In 2014 I wrote about what's the worst that could happen with a malicious USB stick [1] and the first comment was "if we're going with physical attacks, it might as well just be a bomb." Well!
Explosives are relatively easy to make at home for technically minded attackers. Sarin and VX require much more difficult-to-obtain chemicals, or several more difficult synthetic stages, and are much easier to accidentally kill yourself with. The only criminal group I'm aware of that actually made their own nerve gas was the Aum Shinrikyo group:
You need to eat a lot of it. The only reason anyone even sees media about ricin is because it really isn't as potent as it's portrayed, and it stops copycats from using what they see on TV to kill a lot of people.
When I was a kid my mother would give me a tablespoon of foul-tasting castor oil as a laxative.
Since learning about the ricin connection it's always been a source of bemusement whenever I think about it.
Edit: presumably by 'a lot' you mean milligrams (by ingestion) and not micrograms. From my understanding eating 100mg would be a certain death sentence.
While still hard to get ahold old, explosives are generally more accessible than legit chemical weapons?
Barring mad scientists with chemistry sets and a grudge. And even in such a case it may be safer for said mad scientist to homebrew explosives in favor of chemical weapons.
Making TATP is fairly easy and all the precursor ingredients can be easily bought and they are often unregulated at all and untracked unless you are looking to make a bomb big enough to level a few city blocks.
TATP is so unstable, that even though it is chemically speaking relatively straightforward to create, it is actually quite difficult to produce while staying alive/in one piece.
It is sensitive to temperature variations, high temperatures, ANY open flame, ANY friction (rubbing your fingers together is more than enough), ANY shock, such as failing to set down a container, dish, or vial slowly enough, and having a small static charge in your body will also set it off. Because of this, TATP actually has no current industrial or military application.
Yes but that’s also because industry and military do have access to better explosives. Terrorists and ATM thieves seem to actually resort to this method due to its ease, says my 2-minute google search, with (mixed) success.
Those seem like they should be pretty hard to come by, but there are some toxic gasses that result from not-too-exotic chemistry, which can effectively kill with a whiff.
The difficulty with toxic gases is in the delivery method. For example Chlorine gas at hundreds of PPM still takes several minutes of inhalation to be fatal, and it is a strong irritant so everyone will know it's there and be trying their hardest to get away from it. So you either need to trap someone in a very enclosed space or release ridiculous amounts of it very quickly. Viable for trench warfare, but not much else.
Realistically you need something odorless (=exotic enough the human nose hasn't evolved to detect it), fast acting (=highly reactive/unstable), and dangerous at low concentrations (=likely to kill you while making it).
What strikes me is that this was intended to scare much more than harm. It doesn't seem much actual expertise went into the devices, just rdx wired up to 5v from the reports. No shrapnel, no boost capacitor.
Wait until someone repeats the trick with an external hard drive.
Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said.
Sounds like journalists need USB extension cables that include a current and voltage limiter. Maybe just a USB 1.0 dumbed-down interface would do it.
What type of screening is required to reliably detect this sort of danger? Would all newsrooms have them, or do people loan/borrow them on an as-needed basis?
Seems to me the easiest way to prevent a LOT of grief with USB-sticks is using a dedicated USB-ingest station. Have it run a virus scan as it copies things onto a known-good USB. That obviously wouldn't directly solve the exploding USB issue, but adding a power switch to the power rails should more or less solve that: There's only so much explosive you can fit in a USB stick so containment is very doable.
In keeping with my first comment, I would say that the best way to avoid grief with anything explosive is to not allow explosives to reach their destination via the mail in the first place. It's not the easiest, but once you're living in that world, it's really the only sensible choice.
My comment meant to point out that talking about how you handle USB devices would be a digression and distraction from the main precautions of screening mail for explosives. As long as that's understood, I would also point out that the physical act of joining the connectors could trigger something in the drive, regardless of external power. A small capacitor, kept charged with a small coin cell, might leave room for enough explosive material to injure someone's hand. I don't know much about explosives or electrical engineering to REALLY know how practical this is. But if your goal is to intimidate, you would probably be able to get that message across. So unless you have a good explosives screening process, you need to treat the devices as if they are general-purpose bombs -- as well as malicious USB devices -- the whole time.
So the best practices for handling an untrusted USB drive, again remembering that allowing explosives of any form to reach you through the mail is the main failure here, would be:
- choose an expendable computer to plug the device into
- physically connect device with a motorized rig in an empty and reinforced chamber
- provide as little power as possible to the device
- whitelist USB drivers
- extract data
- disconnect device remotely
- dispose of device as you would ordnance
And I regretfully point out that, if this is now the necessary process for receiving information via the mail, the goal of impeding journalism is already achieved.
So I'm going to ask a dump question, how much explosive power can actually be packed in a USB stick? Is it enough to kill someone, or is it about the shrapnel, or is it just some burns on the person who plugged it in?
