Explosives Replace Malware As the Scariest Thing a USB Stick May Hide (arstechnica.com) 45
An anonymous reader quotes a report from Ars Technica: As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated. Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.
According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm. On Monday, Fundamedios, an Ecuadorian nonprofit focused on media rights, put out a statement on the incidents, which saw letters accompanied by USB-stick bombs sent to two more journalists in Guayaquil and two journalists in Ecuador's capital.
Fundamedios said Alvaro Rosero, who works at the EXA FM radio station, also received an envelope with a flash drive on March 15. He gave it to a producer, who used a cable with an adapter to connect it to a computer. The radio station got lucky, though, as the flash drive didn't explode. Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said. Yet another reporter attempted to access the drive's unknown content. Milton Perez at Teleamazonas' Quito offices might have set off the USB stick's explosives if he had plugged it into the computer properly, according to Fundamedios. Police intercepted a fourth drive sent to Carlos Vera in Guayaquil and performed a "controlled detonation" on one sent to Mauricio Ayora at TC Television, also in Guayaquil, BBC reported. It's unclear what the motive is behind the exploding drives. Ecuador Interior Minister Juana Zapata confirmed that all five cases used the same type of USB device and said the incidents send "an absolutely clear message to silence journalists," per AFP.
In a statement cited by BBC, the Ecuadorian government said, "Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigor of justice."
According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm. On Monday, Fundamedios, an Ecuadorian nonprofit focused on media rights, put out a statement on the incidents, which saw letters accompanied by USB-stick bombs sent to two more journalists in Guayaquil and two journalists in Ecuador's capital.
Fundamedios said Alvaro Rosero, who works at the EXA FM radio station, also received an envelope with a flash drive on March 15. He gave it to a producer, who used a cable with an adapter to connect it to a computer. The radio station got lucky, though, as the flash drive didn't explode. Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said. Yet another reporter attempted to access the drive's unknown content. Milton Perez at Teleamazonas' Quito offices might have set off the USB stick's explosives if he had plugged it into the computer properly, according to Fundamedios. Police intercepted a fourth drive sent to Carlos Vera in Guayaquil and performed a "controlled detonation" on one sent to Mauricio Ayora at TC Television, also in Guayaquil, BBC reported. It's unclear what the motive is behind the exploding drives. Ecuador Interior Minister Juana Zapata confirmed that all five cases used the same type of USB device and said the incidents send "an absolutely clear message to silence journalists," per AFP.
In a statement cited by BBC, the Ecuadorian government said, "Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigor of justice."
Scary (Score:2, Insightful)
the journalist suffered mild hand and face injuries
That doesn't sound very scary tbh. Hope the journalist recovers.
Re:Scary (Score:4, Insightful)
I'm weighing the two options, and compared to identity theft, mild hand and/or facial injury sounds like the better offer.
As one who bangs up head and hands some nonzero percentage of the time I fix something, that's no Sophie's Choice.
Re:Scary (Score:5, Interesting)
Re: (Score:3)
...Exploding drives is a great idea for teaching idiots to not just shove everything they see with a USB connector into their computer's ports!
Back in the day, we would drop a handful of USB drives in the company cafeteria with tracking software just to see what would happen, and educate those "idiots" who plugged them in.
Unfortunately those "idiots" also hold titles like "supervisor" and "HR", so teaching with explosives will result in a very short career. Good luck with your lawsuits.
Re: (Score:2)
Re: (Score:2)
...that must have been a really awkward conversation, telling the CEO of a networking company what he can't do with his network!
Meh, that's merely slightly uncomfortable. Watching a CEO of a networking company squirm in front of investors and board members explaining why he/she should remain CEO after pulling a stunt like that? Now that's an awkward conversation.
On a related note, a good conversation to have when sitting in the CIO/CSO position, is understanding that there will be times a CIO/CSO needs to tell even the CEO No. In those moments, a good CEO will at least respect that answer enough to weigh a justification and be h
Re: (Score:2)
...Exploding drives is a great idea for teaching idiots to not just shove everything they see with a USB connector into their computer's ports!
Back in the day, we would drop a handful of USB drives in the company cafeteria with tracking software just to see what would happen, and educate those "idiots" who plugged them in.
Unfortunately those "idiots" also hold titles like "supervisor" and "HR", so teaching with explosives will result in a very short career. Good luck with your lawsuits.
Smoke bomb. Will have the same effect, but without the risk of injury.
Re:Scary (Score:5, Insightful)
But seriously, who gets a USB flash drive of unknown provenance and just sticks it into their computer to see what happens? Exploding drives is a great idea for teaching idiots to not just shove everything they see with a USB connector into their computer's ports!
