Pause carousel
Play carousel
Researchers recover 75,000 'deleted' files from pre-owned USB drives
Highly sensitive tax returns, contracts and bank statements were among 75,000 鈥榙eleted鈥 files recovered by cybersecurity researchers as part of an Abertay University investigation into the risks of selling used USB drives over the internet.
The team, from Abertay University, made the startling discovery after purchasing just 100 devices on a popular online auction site and examining them further.
98 of the USBs seemed, at face value, to be empty. However, with publicly available tools it is worryingly easy to retrieve data.
Only 32 of the drives had been properly wiped. Partial files were extracted from 26 devices and every single file was extracted from the remaining 42 USB drives.
Many of the files extracted were determined to be of high sensitivity, and included files named 鈥減asswords鈥, contracts, bank statements and tax returns.
Other USB drives contained images with embedded location data.
Professor Karen Renaud (pictured), from Abertay鈥檚 internationally renowned Division of Cybersecurity, said: 鈥淭his is extremely concerning, and the potential for this information to be misused with extremely serious consequences is enormous鈥.
鈥淎n unscrupulous buyer could feasibly use recovered files to access sellers鈥 accounts if the passwords are still valid, or even try the passwords on the person鈥檚 other accounts given that password re-use is so widespread.鈥
鈥淭hey would likely be able to find a seller鈥檚 e-mail address from the files we found on the drive. They could try to siphon money from the bank accounts or even blackmail a seller by threatening to reveal embarrassing information.鈥
鈥淎 lot of people don鈥檛 realise it, but the way many computers delete files doesn鈥檛 actually remove them.鈥 - Professor Karen Renaud
Professor Renaud said that the sellers would not have been aware that they had left data on the drive: 鈥淎 lot of people don鈥檛 realise it, but the way many computers delete files doesn鈥檛 actually remove them.鈥
鈥淲hat happens is that the file is removed from the index so that they are effectively hidden from view. They鈥檙e still there though and if you know how, you can easily recover them using publicly available forensics tools.鈥
鈥淪oftware is freely available that can permanently wipe USB drives, so if you are going to sell a device we would strongly recommend using that.鈥
鈥淚f you鈥檙e planning to discard a USB device without selling it, you should destroy it with a hammer 鈥 make it impossible for a third party to get hold of the data it stores.鈥
鈥淚f you鈥檙e planning to buy a new USB drive, the best way of mitigating the risks is to buy an encrypted device.鈥
Interestingly, none of the drives held any viruses or other malware, which meant that a buyer would be perfectly safe using the purchased drives.
The research, led by student James Conacher for his Masters project, found that while the risks to the sellers were high, buyers faced no risks for these specific 100 drives.
To read the research in full, visit:
For more information about Abertay鈥檚 Cybersercurity courses visit: /schools/school-of-design-and-informatics/division-of-cyber-security/
