Command and Control Part VI: The Creeper Box
If you are able to gain short-term access to the target's physical location, it is worth considering the use of a hardware backdoor or “creeper box.” This is not a Minecraft reference but a term coined in the 2004 book, How to Own a Continent by Jake Rolston. This is an entertaining collection of security fiction and I've been using the term ever since (although it's entirely possible that I'm the only one). Feel free to use whatever term you like.
Traditionally, the creeper box would have been an ultra-small form factor PC discreetly connected to the target network. With the recent boom in consumer hobbyist electronics, we have better (and cheaper) options. There are two scenarios I will discuss:
- A discreet backdoor enabling remote access and complex attack capabilities typically connected directly to the switch.
- A passive bridge spliced inline into a network endpoint or backbone, solely to provide data interception...