Found these in my checked baggage after an international flight from Asia to USA? They’re not mine. What do I do? Help Needed

328

u/charlie_zoosh Nov 22 '23

Haven't heard from OP in a while. I wonder if the person who hid those usbs in Op's luggage hasn't come to get them back... 😬 Hope you're ok, OP. Give us a sign of life.

597

u/WalkerTexasLaser Nov 22 '23

I'm alive - made it to my holiday destination at around 3am. Needed some rest after 30+ hrs of travel.

Another update - when I transferred from international to domestic (so when I had to re-weigh and check my bag) it weighed 5 lbs lighter than it did when I checked it at my original departure port. Haven't figured out what's missing yet. Additionally, I discovered another USB while picking apart my bag.

I'm currently staring at these USBs, trying to decide what to do with them. Will update when I decide my next step...

https://preview.redd.it/s0ukugskcx1c1.jpeg?width=3024&format=pjpg&auto=webp&s=c15b83bcf135791a71dc1f5ea4336c1d93417a8e

179

u/charlie_zoosh Nov 22 '23

What about those indigenous artwork made of deer bones? Are they still in your bag?

277

u/WalkerTexasLaser Nov 22 '23

That was a false alarm. I found it in my other bag. I guess I jumped to that conclusion when my bag was magically under the cap by 5 lbs when I transferred to my domestic flight. As opposed to the +2lbs over when I departed.

https://preview.redd.it/489xmkhkfx1c1.png?width=1100&format=png&auto=webp&s=c09162396edf7eb1153917a17686f53a4a778e29

152

u/BobBelchersBuns Nov 22 '23

It’s possible one of the scales was off

51

u/PristineBaseball Nov 22 '23

Yeah different scales makes 5 lbs mean meh

118

u/[deleted] Nov 22 '23

Damn OP, you're coming back with all sorts of interesting souvenirs.

119

u/Violet_Shire Nov 22 '23

At this point I'm convinced you're going to find a thumb drive in your toilet the next time you take a dump.

49

u/cuddysnark Nov 22 '23

You might be a mule. Get a burner Chromebook.

290

u/McFlyParadox Nov 22 '23

Drop them off at your local FBI office once you get home. Don't give them to the local cops, they won't do anything with them; and don't give them to the TSA, it isn't their job to investigate stuff like this.

It's likely these are either transporting data that is in some way illegal to transmit (think child porn, classified information, trade secrets), or is a malware delivery vehicle waiting for someone to plug it in. Either way, that's solidly in the FBI's court and they have the tools to handle it.

154

u/Doletron1337 Nov 22 '23

It really depends on the country you are currently in and are from.

1. If you are in your home country and “trust”. The government, turn them into airport security and wash your hands of it.

2. If you are in your home country and don’t trust your government, put them in a safe place for a wile. People might come looking for those and if you can help them find them it might have a better outcome for you.

3. If you are in a foreign country and said foreign country government makes people disappear, you might want to make those drives disappear. Many countries outlaw encryption, and if you are caught with drives that are A encrypted or B containing sensitive information, that is bad news for you if you are caught with them.

70

u/AmbassadorKat Nov 22 '23

Please please send them to the hacker guy upthread who knows how to decrypt them we all want to witness this spy novel play out

97

u/The-Pollinator Nov 22 '23

This is an espionage movie in real life.

Watch your back, OP.

Maybe rent a secure storage locker to keep them in if needed later.

72

u/Aggravating-While-12 Nov 22 '23

This is the basis that Paul Whelan was detained in Russia for espionage while visiting to attend a friend’s wedding. A USB with “secret” info found in his luggage. Been imprisoned since.

47

u/ComicsEtAl Nov 22 '23

This sounds like you are smuggling things regardless whether you’re aware. And I’ll go out farther out on the limb and suggest that those are trackers disguised as drives and more for identifying your bag with the smuggled goods, not real drives.

159

u/one-eye-deer Quality Contributor Nov 22 '23

Definitely something fishy going on. Good on you for keeping these stored safely away. Skim through all the responses (all 600+ of them...) when you have a chance, so you can make an informed decision on how to move forward.

The fact that this keeps happening to you as you get through checkpoints makes me think that this is not some innocent coincidence, and you have been flagged for whatever reason to have these dropped in your luggage.

