WARNING -- USB Killer "Thumb Drives"

Discussion in 'Rocketry Electronics and Software' started by John Kemker, Oct 28, 2019.

Help Support The Rocketry Forum by donating:

  1. Oct 28, 2019 #1

    John Kemker

    John Kemker

    John Kemker

    Forum Supporter TRF Supporter

    Joined:
    Aug 25, 2019
    Messages:
    85
    Likes Received:
    31
    Gender:
    Male
    Some of you may already be aware of these. If so, then just consider this a reminder.

    Friday, two different laptops for my work succumbed to USB Killer 'drives.' I was on my way back from a job that was cancelled when I was asked to head to a different job to assist, as the Event Manager's laptop wouldn't turn on. When I showed up, I set about getting the job downloaded over the VPN to my laptop and grabbed what I thought was a USB stick off of the table. When I put it into my laptop, I heard a "snap!" and my laptop was dead. It wouldn't turn on any more.

    I figured it was probably a defective thumb drive and took it back to the office. I was a bit upset, so I took a hammer to it. The stick didn't break, as much as break open. When I looked inside, the markings on the PCB enlightened me as to what happened. It was marked "USB Killer V3.0FK, -215 VDC, High Voltage!"

    A quick Google search and I discovered http://www.usbkill.com has these nasty little devices for sale. I was hit by the "Anonymous" model. It's an all-black version of the blue and silver thumb drives my work uses.

    Be very careful of what you put in your laptop or connect to any of your electronic equipment. This nasty little device had several high-value capacitors and a coil to boost the 5VDC of the USB port to -215VDC. It then pulses that through the attached port until the device dies.
     
    Dwatkins and Andrew_ASC like this.
  2. Oct 28, 2019 #2

    Andrew_ASC

    Andrew_ASC

    Andrew_ASC

    UTC SEDS 2017 3rd/ SEDS 2018 1st

    Joined:
    Sep 22, 2017
    Messages:
    3,582
    Likes Received:
    431
    Gender:
    Male
    What the literal F***???
     
  3. Oct 28, 2019 #3

    BABAR

    BABAR

    BABAR

    Builds Rockets for NASA TRF Lifetime Supporter TRF Supporter

    Joined:
    Aug 27, 2011
    Messages:
    4,463
    Likes Received:
    521
    Lets hope they don’t branch out into pacemaker “testers”
    Absolutely stupid and irresponsible to sell an “anonymous” model.
    Also, if the point is to see if the system is surge protected, who in their right mind would want to “test” their device if “failure” meant destruction?
     
    Andrew_ASC likes this.
  4. Oct 28, 2019 #4

    dhbarr

    dhbarr

    dhbarr

    Amateur Professional TRF Supporter

    Joined:
    Jan 30, 2016
    Messages:
    5,727
    Likes Received:
    612
    File a police report? That's probably a Felony.
     
    captbk, FredA and Andrew_ASC like this.
  5. Oct 28, 2019 #5

    FredA

    FredA

    FredA

    Well-Known Member

    Joined:
    Jan 19, 2009
    Messages:
    1,833
    Likes Received:
    118
    WHY would this be unlawful? Current law isn't that savvy.
     
  6. Oct 28, 2019 #6

    cerving

    cerving

    cerving

    Owner, Eggtimer Rocketry TRF Sponsor TRF Supporter

    Joined:
    Feb 3, 2012
    Messages:
    3,216
    Likes Received:
    383
    Probably, but your chances of getting anything out of it is zero, possibly negative. Computer-related crimes are such big business now that unless there are literally millions of dollars involved the authorities won't even talk to you. At my day job, a few years ago somebody tried to pawn themselves off as being one of our purchasing agents, and they tried to buy hundreds of hard drives from a large national distributor on our account. They even had the right information for the credit check. The only thing that stopped it from being shipped was that the rep always worked through me, so he called me and asked who this guy was. I told him that it wasn't us, and we talked about playing along and setting up a fake shipment to the shipping address (which turned out to be an empty house in Texas, even though we don't have any presence outside California), but we killed the idea after we found out that the local authorities weren't interested in catching these guys. $500k wasn't big enough for them. We let it go... my guess is that they found somebody else to rip off.
     
