USBcat - Towards an Intrusion Surveillance Toolset
This work addresses the need for security investigators to perform stealthy counter-intelligence operations against espionage-driven cyber-attacks, though it appears incremental as it builds on existing surveillance concepts.
The paper tackled the problem of covertly investigating cyber-attacks by developing an extensible intrusion surveillance framework, resulting in a toolset that includes a USB-based covert channel for remote command and control, validated through design and testing.
This paper identifies an intrusion surveillance framework which provides an analyst with the ability to investigate and monitor cyber-attacks in a covert manner. Where cyber-attacks are perpetrated for the purposes of espionage the ability to understand an adversary's techniques and objectives are an important element in network and computer security. With the appropriate toolset, security investigators would be permitted to perform both live and stealthy counter-intelligence operations by observing the behaviour and communications of the intruder. Subsequently a more complete picture of the attacker's identity, objectives, capabilities, and infiltration could be formulated than is possible with present technologies. This research focused on developing an extensible framework to permit the covert investigation of malware. Additionally, a Universal Serial Bus (USB) Mass Storage Device (MSD) based covert channel was designed to enable remote command and control of the framework. The work was validated through the design, implementation and testing of a toolset.