What tools do the FBI use when seizing computers or the curious case of the mouse jiggler device
How does the FBI manage to seize the content of servers and laptops when many of them use full disk encryption? While I always suspected they had some sort of equipment, until recently I was not able to figure out what it was. Then one day I stumbled upon a weird device on Amazon called a mouse jiggler, which turned out to be the first part of the answer.
As visible in the picture above, a mouse jiggler is a small USB device whose sole purpose is to emulate a mouse and generate random mouse movements. It seems that law enforcement agencies use this device to prevent a screensaver from activating when they make a bust. I would imagine that when the Feds busted Dread Pirate Roberts, they rushed to plug in one of these to prevent his laptop from locking. With the recent federal ruling that the authorities can’t compel a suspect to give up their password, it is clear that such devices will rise in popularity.
Defending against the mouse jiggler
Where it gets even more interesting is when you realize that quite a few people are concerned about protecting themselves against this type of device and they have developed a piece of nifty software to do so. This software, called USBKill, is freely available on GitHub. It acts as a booby trap: as soon as a USB device is plugged in, the computer shuts down. The software can also trigger a slew of destructive behavior, like erasing itself, erasing files and wiping out the RAM before shutting down the computer.
How about servers and desktop?
While the mouse jiggler works great for laptops, how do the Feds pull the same trick on a server? It turn out that the same company that built the mouse jiggler (CRU) have a solution for this called a Hotplug device. This device allows them to swap the power source of a computer without interrupting the power. If you want to see both the mouse jiggler and the Hotplug device in action, check out the following video that CRU was kind enough to make ;)
All in all, once you know the trick, it is not as impressive as a cold boot attack but likely it is more robust and easier to pull off. If you like this article, don’t forget to share it on your favorite social network(s).