Kamikaze box

A kamikaze box is a machine (computer) that you implant into someones network, without telling them about its existence. It is a form of lo-tech hack where you instead of hacking into their network to obtain access over a computer, simply walk into their physical domain, and place your own computer there instead. Instead of breaching their cyber-security, you breach their often less defended physical security.


This machine can then be used 1) as a first foothold, from which you can further attack their network, or 2) to connect out from their network.

Many companies are like eggs, with a hard shell, that protects them from the outside world. Most of the defenses, their firewalls, are to construct this barrier against attackers. But since the kamikaze box is already on the inside of their network, the eggs hard shell is already breached.

If you instead use the machine to connect out from their network, it will appear as if it is them that are making the connections that you are doing. It might for example be useful to be able to portscan a large network from XYZ Corporation, rather than doing it from your own home. The kamikaze box gives you the bandwidth that Tor does not provide, but you can rely on Tor to provide the anonymity. It is the best of both worlds.

Setup

First of all, wear latex gloves, and clean the machine from hair and fingerprints. Wipe it off with alcohol. This is probably somewhat important!
It might be a good idea to make sure that the actual computer is not possible to trace back to a particular customer buying it either. Maybe use an old computer you found in the trash, or something, for stuff like this.

The easy way to do this is to install Tails on a USB, and insert it into an old discarded laptop that you found, or some old computer you have no personal connection to. Tails likes to run in RAM-only which is good for a kamikaze box!!! No hard disc required, you can remove it if you want
Setup an onion hidden service to point to the machines SSH service. (i.e. edit /etc/tor/torrc, then SIGHUP tor to reload config)

Verify that you can log into the machine over Tor, using the hidden service you just configured.

You are now essentially done. Maybe you will want to install a bunch of software already now... haxxor tools, maybe some bittorrent client, whatever!

Implant the device

You simply walk in at the office and when no-one is watching, you implant the device in their office (or whatever) at some stealthy location. Above the roof-tiles in office spaces there are a lot of cables, and ample opportunity to connect the device. In the walls, at ethernet cable outlets, you can also find space to connect it.
If you are going to do this, it might be a good idea to get into the mental space of a kamikaze box operator. Search for ingenious places to put the box. Even if you do not intend to put it there, think about it. When you go to your corp work place, think about good places where no one is watching, and where the box could survive for maybe years before someone found out.

If you camouflage the box so it does not look too damn suspicious, maybe they will not pick it apart and investigate it.Something that maybe someone plausible could have forgotten in a weird location? Or just an anonymous black box? At least do not make it look tooooo damn haxxor.

Congratulations! You now have a kamikaze box!

Operation

Now when you have your implanted kamikaze box, it is important that you do not reveal your identity. Do NOT, NEVER EVER, go back to your box. If it stops working (if it fails to reboot for example) you should not go back to it and physically flip the switch to reboot it manually. If you do, it could reveal your identity.
If people find the box, they could turn it off, and wait for you to come back and reboot it manually. Avoid falling in this trap!!!
If it stops working, you simply just leave it, and stop thinking about its existence. This is why it is called a kamikaze box!

Also, remember to NEVER type anything identifying that could lead back to you, into the kamikaze box. Do not use it to chat with your friends. Maybe it is a good idea to not even tell anyone about it.

!??!?!

People have found kamikaze boxes at a bunch of weird locations. At airports, and in military installations, in normal residential basements, in schools, and of course in office spaces, above roof tiles and in cable racks... They usually do not make headlines, since the targeted organizations does not want to advertize that they found an implant, or they did not even understand what it was they found!

Physical security is often much less difficult to breach than their cyber security. But the theaters overlap, so a breach in one results in a brach in the other.


Historically, the kamikaze box has also been known as "svartkast" (swedish, lit. "blackthrow"), and "drop box" (as in the act of "shop-dropping", a form of culture jamming)...


Back