Slashdot Mirror
Student Used 'USB Killer' Device To Destroy $58,000 Worth of College Computers (theverge.com)
A former student of The College of Saint Rose in Albany, New York, has pled guilty to charges that he destroyed tens of thousands of dollars worth of campus computers using a USB device designed to instantly overwhelm and fry their circuitry. The plea was announced today by the Department of Justice, FBI, and Albany Police Department. The Verge reports: Vishwanath Akuthota, the former student, now faces up to 10 years in prison (with up to three years of supervision after release) and a fine totaling up to $250,000. He was arrested and taken into custody in North Carolina on February 22nd, just over a week after he went on a spree of inserting the "USB Killer" device into 66 of Saint Rose's computers around various locations on campus. Such devices can be easily and freely purchased online and can overload the surge protection in many PCs.
Akuthota, 27, apparently made video recordings of himself inserting the malicious USB device into the computers and said "I'm going to kill this guy" as the PCs were overloaded and permanently ruined. So it's fair to say the FBI and APD had all the evidence they needed. In total, Akuthota caused $58,471 worth of damage. As part of his guilty plea, he has agreed to pay back that amount to the college, a small private school in New York's capital city. The Verge reached out to The College of Saint Rose for a statement on today's news, but a spokesperson said the college had been asked by law enforcement to refrain from commenting.
Akuthota, 27, apparently made video recordings of himself inserting the malicious USB device into the computers and said "I'm going to kill this guy" as the PCs were overloaded and permanently ruined. So it's fair to say the FBI and APD had all the evidence they needed. In total, Akuthota caused $58,471 worth of damage. As part of his guilty plea, he has agreed to pay back that amount to the college, a small private school in New York's capital city. The Verge reached out to The College of Saint Rose for a statement on today's news, but a spokesperson said the college had been asked by law enforcement to refrain from commenting.
If you're going to do something stupid or better yet illegal, don't record yourself.
Here's a fun Q&A with him on FB: https://www.facebook.com/saint...
Sounds like he got fired and was looking for revenge! Curious what he did to deserve the firing.
And shows how fucked up the US "justice" system is. Average sentence for murder is something like seven years. He should be given a psych evaluation and made to pay restitution via wage garnishment in the future.
such as installing Windows 10 on them.
Table-ized A.I.
It's self explanatory, he did it because hes stupid.. They didn't need to mention it. We all got it.
For a lot of the people doing stuff like this, if they can't brag about the crime, there's no point doing it. It's not really anarchy or revenge that they seek. They're attention whores. They thrive on the publicity and praise/criticism they get. For them, pulling a stunt like this without recording it (and distributing the recording) is like the proverbial tree that falls in the woods and nobody is around to hear. In their minds, it's indistinguishable from the tree never falling / them never having committed the crime.
A fuse would not protect from this sort of over voltage damage. Fuses are slow and by the time sufficient current is flowing to blow the fuse - the circuitry is already shot. Electronic fuses (MOSFETS with controllers) are much faster and do not need to be replaced. Most devices use current limited load switches to limit surge current and prevent damage. But even these devices, while better then fuses, would not help. ESD protection diodes would help but they are not designed for large amounts of energy and will quickly burn up. With the amount of energy this guy was adding, the diodes will literally pop off the PCB. USB is quite well protected (now, not originally) but all consumer electronics will break when you have hundreds of volts applied. Well, ethernet would at least prevent the damage from cascading into the device - but few interfaces are protected like ethernet.
Wow! He destroyed one Mac!
Slashdot, fix the reply notifications... You won't get away with it...
that does not really damage the hardware to the point of junking it.
How much damage could of been done with etherkiller?
http://www.fiftythree.org/ethe...