The first USB thumb drive I could find on Amazon was a Sandisk with dimensions of 7 x 41 x 17 millimetres. That gives it a total volume of just under 4.9cm3, which would be a maximum of 8.5 grams of C4, or just under 1/3 of an ounce. Here’s one ounce of C4 as a shaped charge punching a hole through a steel plate: https://youtu.be/AwyniA5ryhY&t=46
Realistically you couldn’t achieve 1/3 of an ounce (that would be a thumb-drive-shaped blob of C4), it would be at most half of that, and the thumb drive would weigh 5 grams instead of half a gram which is probably noticeably odd.
The problem is that a flash drive bomb is going to explode when you plug it in, i.e right when you are holding it in your hand, and holding an explosive in your hand is the best way to maximize the harm it causes. The closest real world example to a thumb drive bomb that we have data on is an M80 firecracker, we have hundreds of instances of those going off while being held in the hand just like what would happen with a thumb drive. The M80 has between 2g and 5g of flash powder, which causes a very comparable explosion (similar size and speed) to what you could practically get from a C4 thumbdrive bomb. I don’t recommend searching M80 firecracker injuries, it seems like it tends to mangle multiple fingers.
So an estimate for a practical thumb drive bomb is that it could probably blow off your thumb and a finger or two.
I am very surprised that the journalist wasn't severely injured or killed.
I reckon your estimate of a few lost fingers underestimates the potential damage. View it this way, the charge in a handgun bullet would easily fit into a USB stick—especially the larger type. Now consider that the amount of energy in the charge is calibrated to kill the recipient of the bullet, that is there is enough residual energy in the projectile to do the job after all coupling losses have been accounted for such as projectile/barrel friction, air resistance, penetrating victim's clothes etc.
The likely real tragedy of this incident is that it becomes a copycat incident and that 'professionals' who know how to minimize the coupling losses will get involved.
As for your point that the device would trigger immediately, it would depend on what the perpetrator's intentions were. I recall some years back that the Israelis killed a terrorist with a phone containing C4 or similar. Presumably, there was a delay between the time he answered the
phone and when he put it to his ear. A 555 timer could delay the trigger say until the USB was removed and that it was, say, put into one's pocket.
No doubt those with evil intent and inventive minds will think of other ideas to maximize damage. Irrespective, this incident is a horrible development and a portent of things to come. I just hope I'm wrong.
A bullet is a bad comparison because guns are uniquely fantastic maximisers of the damage potential of explosions. What a gun does is take the entire explosion and concentrate it into one particular direction, it’s like a laser chamber for an explosion. Consider that the 5 milliwatt LED in a cheap laser pointer can cause permanent harm to the retina in seconds, while we light our houses with 5 watt LED bulbs all day and they don’t cause any harm to our retinas.
This does raise another, perhaps more ethical idea. The shape of a thumb drive lends itself to building a shaped charge directing the explosion through the usb port into the internals of the computer. You could probably get reliable computer destruction with this method.
I claim no great expertise in these matters but I do know C4 is a more powerful charge. I also know how much potential energy is locked up in a bullet cartridge.
When the army instructed us in the absolute necessity of pull-through procedure and barrel cleaning it was drilled in by showing us a rifle with its breach blown to bits because the barrel was blocked. It was pointed out that breach explosions had killed many.
If you set off a small explosion in a confined space, then likely something is going to get propelled at high velocity. If it's not the bullet you meant to launch, it'll be whatever side of the casing fails first, which is reasonably likely to be deadly if you're holding the casing next to your head, as you do when using a rifle.
A USB stick is not normally held next to your head while being plugged in, and it doesn't have a heavy metal casing strong enough to channel an omnidirectional blast into penetrating directional shrapnel (nor any way to aim it if it did). It could put your eye out or slash an artery if you're unlucky, but barring major advances in chemistry, a couple of grams of unaimed, unchanneled explosive at arm's length is never going to be a really effective way to kill people.
I would not normally reply to this except I know I'm right in is instance. If you line a USB stick with a titanium or nickel sealed container and fill it with RDX or C4 or any other such compound and it explodes only a few feet away from you then you will likely be severely mamed or killed.
1. I was nearly killed when a small primary Li-ion cell short-circuited, it blew a milk crate size plastic box to bits and what was left of its nickel case embedded itself in the brick wall about three meters away—and that battery wasn't designed to kill people. Had the case traveled directly at me it's probable I would have.
2. Keep this in mind, SanDisk used to make titanium-cased USB sticks—I still have about a half dozen of them. Enterprising people who mean harm could make their own lookalikes.
3. In my early 20s I had a miner's right (permit) and friends and I would go prospecing in old gold mines. For most work, we'd cut a stick of gelignite into between 4 to 6 pieces because one stick was far too powerful for our needs.
4. Before that, I made black powder with my schoolmates and even now many decades later I won't admit how we nearly killed ourselves. (Also, if you want to search, you'll see that ages ago I posted on HN the fact that I had made nitroglycerin in the school science lab—that time I was very careful and everything went well). What I can tell you from that experiment is that a fraction of a gram can do much more damage than one would expect.
