security officials with an automated capability to detect the introduction of USB storage devices into their networks. This tool closes potential security vulnerabilities; a definite success story in the pursuit of the [Defense Department] and NSA protect information technology system strategic goals."
I figured the NSA might like to tell a digit-stained wretch more about this success story, but alas, the agency declined to unburden itself. An image therapist up at Fort Meade, Md., told me what I found in the budget documents about the detection tool is all the info NSA cares to share with me -- or the rest of the world.
USBDetect evidently has been around for almost two years and has been successfully used by the Homeland Security Department to sniff out flash media gizmos, according to a report on the use of thumb drives and similar gadgets on DHS networks.
The Defense Information Systems Agency makes a brief mention of the USB detection software on its information assurance Web page but buries the details behind a firewall.
I have a hunch that a bunch of other agencies use the detection software, and so before you stick a thumb drive into your government computer to copy a 100 slide PowerPoint brief, beware that Software Big Brother may be watching.
COMMENTS
This makes good sense. Yhy develop a tool that will tell somebody that a USB drive was connected? Why not just shut these devices down? Each device has a specific signature, indicating what kind of driver is needed to use the device.
JimmyDaGeek 04/14/10 12:45 pm ET
It makes sense that they have it. Spying and all that are just half of their responsibilities. Their agency also houses the main go-to computer and internet security offices of the US. Google is actually current seeking their help with some security issues, but is hesitant because they are afraid that the public will become skeptical of using their products like Google.
Jake 04/13/10 10:49 pm ET
I hope they didnt spend too many tax dollars on this since so many COTS software already do this very well. Novell Zen Endpoint is an amazing directory integrated product.
Kennon 04/13/10 05:16 pm ET
Bob:
Such software has been commercially shipping for at least 5 years = i/o device control or end point security software and is heavily in use in the private sector.
This is not big brother rather common sense as per network security/data protection.
USB can introduce viruses and also poses the problem of people taking data off of a network that they shouldn't.
Ironically, if the govt. had bought such tech from the private sector years ago we would never have seen a USB ban as data leakage would never have happened.
In many regards corporate networks are much more secure than much (not all) of the government.
The commercial offerings control all i/o devices/ports, have crypto and define what a given user may take off a server.
Any USB is detected and reported. Approved USB may be allowed and non approved blocked. In a corporate environment the user can be warned that they are not allowed to use USB if they try or the software can report the activity to IT or other without telling the user.
The functionality goes way beyond this.
Lumension is a big player in this space.
http://www.lumension.com/
I think everyone can appreciate why NSA needs their own custom software, but for places like VA and other less sensitive agencies - no reason they could not have bought the commercial offerings.
I would imagine some agencies have bought the commercial offering.
I am surprised by the idea in your article that implies "beware" of this new technology. This technology is not new, is proven and widely used.
Dino
Dino McCormack 04/13/10 12:33 pm ET
Wow, even my computer can't figure out what peripherals are plugged into its USB ports. This is one feature I would have definitely wanted in Windows 7. "Hi, I'm from the NSA, and Windows 7 was my idea!"
Generic Fed 04/13/10 08:54 am ET
I stopped doing anything but work on any and all government IT equipment. No surfing, no email, nothing unless it is work related. Instead, I have my own equipment to do personal stuff on, and with a broadband USB, I can surf, email and chat without worry of censorship or monitoring.
I know of one organization that uses Sanctuary to monitor all I/O devices...usb, floppy, dvd, secondary hard drives. Plug an unauthorized device into your system and it is logged..and denied.
cmorfair 04/13/10 06:49 am ET