In the Australian town of Pakenham, some residents received unsolicited USB drives in their mailboxes this summer.
The thumb-size devices — which promised offers for services like Netflix — actually contained rogue programs that held the victims’ computers hostage and demanded ransom, Pakenham Police Sgt. Guy Matheson tells the Associated Press.
This type of attack is a favorite of spies seeking to hack into hard-to-reach computers, and it can be effective, says Nikola Milosevic, a doctoral student at England’s University of Manchester who has studied the history of malware.
The attack highlights the risks of plugging a random USB drive into a computer. Two studies from the past year confirm that people will plug in USB drives that they find.
In one study, researchers dropped 297 USB drives around the University of Illinois at Urbana-Champaign. Participants picked up 45 percent of the drives, plugging them into a computer and opening at least one file.
Lead researcher Matthew Tischer of the University of Illinois told Vice’s Motherboard blog in April:
“It’s easy to laugh at these attacks, but the scary thing is that they work — and that’s something that needs to be addressed.”
For an experiment last year by CompTIA, an information technology trade association, 200 USB drives were dropped in high-traffic public locations in four major U.S. cities.
About 20 percent of the drives were picked up and plugged into a computer by users who then opened files, clicked on links or sent emails to a listed address.
Todd Thibodeaux, president and CEO of CompTIA, said in October:
“These actions may seem innocuous, but each has the potential to open the door to the very real threat of becoming the victim of a hacker or a cybercriminal.”
What do you make of this news? Let us know below or on Facebook.