Man Finds USB Stick And Plugs It In. What Happens Next Will Shock You

Sorry for the click bait title. It’s Halloween and this is a truly spooky story, so we couldn’t resist.

Net: A unemployed man finds a USB device while on the way to the public library. He plugs it in and finds 2.5GB of unprotected, unencrypted data.

That data includes Heathrow CCTV maps, security plans for the Queen, anti-terrorism patrol data, etc.

Here’s the link to the Ars Technica story.

So, why share on this site? For 3 big reasons:

  1. Please, please, please do not store sensitive documents on unsecured and unencrypted USB sticks. They’re just too easy to lose.
  2. If you are going to store sensitive data on a USB device, by all means take the extra time to password protect or encrypt the data. This is not easy, but it’s worth it. Here is a fairly clear article on how to do this.
  3. MOST IMPORTANT FOR READERS OF THIS BLOG!: This man did something that nobody should do. He found a USB stick and plugged it in to a computer.

On point #3. Do you know that I have taught whole sections of classes on why what this man did is a bad idea? Did you know that many social engineers purposefully “lose” USB devices in order to trick employees into plugging those devices in?

 

When they do this, they could potentially be launching malware / ransomware / viruses / etc, or they could just be exposing a human hole in corporate security.

So, this spooky Halloween story has practical application for all of us.

  1. If you store data on USB drives, make sure to encrypt and password protect
  2. Avoid the human tendency to want to find out what is on a drive if you do find one laying around
  3. If you work for a business that would like to run employee training that covers social engineering and other practical tips, contact us.

Stay safe out there!

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s