Home Navigation

Recent Events Recent Events
Upcoming Courses Upcoming Courses

Contact Information

TELEPHONE:

Sales & Technical Support
(800) 852-0300

EMAIL:

info@forensics-intl.com
Technical Support:
support@forensics-intl.com

Information

Security & Law Enforcement Risks - Portable USB Devices

by Michael R. Anderson

It wasn't that many years ago when we were limited to cassette tapes and 160k floppy diskettes to store our important computer data. I remember when I bought my first computer....a trusty Tandy TRS 80 Model III. Back in the late 1970's, when that computer was in its prime, you stored your important files on cassette tapes. When the 160k floppy disk drives became available, I thought I was in "geek heaven". I remember wondering, "How will I ever fill a 160k floppy diskette with data?" Then when five megabyte hard disk drives became available in the early 1980's I was really blown away. We never imagined that hard disk drive sizes would eventually grow into the multiple-gigabyte storage range and floppy diskette storage would eventually exceed 2 megabytes. Portable flash memory devices were beyond the comprehension of most computer users back then. Boy have things changed!

Thanks to the popularity of digital photography and the advent of flash memory chips, computer storage devices today are compact and their storage capacities can exceed one gigabyte. In just two decades computer technology advances have made it possible for us to store the data capacity equivalent of two hundred 1980 vintage hard disk drives in tiny portable devices that will easily fit in the palm of a hand. Some of these devices pull double duty and have been configured into key chains, pens, watches and even a Swiss Army knife. These portable storage devices make it convenient for us to backup important computer files and to transfer data from one computer to another using USB technology. However, they also create significant security risks for government and corporate employers because proprietary and/or classified data can easily find its way onto these devices. Granted corporate and government policies many times forbid the use of these devices but are the policies followed? The insider threat is a real one concerning the unauthorized copying and storage of proprietary corporate data, e.g., client databases, bids, insider information and research and development data. Private sector government contractors typically have access to classified government data and information. Can you imagine the problems created when classified data migrates onto these portable flash memory devices? Needless to say, these new storage technologies have a high "wow" factor for those of us who live and breath computer technology. But, the same devices are causing CIO's and CSO's to rethink their internal security policies and the nature of their internal threats.

With computer security and the insider risk in mind, take a look of a sampling of flash memory- based USB devices that are currently available in the marketplace.

Examples of compact storage devices:



These graphics were created and donated for use by NTI's clients by Dr. Henry B. Wolfe, Associate Professor, Computer Security & Forensics, Information Science Department, School of Business, University of Otago, Dunedin, New Zealand. The illustrations came into being because of his research tied to potential business risks. It is important to note that much of the computer security and business liability research world-wide is being done by universities in their schools of business. This is because computer technology advances have come with a mixed blessing and many new risks and liabilities have been created for businesses in recent times.

Take for example these beautiful flash memory-based executive pens:





Food for thought.....

  • Will one of these USB-based storage device pens be overlooked by law enforcement officers during the execution of a search warrant in a computer related investigation? Without proper training and an awareness of current technologies, I think this is likely.

  • Will a probation and parole officer consider these as prohibited items for use by a convicted sex offender? Without training and awareness, I think not. They each have a storage capacity of approximately 256 million bytes and each can easily store 200 images of child pornography within the flash memory chips contained in the body of the pens.

  • Will the security officers at the entrance and exit points of a classified government facility consider these to be banned items and a potential security risk? In most classified facilities they are well aware of computers, cell phones, digital cameras and weapons but it is my guess that these will pass right through security stations without detection.

  • Would things have been different if this technology had existed years ago in the Hanssen spy case? You might recall the case of FBI Special Agent Robert Hanssen. He was alleged to be a spy for the Soviet Union and allegedly stole classified information from the FBI's computers and files for more than a decade. It is my guess that these devices would have been very helpful in the theft of U. S. government secrets in that case.

    • I have one of these flash memory pens and it is very effective in disguising the fact that it is a large capacity external flash memory storage device. The one that I have was made by PNY Technologies and it was purchased for under $60. It has a storage capacity of 128 megabytes but I could have paid a few more dollars for one with a storage capacity of 256 megabytes. The device that I purchased also functions as a beautiful executive pen which I use on a daily basis. Although this portable storage device has a high "wow" factor, it is also scary from a computer security risk standpoint. A disgruntled employee armed with one of these pens, could easily steal company data. The same could be true of a contractor, e.g., a janitor or repair man. When Windows 2000 and Windows XP-based systems are involved, the pen automatically interacts with the computer through a USB port and no installation of special software or drivers is required. These operating systems automatically recognize the device as a remote storage device and files can easily be copied from the system to the device under DOS or through the GUI interface. Granted passwords are required to log onto these systems but if a system is left running, it could easily be compromised. The same would be true if passwords are written near the computer keyboard which I know to be the case in some government and private sector office environments.

    The same security threats could exist with the cool flash memory based watch that is illustrated below. Most people wear watches in the workplace and these devices could easily go unnoticed in most businesses and government agencies. Most people are not aware that this beautiful watch also doubles as a mass computer data storage device which is capable of storing over 256 megabytes of computer data. I don't have one of these yet, but my wife may find it on my Christmas list. (;^)


    My intention in writing this article is to provide a wake-up call for law enforcement and security officials. Also, be aware that NTI covers these security risks and others in its popular 5 Day Computer Forensics Training Course. Unfortunately there is no magic remedy that will resolve the insider threat posed by these new computer storage technologies. Awareness, policies and policy enforcement are really the only answer when it comes to insider threats tied to portable USB devices. For more information about flash memory storage devices, please review the articles posted on NTI's web site at http://www.forensics-intl.com/art16.html and http://www.forensics-intl.com/art23.html .