I actually did find a USB stick in a parking lot once. And I was curious of course so I used an OTG cable and an old android phone to look at what was on the stick. I certainly did not stick it in a windows machine and figured the phone wasn’t going to pick up any malware, but if it did I really wasn’t out anything.
Mostly it was pictures of young Marines in Vietnam back during the war. I knew this because I am an old Vietnam vet myself and figured the photos were valuable to the owner. However I was able to identify the owner from information in a couple of text files.
I looked him up through a couple of online sites and it appeared that he lived a couple hundred miles away in another state. I found an email address online and send him a note explaining where I found it and asked if it did indeed belong to him. It turns out that he was working in my area during the work week and had lost the stick here.
The files on it were things he was putting together for an upcoming 50 year reunion for his old Marine unit and he very much wanted the drive back.
The rub was that at the time I was working out of the area during the work week, so we were never in town at the same time and I ended up mailing the drive to him and we never did manage to meet up in person and let him buy me that beer. But I was just glad I was able to get it back where it belonged.
I think that is a new record for me. Most of the comments are divided between the “Don’t ever do that!” and “With modern security it is no problem.” Along with quite a few “What a nice thing to do!” comments.
The last ones are appreciated, but after I saw what was on it I had to get it back to the owner. The first ones are also appreciated also, but please read the answer again.
The stick was plugged into an old android phone that was not in service, had been replaced by a newer phone which had also been replaced by a newer one. So it was never plugged into any of my computers and was never exposed to my, or anyone else’s network.
Not even the cell company. Just an old smart phone out of the junk drawer in airplane mode. So chances it could cause me any real grief were pretty remote.
Now over 10K upvotes and people still aren’t reading what precautions I took to avoid contamination of any of my, or anyone else’s, computers or networks. Somebody just asked me “If you found a gun on the ground would you try to shoot yourself in the foot to see if it was loaded?” No, Robert I certainly would not. I have been using firearms for over 65 years, and even when I was 5 years old I wasn’t that stupid. Are you that stupid?
was CIO for a credit union in the 2000s. In early 2005, an employee found a USB stick one morning in the parking lot. She brought it to me, and I thanked her.
We had a workstation in IT that wasn’t attached to the network, so we used that computer to check the contents of the stick. It had one file on it, a text file, saying that the stick was the property of a security audit firm who should be contacted to retrieve the stick.
I had hired the firm to do a “robust” examination of our security.
I wrote a short report on the discovery of the stick, the non-networked workstation that we used to inspect the device, and our findings. I gave that report and the stick to the lead auditor. He told me that one aspect of their audit was to place two or three of these USB devices around our main building to see if anyone was curious enough to see what was on them.
Within a year, we had software that would detect (and deactivate) a network-connected workstation that had a non-registered USB device plugged into it. We were a relatively small company with around 200 workstations on our network and this was nearly 20 years ago, so I think most networks are immune to USB-based attacks.