5. When I was in primary school we had the police come and lecture us on the dangers of railway detonators as kids had been killed by them (but not from my school). These devices (dummies of which were shown to us) were hardly bigger than a USB stick.
As I said, I don't claim great expertise (although one of my mining buddies did a Mines Department course on the subject and we had lots of advice from him)—but I do have enough experience to know that if you put even few a few grams of mercury, or silver fulminate or picric acid or similar in a sealed metal case and you detonate it near yourself then you will likely be killed. I've had too many close shaves to know that that is fact.
Please speak from fact and not hypothetically,
More importantly, keep away from any of this stuff unless you've been properly trained in using it and are authorized to do so.
My thoughts exactly, I never cease to be amazed that I survived my childhood and teenage years (ages 12 to 15 the most precarious). Only one of us was killed—but not from things that go bang (tragically, he fell off a cliff).
Edit: At the time we never thought we were acting gung ho, nor were we ever a threat to anyone other than ourselves. Actually, we were quite careful considering—life-threatening experiences were more the result of ignorance.
Yes- to your edit. I was just on phone talking to my older brother, and I mentioned that I had commented on this thread. I told him that while I played with explosives and such, I was always very cautious about it. I never tried to make nitroglycerin as I did not think the fun was worth the risk. He said he was glad I grew out of that phase. I told him no, I still enjoy chemistry and physics, I just don't have the time to play.
Yeah, right. I haven't touched a test-tube in years but my interest is still there.
How I came to make the stuff is a story in and of itself. My father—a mechanical engineer with no special expertise in chemistry—had been in the Navy in WWII and a colleague had given him a somewhat water damaged disheveled-looking chemistry textbook that had been 'rescued' from a damaged warship. Probably the ship's doctor or pharmacist grabbed the book as he left the ship as clearly it was an important possession (and in my opinion, it still is).
My father gave me the book when I was about 12 and in so doing he briefly outlined the book's history and how it came into his possession but at the time I didn't take much notice—an oversight I'm now forever sorry about (as a kid one doesn't usually pay much attention to such things). Looking back, I suppose my father gave me that background as the book had had an interesting history and he had to explain the reason for the acquired saltwater damage. The first 20 or so pages which includes the table of contents had been waterlogged and so too had its index. When I received the book salt rings/stains were obvious on these pages and they were beginning to disintegrate although they were still perfectly legible back then, nevertheless the body of the text was perfectly intact.
I still have the book and I'm looking at it now. It's showing its age, the index has now disintegrated to powder and the table of contents is only just legible but the body/text is still complete and fully legible.
Now to the interesting stuff, its title is A Text-Book of Organic Chemistry† - "by the late Dr Julius Schmidt - English Edition by H. Gordon Rule, PhD (Munich), DSc Edinburgh. Fourth Edition 1943". [≈900 pages.] Even at the age of 12, its German connections and that Rule's PhD was Munich—and that the book had been rescued from an Allied warship during the War wasn't lost on me. In hindsight, one can understand why someone would have taken the effort to rescue the book, in 1943 it would have been brand new and likely very difficult to replace at that stage of the War. (Moreover, it was clearly a very expensive hardback.)
This is a wonderful book albeit now dated, Schmidt's writing and organization and Rule's clear and succinct translation that's devoid of any unnecessary jargon made it the ideal book for this budding propeller-head. That said, the textbook is no slouch, the first chapter deals with analytical methods: Qualitative Analysis of Organic Compounds and by page 13 we find a heading titled Molecular Structure and Isomerism. At random, page 37 brings forth Resolution of Racemic Compounds, and by page 40 we have Conditions for Enantiomorphism. And only 860 or so pages to go—you get the picture.
Now, you can imagine my excitement at the age of 14/15 when I read in depth Chapter XII - Polyhydric Alcohols, p242, and especially the section later in the chapter on Trihydric Alcohols, Glycerol and Nitroglycerine - glycerol trinitrate. My excitement was 'dynamite'—sorry, that just had to out itself. On p251 there's chapter & verse so to speak including the words "The reaction proceeds best at 20° to 25° and the temperature must not be allowed to rise above 30°", —an instruction which a little later I followed strictly to the letter. Now, with an invitation like that, how could I possibly resist? Some things just have to be done. Don't they?
As I said in a HN post some while ago, I was very careful and measured my reagents out by eyedropper (with the exception of the neutralizing sodium carbonate) and it all 'precipitated' out in lovely oil-like rings in the test-tube just like the textbook said it would. Eureka!
The section on fulminates was also enlightening and descriptive but I heeded the warnings, especially so the dangers of the Ag variety, and avoided temptation although for a while I toyed with the idea of doing picric acid but I couldn't do that in secret (in the timespan of one school lunchtime).
