Author Topic: why stupid things like the usb-killer do exist?  (Read 3164 times)

0 Members and 1 Guest are viewing this topic.

Offline magic

  • Super Contributor
  • ***
  • Posts: 2121
  • Country: pl
Re: why stupid things like the usb-killer do exist?
« Reply #25 on: May 06, 2019, 10:26:40 pm »
Quote
He was arrested and taken into custody in North Carolina on February 22nd, just over a week after he went on a spree of inserting the "USB Killer" device into 66 of Saint Rose's computers around various locations on campus. Such devices can be easily and freely purchased online and can overload the surge protection in many PCs.

Akuthota, 27, apparently made video recordings of himself inserting the malicious USB device into the computers and said "I'm going to kill this guy"
It is not immediately clear to me under what circumstances that sort of morons are desirable to be walking freely.
I'm not greedy, I would gladly pay tax so that they can stay in jail and off the streets.

They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently.
Oh come on, it's not guaranteed to kill the TPM at all. Put an ESD gun to the TPM if you want to kill the TPM. Or, you know, a $5 hammer.
 

Online joeqsmith

  • Super Contributor
  • ***
  • Posts: 6527
  • Country: us
Re: why stupid things like the usb-killer do exist?
« Reply #26 on: May 06, 2019, 10:50:37 pm »
Private school, out for two years on a VISA, 27 years old and this is the best idea he comes up with.    Must make mom and dad very proud of their son.  Then again, the apple never falls to far from the tree. 
How electrically robust is your meter?? https://www.youtube.com/channel/UCsK99WXk9VhcghnAauTBsbg
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 3917
  • Country: us
  • $
Re: why stupid things like the usb-killer do exist?
« Reply #27 on: May 07, 2019, 01:24:50 am »
I want to see what would happen if he busted in at night and smashed the equivalent circuits physically rather then electronically burned them

I do wonder if there is bias to the case because of the word 'killer' being used in regards to the product. If it said hammer instead.
 

Offline daqq

  • Super Contributor
  • ***
  • Posts: 1794
  • Country: sk
    • My site
Re: why stupid things like the usb-killer do exist?
« Reply #28 on: May 07, 2019, 04:12:58 am »
Quote
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
Out of curiosity, what would be an appropriate punishment?
Believe it or not, pointy haired people do exist!
+++Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
 

Offline OwO

  • Super Contributor
  • ***
  • Posts: 1130
  • Country: cn
  • RF Engineer @ OwOComm. Discord: スメグマ#2236
Re: why stupid things like the usb-killer do exist?
« Reply #29 on: May 07, 2019, 04:45:19 am »
Out of curiosity, what would be an appropriate punishment?
A fine equaling the total damage, certainly not jail time.
Discord: スメグマ#2236
Email: OwOwOwOwO123@outlook.com
GitHub: gabriel-tenma-white
 

Offline coppercone2

  • Super Contributor
  • ***
  • Posts: 3917
  • Country: us
  • $
Re: why stupid things like the usb-killer do exist?
« Reply #30 on: May 07, 2019, 04:46:12 am »
well you would need to look at similar property value related sentencing vs ease of use vs planning requirement to make a evaluation to see if the sentance is fair or at least in line with existing standards

typically bigger plots, more dollar value and slower more methodical damage results in higher sentences

The charge is often referred to as criminal mischief

being defined as criminal, not civil, likely means jail



S 145.10 Criminal mischief in the second degree.

A person is guilty of criminal mischief in the second degree when with intent to damage property of another person, and having no right to do so nor any reasonable ground to believe that he has such right, he damages property of another person in an amount exceeding one thousand five hundred dollars.

Criminal mischief in the second degree is a class D felony.


If you define it as use of explosives (spark. maybe. kinda a stretch.) you get class B felony regardless of damage caused (i.e. fire hazard, etc).


