Mystery USB Device

Hello everyone....just wondering if someone can identify this usb device I found plugged into the back of one of our computers. Windows 7 won't identify it under device manager even when show hidden devices is enabled.

There is no identification or words/numbers on it. The green light does light up when plugged into the usb port and the end of it flashes orange 3 times when you unplug it.

It was plugged into a somewhat important computer that 5 people have access to. It definitely should not have been there as I set up all the computers and know what belongs plugged in and what does not.

Just hoping someone could identify it before I have to bust it open to see what boards are inside.

Thanks,
Hatz

 

Just by looking, I would say that it is a keystroke logger. But it could also be a USB antennae.

 

Ya I have been trying to do google searches for pictures hoping to get lucky and find one that looks like this one but have come up short.

Is there any way to find out if it is indeed a keylogger? I've only tested software ones and not hardware so I am unsure if there is a certain key combination that will show some properties?

Anything else I can do with this thing to get more information and hopefully find the person responsible for it?

Thanks,
Hatz

 

It looks more like a USB range extender (the white item is an antenna).
http://brain.pan.e-merchant.com/2/1/16935912/u_16935912.jpg

A USB keylogger would sit between the USB port and they keyboard. Of a keyboard isn't plugged into it, I don't think it is a keylogger.
http://www.logisteam.org/images/keylogger_usb.jpg

 

Ya I am not sure what it is. Why won't windows recognize it in device manager or auto detect?

Also, we don't even use wifi on that computer, it is hardwired, so I am not sure why someone would want wifi on it.

Doesn't make sense:confused

Thanks,
Hatz

 

It's an electronic cigarette that obviously uses a USB charger. Find out who it belongs to and tell them to do that type of stuff on their own computer.

 

If it is a cigarette charger then someone should come looking for it soon if you remove it from the computer.

If it isn't then they might be more reluctant to retrieve it.

 

I agree. Have a meeting, explain your situation and tell them a USB wall plug would work better and cause much less commotion.

 

I would plug it back in and put a cam on it.To see who it belongs to get them in the act.

 

A Key logger does not need to be between the keyboard & machine, it can be plugged into a USB port with nothing else connected to it. I am going with the Key logger.

See this info http://www.next.gr/computer/USB/Wireless-Keylogger-circuit-l6640.html

 

I am going with the electronic cigarette also. Appears to be a Metro Electronic Cigarette USB charger http://www.metroecigs.com/product/metro-usb-charger.asp

 

Metro's not the only one to use this type of charger. But, I am certain that it's an e-cigarette because my sister's had two of them — BTW, she's gone back to regular cigarettes. The cartridges for these things cost twice as much!

 

mdonah, we have a guy at work that has one, and plugs it into his workstation. I too agree that they need to get the USB plug in charger for these things. Too obvious that they appear to be something else

 

Wow....you guys nailed it. It is definitely that metro usb charger. Since there are only 2 of the 5 that smoke, finding out who's it is shouldn't be too much of a problem.

Thank you all for your replies. I know I don't post much here as evident with the 7 posts since 2007 but I do lurk almost every day reading up on stuff. I appreciate all of your help.

Now, I just need to find an appropriate punishment since they have been told not to plug anything into that computer. Think the old, smoke a whole pack in one sitting will get through to them?

Thanks again!!

 

Thanks for the replies everyone. It is definitely that electronic cig from that metro site. Since there are only 2 out of the 5 that smoke, finding out who's it is shouldn't be a problem.

Now I just need to find an appropriate punishment since they have been told more than once not to plug anything into those computers. Do you think the old smoke an entire pack in one sitting would suffice or just a vacation for them??

Even though I don't post here much as evident by my post count and join date, I do lurk here quite a bit and read up on posts. I appreciate everyone's time and knowledge.

Thanks,
Hatz

 

Lock down the accounts to Standard accounts, with USB, DVD/CD/Blu-Ray drives/burners only accessible to those with administrator accounts. If the IT person knows what they are doing, they can create a GPO, that does not always ask for escalated privileges for certain items.

