Thursday, 20 September 2018
Lost key fob memory stick opened door to finder’s data to hacker
Lost keys opened up a world of opportunity to a computer hacker.
The finder couldn’t resist plugging in to his machine at home a memory stick that was attached to the keyring.
But the keys belonged to an ethical hacker – someone paid by clients to try, legally, to break into their supposedly secure systems.
And the memory stick contained a programme designed to search computers for access codes, user names and passwords.
It took less than a day before the hacker, identified only as Peter, knew who had his keys and access to rafts of personal information.
“I took my keys out of my pocket in a restaurant and then, stupidly, left them on the table,” said Peter.
“As soon as I got home I realised what I’d done, but the keys were not still there when I called the restaurant.
“But I realised I could locate my keys by accessing the information transmitted by the memory stick to my computer.
“Eighteen hours later, when he could no longer resist knowing what might be on the stick and plugged it into his computer, I emailed the finder to arrange to collect my keys and advise him to change all his passwords.
“It would be an understatement to say he was surprised by how much he’d given away just by plugging in a memory stick he knew nothing about.”
The moral of the story, according to Peter, who works for Chamber member Pyranet, of Nottingham, which specialises in providing IT support and services to businesses, is “never plug into any machine any memory stick if you don’t know where it’s come from”.
Next week, the Chamber will be hosting a cyber-security conference at Chesterfield’s Proact Stadium, at which the need for training and vigilance will form a prominent part of the day’s discussions.
Joe Burns, Technical Director at Pyranet, will be taking part in the conference, demonstrating how easily people give away personal data.
It is estimated that up to half-a-million small and medium-sized businesses in the UK could have been victims of cyber crime through emails, at an average cost of £27,000 per business.
Andy Watterson, the Chamber’s Business Crime Manager, said: “If Peter had plugged the memory stick in at work he could have inadvertently exposed his employer to a huge data breach, with all the ramifications it would have under General Data Protection Regulations.
“He was lucky the memory stick belonged to an ethical hacker and not a hacker with criminal intent.
“Employees are the biggest risk to business data protection. They are also the first line of defence against hacking and phishing. It’s vital they are properly trained to know and recognise the risks and not make mistakes, which could be very expensive to put right.”
The East Midlands Cyber Security Conference takes place on Thursday 27 September, starting at 9am. To see the full agenda and to book a place, visit https://bit.ly/2wj31BH.Back