Universal Serial Bus (USB) Hardware Implant COTTONMOUTH-I

As we all know the NSA has many different tools that they use to spy on us. Today I will be writing about COTTONMOUTH-I, which is a USB hardware implant.


What It Is
COTTONMOUTH-I is a hardware implant which can be placed in USB devices. COTTONMOUTH-I is only one of the hardware implants from the COTTONMOUTH family. The COTTONMOUTH family has hardware implants for USB and Ethernet connectors. COTTONMOUTH-I can provide a wireless bridge into a target network and it also has the ability to load exploited software onto target systems. When we think about hardware implants that the NSA uses, I think it is important to consider that most of these hardware implants cost a lot of money and usually are not used unless you are specifically targeted by the NSA. For example, in 2008 the COTTONMOUTH-I hardware implant cost slightly over $1M for 50 units. Now I know you are thinking that they are the NSA and they have loads of money to spend. That is correct, but I don’t think they are complete idiots. For them to deploy hardware implants like this in a bunch of random systems would be a waste of money.


What We Can Do
COTTONMOUTH-I is a USB hardware implant which means it needs a driver to function properly. If you know that one of your USB devices has this hardware implant then you can simply prevent the installation of drivers on your system. This can be done on Microsoft Windows and Linux systems. If you have Microsoft Windows, then simply use group policy to prevent installation of devices not described by other policy settings. If you are using Linux then it can vary depending on the distribution that you are using. It can be done on most Linux distributions but I am sure there are some that don’t give you the option. Therefore you might have to use third party software to do this. I would recommend that you simply Google the Linux distribution you are using and how to prevent the installation of unknown devices.


Thank you all for taking the time to read this post and as always God bless!

The NSA’s original documentation on COTTONMOUTH-I


The following two tabs change content below.
Preston Hood
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>