So you’ve found a cool little USB drive lying around. There’s no one else around, why not keep it right? Or why not just plug it in to find out if there’s any identifying information that will lead you to its owner?
The answer to both of these questions is a resounding no. When the United States Department of Homeland Security launched a similar experiment in 2011, they uncovered that 60% of those who found flash drive planted or left outside the government and contractor buildings plugged them straight into their networked computers. Even worse, when the flash drives were outfitted with an official looking logo, the number skyrocketed up to 90%.
It’s interesting because this were government workers the held positions at the US department of Homeland Security. How much more so would it be for the average individual who find a flash drive lying on the street? It would probably be their lucky day to them. Even when it came to IT security professionals, another study revealed that 78% experimented with unidentified flash drives. Of those surveyed, more than 68% had been personally responsible for a security breach at their job or home, often as a direct result of the unidentified flash drives.
I can’t tell you how important it is that you never plug in an unidentified flash drive into your host computer. Nowadays, cyber thieves could install a small unidentifiable key logger that downloads itself onto your computer once it’s plugged in. From there, you continue to type in all you passwords, logins, and accounts information as you regularly would into your computer, and the key logger will keep track of that information, sending it back to the person who left the flash drive for unprepared victims to pick up.
Stuxnet, the worm that made Iranian centrifuges go into hyperdrive, was delivered by a flash drive. A flash drive was responsible for one of the most serious cyber attacks on the U.S. military in history. And while it wasn’t a virus, Edward Snowden is reported to have used a flash drive when he downloaded the NSA, further raising the stakes of USB port security.
Whether it’s personal information on your computer or secrets of national security, we need to educate one another about the dangers of relaxed plug and play with flash drives. Make sure you never inspect an unidentified flash drive from the ground or elsewhere, and even be weary in some cases about letting friends plug in flash drives into your computer as well. You just never know. And it’s always better to be safe than sorry.