Incidentally, in the chapter on Cynogen Compounds there's a section on their use in ore extraction, Au, etc. One paragraph still brings chills to my spine even now as it did when I first read it as a teenager. It opens thus: "Owing to the recent demands for potassium cyanide for these purposes...," the sentence then proceeds to describe the quick, efficient large-scale production of said chemical. Whilst its stated use is acceptable, every time I read those words I can't help but think it's likely the method those dastardly bastards at IG Farben used to make the stuff. (BTW, I know the effects of HCN fumes after nearly suffocating myself whilst bleaching photo negatives, I staggered out of my makeshift darkroom—our sealed up lightproof bathroom—and collapsed on the hallway floor.)
(It's interesting to reread some of my comments penciled in the margins years ago. I note sarcastically on the synthesis of citric acid involving the multi stage treatment of dichloroacetone with both HCN and HCl and the intermediate products with KCN "that the final product had better be pretty pure if it's to be used in food production". I've also just read my penciled comments in the chapter on the 'The Strychnos Alkaloids'. Back then before Woodward's synthesis of strychnine in 1954, it was the 'gold standard' problem child to understand let alone synthesize. The text goes into the then current thinking (albeit briefly), which is fascinating to read in hindsight. It shows how they were circling and closing in on its structure but nowhere close enough—similar in ways to the ideas about the benzene ring before Kekulé's remarkable insight. Incidentally, that first-class son-of-a-bitch molecule brings back horrible memories, when I was about nine some lowdown bastard poisoned my beloved dog with the stuff—watching his death throes—writhing and convulsing in agony—is something I'll never forget.)
Sorry for the digression. One aspect that keeps me coming back to Schmidt's text is that unlike modern [general] chemistry texts that usually only outline chemical processes from a theoretical viewpoint, its author(s) don't mind delving into actual procedures and processes which makes it useful for experimenters. And its coverage of topics is wide-ranging, there's even a section on thio-esters including mustard gas, and surprisingly for 1943, also one on deuterium compounds.
To say this textbook was formative in my appreciation of chemistry would be a gross understatement.
___
† The title of Schmidt's original 1926 German edition is 'Lehrbuch der Organischen Chemie'.
___
Edit: the textbook was reviewed in the June 1943 edition of Nature.
Also, if anyone knows if or where there's a PDF copy of the text then I'd like to know as I'd like to reconstruct my lost index. Wishful thinking perhaps, as thanks to outrageously long copyright laws, the book is still in copyright (Schmidt died in 1933 and Rule in March 1945).
Probably enough to mess up your hand, probably not enough to completely remove it. I wouldn't want to count on it for rendering a laptop completely irrecoverable; but it'd probably do a good enough job most of the time.
A "thumb drive" that's much bigger than an m80 is going to be a little suspect anyway, isn't it? some of them things can be swallerd now. Don't think any are designed to work after, alas.
Hypothesizing here... At what point do we have to worry about a USB stick that has an antimatter payload ? Such a weapon might be enough to blow off a significant chunk of the Earth's crust.
And technology exists to contain it indefinitely in a thumb-sized container, while also being powered from within that thumb-sized container, while also not radiating, or possibly even generating, enormous amounts of heat.
likely easily identified through X-ray plus given RDX has a nitrogen group, sniffer dogs would likely detect it as well. So I wouldn't bet on it being banned.
(Full disclosure: I asked GPT-4 to write a witty comment in style of HN which would reference the phrase "industrial revolution and it's consequences").
In 2014 I wrote about what's the worst that could happen with a malicious USB stick [1] and the first comment was "if we're going with physical attacks, it might as well just be a bomb." Well!
[1] https://www.jefftk.com/p/malicious-usb-sticks
Why not a small explosive laced with a chemical weapon like VX or sarin?
Explosives are relatively easy to make at home for technically minded attackers. Sarin and VX require much more difficult-to-obtain chemicals, or several more difficult synthetic stages, and are much easier to accidentally kill yourself with. The only criminal group I'm aware of that actually made their own nerve gas was the Aum Shinrikyo group:
https://en.wikipedia.org/wiki/Tokyo_subway_sarin_attack
Maybe some NaOH? Not deadly, but would certainly be very unpleasant to have explode in your face.
What about ricin? I thought that it was relatively easy to source from castor beans.
You need to eat a lot of it. The only reason anyone even sees media about ricin is because it really isn't as potent as it's portrayed, and it stops copycats from using what they see on TV to kill a lot of people.
When I was a kid my mother would give me a tablespoon of foul-tasting castor oil as a laxative.
Since learning about the ricin connection it's always been a source of bemusement whenever I think about it.
Edit: presumably by 'a lot' you mean milligrams (by ingestion) and not micrograms. From my understanding eating 100mg would be a certain death sentence.
I too watched Breaking Bad...
While still hard to get ahold old, explosives are generally more accessible than legit chemical weapons?
Barring mad scientists with chemistry sets and a grudge. And even in such a case it may be safer for said mad scientist to homebrew explosives in favor of chemical weapons.
