In June, President Trump and North Korean dictator Kim Jong Un met in Singapore for an unprecedented discussion between the two nations. Because of this historic meeting, reporters from all over the world descended on Singapore to follow the talks and report every detail of the exchange.
Upon arriving in Singapore, journalists were given a gift bag as a welcome gesture from the local government. It included bottles of water featuring the faces of Trump and Kim, a guide to the area and a miniature fan.
This small fan, designed to operate by plugging it into a USB port, was considered by many to be an odd addition to the welcome bag and many security experts were shocked to learn about this specific item.
Think about it: A Chinese company manufactured USB-powered fans that the government provided to reporters. And we know that the Chinese government wants to suss out every detail they can about this summit because it concerns one of their biggest foes (the United States) and one of their closest allies (North Korea).
Trick of the Trade
The reality is using USB devices is an extremely common method of gathering intelligence. If China altered these USB fans for spying purposes, it wouldn’t be the first time…
According to a Washington Post report, “In 2008, Russian agents planted virus-carrying USB sticks in retail kiosks around NATO headquarters in Kabul, Afghanistan, to gain access to a classified Pentagon network.” In 2013, Italian journalists reported that “Russian operatives used USB devices to try to spy on world leaders at a G-20 summit in St. Petersburg.”
The thing is the countries that use USB devices to spy aren’t just targeting other spies. They’re also targeting average citizens like you and me.
“In 2011, the Department of Homeland Security planted USBs and CDs in government parking lots to test the security practices… of employees and contractors,” the Post continues. “Sixty percent of people who picked up the items plugged them into their work computers.” If the USBs had an official logo printed on them, the rate went up to a whopping 90%.
A few weeks after the summit in Singapore, experts were able to get their hands on some of the USB fans that were handed out. They were not able to locate any viruses or malware on the USBs. But maybe the Chinese government didn’t take the time to install malware on every single device. Maybe it only installed spying software on a few devices given to specific targets.
My point is just because the fans that were tested weren’t infected doesn’t mean that others couldn’t have been. The fact is this is an ongoing possibility, which is why I want to share with you a few basic precautions you should take when using USB devices — both at home and abroad.
- Don’t trust unknown devices. Never plug any type of USB device you didn’t personally purchase into any of your personal devices. If you find some sort of USB device with the presidential seal on it, don’t let your curiosity get the best of you. When buying USB devices, make sure to purchase them from a reputable company or manufacturer. I certainly don’t recommend buying one off Craigslist or eBay
- Be careful using the same device on multiple computers. Now, I realize the entire point of a thumb drive is to be able to move files from one computer to another. However, this is incredibly risky because you can actually cross-contaminate your computers if the USB happens to be infected. For sharing files among different computers, I recommend using cloud storage. Using a compromised flash drive, charging cable or minifan on different computers could infect all of them
- Use biometric authentication and strong passwords. Depending on the device, some USBs can be set up to require fingerprint authentication or a password. You should absolutely use these options on any device that you can. This way if the device fails into the wrong hands, you won’t have to worry that someone will simply add malware and give it back to you, putting your information at risk.
You already know you shouldn’t open any unexpected emails, click on suspicious links or download questionable files. Well, you shouldn’t plug any old USB into your device either — especially if you received it from an adverse foreign government.
Stay safe,
Jason Hanson
