Is Trump prying on journalists now?
It seems harmless enough, plugging in a free USB-powered fan on a hot day. But when it surfaced on Twitter Tuesday that the item was included in a press pack handed out during the US-North Korea summit, it immediately drew concerns from some cyber experts about the potential for hidden malware.
We could say “it’s on again” referring to the Trump haters dumping on Trump. But it has been “on” since Trump nominated and has escalated daily with the gleeful aid of America’s most powerful media services. All the attacks have resulted in one thing. Nobody recognises them because the egg on their collective faces makes them look like clones from Chicken Little’s scrambled egg factory. This latest, although a possibility, draws a long bow if the silly journos think a USB fan is the only way. Just being anywhere near the building is enough these days to be targeted by the cyber boogeyman. This story is a scoop for the ABC but not the Trump hating Washington Post?
The press kit from the Trump-Kim summit included a USB fan. Experts don’t think it’s
One of those experts included author and journalist Barton Gellman who advised journalists to “drop it in a public trash can” after spotting Dutch journalist Harald Doornbos’s picture of the device on Twitter.
So could they actually contain malware?
The likelihood is very high, the director of University of NSW Canberra Cyber Nigel Phair says.
“People trying to infiltrate computer networks often use hidden software on thumb drives where they are given out at a conference or contain promotional material, whatever it might be,” he said.
“People studiously go back to their work environment, plug it into their machine and it’s the greatest way to bypass a whole lot of security controls.”
According to Oliver Knox, chief Washington correspondent for broadcaster SiriusXM, at one summit, “White House aides raced into the filing centre to tell reporters not to use them”.
OK they bypass your security. Then what?
There’s a couple of things that can happen from there, but Mr Phair says it all depends on what kind of malware it is.
“It might be to download a key-stroke logger onto your device,” he said.
“For example the people that go there, to these types of conferences … they have privileged access to computer systems, they have access to documents that are sensitive, something that would be very valuable to an attacker.”
Should we be wary of all ‘free’ USBs or USB-powered devices?
Pretty much. Mr Phair says if you don’t where it has come from or if you haven’t opened it up directly from a packet, then you should be wary of what might be in it.
“This has been a high-risk issue for quite some time,” he said.
As Mr Gellman pointed out in a follow-up to his tweet, the warning about USBs has become “standard security advice”.
“I have no reason to think the Singapore government is responsible for every handout, and as I said I don’t know what’s on those devices. This is standard security advice. No knock on anyone,” he tweeted.
How do you check if there’s malware on the device?
Mr Phair says the best thing to do if you’re unsure is to run it through a commercial virus checker or scanner.
“This will check if there is any known-grade vulnerabilities on it, otherwise it could also have malicious software that has not yet been detected by a virus scanner so you’re not going to know regardless,” he said.