'D' Violent Felony    2-7 years
'D' Non Violent Felony    No Jail, Probation, 1-3 to 7 years

So they must have charged him with other stuff or considered if a class B felony (the ranges for sentencing overlap between violent and nonviolent).

https://codes.findlaw.com/ny/penal-law/pen-sect-145-12.html

Since you are destroying a computer (its not like destroying someones garden) you can also stack some tampering charges to that, since you disabled a computing center (but the law is kinda archaic)

https://www.lawserver.com/law/state/new-york/ny-laws/ny_penal_law_145-20

also you can argue, that unlike smashing a bunch of PC's physically, if you just fry them invisibly through USB ports you can try to blame it on lightning or something, so it can create lots of confusion being a sabotage type activity rather then just plain obvious vandalism. Suddenly your doing a massive investigation looking for lighting damage, replacing circuit breakers, hiring electricians, blaming distributors, blaming engineers..... chaos. could cost a contract even (bad computers, poorly protected since everything else works). invisible damage is really far reaching compared to just pissed off obvious vandalism and the sentencing likely takes some weight from that consideration.
« Last Edit: May 07, 2019, 05:06:01 am by coppercone2 »
 

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: why stupid things like the usb-killer do exist?
« Reply #31 on: May 07, 2019, 05:09:27 am »
Out of curiosity, what would be an appropriate punishment?
A fine equaling the total damage, certainly not jail time.
Yeah, probably more than enough to make him rethink what he did, unless mom and dad just pays the fine for him.
 

Offline daqq

  • Super Contributor
  • ***
  • Posts: 1794
  • Country: sk
    • My site
Re: why stupid things like the usb-killer do exist?
« Reply #32 on: May 07, 2019, 06:18:45 am »
While I agree that 10 years is excessive, at least some jail time should be included.

"Evidently malicious intent" should not have the same penalty as accidentally screwing up.
Believe it or not, pointy haired people do exist!
+++Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
 

Online bd139

  • Super Contributor
  • ***
  • Posts: 14924
  • Country: gb
Re: why stupid things like the usb-killer do exist?
« Reply #33 on: May 07, 2019, 07:07:27 am »
Yep. But US justice system is about retribution and punishment not rehabilitation apparently...

Firstly insurance should cover the damages if you’re a registered company of any kind. This isn’t any worse than a DUI and driving into a tree from a cost perspective.. Secondly chuck him in the clink for a year on a correctional basis or give him X hundred hours community service. People like this only do these malicious things because they have no grounding in reality. It’s a better use of time and money to get someone back into society and productive.

 

Offline daqq

  • Super Contributor
  • ***
  • Posts: 1794
  • Country: sk
    • My site
Re: why stupid things like the usb-killer do exist?
« Reply #34 on: May 07, 2019, 07:18:15 am »
Quote
This isn’t any worse than a DUI and driving into a tree from a cost perspective.
Even assuming that no valuable data was stored on the devices, there is the time that the IT guys will have to use to fix the mess. Also, 58k worth of equipment is not the cost of (most) cars. And the most important bit is that you mess up your own car when DUI, not someone elses.

I'm all for rehabilitation and such, but, punishment should also be applied.

Quote
People like this only do these malicious things because they have no grounding in reality.
I'm not sure I understand what you mean. Are you claiming he did not know that what he was doing is bad?

People do this kind of crap because they are dicks. Most people have 'dickish' tendencies to some extent. The difference is that most people have it under control.
Believe it or not, pointy haired people do exist!
+++Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
 

Offline @rt

  • Frequent Contributor
  • **
  • Posts: 988
Re: why stupid things like the usb-killer do exist?
« Reply #35 on: May 07, 2019, 07:52:24 am »
If you do a forum search for 'USB killer' you will find that this topic has come up several times in the past (not for a while though). As far as I remember, nobody ever came up with a satisfactory reason / excuse.

It depends what you define as reasonable. Or reasonable to you & me, or reasonable to them.
I’ve heard someone mention it with regard to ruining computers at a place he has to go and use their computers to look for a certain number of jobs each week.
If he doesn’t go, he gets no welfare, so the rationale would be that he gets out of doing something.
 

Offline blueskull

  • Supporter
  • ****
  • Posts: 13652
  • Country: cn
  • Power Electronics Guy
Re: why stupid things like the usb-killer do exist?
« Reply #36 on: May 07, 2019, 07:59:33 am »
This mentality summarizes it well.

