The unassuming USB drive – it’s small, handy and potentially the most dangerous technological weapon yet to emerge in cyberspace. According to some estimates, millions of computers worldwide have been infected since June with a virus known as Stuxnet, a “worm” that infiltrates and re-programs computer systems handling highly sensitive content (e.g., military installations, shipping, etc.). As an article in Slate.com quoted earlier this month, “the deviousness of [Stuxnet’s] design has prompted many researchers to call it a ‘cyber-weapon,’ one perhaps created by the United States or Israel to disrupt Iran’s nuclear program.”
How does Stuxnet invade such guarded computer systems, you ask? It does so through one of the most common devices in today’s tech market – a simple USB drive like the one pictured below:
Commonplace and, while it may surprise you, an almost perfect carrier for computer viruses, worms, and other malware.
Moreover, Stuxnet is hardly a fluke. Conficker, a virus that hijacked millions of PCs last year infected the French Navy and other locations by way of an infected USB drive. In August, the U.S. military finally admitted that it was hit by a worm called agent.btz two years ago “when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East.” Finally, a tainted USB stick is blamed for the deadliest air disaster in Spanish history.
What makes the USB drive so perfect is that it is – seemingly – so harmless and innocent. These qualities, combined with it being everywhere and frequently in the hands of uninformed computer users, makes it potentially catastrophic. For example, when was the last time someone offered to download something – anything – onto your computer or laptop by way of a USB drive? Perhaps you were at a law conference somewhere and someone offered to download a sample motion for you. Maybe it was a copy of a pivotal case from Lexis or Westlaw. Using a USB drive just seemed like the most convenient way to transfer information. No big deal, you say.
Maybe, instead, you have several USBs in your office right now. Do you know where all of them came from? Do you know where all of them have been?
If the answer to these questions is anything other than a confident “yes,” then you may want to educate – or re-educate – yourself about the dangers of infected USB drives. As a start, the Slate.com article referenced above is excellent and approachable even if you are not particularly “techy.”
You can also read about the Spanish airline disaster here and here. These last two article truly underscore the ability of cyber weapons to threaten not just technology or information, but human lives.
So, the next time someone offers to stick their USB in your PC, politely say, “No thanks!” Protect yourself, your information, and the information of your clients from cyber attacks.