Michael P. Kassner interviews a digital forensic scientist who uses Dropbox to compromise targeted networks — something the bad guys probably figured out as well.
I was perusing the seminar briefing website from this year’s Black Hat EU, fishing for potential article topics, when I came across a briefing note titled “DropSmack: How cloud synchronization services render your corporate firewall worthless.” Feeling a nibble, I read the briefing. Right away, I knew I hooked a keeper:
“The contributions of this presentation are threefold. First, we show how cloud-based synchronization solutions in general, and Dropbox in particular, can be used as a vector for delivering malware to an internal network.”
The other two contributions were as eye-opening:
- Show how the Dropbox synchronization service can be used as a Command and Control (C2) channel.
- Demonstrate how functioning malware is able to use Dropbox to smuggle out data from exploited remote computers.
I’d like to introduce Mr. Jacob Williams (@MalwareJake). Jake is a highly skilled pen tester and digital forensic scientist employed by CSR Group. He’s the guy who gave the Black Hat presentation, and he’s the one who is going to cause significant angst among Dropbox users as well as corporate-security types.
