It's no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we've seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos.
As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.
[...]
According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US's, use RDX, which "can be used alone as a base charge for detonators or mixed with other explosives, such as TNT." Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.
(Score: 2) by krishnoid on Monday March 27, @02:25AM (7 children)
Good thing the drive was so big they only copied the explosive to one of the partitions.
Seriously, though, it's good to know that energy storage mechanisms have the size and density to store sufficient energy, and discharge it in a way that can detonate certain kinds of explosives. With the push to improve Li-Ion battery energy density, this can become much more serious over time.
(Score: 0) by Anonymous Coward on Monday March 27, @02:46AM
This looks almost like the realization of a joke that went around years ago. Forgot the details but it was about a form of email that caused the death of the receiver, something about a Corleone Transfer and a protocol that wasn't HTTP:, instead it was the HIT: protocol.
(Score: -1, Troll) by Anonymous Coward on Monday March 27, @03:19AM
Battery technology and its consequences have been a disaster for the human race.
(Score: 0) by Anonymous Coward on Monday March 27, @06:51AM
RDX would still be better at explosions than batteries.
But from what I see I doubt they really intended to do that much physical damage. Because if they wanted to, they could do more than just send a usb drive worth of RDX.
(Score: 3, Insightful) by JoeMerchant on Monday March 27, @10:10AM
There was another USB nasty hardware project that used port power to accumulate a large charge then feed it back into the system at hundreds of volts.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 1) by khallow on Monday March 27, @11:30AM (2 children)
Friction matches have been around for almost 200 years (invented in 1826). Blasting caps are actually older (first invented in 1745). Wikipedia claims that the Chinese have versions of chemical matches that go back to the 13th or 14th centuries. This is not a new thing.
(Score: 2) by krishnoid on Monday March 27, @02:18PM (1 child)
RDX doesn't just burn [wikipedia.org], so I wonder if there was a separate blasting cap and the whole thing was misassembled.
(Score: 1) by khallow on Monday March 27, @03:20PM
(Score: 2) by sonamchauhan on Monday March 27, @06:37AM (3 children)
How long do USB extension cables go?
And that won't help at all with USB devices rigged to detonate on mechanical insertion (with no voltage).
Deviants make these - a waste of humanity!
(Score: 1, Insightful) by Anonymous Coward on Monday March 27, @07:49AM (2 children)
Journalism has always been a risky occupation, especially in much of the third world, especially today. Speaking truth to power has never been harder or more dangerous, and as such democratic governments have never been in a more precarious position, this trend being aided and abetted by the Big Tech companies and social media companies like Facebook in particular.
Random USB thumb drives of unknown provenance ought to be treated as though they were radioactive. It is not at all hard to embed nasty gadgets like that into them, but usually attackers would be much more subtle.
(Score: 3, Insightful) by krishnoid on Monday March 27, @02:20PM
So I guess microSD now makes more sense for this kind of thing.
(Score: 2, Insightful) by khallow on Monday March 27, @05:15PM
Except in the past, of course. I'm not really seeing what's supposed to be more dangerous today. Maybe death by UBS is harder and more dangerous than death by many other sorts of unpleasant techniques for people who said the wrong things to the wrong people?
(Score: 3, Funny) by Woodherd on Monday March 27, @10:30AM (3 children)
Yet another lesson in the prudence of disabling "autoplay". Looking at you, Microsoft!
(Score: 2) by Freeman on Monday March 27, @02:27PM (1 child)
"Autoplay" has nothing to do with it. Just literally applying voltage is all that one needed. I.E. They plugged it in. The thing didn't run a special file to detonate the drive.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Touché) by Mykl on Monday March 27, @10:28PM
I rate your post +1 "Whoosh"
(Score: 2) by Joe Desertrat on Wednesday March 29, @04:15PM
Does it run on Linux?