Welcome to Washburn University's Cybersecurity blog. Visit often to get cybersecurity-related news items and tips. If you have any questions, feel free to contact User Services at support@washburn.edu or 785-670-3000.

 Latest Post: Everybody loves free stuff

From keychains to t-shirts, to even just pens and pencils, every brand knows that freebies are always an effective marketing technique. And why not? Free stuff is great! Especially when you’re living that student life, sometimes they can be a godsend. And sometimes outside of a table trying to sell some idea or product life will give you some unexpected bonuses, a penny in a parking lot or a nice G-2 pen on the floor in a hallway, I’m not ashamed that I like those as well, small as they are. But what about something like a thumb stick? Most of us know that the value in such a thing isn’t as simple as an ink pen’s value, there could be dozens of hours of work on there and we can all appreciate late nights polishing up a paper. So naturally we want to find out who it belongs to and return it, but without a name on the outside what other way is there to find the owner than to inspect the computer files contained within? But while there may just be some homework assignments and miscellaneous pictures on there, there could just as easily be something far more dangerous. This threat is not as spoken about as your run of the mill scams and phishes, but can be even more dangerous and difficult to stop, so much so that even the United States Department of Defense had difficulty with it.  

The Worm that Ate the Pentagon 

That was what the media dubbed it back in 2008, when the National Security Agency’s Advanced Networks Operations team detected a computer virus called “agent.btz”, as reported by Blake Stilwell of We Are The Mighty. The virus in question was a type known as a ‘worm’, identified by its capability to propagate itself with no human interaction and spread to any linked device while remaining active on the originally infected computers. And much like their parasitic counterparts, it is possible for a worm to reinfect a computer multiple times, slowing it down and eventually rendering it totally unusable! The Department of Defense launched an investigation and determined that the worm had originated on a USB flash drive left in a parking lot in a military installation within the Middle East. An unnamed military member picked it up, and inserted it into a DoD computer, and managed to infect not only several unclassified networks throughout the military, but also the SIPRNet (the Secret Internet Protocol Router Network, ie - the military’s own classified internet) as well as the Joint Worldwide Intelligence Communication System used by the US’ top intelligence agencies. The worm was so stealthy, that it was only discovered when it started to “beacon” out to its creator, asking for follow-on instructions. At that point there was no way to tell if, or what, information had been leaked! The effort to resolve this computer virus was massive, resulting in not only the military’s ban on all USB thumb drives but the establishment of an entirely new Military Unified Command, the US Cyber Command. The situation was not resolved until well into 2009. 

So, you can see that even the most well-funded defense agency in the world was laid low for years by the simple, seemingly innocuous, act of inserting an unknown thumb drive into a computer, likely in an innocent attempt to find its owner. If the resources of the US Federal government took that long and had to put that much effort into solving a single incident, how long would it take and how much damage would be done to a state government to do so? A company? A University? A household? 

So what should be done with unattended USB storage media? 

Any unattended flash drive or hard drive discovered on campus should be turned into the Washburn University IT service desk in Bennett Hall, or to the Washburn Police Department. Never plug an unknown hard drive into your own computer or a university computer to determine its contents. Remember, doing so could lead to: 

  • Malware and Viruses - One of the most significant risks of using unknown USB devices is the potential for malware and viruses. Malicious actors may intentionally infect USB drives with harmful software designed to exploit vulnerabilities in your computer's operating system. When a compromised USB stick is connected to a computer, these malicious programs can spread, corrupt files, steal sensitive data, or grant unauthorized access to your system. 
  • Data Breach and Identity Theft - Plugging an unfamiliar USB drive into your computer can lead to severe consequences such as data breaches and identity theft. Malware on the device may be programmed to collect personal information, including passwords, financial data, or login credentials, which can then be exploited for fraudulent activities or unauthorized access to online accounts. 
  • Unauthorized Access and Backdoors - Unknown USB sticks can also be used to introduce backdoors or gain unauthorized access to your computer or network. Malicious actors may exploit vulnerabilities in your operating system, allowing them to control your computer remotely or use it as a launchpad for further attacks. This can compromise your privacy, lead to data loss, or even result in your computer being used for illegal activities without your knowledge. 
  • Physical Damage - In addition to digital risks, there is also a chance of physical damage when plugging in unknown USB sticks. Some USB drives may be designed to deliver a high voltage shock or damage the USB port, potentially rendering your computer inoperable. This type of attack is less common, but highlights the importance of exercising caution with unfamiliar devices. 

Thank you for staying vigilant! 

--WU ITS Information Security 

www.washburn.edu/cybersecurity 

 

Previous Posts:
Nov 08

The Various Biologics of Phish

Read the full post →

By: WU ITS Information Security

Category: security

Oct 23

The many sided world of scamming

Read the full post →

By: WU ITS Information Security

Category: security

Oct 16

Social Media, Where Anything is Possible

Read the full post →

By: WU ITS Information Security

Category: security

Oct 04

Stay Up To Date!

Read the full post →

By: WU ITS Information Security

Category: security

Sep 25

Beware Freeware!

Read the full post →

By: WU ITS Information Security

Category: security

Sep 18

Password Tips

Read the full post →

By: WU ITS Information Security

Category: security

Sep 12

Social Media; Harmless Fun?

Read the full post →

By: WU ITS Information Security

Category: security

Aug 31

Job Scam

Read the full post →

By: ITS Information Security

Category: security

Aug 25

Gift Card Scams

Read the full post →

By: Homer Manila

Category: security

Aug 08

An important update about old Google accounts

Read the full post →

By: AU Information Security

Category: security

Jul 10

Prime Day Scams

Read the full post →

By: ITS Information Security

Category: security

Jun 09

Summer Scams and Shenanigans

Read the full post →

By: Homer Manila

Category: security

Jan 12

Protect Against Smishing Attacks

SMS Attacks and How to Report Protect Against Smishing Attacks

Read the full post →

By: Homer Manila

Category: security

Jan 04

Protect Yourself from Identity Fraud

If you’ve not done it before, freezing your credit is actually very simple to do (and easy to thaw as needed).

Read the full post →

By: Homer Manila

Category: security

Nov 11

Shop Smart and Stay Safe This Holiday Season

Our lovely friends at the Center for Internet Security have some holiday advice on how to keep safe, but the tips are apropos any time of year! Come see what they have to say.

Read the full post →

By: Homer Manila

Category: security, General


Archives

2023 2022