  7. Oct 28, 2019 #7

    dhbarr

    dhbarr

    dhbarr

    Amateur Professional TRF Supporter

    Joined:
    Jan 30, 2016
    Messages:
    5,727
    Likes Received:
    612
    Vandalism ( a misdemeanor ) of sufficient value almost always switches to destruction of property ( a felony ). Somewhere between the cost of a board swap and a complete replacement we're almost assuredly across that line.

    It's not like somebody put a defective or damaged device there. Someone put a device there designed to do exactly what it did. They may as well have run 120VAC through it, hit it with a blowtorch, or submerged it in saltwater.

    I'd file a police report so I have something to show the insurance company, and I wouldn't be quiet about it. That ought to put The Fear into whoever thought that would be a lark. ( note that if actually asked to prefer felony charges I would ask for deferment, community service, monetary fine )
     
    Andrew_ASC likes this.
  8. Oct 28, 2019 #8

    Andrew_ASC

    Andrew_ASC

    Andrew_ASC

    UTC SEDS 2017 3rd/ SEDS 2018 1st

    Joined:
    Sep 22, 2017
    Messages:
    3,582
    Likes Received:
    431
    Gender:
    Male
    Yeah but since it was a company laptop that almost sounds like industrial espionage charges could be applied. At Volkswagen I saw numerous cases of these creep as f*** unwanted kinds attacks on Funac CNC machinery. Mainly the mig welders were vulnerable to losing zero by programmers who weren’t employees of VW who illicitly entered premises and tampered with **** until funac mig weld robots weren’t welding in the assigned locations on car parts for structural welds. When we first saw this kind of attack we went not walking but sprinting into directors meeting. Worst case was a PLC cable cut from behind a locked box that shut down an assembly line for four hours costing millions in downtime. Telling the directors about what we saw got them fuming mad. They literally screamed this isn’t robot fault this is SABOTAGES... They pulled files of everyone on shifts. It turned out to not be Volkswagen employees that caused the problem. Nobody knew who the f*** those unwelcome guest were but the end results could’ve killed customers. Multiple people were saying I’ve never seen X person before!!! We caught thirty atlas SUV fully assembled minus mig welds in critical locations on rear right rails to hold the car frame together. It was horrific. I’m glad I didn’t get a job there after internship.

    These kinds of white collar hacking computer crimes are increasingly frequent. I’d venture out to suggest there’s probably an illicit group of saboteurs doing this for illicit gains. It’s one thing if company IT wants to test its machine to destroy it if needed to find fault in security under controlled conditions. It’s another scary thing when you have industrial spy stuff causing havoc on production lines with consequences of results could literally legit kill product end users or factory techs. The problem with devices like this is the havoc they cause when used by not friendly helpful people.
     
  9. Oct 28, 2019 #9

    John Kemker

    John Kemker

    John Kemker

    Forum Supporter TRF Supporter

    Joined:
    Aug 25, 2019
    Messages:
    85
    Likes Received:
    31
    Gender:
    Male
    Okay, I've been a bit slow in responding to this post, but let me expand on the chain of events:

    One of our Event Managers had an emergency come up right before an event. Cancellation was not an option, as it would have been our fault and cost my employer money. My District Manager went to the EM's house to pick up his laptop and other equipment so that an alternate EM could run the job.

    Meanwhile, my event was cancelled due to customer prep issues. I still had a minor event to complete at that site, but the main event was cancelled. I texted my Area Manager and DM to say I was headed back to the office when I received the instructions to head to the second event, less than 8 miles away.

    The USB Killer drive was in the bag of the absent EM. The backup EM had tried to use it to program equipment and didn't associate it with what happened to the absent EM's laptop until after my laptop died. It was laying on the table when I picked it up to do the exact same thing.

    Was this intentional? I doubt it. Was it negligent on the part of the absent EM to have such a device in his bag? Absolutely. The AM and DM are seriously looking into this situation and will take the appropriate steps. Meanwhile, I'm just warning folks to be careful what you put in your computers.
     
  10. Oct 28, 2019 #10

    dhbarr

    dhbarr

    dhbarr

    Amateur Professional TRF Supporter

    Joined:
    Jan 30, 2016
    Messages:
    5,727
    Likes Received:
    612
    Ahh, time to award a Laptop Killer Trophy at the next all hands if they're a good egg.
     
