It used to be that the best way to protect a computer hosting sensitive data was by not connecting it to any network, a process known as air gapping. However, it was recently revealed that when the computer with the sensitive data is running Windows, even air gapped protection isn’t enough.
For example, the CIA, using a software system codenamed Brutal Kangaroo, first infects a Windows computer connected to the Internet, then infects any USB flash drive plugged into that computer, in the hope that the flash drive will eventually be plugged into the air-gap protected devices.
This drew a lot of attention, as you could imagine. However, in all the flurry of media coverage, defensive computing was never covered. To start, the most obvious tactic is to avoid using Windows. For some, Windows is what they have and there is no point in buying all new devices. If this is the case for you, there is another defensive tactic that can protect air gapped Windows computers from infected thumb drives.
Use a Chromebook as a middleman.
This virus known as Brutal Kangaroo infects the thumb drive itself, not the user data files. The malware on the drive targets Windows, so, plugging an infected flash drive into a Chromebook won’t negatively affect anything. Why? Because Chrome OS is immune to Windows malware.
The first step is to copy the data files from the possibly infected flash drive to the Chromebook, then remove the flash drive. From here, take another flash drive, copy the files from the Chromebook to this second flash drive and then, finally, copy them to the air gapped Windows device.
This is a lot to keep track of between all of the files switches and flash drives. To make it easier, you can color code the flash drives.
For additional safety, make sure that the Chromebook is in Guest Mode in order to eliminate malicious browser extensions as a means of attack. Also, it would be safer to use a Chromebook that does not support Android apps. This also reduces the attack surface.
Another defensive step is taking the time to format the USB flash drives on the Chromebook before use. Chrome OS currently formats devices with the exFAT file system, one that many other operating systems can read and write.
The advantages of formatting on Chromebook.
First, a Chromebook in Guest Mode acts as a malware-free environment. Reformatting should protect against thumb drives that are already infected with malware. lastly, exFAT benefits from not being NTFS.
Of course, air gapped protection is not just for organizations housing sensitive data, it’s also for computers controlling industrial devices such as power grids, dams, and battleships. This is a far-reaching virus that can be stopped using the tactics discussed above.