Can A Turtle Really Take Down Your Office Network?
No, not that kind of turtle. We are talking about a specific piece of $50 hardware from a company based in California called Hak5 that hackers use. While the device is readily available from the Hak5 web store, and has been for some time, it was only this past week that a longtime friend of the Hak5 company, Rob Fuller, engineered a nefarious way to use the LAN turtle to steal the data needed to capture your user ID and a version of your password that can be used against you. This hack was tested against Windows 10, Windows 7 SP1, Windows XP SP3, Windows 2000 SP4, Windows 98 SE, and may even work against Apples OSX El Capitan and Mavericks. While it wasn’t readily tested on other platforms, the configurable nature of the LAN turtle makes it a reasonable assumption it’s only a matter of time before it happens.
How Hackers Attack
Just how would this device take down your network? While not directly taking down the network, if a hacker had physical access to your office, say in a conference or waiting room, just plugging this device into the USB port of a locked PC can, within 15-30 seconds, capture the data needed to steal login credentials. With those credentials, the attacker now has gained a crucial piece of information to being taking down your network. Or, maybe you left your laptop on the table while going up to the counter at your favorite coffee shop. In 15 seconds, while pouring out that top bit of coffee (that you just paid for) to make room for some milk, the attacker has what they came for.
How to Avoid Hackers
Fixing this type of attack would require your enterprise IT group to disable automatic network device installation or whitelisting USB devices across all the operating systems in use. Additionally, whitelisting every type of USB device can be cumbersome if your company regularly uses different types of USB sticks or removable media. In the meantime, make sure your employees are doing the best they can to protect that sensitive data by never letting even locked PCs out of their site.