 
The following users thanked this post: strangersound

Online bd139

  • Super Contributor
  • ***
  • Posts: 14924
  • Country: gb
Re: why stupid things like the usb-killer do exist?
« Reply #37 on: May 07, 2019, 08:21:20 am »
Actually that summarises USB as an interface nicely as well  :-DD
 
The following users thanked this post: strangersound

Online langwadt

  • Super Contributor
  • ***
  • Posts: 1862
  • Country: dk
 

Offline soldar

  • Super Contributor
  • ***
  • Posts: 2605
  • Country: es
Re: why stupid things like the usb-killer do exist?
« Reply #39 on: May 07, 2019, 09:49:16 am »
All of the following:

1- Civilly responsible for the damage done (obviously).  Victim should be made whole again.

2- Fine of triple that amount.

3- Punishment in the form of jail time and/or community service at the discretion of the judge taking into account his previous history. Assuming he is a first time offender with no other black marks I would say something like 500 hours of community service. If he has a bad history then maybe add some jail time (measured in weeks, not years).

Jail time should be the last recourse.
All my posts are made with 100% recycled electrons and bare traces of grey matter.
 

Online joeqsmith

  • Super Contributor
  • ***
  • Posts: 6527
  • Country: us
Re: why stupid things like the usb-killer do exist?
« Reply #40 on: May 07, 2019, 10:26:50 am »
I wonder why the Feds were involved and what their cost was.  He was a listed as a flight risk.  If let out, I assume he would go back to India.   

I can't imagine having my parents be involved with my problems at the age of 27.   Then again, I can't imagine putting myself in his position in the first place. 

This is how he shows his appreciation to his parents and the country who allowed him in and educate him.  Just a waste. 
How electrically robust is your meter?? https://www.youtube.com/channel/UCsK99WXk9VhcghnAauTBsbg
 

Offline CJay

  • Super Contributor
  • ***
  • Posts: 3547
  • Country: gb
Re: why stupid things like the usb-killer do exist?
« Reply #41 on: May 07, 2019, 10:27:09 am »
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.

The people here who complain this exists need to complain knives exist too because in the hands of a suitable idiot they can kill people.

Not joking but this also demonstrates that the average USB port is like a public glory hole (no dont google that)

Except, there's absolutely no guarantee it will do that.

Have a read of the Guardian article about the measures they had to take to ensure data destruction of the Snowden/NSA files.

https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq

https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show

Oh, and yeah, ever wondered why the loos in motorway services have stainless steel walls?

Lots of services have anonymous accounts on websites that promote such 'pleasures'

 

Online joeqsmith

  • Super Contributor
  • ***
  • Posts: 6527
  • Country: us
How electrically robust is your meter?? https://www.youtube.com/channel/UCsK99WXk9VhcghnAauTBsbg
 

Offline wraper

  • Supporter
  • ****
  • Posts: 11509
  • Country: lv
Re: why stupid things like the usb-killer do exist?
« Reply #43 on: May 07, 2019, 10:58:01 am »
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
Those will be destroyed only if you are lucky. Most likely replacing chipset will fix the motherboard. Or you can move TPM chip/module to another motherboard.
 

Offline GlennSprigg

  • Frequent Contributor
  • **
  • Posts: 829
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: why stupid things like the usb-killer do exist?
« Reply #44 on: May 07, 2019, 11:21:37 am »
Optical USB isolator.
   (From early on Page-1)......

Do you mind explaining this further ??? (Seriously...)
(Pwees expwane xox  :D)
 

Offline daqq

  • Super Contributor
  • ***
  • Posts: 1794
  • Country: sk
    • My site
Re: why stupid things like the usb-killer do exist?
« Reply #45 on: May 07, 2019, 11:27:37 am »
Optical USB isolator.
   (From early on Page-1)......

