Corporate Security

The $6.74 NSA Type USB Cable Bug

A USB cable bug for only $6.74…

Amazing. A USB cable bug for less than half the price of a new movie on DVD.

This USB cable bug is a mini cellular bug, similar to the NSA’s COTTONMOUTH. Eavesdroppers can call from any phone in the world to listen in. It can also be programmed to call the eavesdropper when it hears sounds above a certain level.

GPS-like tracking and geo-fencing are side benefits when it’s placed in a vehicle. Location is displayed on a map, with a circle around the cell tower the bug is using.

No batteries required. It uses the power from any USB port or charger you plug it into. It’s a real charging cable, too. Android or iPhone versions are available.

Some websites like banggood.com and alibaba.com are advertising this USB cable bug as the, “S8 3-in-1 USB GPS GIM Locator Cable Remote Tracking Anti Lost Tracker Car Data Charger Line.” The nudge, nudge, wink suggested uses include, “check your car location, put into your bag to prevent lost or stolen,” and “GPS Tracker for cars pets and kids.”

Of course, there is the obligatory, if not inscrutable, warning statements… “Please strictly abide by the relevant laws of the state, shall not be used for any illegal use of this product, the consequences of the use of self conceit.”

Some of the ebay.com listings are a bit more forthright with listings titles like the one below, and “wireless GSM SIM USB cable bug design audio sound voice listening bug.”

USB Cable Bug ebay ad.Gogo Technology Co. Ltd., a manufacturer, advertises they can ship 100,000 of these electronic surveillance devices per month; delivery time, one week. My guess is that they are running three shifts, judging by the 138 listings on eBay alone. Sales are brisk and worldwide. Every major sales website seems to be selling them. By the way, Gogo Technology also makes fidget spinners and squishy toys, which you may want after reading about this spy trick.

Every wannabe spy can now leverage a multi-billion dollar communications network to do their bidding for $6.74, SIM card not included.
Imagine the possibilities.

  • Slip one behind the boss’s credenza.
  • Leave one plugged in under the table in the board room, or every conference room.
  • A surprise Christmas stocking stuffer for that significant other.
  • Courtesy charging cable for the family vehicle. “Here are the keys, son.”

Do you think the phone companies are going to protect you from the USB cable bug? Think again, and think about all the revenue SIM card sales generate for them. The answer is, NO.

The USB cable bug is only one surveillance trick in a spy’s black bag. There are hundreds more. Audio, video and computer data are the major business espionage attack points. Conversations, intellectual property, and moments of personal privacy are being electronically stolen at the highest rates ever. With sophisticated spy gadgets so easily and cheaply available, every business organization, and every individual is now a target.

There are some very simple reasons for our spying epidemic:

  • Risk level: Low.
  • Reward level: High.
  • Motivators:
    – Money.
    – Power.
    – Sex.
  • Eavesdropping Tools:
    – Inexpensive.
    – Readily available in spy shops and on the Internet.
    – Untraceable when purchased from foreign countries.

Additional factors fueling electronic surveillance in business.…

  • Eavesdropping and espionage are morally acceptable in some cultures.
  • Increased competitive pressures placed on employees, consultants and businesses force ethics bending.
  • Media glorification presents spying as sexy and justifiable.
  • Since the 60’s, spy toys and games have been actively promoted to children as being fun and acceptable. More children have grow up thinking spying is normal.

If you are a private individual, finding bugs and spy cameras yourself will likely be a futile effort. Try this first.

Buying cheap (or not so cheap) surveillance detection gadgets is not recommended either. The end result of do-it-yourself efforts often amounts to less privacy, due to the false sense of security these devices give the amateur detectorist. Once you are sure electronic surveillance is the problem, hiring an experienced private investigator may be the best solution to solving personal (low-level) electronic surveillance problems. Feel free to contact me for a recommendation.

One area where personal do-it-yourself detective work is useful and encouraged, is the detection of spycams. Spy cameras hidden in expectation of privacy areas (restrooms, changing rooms, showers, etc.) need to be identified on-the-spot. Fortunately, they can be spotted easily if you know how to look and what to look for. Perusing a few spy shop websites to see what is being sold is a good start. Then, take an on-line video training course which teaches everything you need to know, quickly.

Businesses and organizations concerned about business espionage hire Technical Surveillance Countermeasures (TSCM) specialists to detect illegal surveillance. The best ones are also certified: Certified Protection Professional (CPP) and/or Certified Information Security Managers (CISM). They conduct detection surveys which include finding non-electronic information security loopholes as well as the bugs.

Finding USB cable bugs is only one reason businesses call specialists to conduct TSCM surveys, and peace of mind is only one of the benefits of doing so. If your organization does not have a TSCM counterespionage strategy this article explains how to develop one.

###

Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant and TSCM specialist with over four decades of experience.

Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.

Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.

One Comment

  • Aaron Brandt says:

    Additionally, after doing some packet inspection of some of these devices in Wireshark, I have found that they in many cases are connecting to a foreign server and sending all the data to that server (Typically China) in addition to the intended recipient. That means not only is the target being compromised by the bugger….but there is ‘fallout’ in the form of the target’s data also being send to an unknown foreign entity for unknown reasons.