Brief Summary
This episode of Darknet Diaries features MG, a hacker and hardware enthusiast, who shares his journey of creating the O.MG cable, a malicious USB cable disguised as a regular charging cable. The episode explores MG's early influences, his fascination with technology, and the evolution of the O.MG cable from a simple proof-of-concept to a widely used tool in the cybersecurity industry. It also touches on the ethical considerations of creating and distributing such a powerful tool, and the measures taken to prevent its misuse.
- MG's early influences included his parents' DIY ethos and his fascination with computers and hacking through video games like Quake.
- The O.MG cable evolved from an exploding USB drive to a sophisticated tool with features like remote access, keystroke injection, and geofencing.
- The cable has been used in various scenarios, including red-teaming exercises and gaining access to air-gapped computers.
- Ethical considerations and measures to prevent misuse are a key focus, including community management, detectable defaults, and careful vetting of customers.
Introduction
Jack Rhysider introduces the episode and his excitement for the upcoming Defcon conference in Las Vegas, highlighting the unpredictable and groundbreaking events that often occur there. He mentions past events like zero-day exploits being revealed, FBI arrests, and historical talks, emphasizing his desire to be present for such moments. He also invites listeners to connect with him on Discord or Twitter for updates on his whereabouts during the conference.
Meeting MG
Jack introduces MG, a hacker known for his raw energy, building skills, and counter-culture mindset. MG's background is explored, revealing that he grew up in Wisconsin with parents in the medical field who instilled in him a DIY attitude. This upbringing taught him the value of control and resourcefulness. MG's childhood was filled with raw materials and tools as his parents designed and built their house. He also had an interest in magic and deception, which led to some trouble in school when he brought a prop cigarette that resulted in a suspension.
From Quake to Overclocking
MG's interest in biology shifted to computers after discovering the game Quake. Playing Quake, especially multiplayer, required understanding how computers, modems, and dial-up connections worked. This led to modifying the game environment and exploiting vulnerabilities, such as modifying player skins and wall textures for a competitive advantage. MG also got into overclocking his CPU to improve game performance, which led him to experiment with water cooling systems. He learned about chemistry and material science to prevent corrosion in his custom-built cooling systems.
The 10,000-Year Clock and 3D-Printed Guns
MG's first IT job was at a help desk, but he soon moved to San Francisco to work on the 10,000-Year Clock project. He was inspired by the DIY culture and the Maker Faire, where people were building things and tackling interesting problems. The 3D-printed gun movement, particularly Defense Distributed, caught his attention. He was fascinated by the political power of creation and the idea that once something is released into the world, it can't be taken back.
The Alluring World of Bitcoin and the NSA ANT Catalog
MG was also drawn to Bitcoin and its potential to decentralize power. The Snowden leaks and the NSA ANT catalog further fueled his desire to participate in creation. The NSA ANT catalog, which showcased espionage tools, including the Cottonmouth cable, intrigued him. The Cottonmouth cable, a malicious USB cable capable of wirelessly installing a Trojan horse, cost a million dollars for fifty cables.
The Exploding Thumb Drive
Inspired by the USB Rubber Ducky, MG created an exploding thumb drive called "Mr. Self Destruct." He shrunk the components to fit inside a thumb drive while retaining some Ducky functionality. When plugged in, it would open a browser to a video of a Jack-in-the-Box animation, followed by an explosion with confetti. Although it was just an art project, MG never productized it due to the potential for harm.
Defcon and the Shrinking World
MG attended his first Defcon in 2013, where he connected with YTCracker and was introduced to the security space. He started creating custom devices for people at Defcon. He was inspired by the people at Defcon who were building cool stuff and subverting the gates of power. The miniaturization of electronics, such as smaller USB cables and computers, made him wonder if he could build a malicious cable for a cheaper price than the NSA's Cottonmouth.
The O.MG Cable is Born
MG met Darren Kitchen from Hak5, who was already making malicious devices like the Rubber Ducky and Wi-Fi Pineapple. MG created his first malicious USB cable, which was similar to the Mr. Self Destruct but didn't explode. It acted like a pre-programmed keyboard. He sold them at Defcon, but the first version was buggy. He got a job red-teaming for a Fortune 500 company through Fuzzyknob. During his vacation, he learned how to design PCBs and created them on his mill. He added Wi-Fi to the cable, allowing it to be controlled remotely. He named it the O.MG cable.
Manufacturing and Scaling
The O.MG cable gained traction, and MG wanted to sell them at Defcon 2019. It took him eight hours to make each cable, and 50% of them were failures. They sold out quickly at Defcon, and Darren from Hak5 taught him about mass-producing electronics. He outsourced different steps to different factories. However, the first batch had microscopic cracks in the power supply, and half of them had to be thrown out. He taught the manufacturer how to test for quality at every stage.
Features and Capabilities
The O.MG cable has gone through many revisions and feature upgrades. It comes in different forms, such as USB-A or USB-C, and acts like a normal USB data cable. It has an implant inside that stays dormant until an attacker connects to it via Wi-Fi or the internet. It can do autonomous things like geofencing. It has a web UI that gives full control over the cable, including keystroke injection, mouse injection, USB keylogging, and HIDX StealthLink. It can also self-destruct and wipe data.
The NSA and Deniability
MG wonders if the NSA has bought O.MG cables because they are cheaper and have better features than the Cottonmouth cable. He also suggests that the O.MG cable offers deniability because it is an off-the-shelf product. He has talked to people in the intelligence space who use it for testing and red-teaming. He believes that the technology should be available to everyone, not just an exclusive group.
Red-Teaming the DoD
MG shares a story from a red-teamer for the DoD who used the O.MG cable to hack into a US government network. The team posed as Xfinity techs and gained access to the server room. They deployed malicious network devices and an O.MG cable. The cable connected to their guest Wi-Fi and called back to a C2 server. The target found the malicious network devices but didn't catch the O.MG cable. The cable allowed them to run undetected for six months.
Hacking an Air-Gapped Computer
MG shares another story about a group hired to audit the physical security of a building, including a digital forensics lab with an air-gapped computer. They modified a USB external hard drive by soldering an O.MG cable onto it. They placed the hard drive in an envelope with required labeling and turned it in via a courier service. The hard drive sat for two weeks before it was plugged in. They were able to create and modify files on the local system and the SAN. They also learned that the evidence machine was only air-gapped by DNS, and they could connect out to the internet by going direct via IP.
Prolific Cable and Export Controls
MG says that he doesn't know many places that don't have an O.MG cable. He lists the media that it has been seen on, such as Nat Geo and a Netflix episode. Hak5 only sells to explicitly allowed countries, such as friendly NATO countries and Five Eyes. MG and Jack discuss export control rules and whether they matter. MG believes that any restriction can be bypassed, but introducing any degree of friction is generally good.
Malicious Intent and Liability
MG doesn't know of any stories specifically for his stuff being used for malicious intent, but Hak5 had an example with their Wi-Fi Pineapple and the Russian GRU. MG has put a lot of work into gaming out all of the potential risks to minimize that. Jack worries about MG's liability if someone uses the cable maliciously. MG says that the legal message on the package is not enough for him. He believes that product design, detectable defaults, and community management are critical in terms of reducing harm. He has turned down offers of cash because it could risk the future.
