Security experts have warned time and time again never to connect USB sticks from sources you don’t know but what they were worried about involved malware, not physical harm.
Now, we have to face what amounts to “explosive malware”. A new and terrifying type of attack, the case of exploding USB sticks shows a level of sophistication few bad actors employ. By targeting naturally curious journalists who frequently received anonymous tips and information in the mail, the bad actors ensured that the USB sticks were used and not simply discarded. And, since the attack relied on simply connecting the USB sticks to a power source and did not contain malware but actual, physical explosives, the attackers deployed a guaranteed intimidation tactic.
Five Ecuadorian journalists were targeted by explosive USB sticks sent in the mail. Though fortunately most did not actually explode, one journalist suffered bodily harm.
When Lenin Artieda of the Ecuavisa TV station in Guayaquil received an USB drive in the mail from Quinsaloma, they inserted it into their computer, at which point the USB drive exploded. Artieda suffered mild hand and face injuries. Another journalist received an USB exploding stick but avoided injury when his producer used a cable with an adapter to connect it to a computer. Because the adapter didn’t have enough power to activate the explosive device, the USB didn’t activate.
If this doesn’t convince you to never use a USB device you don’t trust…
From an ArsTechnica report on the exploding flash drives:
According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US’s, use RDX, which “can be used alone as a base charge for detonators or mixed with other explosives, such as TNT.” Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.
According to the BBC, a fourth exploding USB device was intercepted by the police and destroyed in a controlled detonation.
The Ecuadorian prosecutor’s office said it had opened an investigation into the crime of terrorism. The authorities did not speculate on the possible motives of the attackers, though one USB stick was accompanied by a note that claimed it contained information on “Correismo”, a political movement named after former president Rafael Correa.
*Main image via Fundamedios, an Ecuadorian nonprofit focused on media issues, from their statement about the incident.
Also read: Tiktok Tracking: How Much Data Tiktok Uses and How To Stop It Tracking You
Follow TechTheLead on Google News to get the news first.