Most of the time, information security professionals are on the cutting edge of technology, but from time to time, something so ridiculous happens with older technology that we completely miss it.
This is what seems to have happened with DeadDrops.com, a website created by a Berlin-based media artist. The concept of the site is simple: place a USB device (or, as things have modernized, a share on open Wi-Fi) in an obscure place (such as the broken brickwork on the side of a building) allowing people to copy files to and from it and add the location to the site’s database.
The site’s slogan is:
“Un-cloud your files in cement! ‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space.”
The reason why I say that we missed it is that I had never heard of the site before and a few quick Google searches didn’t reveal any major articles or blog posts on the subject. Instead, I discovered the site about a month ago when it started to circulate on Facebook with some college friends. More recently, I’ve seen a few technology sites start to write about it.
I wanted to write briefly about the site because I can’t help but find it ridiculously irresponsible, bordering on criminal negligence.
In a world where we’re constantly trying to educate end users about the risks they have to navigate, someone has taken one of the biggest risks—USB drives with unknown data—and given it a seemingly legitimate use for the non-technical. In many ways, this is like digital geocaching, but instead of a useless trinket or challenge coin, you end up with malware and a rootkit.
I can’t help but feel that this site should be taken down or, at the very least, the site should have a requirement that you confirm your age and understand the risk before you’re allowed to proceed. Whatever the requirement, users should be informed of the risk they assume by participating in this art project.