Part of what makes ProjectSauron so impressive is its ability to collect data from air-gapped computers. To do this, it uses specially prepared USB storage drives that have a virtual file system that isn't viewable by the Windows operating system. To infected computers, the removable drives appear to be approved devices, but behind the scenes are several hundred megabytes reserved for storing data that is kept on the air-gapped machines. The arrangement works even against computers in which data-loss prevention software blocks the use of unknown USB drives.
Okay first, it probably doesn't get information from air gapped computers without being plugged in, so let's quit with the voodoo right now. You guys are discounting the possibility of idiocy.
Second, making partitions that windows doesn't see is trivially easy. I went out of my way to buy a 128gb flash drive nearly 10 years ago at great expense, it had a 4gb fat 32 partition which is what Windows would see.
It had an 16gb Linux partition with 8gb of that being an encrypted partition
I installed a bootloader that allowed it to be switched to if plugged in when any computer was starting up
"making partitions that windows doesn't see is trivially easy"
Are we talking "partitions Windows wont mount because they aren't FAT/NTFS" or "partitions that literally do not show up to Windows Disk Management because the disk itself is showing a different capacity. EG: A 16GB USB reporting only 8GB, regardless of the OS installed"
A big chunk of space would take some work, but if you only needed a few KB there is slack space (at least a handful of sectors) on the end of every USB drive that doesn't align with partition sizes. I've used it before to store data on how many times my reformatting tool was used on the disk.
