A Journalist from Ecuador Was Sent a USB Drive That Exploded after Plugging In

Ecuadorian police is investigating a massive attack on media organizations across the country, in which a journalist and host of the Ecuavisa channel was injured after receiving a USB drive in the mail, which exploded when plugged into a computer.

During a press conference, Xavier Chango Llerena, head of the Ecuadorian National Police’s Criminal Investigation Unit, said authorities had found envelopes containing suspected bombs in the offices of four other media outlets, two in Guayaquil and two in Quito. Another explosive flash drive was found in the warehouse of a parcel delivery company.

Sappers work in Ecuavisa

As a result of the explosion of a USB drive, the injured journalist Ecuavisa Lenin Artieda received injuries of his hands and face, but no one else was injured. According to the police, only half of the charge embedded in the USB drive exploded, and the outcome could have been worse if everything had gone as the attackers had planned.

It is also reported that the activation of the explosive device could have occurred from the electric charge that the flash drive received when connected. According to Lierena, the accumulator could contain RDX, although this has not yet been confirmed by laboratory analysis.

The press and freedom of speech advocacy organization Fundamedios condemned the attack and said in an official statement that at least three other journalists, including those from TC Televisión, Teleamazonas and Exa FM radio, received such USB sticks and threatening letters in the mail.

In particular, Álvaro Rosero, who works at radio station EXA FM, received an envelope with a similar flash drive on March 15, 2023. He gave the device to a producer who used a cable with an adapter to connect to a computer.

This time the flash drive didn’t explode. The police determined that the drive contained explosives, but due to the adapter used by the producer, the charge did not activate.

Information security specialist and engineer Michael Grover, also known by the nickname MG, whom many know as the author of the malicious O.MG cable, demonstrated intruding USB flash drives back in 2018 (exclusively as a PoC and as a joke).

The researcher says that such attacks, unfortunately, can be very effective for terrorists. MG hopes that the incident will force more publications to scrutinize incoming mail.

Ecuadorian Interior Minister Juana Zapata confirmed the five flash drives filled with explosives and said the incidents were “an absolutely clear signal to silence journalists.”