We know all too well that sticking a found USB flash drive into your computer carries big risks, and in a worst-case scenario, it could fry your machine.
Perhaps that’s why one curious guy in London recently headed to a library with a stick he reportedly found in the street. But instead of ruining one of the library’s computers, the USB stick revealed highly confidential information linked to the security procedures of one of the world’s busiest airports, according to the Sunday Mirror.
None of the 2.5GB of data on the flash drive was encrypted or password protected, allowing the man to explore 76 folders holding sensitive security information for London’s Heathrow airport.
Containing “maps, videos, and documents,” the data revealed, for example, the route the Queen and her entourage take when heading to and from the airport, and the security measures put in place to ensure her safety. Some of the information was labeled as “confidential” and “restricted” but could still be accessed in a couple of clicks.
The stick also contained details of all the different kinds of identification required to enter the airport’s restricted areas — including for undercover cops — and “maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express,” a train route that runs between the airport and central London.
The man said he found the stick in a residential street about 10 miles east of the airport. He handed it to the Mirror, which immediately contacted Heathrow officials. The airport operator is now conducting an investigation into the matter.
Unnamed sources connected with the airport told the news outlet that those looking into the matter were keen to discover if the incident was the result of an “incompetent data breach” or if someone had intentionally transferred the information onto the drive and taken it off site, possibly for nefarious purposes such as terror or cyberattacks.
Every year Heathrow handles around 75 million passengers who are flown by more than 80 airlines to destinations around the world, leaving the authorities with a huge security challenge. The idea that someone working at the airport may have secretly transferred the data onto a stick and then taken it away from the site will be of huge concern.
Heathrow said in a statement that passenger and staff safety was its “top priority,” adding that it was confident the airport was “secure.”
While slotting a USB stick into a computer is certainly a risky thing to do, in this case it appears to have exposed a monumental lapse in security that’s certain to force the airport into conducting a full review of the way it handles sensitive data.