  11. Oct 28, 2019 #11

    Steve Shannon

    Steve Shannon

    Steve Shannon

    Well-Known Member

    Joined:
    Jul 23, 2011
    Messages:
    5,187
    Likes Received:
    1,436
    Location:
    Butte, Montana
    One exploit to hacking into a secure system is just to leave thumb drives with malware where people will find them. People being people will frequently check to see what’s on the drive. My group was always trying to train people not to ever use a usb drive without knowing exactly where it came from. I guess this is one way to make that point.
     
  12. Oct 28, 2019 #12

    Jmhepworth

    Jmhepworth

    Jmhepworth

    Well-Known Member

    Joined:
    Dec 14, 2012
    Messages:
    401
    Likes Received:
    84
    Our IT people put together a little experiment and created their own “malware” on flash drives that they left around, including the parking lot. Most of the drives were just turned into the receptionist, who duly gave them to IT. But a few unsuspecting souls put them in a computer to see who they belonged to. Fortunately the only side effect was to message IT who had breached security by putting an unknown flash drive into their computer. It was a fun experiment and a timely reminder.
     
  13. Oct 28, 2019 #13

    cwbullet

    cwbullet

    cwbullet

    Obsessed with Rocketry Staff Member Administrator TRF Lifetime Supporter Global Mod

    Joined:
    Jan 24, 2009
    Messages:
    22,504
    Likes Received:
    1,379
    Gender:
    Male
    Location:
    Glennville, GA
    What a crappy trick!
     
  14. Oct 29, 2019 #14

    John Kemker

    John Kemker

    John Kemker

    Forum Supporter TRF Supporter

    Joined:
    Aug 25, 2019
    Messages:
    85
    Likes Received:
    31
    Gender:
    Male
    So, I spoke with the errant EM today. He said that he found it on the ground at an event I was running last Wednesday.

    Let's just say that I'm a bit skeptical.
     
  15. Oct 29, 2019 #15

    scsager

    scsager

    scsager

    Slightly burned-out old guy

    Joined:
    Apr 24, 2010
    Messages:
    1,731
    Likes Received:
    45
    Gender:
    Male
  16. Oct 29, 2019 #16

    thequick

    thequick

    thequick

    Well-Known Member

    Joined:
    Sep 8, 2015
    Messages:
    117
    Likes Received:
    9
    Similarly, our IT dept send out a fake phishing email as a test.
     
  17. Oct 29, 2019 #17

    John Kemker

    John Kemker

    John Kemker

    Forum Supporter TRF Supporter

    Joined:
    Aug 25, 2019
    Messages:
    85
    Likes Received:
    31
    Gender:
    Male
    Guys! I'm in tears after watching this video! Thanks for that!

     
  18. Oct 29, 2019 #18

    jadebox

    jadebox

    jadebox

    Roger Smith TRF Sponsor

    Joined:
    Jan 18, 2009
    Messages:
    5,475
    Likes Received:
    68
    The first thing I thought of when I saw this thread is that Electroboom video. All of his videos are fun and interesting - that one especially so.
     
  19. Oct 29, 2019 #19

    tightwad

    tightwad

    tightwad

    Well-Known Member

    Joined:
    Jul 8, 2011
    Messages:
    1,079
    Likes Received:
    25
    After reading this thread and watching the video I will longer pick up free USB sticks at any convention or government functions! Thank you for the thread.
     
  20. Oct 29, 2019 #20

    H_Rocket

    H_Rocket

    H_Rocket

    Death by Powerpoint

    Joined:
    Jan 18, 2009
    Messages:
    3,635
    Likes Received:
    68
    Used to do it daily. The singular most satisfying and stress reducing job I ever had...
     
  21. Oct 29, 2019 #21

    BABAR

    BABAR

    BABAR

    Builds Rockets for NASA TRF Lifetime Supporter TRF Supporter

    Joined:
    Aug 27, 2011
    Messages:
    4,463
    Likes Received:
    521
    Okay, but I assume that was either a sample or test run.

    Doing this on regular equipment for daily use, not so good

    Kinda reminds me of that Cheech and Chong skit.
    Paraphrased

    Hey, what’s that?