Making TATP is fairly easy and all the precursor ingredients can be easily bought and they are often unregulated at all and untracked unless you are looking to make a bomb big enough to level a few city blocks.
TATP is so unstable, that even though it is chemically speaking relatively straightforward to create, it is actually quite difficult to produce while staying alive/in one piece.
It is sensitive to temperature variations, high temperatures, ANY open flame, ANY friction (rubbing your fingers together is more than enough), ANY shock, such as failing to set down a container, dish, or vial slowly enough, and having a small static charge in your body will also set it off. Because of this, TATP actually has no current industrial or military application.
Yes but that’s also because industry and military do have access to better explosives. Terrorists and ATM thieves seem to actually resort to this method due to its ease, says my 2-minute google search, with (mixed) success.
TATP also has another advantage as its not a nitrate based explosive it cannot be easily detected using field kits.
Those seem like they should be pretty hard to come by, but there are some toxic gasses that result from not-too-exotic chemistry, which can effectively kill with a whiff.
I could be wrong about this, but off the top of my head can't you make chlorine gas by mixing bleach with a strong acid?
The difficulty with toxic gases is in the delivery method. For example Chlorine gas at hundreds of PPM still takes several minutes of inhalation to be fatal, and it is a strong irritant so everyone will know it's there and be trying their hardest to get away from it. So you either need to trap someone in a very enclosed space or release ridiculous amounts of it very quickly. Viable for trench warfare, but not much else.
Realistically you need something odorless (=exotic enough the human nose hasn't evolved to detect it), fast acting (=highly reactive/unstable), and dangerous at low concentrations (=likely to kill you while making it).
acid not necessary. ammonia.
> believe it didn't explode because the adapter the producer used didn't have enough juice to activate it
Crappy cables save lives
I laughed at this bit too. Is there anything that isn’t foiled by crappy USB hubs?
Reminds me of the old "floppy disk bomb" in the Anarchist's Cookbook(which probably doesn't actually work, like most crap in the AC).
What strikes me is that this was intended to scare much more than harm. It doesn't seem much actual expertise went into the devices, just rdx wired up to 5v from the reports. No shrapnel, no boost capacitor.
Wait until someone repeats the trick with an external hard drive.
Police determined that the drive featured explosives but believe it didn't explode because the adapter the producer used didn't have enough juice to activate it, Fundamedios said.
Sounds like journalists need USB extension cables that include a current and voltage limiter. Maybe just a USB 1.0 dumbed-down interface would do it.
Why even risk it? Sounds like they need an explosives tester..
Little robot arm in a blast enclosure to plug the drive into an extension cable.
Strangely, it still takes 3 tries for the robot to correctly insert the device..
Or just leave the cable end outside of the box unplugged and only plug it in once the box is closed.
Cue mechanical force triggered fuse. But at that point, you could just make a letter that blows up when opened.
1. Plug drive into cable
2. Plug in other end of cable
3. ???
4. !!!
It would be much safer to have a current- and voltage-limiting rig in a remote room handled by robotics.
Newspaper mailrooms should risk manage packages and have an ability to X-ray them and sweep them for explosive residues.
Reporters are targets. The cost of doing nothing is death and injury.
Sounds like one of the journalists already had this in place. Crappy USB hubs have at least one use.
Interesting and scary as described. But I hope the root cause failure here is understood to be in the mail screening process, not USB hygiene.
Although accepting only sd cards would probably have eliminated this threat.
What type of screening is required to reliably detect this sort of danger? Would all newsrooms have them, or do people loan/borrow them on an as-needed basis?
X-rays and/or explosives sniffer devices. I can't imagine many newsrooms at all employ either, except for the biggest operations.
Seems to me the easiest way to prevent a LOT of grief with USB-sticks is using a dedicated USB-ingest station. Have it run a virus scan as it copies things onto a known-good USB. That obviously wouldn't directly solve the exploding USB issue, but adding a power switch to the power rails should more or less solve that: There's only so much explosive you can fit in a USB stick so containment is very doable.
In keeping with my first comment, I would say that the best way to avoid grief with anything explosive is to not allow explosives to reach their destination via the mail in the first place. It's not the easiest, but once you're living in that world, it's really the only sensible choice.
My comment meant to point out that talking about how you handle USB devices would be a digression and distraction from the main precautions of screening mail for explosives. As long as that's understood, I would also point out that the physical act of joining the connectors could trigger something in the drive, regardless of external power. A small capacitor, kept charged with a small coin cell, might leave room for enough explosive material to injure someone's hand. I don't know much about explosives or electrical engineering to REALLY know how practical this is. But if your goal is to intimidate, you would probably be able to get that message across. So unless you have a good explosives screening process, you need to treat the devices as if they are general-purpose bombs -- as well as malicious USB devices -- the whole time.