The problem ends up, when those creating the GPO start getting lazy, and leave accounts at Administrator, which they shouldn't.

 

Guilty as charged.....

I am actually the IT person but with 18 other sites, I have neglected this one. All of my other sites that I have replaced the firewalls and added user computers in I have locked down the GPO pretty heavily. I just haven't got around to this one yet. Including this one, I have 6 more sites to go, but with some being in different states, I don't always get around to it.

But rest assured after this incident, they will hate me just like the other sites do. "What do you mean we can't look at ESPN anymore at work?"

Luckily social networking sites have been blocked for awhile.

Thanks again for the help.

 

Our state has layered so many scanning programs on top of each other, it is amazing that our workstations even work at our offices. The NSA actually has good info on what to do, and if you also follow the info that Microsoft on properly securing machines with the right GPO Policies, the user only needs to be able to log in, bring up the web browser if there is a web form that they have to use, if they do not need the access to IE for outside use, then only allow inside Intranet sites.

I know I am not the only person that feels that due to when you are usually a one man IT band, you tend to be overwhelmed, and then also have those higher up who think they can do your job better, even though they may not have the experience, want to do it their way.

Really, the only people that should have access to USB for pocket drives, portable hard drives (platter or SSD) for images, or DVD, should be the LAN coordinators that have been assigned to that particular office.

See http://www.computersecurity.com/white_papers/usb-security.htm This is probably the best option to go with http://www.computersecurity.com/coverlock/index.html, to keep people from doing things, without having to really go through a heavy GPO headache trying to get the right process to work with each office's setup.

There is also the MS KB http://support.microsoft.com/default.aspx?scid=kb;en-us;823732 You could probably send it out as a script when they boot the machine up first thing in the morning, then you do not have to go to every site, and go to every machine to implement.

 

And they do not call us evil for nothing.

 

Thanks for the helpful links brownizs. Unfortunately, our sites use some USB devices so locking them out all together isn't an option. That article mentioned some software that is a little more customizable which may be a good option for us.

All they should need is the 2 usb kvm switch ports, printer, and the usb backup dialup modem.

I would love to be able to block out usb hdd or flash drives. Can never be too safe I suppose.

Thanks again for all of your help. Much appreciated.

 

it wouldn't matter what software you use it's not gonna stop a usb port on the pc from providing power which is all it's doing when the e sig charger is plugged in

i'm pretty sure disabling the usb ports in hardware manager wouldn't stop the voltage pins from being active
apart from switching the pc off nothing is gonna stop that e cig charger working

 

If you disable them from the bios, they no longer work. Disabling them from the Operating System, stops them from being recognized, even though the port is still live. The fix & GPO stops them from being able to have anything recognized on the machine, and it will just be as dead as if it was sitting on the desktop.

 

have you tried this ?
i would have thought the supply rail would be straight from the psu

 

Again, the fix does not turn off the voltages, it just keeps the IRQ for the USB port from being recognized by the Operating System. With MacOS & Linux OS, you actually have more work to kill the port, but either way, it keeps anything from being able to interface with the computer that it is plugged into.

Think of it as giving someone the wrong key made for the same manufacturer of your house's lockset. You can still insert the key, but can do nothing but struggle to try to get the lock to turn, but it will not, due to not keyed for the lock.

Same thing with the fixes. The computer will still see that there is something in there, due to the Bios will see a completed circuit in the USB bus, but nothing will happen, due to you have placed locks in in the way of shutting down the USB interface in the BIOS (have to go back using PS2 Keyboards & mice), or in the OS, that you do not allow the OS to recognize the device, and in turn, will not allow it to download anything to the OS, if you have done the fix correctly, by making it non-recognizable through the fixes.

Or like the military, you use one of the locks as I posted in the link earlier, that only the person holding the key can unlock the DVD/CD/Blu-Ray drive, or ports that you do not want used, or even as far as locking the case from being opened.