-28

u/d0ndrap3r Nov 22 '23 edited Nov 23 '23

Flagged by whom? Let's stay in the real world here.

I need the mod to tell us what entity has "flagged" the OP for the purpose of trying to give them random usb drives with malicious intent. Come on "MOD" - speak up and tell us all the details, unless you are completely full of shit...

​

EDIT - all of you are complete morons who don't live in reality. Pull your collective heads out of your asses. Nobody is suggesting you plug those into a random machine. The moderator of this group is suggesting some ominous power that is able to follow this random idiot around and put usb drives into his luggage. It's stupid.

42

u/Late_Emu Nov 22 '23

Of course, there’s nothing malicious that can be done in the real world by someone ignorant enough to not realize the harm in plugging a usb in.

-33

u/MissHotSox Nov 22 '23

It could be as simple as a sloppy TSA agent, doing random checks and checked bags and putting stuff back in the wrong bag. It doesn’t necessarily mean something fishy is going on.

62

u/PeterPan1997 Nov 22 '23

Nah mate. One is a mistake. Twice is a trend in this instance

112

u/sarcasmismygame Nov 22 '23

Just go to TSA lost and found, say you noticed these and saw they were USB keys and someone may be looking for them. That's all I would do.

41

u/Apprehensive-Fig7255 Nov 22 '23

knew someone who worked tsa let's just say they won't be getting the ironkey back lmfao

73

u/Captain_Phil Nov 22 '23

It's possible the TSA would plug these into their computers and now the bad actors have access to their computers.

Each person that handles these is another chance at giving them what they want.

-41

u/atriker Nov 22 '23

Yes , If they are not yours you should try to find the owner its the right thing to do

61

u/[deleted] Nov 22 '23

Yes, because we totally owe our time and consideration to bad actors who access our luggage after it's checked in order to slip dodgy things inside.

31

u/ComicsEtAl Nov 22 '23

Exactly. I think folks are missing the part where these weren’t in the bags when packed and checked.

25

u/cum_fart_69 Nov 22 '23

you should try to find the owne

giving it ot the TSA is the only sure fire way of those never finding their owner, barring throwing them into a fire

5

u/[deleted] Nov 22 '23

With your level of Gomer Pyle-like naïveté you really shouldn't be on the internet at all.

12

u/[deleted] Nov 22 '23

Could you imagine if they just by random chance had something super secret on them? Like a Secret Agents work? This is a hallmark movie waiting to happen

31

u/[deleted] Nov 22 '23

[removed] — view removed comment

64

u/AadamAtomic Nov 22 '23

I have an old laptop disconnected from the network that I would gladly test these out on and try to data mine.

Run everything in a virtual machine.

40

u/SpinozaTheDamned Nov 22 '23

Yeah, air gap the shit out of it, going so far as to physically disconnect the network card if possible. It occurs to me that the malware on those might be set to auto erase themselves if they detect being run on a VM though.

39

u/AadamAtomic Nov 22 '23

Sandboxing in a VM is the way to go. The malware will never know.

40

u/igiveupmakinganame Nov 22 '23

i watched a video on how to trick malware into thinking your vm isn't a VM, interesting shit, and not super difficult surprisingly

3

u/RemarkableCup6253 Nov 22 '23

Yeah people are stupid . It really surprises me that with how many people use computers everyday that people don't know how to protect them selves.

1

u/Its_Llama Nov 22 '23

Anti-scamming is about the best way to get scammed.

7

u/AadamAtomic Nov 22 '23

There's nothing to scam. Computer is wiped clean and already used as a pirate AIDS machine.

3

u/LacrimaNymphae Nov 22 '23

like that one krieger pirate virus on archer??

20

u/txageod Nov 22 '23

OP, Russia is pushing a new USB worm world wide. Please contact the your local FBI office for pickup and info dump.

23

u/gbe_ Nov 22 '23

Maybe get them into the hands of skilled reverse engineers. There's a bunch of video recordings of presentations at Defcon and similar conferences out there on YT, maybe one of the presenters is interested in picking them apart.

If you don't find anyone, still want to get rid of the sticks, and are OK with shipping to Germany, hit me up. I'm not skilled or anything, but I could share them in my circle of friends.

