Danger! UXB details lost on USB

Filed Under: Data loss

Danger UXB

Associated Press is reporting that a soldier has been convicted of negligence by a Swedish court, and fined 21,000 kronor (£1735) for losing a USB memory stick containing details of unexploded bombs in Afghanistan.

The 31-year-old soldier admitted leaving the USB flash drive, which contained classified information he had collected while serving as a peacekeeper in Afghanistan in 2006, in a Stockholm university computer. The data should have been handed back to authorities at the end of his mission, but the device was clearly still being used two years later.

The news comes at the same time as reports indicate that the US Army is cracking down on the use of USB storage devices. According to Wired, the commander of US Strategic Command has ordered the ban of all removable data storage devices, following defence networks being infected by the SillyFDC worm.

There are many variants of the SillyFDC worm, which typically infect Windows PCs by spreading via USB drives, hunting for any removable device connected to the computer. The malware then downloads further code from the internet, opening the potential for identity theft or launching distributed denial-of-service attacks or spam campaigns.

I would recommend that computer users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC.

Any storage device which is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.

Device control technology can help your company reduce the risk of data leakage and malware infection, by giving administrators control over removable
storage devices.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.