Yes of course it would still fry it if it went through a hub.
I don't believe the "fry" would propagate through a hub, at least not a powered one. From the USB spec. and schematics I've seen the damage would be limited to the USB controller and/or voltage regulator circuitry in the immediately connected device. More discussion in the comments here: http://arstechnica.com/security/2015/10 ... n-seconds/
And unlike the creator I would suspect a lot more than the MB was fried by the discharge.
Of course in the case of plugging directly into a laptop the USB controller is part of the motherboard chipset, which upon being destroyed renders the motherboard non-functional. In this case I believe all other parts of the system (i.e. CPU, RAM, drives, etc. would survive undamaged.
I am not certain I understand the purpose behind the device. It demonstrates the obvious. It is malicious if left around for someone to find. It may fry a system but it won't damage data on a platter. Seems to me you could accomplish the same thing by just shorting the USB power wire into a data wire.
I think the purpose is just to demonstrate a surprising (and malicious) capability that most people would never consider*. There are obviously many other ways to accomplish the same thing, but the creator wanted to illustrate that something innocuous and fairly trusted could be turned destructive. I do think that any interest in this as being an actual threat is somewhat blown out of proportion. Scott.
*Back in the '80s myself and several others discovered that certain very specific changes to a DOS Volume Boot Sector would render an entire system *completely* unresponsive. What I mean is that the system would remain unbootable until either the afflicted drive was disconnected from the system or the damage to the VBR was repaired. Think about that, how would you repair the damage if the system could NOT boot while an afflicted drive was connected (even as a secondary or non-bootable drive)? This was long before USB or any other hot-swappable drives were available. Most techs encountering and troubleshooting the problem at the time assumed that the afflicted drive was physically defective (any system it was connected to would not boot) and ended up discarding the drive(s) along with the data, a total loss.
I figured out this was due to a bug in DOS 5 and earlier. To demonstrate the problem I wrote a batch file (I called it DEATH.BAT) that would inflict the VBR damage (after VERY clear and explicit warnings). I demonstrated both the effects of this damage as well as how to get out of the situation in my Data Recovery seminars back in the day. While my DEATH.BAT file would not cause any damage to the hardware, it certainly *seemed* as if it did and I immediately thought about it when hearing about this "death" flash drive...