Ex-student records himself using USB Killer to fry college computers

Malware isn’t the only toxin you can deliver to a computer via a USB key. Just ask Vishwanath Akuthota, who faces a potential ten-year stretch after frying at least 66 computers at his former college.

Akuthota originally pled not guilty to intentionally damaging a protected computer at the College of St. Rose, in Albany, New York. He then changed his plea, perhaps faced with evidence from the Albany Police Department, who investigated an incident there on 14 February 2019.

Harbouring an unspecified grudge, Akuthota entered multiple computer workrooms on campus and inserted a USB Killer device into their USB ports.

A USB Killer isn’t your granddad’s USB thumb drive. It is an adapted device that can fry an entire computer. Instead of a flash memory chip, its innards contain capacitors and a DC-DC converter that alters the voltage level of a direct current. This is a deadly combination for your average USB port, along with anything attached to it.

Inserting a USB Killer into a USB port causes it to draw an electrical current from the port and store it in the capacitors until the stored energy reaches a certain threshold. Then, the deadly USB stick reverses the charge, dropping all the stored energy back into the USB port at once. The electrical surge can fry the port, along with other electronic components such as the computer’s CPU.

Akuthota bought one of these devices online and delivered its powerful payload to 59 Windows workstations and seven Apple iMacs. He also tried to damage other hardware with it, the complaint against him says.

Not content with frying over $50,000 of computer equipment, the MBA graduate took home a memento, explains the complaint:

The defendant, using his personal iPhone, recorded himself inserting the ‘USB Killer’ device into computers and other hardware owned by the college, and making statements including, “I’m going to kill this guy,” then inserting the ‘USB Killer’ device into a USB port, and – after destroying the host device – stating “it’s dead”, and, in another instance, “it’s gone. Boom.”

Even if he hadn’t documented his own crime, Akuthota carried out his destructive spree in front of campus security cameras. The cops nabbed him within a week.

The hapless vandal must now pay back $58,471 to the college, covering the cost of hardware replacement and staff time. He also faces a maximum of ten years in prison followed by up to three years of supervised release, along with a potential $250,000 penalty.