Hand-delivered hacking: malicious USBs left in mailboxes

    Press/Media: Expert comment

    Description

    Expert comment to Associated Press regarding malware spreading over USB sticks

    Period22 Sep 2016 → 22 Sep 2016

    Media contributions

    2

    Media contributions

    • TitleHand-delivered hacking: malicious USBs left in mailboxes
      Degree of recognitionInternational
      Media name/outletAssociated Press
      Media typeWeb
      Country/TerritoryUnited Kingdom
      Date22/09/16
      DescriptionMemory sticks, also called thumb drives or USBs, are sometimes used to spread malicious software from computer to computer. This USB was branded, but Ascoet said the device appeared used and that he doubted there was any connection between the brand and the mysterious delivery.

      Ascoet, who also works as a security researcher, eventually threw the device out — although not before photographing it and posting the picture to Twitter .

      “Never EVER plug in such present,” he said by way of caption.

      Stories like Ascoet’s are anecdotal, but as web users get wise to rogue links and booby-trapped attachments, there are signs that cybercriminals are experimenting with hand-delivery of malware to people’s homes.

      On Wednesday, Australian police drew international attention when they announced that “extremely harmful” memory sticks had been left in mailboxes across the suburban town of Pakenham, about 60 kilometers (37 miles) southeast of Melbourne. Pakenham Police Sgt. Guy Matheson said in a telephone interview Thursday that the unmarked thumb drives started showing up several days ago.

      Disguised as offers for Netflix or a similar service, Matheson said rogue programs lurking on the drives instead held victims’ computers hostage, demanding a hefty payment in the electronic currency Bitcoin as ransom.

      Matheson said two or three people had fallen for the ruse.

      The technique of dropping a malicious USB somewhere and hoping someone will pick it up and plug it in has long been favored by spies to hack into hard-to-reach computers, said University of Manchester doctoral student Nikola Milosevic, who has studied the history of malware. The New York Times reported that the infrastructure-wrecking Stuxnet worm spread to Iran’s nuclear facilities using a thumb drive placed in the hands of an unwitting employee, for example. And despite the risks inherent in walking up to someone’s house and dropping malicious software through their mail slot, leveraging people’s inherent curiosity can mean a bigger potential payoff.

      Producer/Author RAPHAEL SATTER
      URLhttps://apnews.com/d3cb25840dd54f2c90a560c718c0ce24/police-malicious-usb-sticks-left-australians-mailboxes
      PersonsNikola Milosevic
    • TitleHand-delivered hacking: malicious USBs left in mailboxes
      Degree of recognitionNational
      Media name/outletDaily Mail
      Country/TerritoryUnited Kingdom
      Date22/09/16
      URLwww.dailymail.co.uk/wires/ap/article-3802009/Police-Malicious-USB-sticks-left-Australians-mailboxes.html
      PersonsNikola Milosevic
    View all 2
    View less