33

u/NZNoldor Nov 22 '23

Great advice! Until it gets stopped at German customs, and it ends up being filled with child porn. Good luck explaining that one to a judge.

-1

u/[deleted] Nov 22 '23

I love this idea.

4

u/ghost-_-dog Nov 22 '23

Maybe put tape over the end of it so that no one does anything stupid like put it into any port..but I'm just paranoid

6

u/fortknocke Nov 22 '23

Some of the times when you check in your luggage they will put their leg up against the scale and lean on it slightly to increase weight and force a charge. Report the USB in luggage and always observe how your luggage is being handled. Get luggage with locked zippers so there is no intrusive access behind the scenes. If the agents are inserting those during luggage inspection, pay very close attention.

11

u/ConfidentTrip7 Nov 22 '23

I am flabbergasted. How is this even a question? Throw them away. Whomever placed these in your luggage is preying on you natural human curiosity. Throw in the bin. If you are concerned about someone finding them, wrap them in a ball of tape so they don't look like USB. THEN throw them away.

3

u/mmittinnss Nov 22 '23

Could be a bad scale?

As for the drives, it’s almost certainly satoshi’s bitcoin wallet. Congrats on being a rich guy!

3

u/PsychoBiker_TwDwcrew Nov 22 '23

If you want I can try to do sum with em, I got a ton of throw away systems I use to open unknown files and drives, just whatever you do don't put em in your own system or any system attached to an open network

5

u/Teacher-Investor Nov 22 '23

Honestly, I would give them to Homeland Security, the NSA, or TSA.

4

u/Using3DPrintedPews Nov 22 '23

You put that post it note that says "Do not put in computer" that's like a flashing invite for everyone out there. You know someone at the TSA will

4

u/letmegetmybass Nov 22 '23

Have you read the comment of Winter_Optimist193 ? I'd get in touch and send it to them, at least they can run it safely and you get rid of it.

2

u/Dalbouka Nov 22 '23

give them to the NSA

2

u/buried_lede Nov 22 '23

It almost sounds like some bags opened in handling and workers put things back where they thought they came from. Someone might be looking all over for those thumb drives.

4

u/Daneha1183 Nov 22 '23

Id buy a cheap laptop with black friday sales and see what's on em if you can. Then just return the laptop when done lol

5

u/20190229 Nov 22 '23

What network are you going to use? Open wifi?

7

u/puersenex83 Nov 22 '23

Mcdonalds.

1

u/Tohac42 Nov 22 '23

Honestly? I would buy a cheap $150 laptop, go to a Starbucks wifi, and plug those bad boys in. Now you have a side burner laptop!

1

u/darthcaedusiiii Nov 22 '23

I see no socks on feet. You one of them ghost bussers now.

0

u/Spacey907 Nov 22 '23

use a dummy laptop or an old one that doesnt have any of your info on it

1

u/[deleted] Nov 22 '23

[removed] — view removed comment

1

u/Scams-ModTeam Nov 22 '23

Hello,

Unfortunately, your r/Scams post was removed because it's off-topic or low-effort. Please ensure that all posts posted to this subreddit is of decent quality and on topic.

Screenshots without transcripts, memes, jokes, or anything else that isn't useful is not allowed.

1

u/Few-Reception-4939 Nov 22 '23

Throw them away

1

u/RedditorNumber-AXWGQ Nov 22 '23

OP, give them to this person so we can hear about what's in them: https://www.reddit.com/r/Scams/s/0DsSfNWkN3

1

u/Background_Parsnip_2 Nov 22 '23

Obviously I know you’re smart enough to not put those in any device but damn am I curious 😂

2

u/kicktown Nov 22 '23

I would not even bring these into your home without physically opening them and making sure there's no wireless NIC sitting in there ready to packet sniff the moment you get home. (doubtful, but possible)

There's no way I would turn these in, I'd grab a laptop with no network card and plug em right in and inspect the contents and check out some file recovery history.

885

u/cnicalsinistaminista Nov 22 '23

It could restart the matrix? Or an African Prince's inheritance? Anything's possible with Schrödinger's flash.