Um... that's a rather simplistic view.
Consider they are journalists and probably receiving USB sticks with stuff from strangers is more common that we'd think.
At the same time, at least in theory, that USB stick could be connected to an isolated machine, be it a VM (pass-through USB) or just an ancient 30 bucks laptop with a fresh OS and no network connectivity. Up until now, the worst thing that could have happened would have been to get the laptop's motherboard fried because the stick would have been a machine killer.
This changes the playing field. If any USB stick one receives could be a small bomb, well... sucks for investigation journalists and not only.
Re: (Score:2)
Re: (Score:2)
I guess there are solutions out there, what worries me is the psychological effect of these occurrences.
Re:Scary (Score:5, Interesting)
But seriously, who gets a USB flash drive of unknown provenance and just sticks it into their computer to see what happens?
Journalists who can legitimately get important material from anonymous sources?
Re: (Score:1)
you're right, maiming or killing someone for plugging in a USB is definitely Justified.
As for an IDIOT that would want to plug in an unknown USB, an example is right Infront of you if you open your brain to something other than self righteous stupidity.
A journalist who might receive anonymous data dumps/evidence to investigate and expose by whistleblowers wishing to remain anonyms. Of all the people I WOULD expect to receive unsolicited USB drives would be the authorities, and journalists.
I mean sure.. the
Re: (Score:2)
I'm in favor of a government program to mail exploding USB sticks to a few million random people every month until the general population learns to not plug in unknown USB sticks.
Maybe it'll work like the monkey-ladder-banana experiment. Yeah, I know that's fictional, but it's still worth a try.
Re: (Score:2)
If you insert the stick in the handy front-mounted USB port, like on most commercial PCs, and it happens to sit on your desk, when the charge goes off there's a non-zero chance that you'll lose one or both eyes. (And not just from the explosive itself; a flying shard of plastic can take your sight.)
That is probably what the perps were hoping for, to achieve a properly intimidating outcome.
Re: (Score:1)
Re: (Score:2)
Actually, those flash drives were nothing but Windows Updates. Blowing up your PC is their standard mode of operation.
Re: (Score:2)
Re: (Score:3)
It could have been their eyes, idiot.
Do They Come Pre-Loaded (Score:3)
With Pop_OS?
Would be fitting.
Re: Do They Come Pre-Loaded (Score:2)
BSOD (Score:1)
BSOD
Fish stories (Score:1)
Back in my IBM days we carted around washing-machine-sized hard-drives, and somebody put The Big One inside. Our island is now united with the sea.
Re: (Score:1)
Re:Disgusting, yet independently hilarious. (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Salt a bunch of these around to trigger fire (Score:2)
crackers and maybe people will stop plugging random USB sticks into their computers.
Re: (Score:3)
These are journalists. It's a terrible idea for normal people, but I'd imagine people might send newsworthy stuff anonymously to them, and they'd want to see what it's about. Obviously, they should still take precautions, and sadly, that apparently now means physical precautions as well.
Tiny payload....this time. (Score:2)
The journos are fortunate their attacker didn't use an external hdd case with a larger charge. One could also contain a microSD for the target to explore to encourage handling/physical proximity, and perhaps a timer or remote detonator.
A tablet or notebook could easily be made into a "claymore" style IED then sent as an apparent promotional gift or review sample.
You should NEVER plug in a unknown USB stick (Score:3)
Re: (Score:2)
NEVER NEVER NEVER! USB killers have been around for a long time to destroy the computer its plugged into and now they are aiming at the operator. Not mention the old installing malware onto it as a payload or embedded the payload into the USB controller.
If you do get a USB stick. Give it your your IT staff to check out if it is safe. They are hopefully more clued up and know to check for these things.
Your IT staff dis unlikely to know how to check for explosives.
Hey boss ... (Score:2)
Serious question (Score:2)
Re: (Score:2)
you guys get metal boxes? we just get a plastic 5 gallon plastic bucket, which i suppose is better than the cardboard box they used to be kept in
Sandbox (Score:2)
Opening the USB-stick in a sandbox is not enough, you have to put a long cable on the stick and put it down into an ACTUAL sandbox filled with sand, before connecting the cable to a computer.
In Ecquador.. (Score:2)
In the Rest of the World, USB thumb drives kill your computer. In Ecuador USB thumb drives kill you.
Old Hat (Score:2)
Re: (Score:2)
I bet it didn't explode (Score:2)
RDX requires a detonator to explode.
I bet this device just set the RDX on fire. It burns fast and hot.
That would explain the minor hand damage.