Researchers recovered 75,000 “deleted” files from old flash drives


Be care­ful when throw­ing away or giv­ing some­one an old flash dri­ve. Even if you have delet­ed all the infor­ma­tion from the media, this does not mean that it can­not be restored. This was clear­ly proven by cyber­se­cu­ri­ty researchers at the Uni­ver­si­ty of Aber­tay (Scot­land). For the sake of the exper­i­ment, they bought a hun­dred used flash dri­ves at an Inter­net flea mar­ket and restored 75,000 files from them that were delet­ed by the pre­vi­ous own­ers. The recov­ered files include valu­able tax returns, bank state­ments, con­tract data, and oth­er sen­si­tive infor­ma­tion.

Sensitive Information

Only 32 flash dri­ves out of a hun­dred were cleaned cor­rect­ly, with the com­plete removal of infor­ma­tion. Using pub­lic data recov­ery tools, the researchers were able to par­tial­ly recov­er files from 26 flash dri­ves and entire files from the remain­ing 42 USB dri­ves.

Many of the extract­ed files were found to be high­ly sen­si­tive. They includ­ed pass­word lists, con­tracts, bank state­ments, and tax returns. Many flash dri­ves had pri­vate pho­tographs embed­ded with the date and time of the shoot­ing.

“This is an extreme­ly wor­ry­ing sit­u­a­tion. The poten­tial for mali­cious use of this infor­ma­tion with extreme­ly seri­ous con­se­quences is enor­mous. An unscrupu­lous buy­er could use the recov­ered files to access sell­er accounts if the pass­words are still valid. He might even try those pass­words on oth­er accounts giv­en how com­mon pass­word reuse is. It is like­ly that an attack­er could find the sell­er’s email address among the files. He could try to deduct mon­ey from bank accounts or even black­mail the sell­er by threat­en­ing to release any com­pro­mis­ing infor­ma­tion.”says Pro­fes­sor Karen Renaud of Aber­tay Uni­ver­si­ty’s Cyber­se­cu­ri­ty Depart­ment.

Accord­ing to Pro­fes­sor Renault, many peo­ple don’t even real­ize that when com­put­ers delete files, they don’t actu­al­ly destroy the infor­ma­tion com­plete­ly. “The file is removed from the medi­a’s TOC, so it’s basi­cal­ly just hid­den from view. They are still there. And if you know how, you can eas­i­ly restore them using pub­lic tools”says the pro­fes­sor.

What to do?

If you are going to sell or trans­fer to anoth­er per­son a flash dri­ve on which some­thing con­fi­den­tial was pre­vi­ous­ly stored, use spe­cial soft­ware for deep clean­ing of the media. These pro­grams are free and pub­licly avail­able.

If you plan to just throw away the flash dri­ve as unnec­es­sary, then just destroy it. Burn the media or give it a good ham­mer­ing to dam­age its sil­i­con innards. Only in this way you are guar­an­teed to make it impos­si­ble for a third par­ty to recov­er infor­ma­tion.

If you want to receive news via mes­sen­ger, sub­scribe to the new Telegram chan­nel iGate







Добавить комментарий