War is not just about tanks, missiles, rifles and other "classic warfare" equipment, known from WW2 and previous armed conflicts.
Today, war is also - if not more - about IT and communication infrastructure. About all these systems, that allow modern society to communicate between each other, or manage the supply chain of military forces. Disrupting such systems, or exfiltrating valuable information from them, can induce much bigger impact on further hostilities, than eg. destroying a few tanks.
Russian IT infrastructure is quite different, than in many countries:
In March 2022, Russian authorities announced that they want to go even further about their "Internet independence" - which is obviously related to their war against Ukraine:
Drive Badger is a platform for data exfiltration – which means, for copying data from someone's computer or mobile device to external USB drive. Mostly in a stealth way, without knowledge or consent of the owner. Invisible to the installed security software: anti-virus, DLP, SIEM, EDR etc.
But Drive Badger is different than forensic tools. It's not focused on securing and documenting evidence. Instead, it's focused around splitting all found data into:
Using this approach, Drive Badger is able to reduce the amount of files to be copied by 95% (typically), and also save a lot of time.
The problem with exfiltrating virtualization servers is about drive space reservation: they contain several virtual drive image files, where only a small degree of reserved space is occupied by valuable files, while all the rest space:
Drive Badger can recognize virtual drive image files, mount them just like physical drives, and recursively exfiltrate their contents. This allows quick exfiltration of big, specialized virtualization servers hosted in data centers, with hundreds of virtual machines - which are popular in Russia because of their internal restrictions.
Drive encryption is becoming something more and more common in recent years. In 2022, drive encryption is a de facto standard for laptops and mobile devices, securing government and corporate data in case of eg. device theft. However, drive encryption on servers is still something unusual.
Drive Badger supports 4 most important drive encryption schemes:
Obviously, to exfiltrate data from computer with encrypted drive, you need the encryption key (in most circumstances, either user password, or recovery key). Drive Badger automates storage and management of such keys, and can automatically discover, which keys match particular encrypted drives - but it is up to you to obtain and configure these keys before the attack (eg. buy them from disgruntled IT employee).
While Drive Badger's main functionality is data exfiltration, it is also able to make changes to the copied filesystem: create files or directories, write data into them, rename, delete etc. We call this feature "filesystem injection" and it is done by "injectors". See injectors-playground repository for example scripts.
During war, it can be used for:
~/.ssh/authorized_keysfor selected users)
In normal circumstances, Drive Badger device can be configured manually, step by step, carefully adjusting its configuration for particular attack. However during war, you may need lots of such devices - eg. to supply the whole military team (so anyone in the team, who will physically reach protected servers, will be able to use one).
You can automate building Drive Badger devices using deployment-scripts repository. Configuring 1 device on fast computer (we suggest Dell Optiplex 7040 Micro - very cheap, while having good performance and 6 USB 3.0 ports) should take no more than 3-4 minutes.
Drive Badger ensures operator safety by encrypting its persistent partition (the one on your USB drive, to which exfiltrated files are saved). In case of getting caught, there is no way to distinguish between Drive Badger drive, and ordinary Kali Linux Live drive, or to prove the fact of data exfiltration, until someone knows the proper password.
Remember that taking part in hostilities may be legal or not, depending on your legal status (soldier, any kind of "spy", civillian etc.). You are solely responsible for all potential law infringements and/or misfeasances of duties. We just provide an universal tool, like eg. knife.
Legal disclaimer: intention of this product, is not an incitement for a crime. Rather, Drive Badger is mainly intended to be used in countries, where using such tools is legal (because of any reason, including war), or at most, can be a subject to possible disciplinary action between the end user and his/her employer.