In my day we understood what a fuse could and couldn't do. I guess if you think the type of fuses you would put on a board can prevent these high voltage dumps we are from very different days.
these USB killers do way more than a hundred volts. IIRC it was in the thousands and it usually hits them multiple times before you can yank the usb, cycling about once a second. Though there is no amperage behind it the volts come in so quickly that I doubt even ESD protection could block it. When this was demoed it killed even protected computers because it slams it 3-4 times before the person can react and yank it out of the slot.
Given that USB is typically integrated with the chipset, except on boards that have use for especially large numbers of ports, probably $30 nominal probably isn't far off(that's roughly what Intel says the tray price for a middling platform controller hub is, presumably lower in real volume); but with the significant downside of being a zillion-ball BGA that's nontrivial to rework without appropriate tools and expertise(and those aren't just a soldering iron) and which leaves the computer completely nonfunctional unless replaced since it also handles most of the critical system functions that haven't been moved onto the CPU itself.
A torched trace or fuse, or a little discrete USB chip, is less of a catastrophy(though most IT operations try to avoid that sort of labor intensive and unpredictable nonstandardization if they can, it has a nasty habit of proving a false economy); but having the PCH zapped makes the motherboard a write-off unless you have suitable replacement parts and BGA rework gear; it doesn't just force you to not use a couple of USB ports.
For once, an MBA has to actually pay for the damage himself.
So, that means 4 Macbooks?
He didn't get 10 years.
The article, like most, quotes the maximum anyone could ever get for violating a particular statute. Rarely does anyone get the maximum. The judge takes into account exactly what the person did, their record, etc. In most cases, the penalty is actually negotiated with the defendant via their attorney.
The crime he was charged with would be something like "intentionally destroying property greater than $10,000". That covers taking a baseball bat to your ex-boyfriend's car, destroying the school computers, intentionally driving a bulldozer through someone's house, and lots of other ways of destroying lots of things. The WORST possible cases of "intentionally destroying property valued *over* $10,000" could get 10 years, if the defendant told the judge "fuck you, I'll do it again when I get out".
You can reduce the judge's descretion by enacting a specific law against "destroying a schools computers" and another law against "destroying your neighbor's car" ans another against "destroying the judge's house", but I think we have enough laws already.
Unless you personally use it 24/7 with no breaks, you can schedule that update and reboot for later that night, when you're asleep.
> Diodes are cheap.
As is the empty space in a car lock. Filling the ignitio with epoxy makes the car useless. Blowing the USB ports on a school computer makes the keyboard, mouse, printer, or other devices useless.
Many years ago I worked for a technical institute. Got an urgent call "the computers where exploding"
Some little turd of an individual had switched all the machines off then set the power supplies to 110v (in a 220v country)
So the next person to turn the machine on got a loud bang and smoke...
Many machines where destroyed. Many courses had to be cancelled.
People like this need locked up, forever.
US prison has free healthcare fmc Rochester has mayo clinic
So, I have to leave my computer switched on for the entire night for Microsoft's convenience? Also, I might not want to install that particular update, what now?
My computer exists only to serve me and obey only me. End of story.
What is best in life? Hot water, good dentishtry and shoft lavatory paper.
time to pull the machine apart, test hard drives and any other components connected etc etc. So $100-$200 in parts. $500 in labour and we are now at approximately what they are suggesting. Honestly the value they have calculated looks quite reasonable.
Another non-white parasite, desperate to ruin white countries. Thanks, Jews! I'm sure we'll forgive you!
US prison has free healthcare fmc Rochester has mayo clinic
I can guarantee you it ain't free.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
I have to admit, I laughed pretty hard the first time I saw the picture of the etherkiller. (Several people have made similar cables, usually much less hacky looking, e.g. with matching colored cables.)
I always wondered if some poor bastard ever unwittingly plugged in one of these things that some malicious person left lying around and if so, what happened (and if anyone was ever charged.)
It's possible the cops / feds could have secured a conviction based on other evidence, but making video recordings of the criminal act is the sheer height of stupidity. I'd love to know why he was a "former student" but he's clearly not the sharpest tool in the drawer.
Honest question, Iâ(TM)m not american: is this seen as an unexpected good bonus? I honestly assumed they would get free healtcare since they cant go out and see a doctor or pay for it.
Protection against the 'killer' USB devices is a matter of cost.
Anyone shipping computers that can't handle the 'pretty much any pin could get shorted to any other pin(s)' cases commonly caused by dodgy peripherals or connector and wiring damage is, indeed, doing shamefully shoddy work and deserves all the warranty returns they get(potentially more if the warranty is stingy). Some basic ESD endurance is also pretty much expected in consumer devices: requiring ESD protection measures on stuff that isn't bare components prior to assembly or oddball specialty hardware aimed at trained operators is pretty tacky
However, the 'killer' widgets deliberately produce output much more hostile than any standard mishap(usually some sort of charge pump to obtain a voltage well above what's usually available and then hammer one or more of the lines with it until the port stops supplying it with enough power to recharge). If you want to resist that it will substantially increase cost and board space, especially for USB 3 that has more data lines to protect and needs to use protective methods that won't interfere with much higher speed signals. 'Industrial' USB isolation boxes can easily run you north of $100/port depending on how picky you are.
Funny thing, with the hacking laws he mightâ(TM)ve gotten MORE time in jails than simply wrecking the computers. Aaron swartz was going away for 35 years for download some science articles. Think about that, its insanity.
Tangential to the subject of the article....look at all the consumers of the news who posted "omg 10 years in prison!" whose naivete allowed them to (somewhat) read the article, believe the idea that he's going to get 10 years (not understanding the hyperbole common to news reporting), and be outraged.
Think of these naive and gullible news consumers next time you read about people being outraged (particularly non Americans commenting on American news) and how easily their feelings are accidentally or deliberately incited.
-Styopa
The IT persons frustration should be factored in. It's not just their time that was wasted, but the fact they were likely pulled off other tasks
I'm can't quite understand the folks who are defending the perp. I mean, this wasn't a political statement, it wasn't done for any higher purpose, it was done because the guy had zero respect for the people who own and maintain the equipment.
Vishwanath Akuthota, the former student
Well I would certainly hope he's "former."
I fail to understand why this is newsworthy. Next we will see an article about how you can buy hammers nearly anywhere and they can be used to do massive damage to cars, PCs, laptops, monitors, cell phones with no training at all!
in 10 years he would have Statute of limitations to remove the college damages bill.
Except he made the news, so anyone searching for his name online can find the news articles.
I remember some other case mentioned here a few years ago, where two wall street traders, or investors (not sure) were convicted of some type of financial fraud.
After the statute of limitations, they tried to get Google to delete all mention of them, but Google refused.
As their crime had also made the news back then, it came down to them essentially being part of history for it.
Privacy begins with
$2-3 copay fed
TX $100/year MAX some situations are free and you get it even if you have no funds.
It's a joke, relax Satya.
Table-ized A.I.
Yes, you get free health care.
Not always good care.
Last time I was at the eye doctor there was a prisoner in handcuffs and belly chain sitting at the refractometer with a cop standing next to him. Nurse said they get 2-3 a week from the local jail.
For the large prisons a lot of the medical needs [like glasses] are cared for inside the walls - I knew an internist and a psychiatrist that had offices inside the walls of San Quinton in California.
There are some cases of people committing crimes in order to get healthcare.
I didn't mean for the prisoner. It is probably even getting charged to the prison at a premium price because that bill is just handed over to the taxpayer. It ain't free, at all. It is strange though that prisoners seem to get better basic health care than the general public.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
If found guilty, on top of remuneration to the school they should make him pay back all of the aid given to him in the US and then since he is here on a student visa, kick his dumb ass out of the US.
Former Indian Student Arrested for Intentionally Causing Damage to Protected Computers Owned by Local College
Straight from the website: "When the device is charged, -200VDC is discharged over the data lines of the host device. This charge/discharge cycle is repeated many times per second, until the USB Killer is removed." So not thousands. And it does have A LOT of amperage behind it. That's why it works. It can surge a large amount of amperage for a very brief time, which can cook any hotspot in a silicon device once it's broken down (which it will do because nobody is putting 200V process silicon parts in high speed USB devices).
USB protection is designed to prevent against reasonable faults (a device drawing too much power, minor overvoltages, ESD strikes). This is not a reasonable fault. Additionally, it surges the data lines, which are more sensitive. They have to be more sensitive because they are high speed lines that have signal integrity constraints. You can't just start adding protection to them willy nilly without affecting that.
Their cover story is "The USB Killer is a CE Approved and FCC Approved testing device designed to test the surge protection circuitry of electronics to their limits - and beyond." which we all know is B.S. And It's probably not likely people will start designing their USB hardware to survive this unless people don't quit acting like dicks.
I hope they accounted for all the damage that he did. He didn't just destroy some computers that have to be replaced, he's wasting a lot of people's time buying and setting up replacement computers, and may have destroyed work that was stored on the computers. And anybody that does something so randomly destructive needs to be punished in order to discourage future random destruction by others.
Enable 3D printed prosthetics!
All world we live in , where raking some stuff is reacted to more seriously then physically assaulting a person. The world's full of stuff. Stuff comes and goes. Not a big deal.
I wonder if the shifters of such boxes have considered the marketing benefits of a separate, grounded, USB board for the external sockets. Fry that and it's a 10$ fix, not a dead 250$ box - neglecting technician time.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Honestly, prison seems excessive for most any property crime. Restitution with penalties and interest, an ankle monitor, and a few years of weekends picking up trash seems good. Throw in a jumpsuit that says I'm the jackass that burned out the computers fr fun. If he doesn't seem genuinely repentant, make him wear donkey ears while he picks up the trash.
Restitution should be having to pay for the replacement systems and personally rebuilding and configuring each one of them.
My beliefs do not require that you agree with them.
To use in training sessions at clients as to the danger of "found" USB keys. I figure bringing in a "trash" obsolete PC that needs to go to recycling anyway and frying it in front of a group of office staff may make an impression, particularly if I manage a model that smokes nicely.
fencepost
just a little off
I'm sure if he was actually smart, he would have been smart enough to know recording his self was the stupidest thing he could have possible done. Just saying..
$10 price difference is enough to sway a cost sensitive purchasing agent to buy a different brand. And the repair time or service call are much more expensive, taking the system offline for as much as a few weeks while the machines get pulled out of service, shipped to the vendor or an on-site tech visits, and the hosts repaired and tested.
$2-3 copay fed TX $100/year MAX some situations are free and you get it even if you have no funds.
Liberal? You do understand the previous poster was trying to point out the fact that someone is paying for it, right? Nothing is free, someone has to pay, in the end...
Honest question, Iâ(TM)m not american: is this seen as an unexpected good bonus? I honestly assumed they would get free healtcare since they cant go out and see a doctor or pay for it.
If you want to be honest, please call it Taxpayer funded healthcare. "Free" is a lie..
While I am sure you're right, and he certainly deserves some sort of punishment, does up to 10 years in prison (with up to three years of supervision after release) and a fine totaling up to $250,000 sound like proportional punishment to you?...
Honestly, prison seems excessive for most any property crime.
You did read that the penalty is "up to" ten years in prison. News stories always mention the maximum sentence for a crime, but first-time offenders with no aggravating factors never get sentenced to the maximum, and defendants that cooperate (by pleading guilty) always get a reduced sentence.
My bet is that he gets sentenced to time served and a fine... and deportation.
http://www.geoffreylandis.com
My point was just to dispute the "Indians get a free rid to college whereas U.S. folks have to pay for it" complaint. Side note: if the person you were working with who didn't know her ass from a hole in the ground was hired by your company, then you're company is at least as bad at interviewing as she was at coding. :)
you're = your