Get the Drop on...Dead Drops

Get the Drop on…Dead Drops

I’ve always been fascinated by the occasional mashup of security and art, and the last few years have given us some great examples.

In 2009, a Mac game called Lose / Lose made waves due to it deleting random system files every time your spaceship took down an alien. Despite being very upfront about deleting said files, many people were annoyed by their increasingly broken desktops and a number of AV programs started detecting the game as a result.

In 2011, Windows users received a similar game to Lose / Lose in the form of Filekiller – but hey, at least you could “win” that one.

Things got weird in 2012, as a bizarre game of cat and mouse – but mostly cat – took place in the streets of Japan. Two years ago, a peculiar 419 message in a bottle washed up a few ties to performance art.

What do we have in 2015?

Renewed interest in an art project called Dead Drops, which I had somehow missed up to this point.

Dead Drops is all about placing USB sticks into walls and other things you’d see in public spaces on a daily basis. Participants try to conceal the USB stick to some degree, and anybody who happens to pass by can mash laptop and drive together and – in the words of the website – become part of “an anonymous, offline, peer-to-peer file sharing network in a public space”.

Hmmmm.

They do (briefly) touch on security on the official Dead Drops website – but the bottom line is that you’re on your own, kid.

You could argue that disposable laptops running virtual machines and / or Linux Live CDs are the way to go for this one, as is suggested in the FAQ. However, laptops with CD Drives are starting to become less common so you’d probably need to go for a version of Linux which boots from a USB stick.

You also probably don’t want to be walking around the streets with a heavy burner laptop just to plug it into a wall somewhere, so if USB booting isn’t your thing it might be an idea to try installing a Virtual Machine onto a netbook.

Note that anybody can become part of this project and make their own Dead Drop, and although the site advises people to avoid any form of “autorun” software on their USB sticks they’re entirely free to ignore that advice. USB and autorun is something PC owners have struggled with over the years, but there’s no doubt that strange USB drives can give you a bad hair day if you’re not careful.

Even assuming all of the drives poking out of walls aren’t filled with malware, they could still be problematic – what if someone dropped a whole bunch of illegal content or trade secrets or (insert really bad thing of your choosing here) and you just copied the lot and took it home with you?

Or how about whipping out your custom build Dead Drop machine in a bad neighborhood? Laptop thieves intentionally placing Dead Drops, then advertising them online, would be quite the real world honeypot.

The Wikipedia page even mentions the possibility of booby-trapped drops designed to “electrically damage any equipment connected to it”, and when it gets to the stage that you’re having to read up on galvanic isolation adaptors it might just be better to place your laptop in a concrete box and throw it off the pier (note: this is not actually better.)

Yes, this is quite an interesting project, with 1,401 drop sites at time of writing – but if you want to get involved think long and hard on both real and virtual ways that it could go horribly wrong. Blasting your own files to smithereens on the desktop via a game you installed is still probably safer than wandering the streets with a laptop out looking for things to connect it to.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.