Curiosity is a strong driver. Sometimes it is “can I do this”, “How do I do this”, “Oooooh. Something new to try”. I was faced with this, yesterday with a SUB stick. My CIO asked I come see him in the office, held up a USB stick and said he had found it while walking. He then asked what he should do with it. “Should I break it with a hammer and throw it out, try to see what’s on it, give it to you, or something else?”
I was immediately, energized. Who’s was this? Would the files on the drive provide this information? Could I get it returned to the person? Was this person really missing the data? The adrenaline started to flow.
“I can take a look and see what’s there” I replied. I have ways to open USB items and files without concern for infection of malware/viruses/spyware/ransomeware, etc. I was handed the USB drive, walked to my office, put the disk down and went back to what I was working on before the call.
A few minutes later I looked at the drive and thought, “There are too many variables. There are too many possibilities of bad things going wrong no matter how careful I am. I genuinely, have no idea where this came from. Was it from a someone with no computer programming experience? Was it already unknowingly infected by the original owner via a compromised file they downloaded? Or was it from a very malicious programmer that is intentionally leaving drives around with the design of propagating their new attack mechanisms in to the wild?” Knowing my limits and the potential risks I decided my excitement to test my skills and tools was over-riding my better judgement. I have returned the untouched USB drive to my CIO with the recommendation to destroy the drive and dispose of it without accessing it on his systems. The bad guys are very smart and very effective at their craft. If you do not know from where something comes, do not use or open it. If you have to attach unknown USB storage then be sure to have your AntiVirus software scan these before they can be accessed. And be prepared to possibly lose all of your data, have to wipe your machine and start over. The risk does not out-way the reward. Stay vigilant.
Best,
Vince Spiars
Information Security & Operations Manager
Exley Science Tower rm 513
ext 3072