So the best practices for handling an untrusted USB drive, again remembering that allowing explosives of any form to reach you through the mail is the main failure here, would be:
- choose an expendable computer to plug the device into
- physically connect device with a motorized rig in an empty and reinforced chamber
- provide as little power as possible to the device
- whitelist USB drivers
- extract data
- disconnect device remotely
- dispose of device as you would ordnance
And I regretfully point out that, if this is now the necessary process for receiving information via the mail, the goal of impeding journalism is already achieved.
So I'm going to ask a dump question, how much explosive power can actually be packed in a USB stick? Is it enough to kill someone, or is it about the shrapnel, or is it just some burns on the person who plugged it in?
The first USB thumb drive I could find on Amazon was a Sandisk with dimensions of 7 x 41 x 17 millimetres. That gives it a total volume of just under 4.9cm3, which would be a maximum of 8.5 grams of C4, or just under 1/3 of an ounce. Here’s one ounce of C4 as a shaped charge punching a hole through a steel plate: https://youtu.be/AwyniA5ryhY&t=46
Realistically you couldn’t achieve 1/3 of an ounce (that would be a thumb-drive-shaped blob of C4), it would be at most half of that, and the thumb drive would weigh 5 grams instead of half a gram which is probably noticeably odd.
The problem is that a flash drive bomb is going to explode when you plug it in, i.e right when you are holding it in your hand, and holding an explosive in your hand is the best way to maximize the harm it causes. The closest real world example to a thumb drive bomb that we have data on is an M80 firecracker, we have hundreds of instances of those going off while being held in the hand just like what would happen with a thumb drive. The M80 has between 2g and 5g of flash powder, which causes a very comparable explosion (similar size and speed) to what you could practically get from a C4 thumbdrive bomb. I don’t recommend searching M80 firecracker injuries, it seems like it tends to mangle multiple fingers.
So an estimate for a practical thumb drive bomb is that it could probably blow off your thumb and a finger or two.
I am very surprised that the journalist wasn't severely injured or killed.
I reckon your estimate of a few lost fingers underestimates the potential damage. View it this way, the charge in a handgun bullet would easily fit into a USB stick—especially the larger type. Now consider that the amount of energy in the charge is calibrated to kill the recipient of the bullet, that is there is enough residual energy in the projectile to do the job after all coupling losses have been accounted for such as projectile/barrel friction, air resistance, penetrating victim's clothes etc.
The likely real tragedy of this incident is that it becomes a copycat incident and that 'professionals' who know how to minimize the coupling losses will get involved.
As for your point that the device would trigger immediately, it would depend on what the perpetrator's intentions were. I recall some years back that the Israelis killed a terrorist with a phone containing C4 or similar. Presumably, there was a delay between the time he answered the phone and when he put it to his ear. A 555 timer could delay the trigger say until the USB was removed and that it was, say, put into one's pocket.
No doubt those with evil intent and inventive minds will think of other ideas to maximize damage. Irrespective, this incident is a horrible development and a portent of things to come. I just hope I'm wrong.
A bullet is a bad comparison because guns are uniquely fantastic maximisers of the damage potential of explosions. What a gun does is take the entire explosion and concentrate it into one particular direction, it’s like a laser chamber for an explosion. Consider that the 5 milliwatt LED in a cheap laser pointer can cause permanent harm to the retina in seconds, while we light our houses with 5 watt LED bulbs all day and they don’t cause any harm to our retinas.
This does raise another, perhaps more ethical idea. The shape of a thumb drive lends itself to building a shaped charge directing the explosion through the usb port into the internals of the computer. You could probably get reliable computer destruction with this method.
Time, unfortunately, will likely tell.
I claim no great expertise in these matters but I do know C4 is a more powerful charge. I also know how much potential energy is locked up in a bullet cartridge.
When the army instructed us in the absolute necessity of pull-through procedure and barrel cleaning it was drilled in by showing us a rifle with its breach blown to bits because the barrel was blocked. It was pointed out that breach explosions had killed many.
If you set off a small explosion in a confined space, then likely something is going to get propelled at high velocity. If it's not the bullet you meant to launch, it'll be whatever side of the casing fails first, which is reasonably likely to be deadly if you're holding the casing next to your head, as you do when using a rifle.
A USB stick is not normally held next to your head while being plugged in, and it doesn't have a heavy metal casing strong enough to channel an omnidirectional blast into penetrating directional shrapnel (nor any way to aim it if it did). It could put your eye out or slash an artery if you're unlucky, but barring major advances in chemistry, a couple of grams of unaimed, unchanneled explosive at arm's length is never going to be a really effective way to kill people.
I would not normally reply to this except I know I'm right in is instance. If you line a USB stick with a titanium or nickel sealed container and fill it with RDX or C4 or any other such compound and it explodes only a few feet away from you then you will likely be severely mamed or killed.
1. I was nearly killed when a small primary Li-ion cell short-circuited, it blew a milk crate size plastic box to bits and what was left of its nickel case embedded itself in the brick wall about three meters away—and that battery wasn't designed to kill people. Had the case traveled directly at me it's probable I would have.
