Beware of Removable Media Place in Cyber Crime

Even something as big as a global meeting of nations could have its share of cyber mischief, and innocent-looking USB thumb drives and smartphone rechargers could be the crime tools. Not all malicious threats are clear to notice as DDoS (distributed denial of service). The G20 Summit was held in St. Petersburg on September 5-6, 2013 with a group of finance ministers and central bank governors of 19 countries and the European Union. Specifically, they were Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, the Republic of Korea, Mexico, Russia, Saudi Arabia, South Africa, Turkey, the United Kingdom, the United States of America and the European Union, represented by the President of the European Council and by Head of the European Central Bank. Russia took the G20 presidency on December 1, 2012, a first for the country. The major categories of thought and planning are Business 20, Think 20, Civil 20, Youth 20 and Labor 20.

At the September 2013 summit, heads of state and their teams were given USB thumb drives with the ability to copy sensitive data from the laptops that they were inserted in. Reports also noted that the representatives received smartphone recharger gifts that could have covertly looked at their emails, SMS and phone calls. Was anyone purposefully trying to spy on the G20 participants? If so, who was responsible?

The “spying” campaign was first noticed by Herman Van Rompuy, the President of the European Council, noted the Italian newspaper Corriere della Sera. It covered the story on its front page. Mr. Van Rompuy ordered analysis of the USB pen drives and other devices by both intelligence experts in Brussels and Germany’s secret service. The Brussels component declared that the allegations were not true and that there was nothing wrong with the gift devices.

How can thumb drives and smartphone chargers be used to hack devices that access the Internet? In fact, they are responsible for some cyber attacks offline! Kaspersksy noted in August 2013 that it is “becoming more and more common for attackers to find new ways to infiltrate your devices, like through your removable media.” Removable media includes readers, writers, and drives.

Every optical disc (Blue-ray disc, DVD, CD), memory card (CompactFlash card, Secure Digital card, Memory Stick), floppy disk, zip disk, magnetic tape, disk packs, VHS tape, USB flash drive (also called ), external hard disk, digital camera, printer, smart phone and other external or dockable peripheral that are easily removed or inserted into a system is removable media. They all are capable of infecting, copying, and spying on the system and network if they have the right compromising file on them. If they can store media, that media could be a malicious threat.

Some best practices to use when using USB thumb drives or other removable media:

1. Set up automation of scans the second items are plugged into a device.

2. Regularly update device OS (operating systems). Updates are available for Mac, Windows, Android, Linux and other operating systems. Set up the updates to occur automatically or to even do so manually at least once per day.

3. Know what is behind the Facebook, Twitter or other social network chat, wall, timeline or private message attachments and links. One good tip is to hold one’s mouse over the link without clicking to see a preview of what is there.

4. Removable media for personal needs should stay separate from those of crucial business needs. Music and video files that are downloaded from websites, forums and file sharing sites should never be mixed with crucial data.

Keep in mind: even reports on Edward Snowden’s 2013 activities show that he used a flash drive when he downloaded NSA data. The USB stick was also the vehicle of two other famous cyber compromises, the devastating malware, Stuxnet worm, and the data exfiltration vector associated with the Flame virus. The removable data was plugged into a computer, secretly collects data based on certain keywords. The stolen documents are then hidden in a secret folder on the USB drive until it connected to any Internet-enabled computer again. Then, the documents automatically sent to certain IP addresses of the originating perpetrators for their purposes.

Like DDoS attacks, compromising removable media are often a cover for or part of other fraudulent activity such as the stealing of sensitive documents, extortion, and ransom and not just childish mischief.