Meh, a couple tens of thousands of dollars in destroyed equipment via a very crude vandalism attack. Sounds like a lot until you realize you can cost someone millions with a medium sized botnet and a long standing DDoS. For most large targets, a USB that fries a laptop or two is no big deal (assuming automatic backups or devserver or etc), one that installs a rootkit would be a much worse scenario.
Also, if you are talking about harming individual users, and you are the kind of person who would drop "killer" USB drives on a parking lot, how is that any different from just keying every car? You get no benefit, it only causes damage, it takes near zero sophistication and the end results is it costs people a bunch of money and police start an investigation for vandalism.
> how is that any different from just keying every car?
People will notice that some dude is walking around and keying cars. If you happen to come across a car owner, you might be in for some pretty violent payback (at least that's what I'd do with someone keying my car).
Dropping USB keys, on the other hand, won't cause any suspicion.
Also, if you are talking about harming individual users, and you are the kind of person who would drop "killer" USB drives on a parking lot, how is that any different from just keying every car? You get no benefit, it only causes damage, it takes near zero sophistication and the end results is it costs people a bunch of money and police start an investigation for vandalism.