2. Keep this in mind, SanDisk used to make titanium-cased USB sticks—I still have about a half dozen of them. Enterprising people who mean harm could make their own lookalikes.
3. In my early 20s I had a miner's right (permit) and friends and I would go prospecing in old gold mines. For most work, we'd cut a stick of gelignite into between 4 to 6 pieces because one stick was far too powerful for our needs.
4. Before that, I made black powder with my schoolmates and even now many decades later I won't admit how we nearly killed ourselves. (Also, if you want to search, you'll see that ages ago I posted on HN the fact that I had made nitroglycerin in the school science lab—that time I was very careful and everything went well). What I can tell you from that experiment is that a fraction of a gram can do much more damage than one would expect.
5. When I was in primary school we had the police come and lecture us on the dangers of railway detonators as kids had been killed by them (but not from my school). These devices (dummies of which were shown to us) were hardly bigger than a USB stick.
As I said, I don't claim great expertise (although one of my mining buddies did a Mines Department course on the subject and we had lots of advice from him)—but I do have enough experience to know that if you put even few a few grams of mercury, or silver fulminate or picric acid or similar in a sealed metal case and you detonate it near yourself then you will likely be killed. I've had too many close shaves to know that that is fact.
Please speak from fact and not hypothetically,
More importantly, keep away from any of this stuff unless you've been properly trained in using it and are authorized to do so.
For what it’s worth, I agree with you. If you manage to include shrapnel in your thumb drive bomb design it becomes much more lethal.
And as I lamented, that's likely what the 'professionals' will do.
My first thought was that we would have been best buddies if we grew up together, the second thought was I problably would not have grown up at all :)
My thoughts exactly, I never cease to be amazed that I survived my childhood and teenage years (ages 12 to 15 the most precarious). Only one of us was killed—but not from things that go bang (tragically, he fell off a cliff).
Edit: At the time we never thought we were acting gung ho, nor were we ever a threat to anyone other than ourselves. Actually, we were quite careful considering—life-threatening experiences were more the result of ignorance.
Yes- to your edit. I was just on phone talking to my older brother, and I mentioned that I had commented on this thread. I told him that while I played with explosives and such, I was always very cautious about it. I never tried to make nitroglycerin as I did not think the fun was worth the risk. He said he was glad I grew out of that phase. I told him no, I still enjoy chemistry and physics, I just don't have the time to play.
Yeah, right. I haven't touched a test-tube in years but my interest is still there.
How I came to make the stuff is a story in and of itself. My father—a mechanical engineer with no special expertise in chemistry—had been in the Navy in WWII and a colleague had given him a somewhat water damaged disheveled-looking chemistry textbook that had been 'rescued' from a damaged warship. Probably the ship's doctor or pharmacist grabbed the book as he left the ship as clearly it was an important possession (and in my opinion, it still is).
My father gave me the book when I was about 12 and in so doing he briefly outlined the book's history and how it came into his possession but at the time I didn't take much notice—an oversight I'm now forever sorry about (as a kid one doesn't usually pay much attention to such things). Looking back, I suppose my father gave me that background as the book had had an interesting history and he had to explain the reason for the acquired saltwater damage. The first 20 or so pages which includes the table of contents had been waterlogged and so too had its index. When I received the book salt rings/stains were obvious on these pages and they were beginning to disintegrate although they were still perfectly legible back then, nevertheless the body of the text was perfectly intact.
I still have the book and I'm looking at it now. It's showing its age, the index has now disintegrated to powder and the table of contents is only just legible but the body/text is still complete and fully legible.
Now to the interesting stuff, its title is A Text-Book of Organic Chemistry† - "by the late Dr Julius Schmidt - English Edition by H. Gordon Rule, PhD (Munich), DSc Edinburgh. Fourth Edition 1943". [≈900 pages.] Even at the age of 12, its German connections and that Rule's PhD was Munich—and that the book had been rescued from an Allied warship during the War wasn't lost on me. In hindsight, one can understand why someone would have taken the effort to rescue the book, in 1943 it would have been brand new and likely very difficult to replace at that stage of the War. (Moreover, it was clearly a very expensive hardback.)
This is a wonderful book albeit now dated, Schmidt's writing and organization and Rule's clear and succinct translation that's devoid of any unnecessary jargon made it the ideal book for this budding propeller-head. That said, the textbook is no slouch, the first chapter deals with analytical methods: Qualitative Analysis of Organic Compounds and by page 13 we find a heading titled Molecular Structure and Isomerism. At random, page 37 brings forth Resolution of Racemic Compounds, and by page 40 we have Conditions for Enantiomorphism. And only 860 or so pages to go—you get the picture.
Now, you can imagine my excitement at the age of 14/15 when I read in depth Chapter XII - Polyhydric Alcohols, p242, and especially the section later in the chapter on Trihydric Alcohols, Glycerol and Nitroglycerine - glycerol trinitrate. My excitement was 'dynamite'—sorry, that just had to out itself. On p251 there's chapter & verse so to speak including the words "The reaction proceeds best at 20° to 25° and the temperature must not be allowed to rise above 30°", —an instruction which a little later I followed strictly to the letter. Now, with an invitation like that, how could I possibly resist? Some things just have to be done. Don't they?
