Published: 18:25 EST, 4 November 2020 | Updated: 18:30 EST, 4 November 2020

The University of Aberlay purchased 100 secondhand devices and all by 32 of them contained ‘deleted’ files that could be extracted using publicly available tools.

The files were collected using a USB Write Blocker, a forensic tool used to pull mass data from devices, and a standard computer.

Once the image files were collected, the team saw records included passwords, bank statements, health records and more – enough data for hackers to blackmail sellers.

Cybersecurity researchers recovered 75,000 ‘highly sensitive’ documents from USB devices auctioned off on eBay. The University of Aberlay purchased 100 secondhand devices and all by 32 of them contained ‘deleted’ files that could be extracted using publicly available tools

Professor Karen Renaud from Abertay’s Division of Cybersecurity, said: ‘This is extremely concerning, and the potential for this information to be misused with extremely serious consequences is enormous.

‘An unscrupulous buyer could feasibly use recovered files to access sellers’ accounts if the passwords are still valid, or even try the passwords on the person’s other accounts given that password re-use is so widespread.’

When the team first plugged the USB drives into the computer, it appeared that 98 of them were empty.

But once they attached them to the USB Writer Blocker, the documents immediately appeared – only 32 of the drives had been properly wiped.

The data, according to researchers, is enough ammunition for a hacker to launch an attack like draining a bank account or blackmail the device’s owner by threatening to reveal embarrassing information

Partial files were extracted from 26 devices and every single file was extracted from the remaining 42 USB drives.

‘Image Files titled ‘Passwords[1-10].jpg’; CVs, Personal statements, Employment contracts, Time sheets; Data relating to apprenticeship trainees; Invoice records; Divorce information, Bank statements, Health records, and saved web pages,’ the team shared in the study.

The data, according to researchers, is enough ammunition for a hacker to launch an attack like draining a bank account or blackmail the device’s owner by threatening to reveal embarrassing information.

Professor Renaud said that the sellers would not have been aware that they had left data on the drive: ‘A lot of people don’t realize it, but the way many computers delete files doesn’t actually remove them.

‘What happens is that the file is removed from the index so that they are effectively hidden from view.’

‘They’re still there though and if you know how, you can easily recover them using publicly available forensics tools.’

On a PC, open the command prompt from the Start Menu and type ‘format e: /p:3,’ (if ‘e’ isn’t the letter for the flash drive, change that accordingly).

For Mac owners, On a Mac, open the Disk Utility app, select the drive, click ‘Erase,’ then click ‘Security Options’ and move the slider control to the third, ‘3-pass secure erase’ option.

Share what you think

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook.

You can choose on each post whether you would like it to be posted to Facebook. Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy.

US Air Force tests new line of ‘G-Suits’ tailor-made for growing influx of female fighter pilots – complete with adjustable straps and form-fitting waist compression

Source: https://www.dailymail.co.uk/sciencetech/article-8915465/Security-experts-extract-75-000-highly-sensitive-files-100-USB-drives-sold-eBay.html

USB flash drive, Computer security, Computer

World news – GB – Security experts extract 75,00 files from USB drives sold on eBay

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here