Child abuse photo collector forgets to encrypt his USB stick - Bad security is a good thing

Filed Under: Featured, Law & order

USB stick. Image from ShutterstockSometimes some good can come from poor computer security.

The Burton Mail reports that a 46-year-old British man was found guilty of downloading indecent images of children after he accidentally shared his USB memory stick with a work colleague.

According to reports, Nicholas Hill, of Belvoir Crescent, Newhall, handed a memory stick to a female colleague in order to get a recording of a TV programme, but as soon as his workmate plugged the USB drive into her computer she was shocked to be presented with an array of indecent photos.

Clearly, Hill had not encrypted the data on his USB flash drive.

When police were called they found "279 images in the mildest category and six which were slightly more serious" contained on the memory stick.

Hill's defence team said that he had been collecting such images for a number of years, and told a hearing at Derby Magistrates' Court that their client deeply regretted committing the offence, and was previously a "man of good character".

Presiding magistrate Jill Steiner put Hill on probation for three years, and ordered him to attend a community sex offenders' group work programme. If Hill buys computer equipment in future, he must allow it to be inspected by police officers - although he has said that he will access the net only from a public library in future.

Aside from serving probation, Hill has also been ordered to pay £85 costs. As he is currently between jobs, it was has been agreed that he can pay the fine in monthly installments.

Being a consumer of child abuse imagery only encourages others to supply more, and ultimately abuse the young innocent victims. Hopefully Hill will rebuild his life, and not engage in child abuse material again.

If that's the case then some small good will have come out of poor security.

USB flash memory drive image from Shutterstock.

, , ,

You might like

10 Responses to Child abuse photo collector forgets to encrypt his USB stick - Bad security is a good thing

  1. Amanda Snyder · 1093 days ago

    He ought to be punished much more severely for that crime! Shaking my head at the UK now.

  2. Miguel Guerreiro · 1093 days ago

    No pen drives, no computer and stay there! put!
    Troubled minds should always be monitored !!

  3. eddie minto · 1093 days ago

    Cut his knackers off, on the other hand I found a few myself and none of them had encryption on them.

  4. Internaut · 1092 days ago

    Who decides what is "mildest category", or "slightly more serious" and is "indecent photos"? Obviously, the police thought so or the prosecutor thought so and so did the judge. But mild? Slightly serious?

    Like too many other laws, too many get to decide what - is what. One persons definition of "indecent" may mean the images seen in catalogs with kids in bikinis to kids in a nudist camp to outright ugly severe porn. With all of that, mildest category gets a mild sentence - for what? Porn is porn, and when it comes to kids, there is no mild or slightly serious crime.

    Such approaches to anything only serves to water-down the crime. After a time, mild and slightly serious becomes more or less acceptable, or lighter and lighter sentences and fines.

    I fear for the children, even those exposed to "mild" to "slightly serious" abuse. Each time someone publishes mild to extreme, a kid is abused.

    As long as the subject has been around the pattern of discussion is about punishment, not prevention. Progress on the issue is like the US Congress verses Progress. Nothing much gets done as hundreds make a living on everything from detection to conviction, and very little spent going after the one's behind the camera lens.


    • anon · 1091 days ago

      In the UK images are graded in severity according to a standardised scale, generally a variant of the COPINE scale. This has reasonably specific definitions of severity in a number of grades. These are related to sentencing guidelines, with certain severities mandating particular degrees of punishment, such as imprisonment.

    • myname · 21 days ago

      The people decide what is mild based on what is happening in the pictures. For example, the mildest includes things such as fully clothed children, but close-ups on the genital region. That's technically considered child pornography. Another slightly less mild example would be simple nudity. They are considered mild because the abuse level in them are very low or non-existent, compared to the other end of the extreme, like actual rape.

  5. Dan Buzzard · 1092 days ago

    I doubt encryption would of saved him as he would likely need to allow his co-worker to decrypt the drive. I think it's just as much of a "Don't share USB Drives" lesson.

    • Loki · 1091 days ago

      No. The whole drive doesn't need to be encrypted, just each photograph or folders for the group of them.

      I only have one "thumb" drive that is completely encrypted in itself, but I carry about four of them and all have encrypted contents. None have anything like this stuff on it. Just private files.

    • oppiman · 1091 days ago

      If you set it up correctly, you can have multiple partitions, or multiple folders or files that can be mounted as drives with multiple different encryptions on a stick.
      You can even have encrypted stuff inside of encrypted stuff.
      The tool we use in our company allows one folder to be left "unencrypted" or only encrypted with a group key. He could have shared the group folder with the colleague leaving other stuff secured.
      Well, luckily this guy had no clue despite being stupid enough to carry this stick around and even bring it into the company.
      Besides that I wonder as well about the mild punishment.
      And I wonder even more why material like that still can be found everywhere in the Internet and sites serving such material can't be brought down.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley