I found a USB stick in the street the other day. This is not the first thumb drive I have found, and apparently this is not an unusual event, as some reports indicate that dry cleaners find thousands of them (along with some more unsavory items) each year. These reports are consistent with news stories about unusual items left in the back of taxis, including some 190,000 phones that are left in the back of London taxis every year. In total, Consumer Reports indicates that over one million phones were lost in 2013. It seems that we are not very good at holding onto our devices. While it is fairly easy to return a lost phone to its owner, the same is not true with a USB stick. The owner of a lost phone will usually call the phone to see who found it. By contrast, the only way to possibly locate the owner of a found thumb drive is to plug it into a computer and see if there are any clues in its contents, as many folks who carry USB sticks do not encrypt the contents, meaning that the information on those devices is readily accessible. Unfortunately, this is a very dangerous method, as USB sticks may contain malware. In the now famous “Stuxnet” case, infected USB sticks were purposely dropped in a parking lot with the hopes that an employee of the nearby factory would plug it into a computer to damage the machinery – this ploy was very successful. The ability to write malware code onto USB sticks is not a new phenomenon, and the “USB drop” technique is used by some security assessment companies to test staff awareness. There is even a smartly priced commercially available version of a USB onto which one can load customized code. What should you do if you find a USB stick and you want to locate the owner? Unfortunately, the only safe way to view the contents is to use a machine that will not allow the writing of any files to a hard drive. A computer without a hard drive could be booted with a bootable DVD of a Linux distribution. This would allow a person to mount the USB stick to try to find clues to locate the owner. As you can see, this “safe technique” is far beyond the technical understanding of the average person, and it is best left to a professional. The best thing to do with a found USB stick is to turn it over to the nearest lost and found. Our general tendency is towards helping others; however, in the case of a found USB stick, please resist the urge to plug it into a computer to view the contents. Title image courtesy of ShutterStock
Zero Trust and the Seven Tenets
Understand the principles of Zero Trust in cybersecurity with Tripwire's detailed guide. Ideal for both newcomers and seasoned professionals, this resource provides a practical pathway to implementing Zero Trust, enhancing your organization's security posture in the ever-evolving digital landscape.
