Journalist plugs in unknown USB drive mailed to him—it exploded in his face

March 22, 2023:

Ecuadorian police in a media station with a shield
Enlarge / Ecuadorian police tweeted this picture of officials investigating a drive mailed to a journalist in Guayaquil.

It’s no secret that USB flash drives, as small and unremarkable as they may look, can be turned into agents of chaos. Over the years, we’ve seen them used to infiltrate an Iranian nuclear facility, infect critical control systems in US power plants, morph into programmable, undetectable attack platforms, and destroy attached computers with a surprise 220-volt electrical surge. Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn’t get the memos.

As reported by the Agence France-Presse (via CBS News) on Tuesday, five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.

Upon receiving the drive, Lenin Artieda of the Ecuavisa TV station in Guayaquil inserted it into his computer, at which point it exploded. According to a police official who spoke with AFP, the journalist suffered mild hand and face injuries, and no one else was harmed.

According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US’s, use RDX, which “can be used alone as a base charge for detonators or mixed with other explosives, such as TNT.” Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.

On Monday, Fundamedios, an Ecuadorian nonprofit focused on media rights, put out a statement on the incidents, which saw letters accompanied by USB-stick bombs sent to two more journalists in Guayaquil and two journalists in Ecuador’s capital.

Fundamedios said Álvaro Rosero, who works at the EXA FM radio station, also received an envelope with a flash drive on March 15. He gave it to a producer, who used a cable with an adapter to connect it to a computer. The radio station got lucky, though, as the flash drive didn’t explode. Police determined that the drive featured explosives but believe it didn’t explode because the adapter the producer used didn’t have enough juice to activate it, Fundamedios said.

Yet another reporter attempted to access the drive’s unknown content. Milton Pérez at Teleamazonas’ Quito offices might have set off the USB stick’s explosives if he had plugged it into the computer properly, according to Fundamedios.

Police intercepted a fourth drive sent to Carlos Vera in Guayaquil and performed a “controlled detonation” on one sent to Mauricio Ayora at TC Televisión, also in Guayaquil, BBC reported.

What’s driving these attacks?

Ecuador Interior Minister Juana Zapata confirmed that all five cases used the same type of USB device and said the incidents send “an absolutely clear message to silence journalists,” per AFP.

Fundamedios has attempted to shed some light on the motive for the exploding drives, but information seems limited, as the investigation of a terrorist act by the Ecuadorian government is ongoing. The advocacy group said the drive that exploded came with a letter threatening Artieda, while the letter accompanying the USB drive sent to TC Televisión came with a message against an unspecified political group.

A message accompanying the threatening drive sent to Pérez in Quito had a message claiming, in part, per a Google translation of Fundamedios’ release: “This information will unmask correísmo. If you think it’s useful, we can come to an agreement and I’ll send you the second part. I communicate with you.” Correísmo is an Ecuadorian political movement named after former President Rafael Correa, who was Ecuador’s president from 2007 until 2017.

In a statement cited by BBC, the Ecuadorian government said, “Any attempt to intimidate journalism and freedom of expression is a loathsome action that should be punished with all the rigor of justice.”

Publications covering these events have pointed out that Ecuador has seen an uptick in crime in the past few years that President Guillermo Lasso has attributed to drug trafficking, but the true motives behind the recently sent USB weapons are unknown.

AFP noted other recent violence around Ecuadorian media stations, including a shooting at the RTS TV station, where an alleged shooter reportedly left behind a pamphlet signed by a Mexican cartel and threatened a newspaper director. Last year, there was a bomb explosion at Teleamazonas, which also received an RDX-laced USB drive this month.

But no matter who’s behind the dangerous attacks on journalists, these unsettling tales should serve as an umpteenth reminder that—just like you shouldn’t click random links messaged to you, open unknown attachments, or download suspicious files—you shouldn’t stick unknown USB drives, especially ones randomly mailed to you, into anything. In the case of some of these reporters, the thought of a hot scoop may have been enticing, but opening unverified devices or data carries a great deal of risk.

Source link