Do you mind explaining this further ??? (Seriously...)
(Pwees expwane xox  :D)
There are USB isolation products.
https://www.analog.com/en/products/adum4160.html
https://power.murata.com/datasheet?/data/power/ncl/kdc_nmusb202mc.pdf
And others. Pretty much chips/modules, just add a few support parts.
Believe it or not, pointy haired people do exist!
+++Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
 
The following users thanked this post: GlennSprigg

Offline apis

  • Super Contributor
  • ***
  • Posts: 1667
  • Country: se
  • Hobbyist
Re: why stupid things like the usb-killer do exist?
« Reply #46 on: May 07, 2019, 12:38:41 pm »
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
...
Except, there's absolutely no guarantee it will do that.

Have a read of the Guardian article about the measures they had to take to ensure data destruction of the Snowden/NSA files.

https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq

https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show
Actually a device like that is very unlikely to do any damage to the data on hard drives so that is no reason to use it at all. If the damage do reach the hard drives it will only destroy the controllers (which can be replaced) not the data on the disks.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 1705
  • Country: fi
    • My home page and email address
Re: why stupid things like the usb-killer do exist?
« Reply #47 on: May 07, 2019, 03:25:10 pm »
There are USB isolation products.
What you really need, is an USB hub with standard power control and isolation.  Also note that ADuM3160/4160 only work up to full speed USB 2.0 (12 Mbit/s), and not up to high speed (480 Mbit/s).

There has been some discussions on how to isolate and filter devices allowed to connect to an USB port.  In Linux, if the hub has standard power control (i.e., software control over whether a port is powered or not; common -- standard? -- in USB hubs), you can use standard udev utilities to limit which kind of devices are enumerated/activated, and even power off (for a few seconds, typically) not-allowed ones.

I seem to recall seeing a few hardware experiments (Hackaday? Here? PJRC forums?), moving the logic into an USB bridge -- essentially two microcontrollers with high-speed USB 2.0 interfaces, with an isolated (parallel) high-speed (~500 Mbit/s) interconnect.  The outwards facing microcontroller being essentially "dumb", cheap, and replaceable when an unexpected electrical event occurs.

In practice, an embedded Linux workstation running off an image unpacked from storage for each new user, is both easier to maintain and more cost-effective.  You can do this relatively simply using PXE boot on any machine you can secure the BIOS/EFI/OF for.  Funnily enough, in these use cases, a LOT of RAM (say, 32 GiB) would make it possible to run a full desktop system off a RAMdisk without any customization work or any kind of local storage, with reimaging taking only seconds (assuming GbE Ethernet networking, or faster) -- the entire filesystem being transferred as a single XZ-compressed image, or as a few trees depending on the user logging in.  Unfortunately, most embedded machines are limited to 4 GiB or less, which is not really enough for a full-fledged GUI Linux distribution.
 

Offline legacy

  • Super Contributor
  • ***
  • !
  • Posts: 4415
  • Country: ch
Re: why stupid things like the usb-killer do exist?
« Reply #48 on: May 07, 2019, 05:02:36 pm »
In practice, an embedded Linux workstation running off an image unpacked from storage for each new user, is both easier to maintain and more cost-effective.  You can do this relatively simply using PXE boot on any machine you can secure the BIOS/EFI/OF for.

like Xterminals made in the 90s.
e.g. Tektronix xp2xx/400, NCD, etc.
they did boot via tftpboot, +NFS
« Last Edit: May 07, 2019, 05:10:55 pm by legacy »
 

Offline legacy

  • Super Contributor
  • ***
  • !
  • Posts: 4415
  • Country: ch
Re: why stupid things like the usb-killer do exist?
« Reply #49 on: May 07, 2019, 05:15:55 pm »
guys, even the firewire port is dangerous  :palm:

why? because the firewire tecnology directly exposes the ram via DMA. so, if someone put a FW-device on the chain, it can potentially write/read the ram, or just write junk to crash the system. I have just seen there are some kits around, even on eBay and those places  :palm:

moral of the story: close all the physical ports with mini-padlocks ( dunno if they actually exist, but if they exist, then they are the best invention ever, and I want twelve of them!)
« Last Edit: May 07, 2019, 05:17:38 pm by legacy »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf