USB sticks are everywhere. Reach into a classroom desk and there will most likely be one, if not a few, USB sticks lying around. Attend a tech conference or a job fair and receive free USBs that companies distribute to promote their business and public outreach. Walk down the sidewalk in a city and perhaps a lost USB is on the ground. USB sticks are not only everywhere, but they are also compatible with many devices: computers, hard drives, gaming systems, tablets, and with an adapter they will even insert into mobile phones. USBs are accessible to the masses and come with practical functions and uses, but are also quite dangerous. In this paper I will argue that USBs are the greatest threat in cyberspace today because they are an effective transporter of malware, are incredibly cheap and used ubiquitously, and because they have failed to evolve with quickly changing and increasingly complex cyber attack methods.
USB sticks infected with viruses and worms can effectively transport malware, leak data, and compromise hardware or software systems in both domestic and international attacks. USB sticks are a significant and perhaps overlooked threat because attackers can utilize them with a two-pronged strategy. First, attacks can originate from infected computers transferring a virus to a clean USB stick that is then inserted into another clean computer. Secondly, other incidents can stem from attackers hiding a virus within a USB’s seemingly normal file, of which an unsuspecting individual will then download and open. Infected USBs might expose sensitive data such as a credit card numbers or even grant the hacker control of a device by, for example, changing the DNS settings so that searches are sent to fake servers. However, they can also provoke significantly greater consequences if covertly used in a military or governmental settings. In 2008, malware compromised the Department of Defense’s military computer networks when an infected USB was inserted into a military computer at a Middle Eastern base. Considering that the “military’s global communications backbone… consists of 15,000 networks and seven million computing devices across hundreds of installations in dozens of countries” a breach in the DoD’s military networks is terrifying and carries huge consequences (Lynn, 98). Such consequences extend beyond cybersecurity and include the safety of our troops abroad, political relations and communications, and a nation’s economic state. Despite their small size, USB sticks can impose serious damage on domestic and international platforms using a two-pronged attacking method to transport malware and compromise systems.
Furthermore, because USB sticks are incredibly cheap, ubiquitous and small, they enable the most impecunious of attackers – from developing nation states, to hacktivists, and even terrorist hackers – to threaten today’s cyberspace and security. USB sticks are cheaply and easily manufactured or bought, which enables attackers to target and compromise a computer or a nation without spending significant money for fighter jets or military training (Lynn, 98). This would be particularly useful for developing or destitute nations and organizations – such as North Korea, Iran, and ISIL among others – who lack advanced technology like the U.S. or Russia and are trying make a consequential threat in cyberspace (Geers). Additionally, a USB’s small size makes them easy to transport, distribute in mass, or place in a variety of devices. Hypothetically, the DoD’s military network compromise of 2008 could be recreated if someone intentionally and furtively places an infected USB stick in another important, yet unmonitored, computer. Such targets include embassies, banks, and other critical infrastructures within our cyberspace. In short, USBs offer a gateway for even the poorest of attackers to create incredible damage within today’s cyberspace because they are cheap, small, and ubiquitous.
Another shortcoming of USB sticks is that they are a technology of the past and have failed to evolve with the quickly changing and increasingly complex cyber attack methods and coding techniques. One of the most common web vulnerabilities according to the Open Web Application Security Project (OWASP) is that “malicious hackers are still able to exploit known vulnerabilities… because outdated software is still being used [and because] administrators fail to update all of the software… to the latest secure and most stable version on time” (Abela). Although this study was mainly referring to the use of outdated computers and their software, the concept can likewise be extended to USBs. While malware and worms become progressively more complex and dangerous, USB sticks are still in use and haven’t changed significantly. USBs lack the same safety features available on computers and users often lack computer literacy to be wary of potential viruses hiding within. Likewise, OWASP’s comment on administrators failing to update softwares can also be applied to the USB case. Business and company managers, or even a university like Brown, who provides USBs are currently failing in promoting proper “USB hygiene”. Today’s administrators are not actively discouraging the causal sharing of USB sticks among computers and other devices. In other words, USB’s simplicity and absence of major adaptations in the face of increasingly complex modern cyber attack methods present the sticks as a great threat to our cyberspace.
In conclusion, USB sticks should not be overlooked or ignored when considering threats to today’s cyberspace because they can effectively transport malware, are small and cheaply distributed, and have failed to develop with quickly changing cyber warfare methods. USB sticks need to evolve worldwide and update to include better safety features – such as fingerprint or password authentication – to combat modern cyber attack methods and insertion of malware. Meanwhile, USB hygiene should also be taught and encouraged on a wide scale platform to mirror the ubiquity of USBs both nationally and internationally. And if not, the cyberspace-dependent world must move on from USBs altogether and opt for a safer and more reliable technology for data and file sharing.
Abela, Robert. “OWASP Top 10 for 2013 Explained.” Web Security Readings. Netsparker Ltd., 06 Dec. 2016. Web. 13 Feb. 2017. <https://www.netsparker.com/blog/web-security/owasp-top-10-2013/>.
Geers, Kenneth, Darien Kindlund, Ned Moran, and Rob Rachwald. “World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks.” (2014): 1-22. FireEye Inc. Web. 13 Feb. 2017. <http://cs.brown.edu/courses/cs180/static/files/lectures/readings/lecture1/World%20War%20C.pdf>.
Lynn, William F., III. “Defending a New Domain: The Pentagon’s Cyberstrategy.” Foreign Affairs 89.5 (2010): 97-108. Web. 13 Feb. 2017 <http://cs.brown.edu/courses/csci1800/sources/2010_FA_DefendingNewDomain_Lynn.pdf>.