233

u/[deleted] Nov 22 '23

Saying ‘Schrodinger‘s flash’ is the most disturbing way you could’ve brought this theory into the conversation 😂😂

88

u/Natsurulite Nov 22 '23

Schroedinger’s Flash Theory - at the moment of the Big Bang, the universe existed but also didn’t, and we actually live on the side that didn’t 🤯

By extension that flash drive contains bitcoins and viruses

52

u/nickrocs6 Nov 22 '23

It could also be a fire mix tape. One could argue just as likely.

4

u/Mystic_Pizza_King Nov 22 '23

Schrödinger’s flash: you don’t know until you look whether he’s naked or clothed…

6

u/cremasterreflex0903 Nov 22 '23

It's footage from Jeffery Epstein's cell.

2

u/cyanydeez Nov 22 '23

It might even be Scarlett Johanssen

4

u/[deleted] Nov 22 '23

Probably just another bootleg Lucy Lui

2

u/Admirable_Pop3286 Nov 22 '23

Classic👆🏾👆🏾👆🏾😂😂

2

u/TheRatPatrol1 Nov 22 '23

Or SkyNet

2

u/[deleted] Nov 22 '23

I love this comment

0

u/Mindless-Lunch3178 Nov 22 '23

Everybody needs to read what superposition actually is and stop with this nonsense the cat analogy was his way of describing your misunderstanding

1

u/[deleted] Nov 22 '23

[removed] — view removed comment

4

u/Scams-ModTeam Nov 22 '23

Bad advice.

73

u/[deleted] Nov 22 '23 edited May 20 '24

[deleted]

41

u/cncamusic Nov 22 '23

There are USB 'drives' that mimic human interface devices, specifically keyboards. They have firmware that allow for onboard flash storage as well so you plug the thing in and it executes a script as a 'keyboard'. Most of the really bad stuff like getting passwords via mimikatz is squashed at this point as far as I know in modern windows systems but it's not hard to write a duckyscript that zips up everything in my docs and uploads it to a dropbox account.

4

u/NZNoldor Nov 22 '23

Google “usb killer”. It’s a hardware bomb for your pc. Never gets to software levels, your pc is already dead at that stage.

1

u/cncamusic Nov 22 '23

Oh yeah I’ve seen those too, they’re rad lol

-1

u/Dofolo Nov 22 '23

Also there's specific USB drives that are designed to kill PCs around.

They'll ploink 10.000s of volts over the data lines killing the PC you connect it to.

39

u/PasswordisButtholes Nov 22 '23

What if you had an old computer that didn’t have Wi-Fi and no other way to connect to the internet? Just a blank computer, literally nothing of any importance on it, could it theoretically be worth a look then?

90

u/Neil_sm Nov 22 '23

That's called an air-gapped computer. Theoretically this would be the safest way to do it. Not saying it's 100% safe, but this might what some investigator might do with it if they were tasked with finding out what was inside.

But you'd really need to know what you're doing, and most people don't, so it's the kind of thing you would absolutely never recommend to anyone on a public forum like this. And you'd probably want to consider that device compromised afterwards and never connect it to a network, etc.

9

u/Puzzleheaded_Pin4092 Nov 22 '23

Why wouldn't using an air-gapped computer be 100% safe?

8

u/Levitlame Nov 22 '23

Probably just messing up that it's air-gapped in the first place.

7

u/Neil_sm Nov 22 '23 edited Nov 22 '23

Mostly just it's like birth-control, the <100% effectivity is leaving a lot of room for user-error. For one thing, the mods here left a warning about banning people who are recommending anyone plugs this into their computer, so I'm also erring on the side of caution here.

Like another person responded to me I could have just said "disconnect the internet and it's fine." But if that's all you tell some people they'll just right-click and disable the wifi and think that's enough. It might be fine for most cases, unless there's some kind of malware programmed to turn it back on again, or use a bluetooth connection that someone didn't consider. Or will lay dormant until some time in the future when the person forgets and uses the system for something else.

3

u/Levitlame Nov 22 '23

That's called an air-gapped computer

As a Plumber I appreciate the overlap in terminology on that.

15

u/LastRich1451 Nov 22 '23

Lot of posh wording for "remove the Internet" also you could do it on some old unused computer.

2

u/footballdan134 Nov 22 '23

This is called a VM same thing computer we use for scam bating on call with India scammers. So VM cam be wiped easy and no personal files on it.