As I said in a HN post some while ago, I was very careful and measured my reagents out by eyedropper (with the exception of the neutralizing sodium carbonate) and it all 'precipitated' out in lovely oil-like rings in the test-tube just like the textbook said it would. Eureka!
The section on fulminates was also enlightening and descriptive but I heeded the warnings, especially so the dangers of the Ag variety, and avoided temptation although for a while I toyed with the idea of doing picric acid but I couldn't do that in secret (in the timespan of one school lunchtime).
Incidentally, in the chapter on Cynogen Compounds there's a section on their use in ore extraction, Au, etc. One paragraph still brings chills to my spine even now as it did when I first read it as a teenager. It opens thus: "Owing to the recent demands for potassium cyanide for these purposes...," the sentence then proceeds to describe the quick, efficient large-scale production of said chemical. Whilst its stated use is acceptable, every time I read those words I can't help but think it's likely the method those dastardly bastards at IG Farben used to make the stuff. (BTW, I know the effects of HCN fumes after nearly suffocating myself whilst bleaching photo negatives, I staggered out of my makeshift darkroom—our sealed up lightproof bathroom—and collapsed on the hallway floor.)
(It's interesting to reread some of my comments penciled in the margins years ago. I note sarcastically on the synthesis of citric acid involving the multi stage treatment of dichloroacetone with both HCN and HCl and the intermediate products with KCN "that the final product had better be pretty pure if it's to be used in food production". I've also just read my penciled comments in the chapter on the 'The Strychnos Alkaloids'. Back then before Woodward's synthesis of strychnine in 1954, it was the 'gold standard' problem child to understand let alone synthesize. The text goes into the then current thinking (albeit briefly), which is fascinating to read in hindsight. It shows how they were circling and closing in on its structure but nowhere close enough—similar in ways to the ideas about the benzene ring before Kekulé's remarkable insight. Incidentally, that first-class son-of-a-bitch molecule brings back horrible memories, when I was about nine some lowdown bastard poisoned my beloved dog with the stuff—watching his death throes—writhing and convulsing in agony—is something I'll never forget.)
Sorry for the digression. One aspect that keeps me coming back to Schmidt's text is that unlike modern [general] chemistry texts that usually only outline chemical processes from a theoretical viewpoint, its author(s) don't mind delving into actual procedures and processes which makes it useful for experimenters. And its coverage of topics is wide-ranging, there's even a section on thio-esters including mustard gas, and surprisingly for 1943, also one on deuterium compounds.
To say this textbook was formative in my appreciation of chemistry would be a gross understatement.
___
† The title of Schmidt's original 1926 German edition is 'Lehrbuch der Organischen Chemie'.
___
Edit: the textbook was reviewed in the June 1943 edition of Nature.
Also, if anyone knows if or where there's a PDF copy of the text then I'd like to know as I'd like to reconstruct my lost index. Wishful thinking perhaps, as thanks to outrageously long copyright laws, the book is still in copyright (Schmidt died in 1933 and Rule in March 1945).
Probably enough to mess up your hand, probably not enough to completely remove it. I wouldn't want to count on it for rendering a laptop completely irrecoverable; but it'd probably do a good enough job most of the time.
A "thumb drive" that's much bigger than an m80 is going to be a little suspect anyway, isn't it? some of them things can be swallerd now. Don't think any are designed to work after, alas.
Had one of the small metal ones come through the washing machine OK.
Hypothesizing here... At what point do we have to worry about a USB stick that has an antimatter payload ? Such a weapon might be enough to blow off a significant chunk of the Earth's crust.
When it starts costing less than a few billion $ per milligram to produce
And technology exists to contain it indefinitely in a thumb-sized container, while also being powered from within that thumb-sized container, while also not radiating, or possibly even generating, enormous amounts of heat.
Reminds me of the Italian Unabomber case.
https://en.m.wikipedia.org/wiki/Italian_Unabomber
Not related to the American one, except by newspaper sensationalism.
Great. Another thing I wont be allowed to take on a plane now.
likely easily identified through X-ray plus given RDX has a nitrogen group, sniffer dogs would likely detect it as well. So I wouldn't bet on it being banned.
The industrial revolution's consequences have finally caught up with Moore's Law – explosive storage capacity in a compact package.
The Unabomber Manifesto delivered on a bomb. Meta.
Rude/counterproductive not to give the victim enough time to read the manifesto tho.
(Full disclosure: I asked GPT-4 to write a witty comment in style of HN which would reference the phrase "industrial revolution and it's consequences").
Voting by mail is so old school, now we have electronic voting!
Tragically poetic.
The Iranians will tell you after stuxnet, USBs with viruses are still worse
Nope. Malware is still a lot scarier.