It’s not as though 27-year-old Vishwanath Akuthota made it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment in February this year.
On Valentine’s Day, February 14th 2019, Akuthota walked around the campus of the College of Saint Rose in Albany, New York. He had graduated from the college in 2017 with an MBA, but as he was no longer enrolled, he didn’t have permission to be on the premises any more, and he certainly wasn’t authorized to enter multiple rooms containing computers on the campus.
What he did next, however, was worse.
Akuthota plugged a USB stick into 59 Windows PCs and seven Apple iMacs owned by the college. In addition, the former student plugged his device into the USB ports of multiple other devices including monitors and digital podiums.
Akuthota’s intention wasn’t to steal data from the computers, as you might expect, or to plant malware. Because what he held in his hand was “USB Killer,” a device which is capable of rapidly collecting power from a USB port and then sending a high voltage (technically, -200 Volts) back through the signal lines, effectively overloading and destroying the hardware.
“USB Killer” devices (sometimes referred to by other names including “BadUSB”) are freely available for purchase on the internet and are often marketed as a means to rapidly and permanently disable computer hardware. Of course, the people selling such devices don’t feel any responsibility to determine whether buyers will be using those devices with the permission of their owners or–as in Akuthota’s case–as part of an act of malice.
Perhaps Akuthota’s dumbest move of all, though, was to actually film himself on his iPhone as he committed his Valentine’s Day massacre.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/man-fried-over-50-college-computers-with-weaponized-usb-stick/