    Looks like dog poo.

    What does it feel like?

    Feels like dog poo.

    What does it smell like?

    Smells like dog poo.

    What does it taste like?

    Tastes like dog poo.

    Okay, let’s be careful to walk around it, we sure don’t want to step in it.
     
  22. Oct 29, 2019 #22

    H_Rocket

    H_Rocket

    H_Rocket

    Death by Powerpoint

    Joined:
    Jan 18, 2009
    Messages:
    3,635
    Likes Received:
    68
    We beat the crap out of gear for a paycheck. I had one device that took almost a day and a half of abuse to break. This was not smash-type testing (though we did that too). This was more subtle 'lets see if we can mimic the worst that the typical idiot we issue equipment to will do.
     
  23. Oct 29, 2019 #23

    BABAR

    BABAR

    BABAR

    Builds Rockets for NASA TRF Lifetime Supporter TRF Supporter

    Joined:
    Aug 27, 2011
    Messages:
    4,463
    Likes Received:
    521
    It’s amazing how talented those idiots can get!
     
  24. Oct 30, 2019 #24

    H_Rocket

    H_Rocket

    H_Rocket

    Death by Powerpoint

    Joined:
    Jan 18, 2009
    Messages:
    3,635
    Likes Received:
    68
    We found that tomato juice was one of the best things to kill a laptop...
     
  25. Oct 30, 2019 #25

    dhbarr

    dhbarr

    dhbarr

    Amateur Professional TRF Supporter

    Joined:
    Jan 30, 2016
    Messages:
    5,727
    Likes Received:
    612
    Salty Cola
     
  26. Oct 30, 2019 #26

    rharshberger

    rharshberger

    rharshberger

    Well-Known Member

    Joined:
    Oct 13, 2014
    Messages:
    8,472
    Likes Received:
    823
    Gender:
    Male
    Location:
    Pasco, WA
    Milk....
     
  27. Oct 31, 2019 #27

    OverTheTop

    OverTheTop

    OverTheTop

    Forum Supporter TRF Supporter

    Joined:
    Jul 10, 2007
    Messages:
    3,031
    Likes Received:
    618
    Gender:
    Male
    Location:
    Melbourne Australia
    Why on Earth would you stir your drinks with a laptop??? :)
     
    Duster45 likes this.
  28. Oct 31, 2019 #28

    jadebox

    jadebox

    jadebox

    Roger Smith TRF Sponsor

    Joined:
    Jan 18, 2009
    Messages:
    5,475
    Likes Received:
    68
    There is a name for that, "The Pepsi Syndrome."
     
  29. Oct 31, 2019 #29

    OverTheTop

    OverTheTop

    OverTheTop

    Forum Supporter TRF Supporter

    Joined:
    Jul 10, 2007
    Messages:
    3,031
    Likes Received:
    618
    Gender:
    Male
    Location:
    Melbourne Australia
    It's good fun taking the ESD gun up to 30kV and running it around our spectrometers. We generally do quite well as we design with that testing in mind. Our company also requires us to go way past the regulatory requirements, ensuring we have robust products. I will run contact discharges directly to USB ports (and other similar interfaces) at 15kV.

    Really abusing the instruments can be fun. I was doing some rf immunity testing to the required 3V/m and it passed nicely. I then took the yagi off the tripod and poked it in the spectrometer while it was transmitting. The spectrometer didn't miss a beat, but I did manage to erase the EEPROM in it with the strong field :).

    Packaging testing is fun too, with packaged and unpackaged instruments dropped, rolled, bumped, shunted and vibrates. Very cathartic ;).
     
    Last edited: Oct 31, 2019
  30. Oct 31, 2019 #30

    FredA

    FredA

    FredA

    Well-Known Member

    Joined:
    Jan 19, 2009
    Messages:
    1,833
    Likes Received:
    118
    It's standard practice to zap all ports with an ESD gun.
    Newer, very high speed ports are the susceptible ones usually as the protection devices add too much capacitance to allow GHz transfer rates.
    Thus it's not hard to hurt the D+/D- inputs on USB ports.

    However, I've seen simple inputs do wild things.
    We zapped a RESET button through one of those "paper-clip holes" that literally blew the corner off a chip on the other side of the PCB.
     

Share This Page