Blog post

The Snowden Snowjob: Supergluing USB ports

By Jack Santos | July 02, 2013 | 4 Comments

While the drama about Edward Snowden continues, it’s interesting to see the effects.  Clearly, this is an inflection point in the perception of security, especially insider risks.   Every CEO’s worst nightmare came true, and national security led the way.

Whether you consider Snowden a hero or traitor isn’t the point – the point is how easy ANY information can leave an organization.

Among the knee jerk reactions we are seeing via the media and directly with clients:

1) Reevaluate and reduce the scope of admin access

2) Filter Dropbox et al and tighten up email attachments filtering

3) Superglue USB ports.

4) Uninstall R/W CD/DVD drives

5) Implement the nuclear launch option for admin access: 2 people, 2 keys

6) Reduce contractor hiring

7) Encrypt everything, limit access based on role

We’re not passing judgment – just noting the options we have seen tossed around.  Judgments will be passed at our Catalyst conference – so make sure you attend that.

What’s your organization considering?

Comments are closed


  • This knee jerk band-aid approach is nothing short of embarrassing. The application of failed age-old hack attempts at stopping information leakage is both a waste of time and ineffective. We all know better. Or, at least I hope we all know better.

    Since 9/11, the US federal government changed its IT security policy from a ‘need to know’ model to a ‘need to share’ model. The purpose being to make security information available between departments, so as to aid threat correlation using existing data. Accordingly, more confidential information than ever is available to more government contractors and employees. Reverting back to the previous model is not an option. Implementing better protection of this data is the answer.

    As an example…File level encryption and rights management are a good first step, as would be the Implementation of a flexible behavioral analysis technologies, which can be configured to identify anomalies, such as user access to information outside their usual work context, or unusual file access or transfer activity (think of something along the lines of Splunk or Palantir). Likewise technologies already in place it the US fed gov which can flag semantic units or data sequences, and invoke alerts or protective actions, would make a lot of sense.

    Gluing USB ports is a topical approach to security. Integrating technologies which provide a highly granular control of USB activity such as those developed by Unatech, with their FPGA level USB firewall make far more sense in Government computing.

    Most importantly, is accountability. Making those who are managing our contractors accountable for their actions will not be very popular, but will certainly cause the necessary discomfort which would be required to initiate the implementation of a more responsible information security approach.

  • FE_604 says:

    Glue can be melted off with a heatgun. Also disabling USB ports is counter productive since it would prevents other useful and secure devices from being utilized, such as Cicada’s computer security device or simply USB mice and Keyboard…

  • Jack Santos says:

    Great points! In a world of IT consumerization, accountability is a must. “Need to share” extended down to front line troops in combat situations – and increased empowerment and effectiveness. But it also may increase rogue behavior…so it may come down to balance and acceptable risk…

  • Balance and acceptable risk come with an open environment, but so does increased management and surveillance of the user base. What is truly ironic is that in Snowden’s disclosure, he informs the world of the advanced pervasive monitoring the USA has in place to monitor the public. Yet, had the government implemented an effective behaviour analysis, and threat monitoring system in place, on it’s internal networks, then such actions would have not gone unnoticed.

    The technology exists, perhaps it is time they consider deploying it on their internal IT environment.