USB Drive With Int’l Airport Security Info Found On Street

Threats to the enterprise come in all shapes and sizes, including a small USB drive discovered in a pile of leaves in London.

Heathrow, an international airport in London, launched an investigation Sunday after a USB stick containing sensitive information about Queen Elizabeth’s security detail and the airport’s anti-terror measures was passed over to a British newspaper, the Sunday Mirror.

The USB stick was allegedly turned in by an unemployed man who was headed to the library to surf the internet for jobs when he spotted the abandoned drive in a pile of leaves. The discovery allegedly happened near Ilbert Street in Queen’s Park, West London – miles from the airport.

Once this man had gotten ahold of the stick, a few days elapsed before he reportedly plugged the drive into a library computer and found a collection of questionable files, according to CNN.

More specifically, the drive allegedly carried the route the Queen takes when she travels, along with that of senior British politicians. It also identified CCTV camera locations and traced maps of tunnels and escape routes. What’s more, the drive contained information about Heathrow’s ultrasound radar system, which it used to scan runways and the perimeter fence.

See related: NotPetya Costs Merck, FedEx, Maersk $800M

In total, there were 76 files on the drive, clogging up 2.5GB of data, according to CNET. Perhaps more surprisingly, none of the files were encrypted or password protected.

In a statement, an airport representative said, “We have reviewed all of our security plans and are confident that Heathrow remains secure. We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in (the) future. The U.K. and Heathrow have some of the most robust aviation security measures in the world and we remain vigilant to evolving threats by updating our procedures on a daily basis.”

Further, London’s Metropolitan Police told CNN that no crime was reported, but that Heathrow Airport alerted them to the problematic discovery.

News of the atypical, street-side find comes just days after Ukraine reported another cyber hit on its airport operations. Last week, the country’s Odessa airport and Kiev’s metro system fell victim to hacks that the state-run Computer Emergency Response Team (CERT) confirmed and attempted to mitigate. The metro system reported attacks on its payment system.

See related: Reaper Botnet Wreaking Havoc On Milllions Of Devices

Ukraine was an epicenter of this year’s devastating ransomware attack (NotPetya), and the government has forecast future strikes.

While the nation’s cyber police and infrastructure ministry said the latest wave did not constitute a mass attack, enterprises there are on high alert.

While Ukraine believes it has been a recurring target for Russian hackers, this latest breach also falls in line with the data heist that has reportedly taken place in the U.K.

That said, enterprises of all sizes – including government agencies and infrastructure operations and administration – are landing on black-hat hit lists. The discord has cost global corporations hundreds of millions of dollars in 2017 alone, and so the real-time breach threat grows each day.

While it can be difficult to button up files and sensitive data across all arms of an operation, the latest Heathrow incident proves that this is a multifaceted and disparate effort – via Trojan horses, bitcoin-demanding bugs and a click-drag method of placing heisted files on an open flash drive (among many other tactics, mind you).

That said, CIOs and CISOs must be cognizant of recurring threats and be prepared to launch remedial protocols right away should their enterprise be cracked. It also should be noted that a bulk of hacks/breaches can still be traced back to human error, i.e., slipping out of the office with your removable storage in tow.

On the matter, Senior Principal Analyst at Enterprise Strategy Group (ESG), Jon Oltsik, told CSHub that addressing the human-error element of data heists is quite complicated, and costly. "The only way to deal with hardware leaving the office is to have guards stationed at ingress/egress points who inspect everyone who enters and exits," he said. "Very costly and inconvenient."

"An easier solution is to disable the USB ports on machines. If someone really needs removable storage access, you can enable his or her ports, but only allow approved USB drives to access them," he continued.

Oltsik also offered another bit of advice for enterprise professionals. "You also audit this activity and look for anomalous behavior, like when someone suddenly downloads and saves thousands of documents."

Geopolitics, MP movements and memory sticks aside, these latest incidents prove that cyber security has never been more essential for an enterprise.