I spent time having video calls with LEOs, intelligence agents and military folks over the course of the past 6-9 months. I saw how broken and disjointed and tribal power has become within the world of American authority.
I now know things about how the US government and military work that I feel the public should know.
I could write a book or make a YouTube video. But both of those are to inflexible and risky. I want to spill the beans in a much more permanent and effective way. I would like to help the public understand what is really going on behind the scenes, as best as I have seen.
SD card. Thumb drives are too easy to have malware. Nobody should plug in an unfamiliar thumb drive.
There’s zero functional difference between an SD card and a USB stick as far as malware. Don’t plug in any unfamiliar data storage device.
Not true. A USB device can emulate a keyboard and execute almost anything with no user action, just plugging it in. A bare SD card can’t do that.
Most SD card readers are just USB adapters. Even inside of most computers, they are just attached to an internal USB header.
Yes. Thats a trusted device that you already have. The data on the card cant change the behavior of your card reader. However a new unfamiliar UBS device could contain malicious hardware.
Anyone with half a brain that receives an unknown data storage device is going to plug that in to an air gapped computer, preferably running a linux distro, and a base install with basic tools and AV software to look at a potentially damaging device and hopefully clean it. If it does contain malware that successfully wrecks the computer, just wipe and reinstall. Better yet if it has a CD drive so no malware can infect the reinstallation media/live install.
Generally news orgs and the like who have a real reason to receive a thumbdrive with important docs from random people will have a method of mitigating the risk. For example, a former client who was a tax preparer had a dedicated laptop which was firewalled off from the network and could only access a document web portal to upload files from the flash drive as their mitigation strategy
Turn it into a waveform and sing it to a pigeon?
My preference would be to upload to SecureDrop (thanks @quick_snail@feddit.nl I forgot the name of the service) and be done with it.