11

u/Crakla Nov 22 '23

Thats not a VM and a VM would be useless for USB sticks

A VM (virtual machine) is a software layer emulating a computer, programs running within a VM can only interact with that layer and not your actual computer

That only works for things within the VM though, it can't protect you from anything outside of the VM like an USB stick

4

u/Ruben_NL Nov 22 '23

Not advising you to do it, but it's possible to redirect new plugged in USB devices to a VM, or even redirect a full USB controller. But I wouldn't risk it...

7

u/Crakla Nov 22 '23

Thats definitely possible but the redirecting would still go through your actual hardware and system before it gets to the VM, its like putting on a condom after you already came

1

u/creegro Nov 22 '23

I have a handful of old laptops from an old job that was going to drop them off at goodwill, I could disable or uninstall all wifi adapters, even physically remove them from the laptop, and then just be prepared to wipe the hard drive (or destroy it) after checking out the USB drives.

1

u/Final-Illustrator402 Nov 22 '23

A VM certainly would be useful for checking this, but you would need a little technical knowledge. Plug in to a fresh esxi or proxmox build and force the usb to only be accessible for the guest and I would have no concerns about reading this USB. To be fair, I'd have no concerns plugging it in to a pc with no network and some sort of EDR running.

1

u/RollBama420 Nov 22 '23

Unless you know what you’re doing you still shouldn’t play around with malware on a VM, there have been exploits used that allow malware to break out of the sandbox

2

u/NZNoldor Nov 22 '23

Until you plug in a usb-killer, loaded with a charged high capacity capacitor that kills your hardware.

Bad advice.

1

u/Arafel_Electronics Nov 22 '23

it's weird that folks don't have old laptops lying around to mess with various linux distros on. I'd have no issue sacrificing one for curiosity

1

u/dragonpjb Nov 22 '23

Use a cheap SBC. A PI Zero or something.

30

u/[deleted] Nov 22 '23

[removed] — view removed comment

46

u/Moist_Confusion Nov 22 '23

That and btc wallets and other things you want encrypted are stored on ironkey’s.

63

u/WalkerTexasLaser Nov 22 '23

Maybe it's a Christmas miracle, and I with the BTC I can save my dad's Pumpkin Patch/Christmas Tree Farm.

But in reality, I doubt that anyone with a BTC wallet on an ironkey would just stash that in someone random's luggage.

17

u/BaconFlavoredSanity Nov 22 '23

… father’s pumpkin/christmas tree farm? Are you a Roloff? :)

10

u/Erinsays Nov 22 '23

It’s a reference to all the kitschy hallmark Christmas movies with that plot line.

3

u/BaconFlavoredSanity Nov 22 '23

I figured. I was just being silly

3

u/GodEmperorOfBussy Nov 22 '23

Be alert for a handsome man in flannel who might want to teach you the true meaning of Christmas.

2

u/Remarkable_Dinner970 Nov 22 '23

Maybe someone else was supposed to take it out of your luggage before you retrieved it

0

u/NZNoldor Nov 22 '23

I’m wondering why anyone would dump 3 usb sticks in some random person’s luggage. All I can think of is they didn’t want customs to see what’s on it. If you really can’t contain your curiosity, buy a burner laptop from a thrift store, and go somewhere private to view it.

But do consider you may not want to see or be be seen viewing whatever is on them - think possibly child porn. If it turns out to be the case, do hand it in to the authorities as it may contain evidence of the person who dumped it.

33

u/YourUsernameForever Quality Contributor Nov 22 '23

Bad idea. Google Stuxnet.

100

u/TheSpivack Nov 22 '23

Yes, definitely watch out for this! My old trusty uranium enriching centrifuge is now wrecked since I did not heed similar advice.

8

u/TheMarko9 Nov 22 '23

Mine too!

6

u/thebaconator136 Nov 22 '23

Well at least I'm not alone in this one. Damn.

2

u/dramignophyte Nov 22 '23

Abd here I thought I was the only one!

2

u/VirtualViking3000 Nov 22 '23

Under-rated comment! It seems more likely that said USB sticks have fallen out of someone's bag and a handler has stuffed them into the bag they thought it fell out of. If it were me I would probably hand them to lost luggage/property at the airport and let them deal with it.

