The Dangers of Removable Storage
Does your organization allow thumb drives? Do you use them at home? What do you store on them? What follows could be called nightmare on Main Street.
A private citizen found a thumb drive (AKA flash drive or memory stick) and did what any smart cyber security aware person would do. He took it to the library and plugged it into their computer. After all, if it was infected, you wouldn’t want to infect your own computer, would you?
What he did find was an interesting surprise.
About 70 folders with about 175 files, including:
- The exact route the Queen uses to get to Heathrow and the security measures to protect her.
- Specific types of IDs needed to get into restricted areas at the airport. Including those used by undercover police.
- The location of closed circuit TV cameras at the airport.
- Routes and safeguards for cabinet ministers.
- Details of the security system used to protect the perimeter of the airport.
- And other security related information
Of course the flash drive was unencrypted, not password protected and not secured in any way.
What happened next is what you would hope the average, security conscious citizen would do – he shared it with the international newspaper in town. After all, if he took it to the police, it might get swept under the rug.
The next step is also pretty obvious – the excrement hit the rotating air movement device (AKA the Sh*t hit the fan).
Police are worried that this data was copied and shared on the dark web. Certainly possible. If it has, the cat is out of the bag and not possible to rebag the cat.
The man who found it was an unemployed person who found it in Queens Park, West London. Not exactly the source material for the next Mission Impossible movie.
Insiders said that the DISCLOSURE of finding the flash drive started a “very, very urgent” investigation. I am not sure whether that is because Heathrow security was publicly embarrassed or something else.
A spokesman for the airport said “Heathrow’s top priority is the safety and security of our passengers and colleagues”. Also a priority – stop placing extremely sensitive documents on unencrypted memory sticks an losing them outside. Oh, wait, they didn’t say that last part.
They also said that they “have reviewed all of our security plans and are confident that Heathrow remains secure …”. I am not sure what else they might say.
Hopefully, behind the scenes they are making changes – like changes to the Queen’s route to the airport. And training people. And locking down computers. Among other things.
For your company, could an employee plug a flash drive into a computer and download sensitive information to it? And then lose it on a street corner. To be found by a homeless person. PROBABLY!
Information for this post came from The Mirror and The Standard.