Wednesday, April 20, 2011

Dead Drop File Sharing Reminiscent of Cold War Espionage

Francois Paget, a Senior Threat Researcher for McAfee, picked up on an interesting phenomena while attending a conference in France - the use of "dead drops" for electronic file sharing.

Dead drops are a method of covertly exchanging information where the two parties do not meet in the same place at the same time (a "live drop"), but instead conceal the information in a public place for the recipient to retrieve.

"During the question and response session, someone in the audience asked the speakers about the “dead drop” or dead-letter-box phenomenon. A panelist from the police force compared this situation to the secret places used by drug dealers to swap drugs and money–using a hiding place behind a removable stone in some old walls, for example," Paget blogged.

The dead drop is nothing new, having been used in the espionage racket for probably as long as there has been information worth stealing, but the use of dead drops for peer to peer file sharing is a new twist on the strategy.

image

The tactic is relatively simple: take a USB drive, embed it into something in a public place, relay the location to others interested in (assumably) illegal file sharing.

It did not take Paget much investigating to uncover a network consisting of several dozen dead drop locations.

"Searching online, I rapidly found deaddrops.com. This site explains that the dead-drop project is an anonymous, offline, peer-to-peer file-sharing network in public spaces. The media are USB flash drives, embedded into walls, buildings, and curbs accessible to anybody to drop or find files on the drive. Each participant just has to plug in a laptop and share files and data," Paget wrote.

According to the DeadDrops.com website:

"‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. USB flash drives are embedded into walls, buildings and curbs accessable [sic] to anybody in public space. Everyone is invited to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your favorite files and data. Each dead drop is installed empty except a readme.txt file explaining the project. ‘Dead Drops’ is open to participation. If you want to install a dead drop in your city/neighborhood follow the ‘how to’ instructions and submit the location and pictures."

The DeadDrop.com project was began by Aram Bartholl, who states: "I  am a Berlin based media artist and started  the ‘Dead Drops’ project during my stay in NYC at EYEBEAM as artist in residence, October 2010." 

image

Dead Drops as a method of file exchange is vastly less efficient than using peer-to-peer file sharing networks online, but it does help protect the participants from prosecution for copyright infringements.

On the down side, plugging into a USB stuck in a wall in a metropolitan area has its own set of risks, such as the chance that the flash drive is infected with malware.

And of course, depending on the kind of information being exchanged and who is doing the exchanging, there may be elements of risk to physical security as well.

Paget indicates he will be doing some more research on the matter and it will be interesting, to say the least, to see what he discovers.

Posted via email from Whistleblower

No comments:

Post a Comment