National: Security company infects client’s network with ‘Trojan mouse’ | InfoWorld
Security consulting company NetraGard has demonstrated that something as seemingly innocuous as a USB mouse, along with tidbits of information freely available on the Internet, can provide a hacker quick and easy access to a seemingly secure IT environment.
In a blog post on the company’s website, NetraGard founder Adriel Desautels explained that his company was hired to test the security of a client’s network while adhering to some very stringent restrictions: The NetraGard team could target only one IP address, offering no services, bound to a firewall. Further, the team couldn’t even use social engineering tactics, such as duping an employee to reveal information over the phone or via email. They couldn’t even physically access the client’s campus.
NetraGard’s solution: Transform a Logitech USB mouse into an HID (hacker interface device) by installing on it a mini-controller and a micro Flash drive loaded with custom malware. The blog post goes into explicit detail of the painstaking process of operating on the mouse.