The Springfield Police Department Doesn’t Accept Flash Drives Because of their Ability to Spread Viruses. They Do, However Accept Compact Disks. Is This a Sound Policy or Does It Leave Them Vulnerable to Hackers?
As we all know, our world is changing faster than we can anticipate, and with every new technology there is a wide variety of old technology left in its path. Technology service companies have to stay up to date on every new gadget, software, or threat to insure that they are fully serving their customers. To give you an example of this, if I were to sell a Windows XP workstation to a business and tell them that it is safe, secure, and would be a great investment, I shouldn’t be in the IT business. With that suggestion, I compromised the safety of that businesses data, that is if they take me up on it.
One place that we should never have to worry about safety and security is our police department, after all, they are sworn to uphold and protect the laws of their community. This includes laws about securing sensitive data like Social Security numbers. The reality is, it is no longer okay for people in charge of security and safety to not understand the risks and benefits of the digital world.
Recently a friend of mine asked me a simple question, “Can you get a virus from a CD?” My answer was, “Well, of course you can! A CD holds the same 1s and 0s as any other digital media, and can retain any 1s and 0s you place on it. This includes malicious code, or a harmless picture of a cat.”
It seems that during an attempt to inform the Springfield Police Department about a security violation they were participating in, Steven Wyse (attorney) and Derrick Marshal (private investigator) attempted to give the Springfield Police Department a USB drive with evidence of the security violation, and was told by Amanda Callaway, the SPD’s attorney, that they are not allowed to take USB drives because they could hold a virus.
Raw Footage of Complaint Delivery to the Springfield Police Department
So what is a USB drive? Well, it is a small device that stores and transfers information using the universal serial bus (USB). USB drives can be used to store just about any digital information, only restricted by the size of the chip on the board. For example, you can store documents, photos, music, operating systems, viruses, and programs. For the most part, USB drives are formatted using FAT or NTFS file systems, this is because they are the most widely used file systems. USB drives have a fairly long life span, I have had one that I still use from 2005. One of the great things about USB drives is that they can be written to over and over again with ease. All USB drives do this by default.
So what is a CD? Well, it is a small plastic disc that stores and transfers information using reflective light. Like USB drives, you can use them to store just about any digital information, and the amount of information is only restricted by the size of the disc. For CD’s, however, their file system is a little different, but the function is the same. That is, any file system is used to index and retrieve data. You can compare a file system to the Dewey Decimal system if that helps. Compact discs have been around since the early 80’s, I am sure some of us still remember AOL’s sign up disc?
Because of their long history, there are many types of CD’s out in the market. Some of them are only writable once, and some can be rewritten to over and over again, in a similar manner as a USB drive. Some are very small, while others are larger. However, they all do the same thing, store and transfer data.
USB Drives and CD’s as Tools For Malicious Intent.
USB drives and CD’s play the same role, just in different packages. We are, however, seeing a decline in the use of the Compact Disc, and USB drives are becoming the standard choice. However, they can both play a role in bypassing security protocols.
Many businesses are creating policies to protect themselves from attacks by unseen technical forces, and protecting from attacks through USB drives is one concern that has been around for some time. Like SPD, many organizations are choosing to reduce the use of outside USB drives, and many opt for CD’s, a form of media that is less likely to contain something that is malicious. It is true that USB drives are more likely to contain a virus, simply because of the way we use them. However, that doesn’t mean that CD’s are exempt from hiding code that can damage systems. It is just less likely because most of us write data to a CD and leave it, where USB drives are used for daily activities, and are plugged in and out of many different computers, making them more promiscuous than CD’s.
However, this doesn’t mean that a CD can’t pass on a virus, intentionally or not. Because the security of computer systems and networks have become a priority for most, people intending to do harm have become more innovative in the way that they deploy their attacks. That is, they are finding loopholes to exploit both new viruses and forgotten ones.
Let’s go back to the Windows XP workstation. Because Microsoft no longer supports this operating system, would-be criminals are using holes in it’s security to spy, steal, and cheat people around the world. Those businesses or individuals that are still using XP have put themselves at risk for an attack on their data. This is not much different than the USB Drive and Compact Disc. If businesses believe that CD’s pose no risk, they put themselves in danger of someone gaining access to their systems.
If you have a security policy in place for your computer systems, make sure you are covering all your bases, or all of your hard work may have been for naught. If you don’t have policies in place, Call Me!
For those that are unsure of daily digital risks, ask someone, call me, or let me google that for you.
Slack Space LLC