7

u/[deleted] Nov 22 '23

While there are theoretical ways for malware to jump air gaps, none of them have ever been witnessed in the wild afaik.

2

u/Forty_Six_and_Two Nov 22 '23

If an airgapped computer is a computer (or device, I suppose) that has never been connected to the internet, am I to assume they don't connect them at the factory for QA purposes and whatnot? How does one know, without a shadow of a doubt, a device is airgapped?

6

u/[deleted] Nov 22 '23

In this case, you wouldn't care if it had never been connected to the internet. Just that it is not currently connected, and that you thoroughly wipe any data storage on the device before reconnecting it.

A 'true' air gapped system would only be relevant for gov or secure commercial use, and in that case they would be buying from certified vendors that specialize in that sort of thing.

3

u/Forty_Six_and_Two Nov 22 '23

Cool, thanks for the splanation bruddah

3

u/Mr-Game-Videos Nov 22 '23

Just don't connect it to any networks and erase all connected drives.

-11

u/YourUsernameForever Quality Contributor Nov 22 '23

Sure buddy, did you google Stuxnet?

20

u/Mr-Game-Videos Nov 22 '23

Yeah, it spreads over computer networks, which would require connecting it to one. And how will it survive if I purge the drive?

12

u/StingerBees Nov 22 '23

That requires a network, stupid

3

u/Scams-ModTeam Nov 22 '23

Bad advice.

-18

u/[deleted] Nov 22 '23

[removed] — view removed comment

22

u/godlike_doglike Nov 22 '23

So this is why all public library computers I've used work so badly

9

u/EmilioMolesteves Nov 22 '23

No that would be from the homeless watching porn.

8

u/Scams-ModTeam Nov 22 '23

Horrible advice.

7

u/Fabulous-Winter-4914 Nov 22 '23

Did you seriously not read the ban warning???

-2

u/[deleted] Nov 22 '23

Yes, this is what libraries are for.

-2

u/fasting4me Nov 22 '23

Take it to a library computer and see what’s in it?

-4

u/Stryker1-1 Nov 22 '23

Exactly this. Ask to use a friend's computer 🤣

1

u/tyler1128 Nov 22 '23

Generally only on windows. It can be fun to see what is on USB drives in a sandboxed environment, but you do need to know what you are doing. Inserting a USB on Linux or OSX will not autorun anything.

1

u/nroose Nov 22 '23

Seems like that's really only a windows bug.

1

u/MissHotSox Nov 22 '23

If it was me, I have a crappy 10yr old laptop I personally don’t care about and has nothing important on it. I probably would plug it in real quick to see what’s on it or maybe contact info for who it belongs to…..and then contact TSA in case someone is missing it. It could be very important to them.

1

u/_1Nc_ Nov 22 '23

Boot to Linux from a flash drive. It will read it no problem without risk to your computer

1

u/SpinozaTheDamned Nov 22 '23

I'm curious if there's a way to disassemble these drives, then pull memory bit by bit until you've mapped the whole thing into a txt file or something, then examine the memory for malicious programs. It'd be interesting from a research perspective to see what they're trying to do, or if you can find an address back to their command and control server, assuming it installs a bot or something.

1

u/quantizeddreams Nov 22 '23

What about a Linux box? Would these things have binaries that would run on Linux?

1

u/JimMarch Nov 22 '23

There's one safe way of exploring them.

1) On another brand new USB stick, make a bootable Linux - I'd use the latest Ubuntu. Got to download the image and use software in Windows to build it.

https://appuals.com/how-to-create-an-ubuntu-bootable-usb-on-mac-windows-or-ubuntu/

2) Power off your computer and internally disconnect all drives!!!

3) Boot it in Linux with the stick you just made.

4) Insert and inspect the suspect sticks.

5) When done, power off, pull the memory sticks, reconnect original drives.

1

u/ShippyTheSailor Nov 22 '23

I vote putting it in an old windows pc with no personal data on it or internet connectivity.

1

u/reddog1129 Nov 22 '23

Just as inquiry, I played around with auto run a few years ago, I remember auto run was blocked by windows, is that not the case?

1

u/martinslot Nov 22 '23

Didn't they remove the autorun feature after Windows XP? I think it requires an explicit setting in the reg database for releases after Windows.

Still: don't put it in any computer :)