Drive Badger: open source platform for covert data exfiltration operations, ranging from small computers to big servers.

contact@drivebadger.com

It depends, and it possibly might be a very complicated question in specific case.

However, in general, data exfiltration is legal, if:

  • you represent the eligible entity (eg. you're the police officer, detective, special agent, soldier, expert witness in court etc.), and you do it as a part of your job (eg. exfiltrate data from suspect's computer)
  • you are a private investigator, and you are legally eligible to do such actions in your country
  • you work in IT security team, and you want to simulate an attack within your company
  • you work in IT security company, and you want to simulate an attack for your client (after signing all required papers)
  • you are doing it on your own computer(s) - to learn, how such attacks work

Additionally, data exfiltration can be semi-legal, if:

  • you represent the eligible entity, but you do it outside your job, eg. for private reason - in many countries that qualifies "only" as disciplinary offense against your employer (instead of regular crime)
  • you are a diplomat or any other person having personal immunity (remember, that while you cannot be directly caught, the incident most probably will still be recorded and can result in other consequences for you or your country)

What if I get caught in the action?

In Drive Badger mode, do whatever's possible to either turn off the computer, or disconnect the USB drive with Drive Badger. Also, don't forget to read the full emergency procedure.

In Mobile Badger mode, target drive is not encrypted, so do whatever's possible to destroy both MicroSD card and target drive.

From the founder...

Being in IT security business for almost 25 years, I realized, that breaking protections (or preventing it) is becoming less and less important. We are not living in Outlook Express times anymore...
The key point is the ability to keep the privileges permanent, once obtained. This becomes more and more difficult, as IT systems get more and more complicated - and this is exactly the goal of Drive Badger project: to give non-ITSEC people the ability to keep either the privileges, or the outcome of the successful break-in.