It doesn’t do quite what the name might immediately suggest.
The idea is that it keeps its eye on what’s plugged into your USB ports and if anything changes, it shuts down your computer abruptly.
The theory is that if someone you don’t like the look of tries to confiscate your laptop, or looks as though they’re trying to steal it, you can just swiftly (and apparently innocently) unplug some USB device that you happen to be using and that’s that for the current session.
Power off
Ironically, last century’s IT-related police busts, if pre-arranged by means of a warrant, typically included special conditions like “no-knock” and “power off.”
The former meant that they didn’t ask before entering (a block of wood over the lock and a sledgehammer does the trick on most regular doors, so volunteer to be the cop wielding the hammer, not the one holding the wood).
The latter meant that they had permission to turn off your mains electricity supply first.
The idea was simple: if you got warning that the cops were outside, you could kick off disk-wiping programs on all your computers, and put all your diskettes and tapes into an industrial degausser (demagnetiser) for bulk erasure.
This was a particularly handy trick for software and video pirates, who could leave the investigators with a nothing but a giant pile of blank disks and white-noise VHS tapes as evidence.
Charges dismissed.
Power on
These days, things often work the other way around, with law enforcement keen to seize evidence like computers while they are still running and logged in.
So they’ll probably still use their special skeleton keys to gain entry, to take you by surprise, but the idea of shutting down the power so you can’t keep your computers alive has gone out of the Windows.
With power maintained, and your current session still alive and unlocked, the cops may very well avoid needing to get hold of your passwords to access things like files, social media accounts, network connections, and so on.
Better yet, they may be able to extract data from memory that reveals things like usernames and passwords for yet more accounts that you have used recently but aren’t currently logged into, or remnants of websites that you’ve looked at but no longer have open, and so on.
With Hephaest0s’s usbkill utility, all you have to do is remove your 3G modem, or disconnect the dongle that runs your mouse (a good reason to ditch Bluetooth and go back to those proprietary Logitech mice), and all that lovely forensically valuable data in memory is toast.
The downside
There’s a downside, of course.
The code is written in Python, and needs to run continuously as root.
So you’d better hope it that usbkill itself isn’t hackable, or if the cops get hold of your computer while you are otherwise distracted (for example because your arms are handcuffed behind your back) then your defensive utility could end up being just the Elevation of Privilege toolkit that the forensics team need to pwn your computer completely.
Hephaest0s suggests that you can circumvent this problem by using “a cord to attach a USB key to your wrist.”
Just be careful when you need to stretch your legs, or reach for the sugar bowl, or pop out to the little hacker’s room, lest you shut down the latest improvements to your magnum opus before they’ve been properly saved.
Of course, usbkill doesn’t solve the problem of what to do when the cops ask you to unlock your now shut-down computer.
Legal protection for this seems to vary from country to country, but since you don’t actually have to reveal your password, you can expect to be in serious trouble in some juridictions if you try to claim a “right to silence” when asked to show us what’s in those files, son.
PS. If you have a Mac, a half-second second on the power key will lock it so your password is needed, and five seconds will power it off. Or you could gently close the lid, with or without a cord attached to your wrist. (Yes, the power-off-in-5-seconds feature works on all computers. But Mac users have the power button handily implemented as a regular key, where F13 would be, so you can kill the power while apparently typing.)