Are External USB Drives a Target for Espionage?

7/26/2009 | poiuqwer

[MarMema]

At my workplace they must be encrypted, which is a major hassle.

[Kolb]

I would never ship back any drive that has data on it, period- replacements are too inexpensive. For the same reason I assemble my own external drives (really, really easy), that way I have control over what parts are used and can easily swap drives if data needs to be recovered from another.

As to the espionage theories...with electronics almost anything is possible.

[bitterohiogunclinger]

I'd be more inclined to buy an enclosure and install my own quality hard drives in them than to go the Chinese junk route.
Enclosures run $30 to $50. Drives should last 3 to 5 years easily.

[devane617]

For $100.00—take a hammer to it....I completely agree with you. I bought a used pc a few years ago, got it home booted it, and it booted...To my surprise, it was a pc from a VERY big computer company with what appeared to be confidential info. I called the local branch and they switched me around for a few minutes until I got a tech guy that almost laughed when I told what I had. He stopped laughing when I read a few emails from one of the exec’s. They requested that I bring the pc to them for cleaning and I did. They were to call me to pick it up the next day. Never heard from them and they tech guy would not respond to my calls. Basically, for my good deeds, I lost $50.00....Next time, I will build a website and post the data for everyone to see,,,,

[poiuqwer]

And do the Chinese really need our illegal MP3s? That’s what occupies most of the space on these things.

Thieves don't care about what most people do! They care about what some people do. Most people lock their doors. Some accidentally leave them open one day. That's what thieves look for.

Many people backup everything, including email files, financial documents, personal information, which can often be used to deduce passwords and bank accounts. Their only concern is to protect their data from the main internal drive failures; not from spies.

[4rcane]

i think its absurd for being so paranoid. Who are you? That the Chinese want to know your secret. Waste of time assigning millions of man hours sniff through nobodies just so they could magically stumble on some top secret information they could use. Theres better ways of putting that resources to good use

Recently I had to send my hdd to singapore to get it fixed under warranty. Maybe they too want to know my SECRETS

[wally_bert]

Every HDD where I work is either secure cleansed or crushed. An untouched drive doesn’t leave.

[aft_lizard]

Yuck. You actually thought buying a USB drive at Costco was a good idea for a secure back up?

Either way I would simply take it out of its enclosure and hook it directly up to the mainboard and see if the drive itself is dead. If it is get a heavy magnet and sit it on the drive for a couple of days at least. Wven then I still wouldnt be secure with the thought of sending it in.

If the drive is good buy a new enclosure from Newegg. However I doubt it is. Cheap external drives have poor air cirulation which kills the drive.

[Westbrook]

Your USB external drives are configured as a RAID array?

I use NAS rather than USB for that, but I suppose USB is cheaper.

In any event, make the Chinese replace it. Serves them right for making junk.

But I’d take a big magnet to it first, anyway.

[Dacus943]

I just had a problem with a Seagate (internal) hard drive. Turned out to be a "Firmware" issue!

Seagate has the drive, updated the firmware, and will ship it back to me Monday. They made an image of this drive in case it's lost during shipping, or DOA.

I have been told by Seagate this image will be erased in 14 days. To me Seagate tech support has been fantastic with this added level of data protection.

Bottom line - if you ever need data recovery off a DOA hard drive, understand others will, and can see what was stored.

[HAL9000]

That sounds like a lot of trouble for China to go through when they can simply put a virus on your Windows computer and steal your data immediately.

[4rcane]

i think its more likely some lone worker will snoop into it out of curioristy, than some government sanctioned order to do it. But that goes on everywhere. e.g Take your computer to store where you bought it at to get fixed, and there’ll be that a worker there will look at what porn you downloaded recently

[normanpubbie]

"Even if you are paranoid, that doesn't mean that people are not out to get you."

Just kidding.

Does the external drive use a separate power supply or a second USB plug for additonal power? I bet the unit does since it has a 1 TB capacity. It could be that your power supply isn't working or the DC connection inside one or both USB cables could be open. In either case, that would give you the error message. You could check this out by using a digital multimeter to check for the voltages (USB = +5V, external power supply as marked).

And I agree with post #8. The inside of the drive box probably consists of a USB controller on a PCB connected via cables to a conventional SATA (serial) or IDE (parallel) drive. If this is the case, disconnect the USB part and try connecting the drive itself directly to your IDE or SATA port. If the bare drive works, that says that the USB interface is bad.

Please come on back and tell us what you found.

[Ciexyz]

bump with no comment

[tricky_k_1972]

You know, somebody could probably make a mint if they came up with an in-line USB hardware encryption key that would plug into a USB out let and then let you plug in any USB drive.

It would make sure that no information was ever passed onto a drive that was not encrypted, you could also set up your business computers to not let a device be hooked up to a USB source unless it was on an approved list that included the encryption key.

I might make the key programmable so that the manufacture could not access the drives either, course if the key's become corrupted you'd be scr3wed.

If you ID each key and had a pass phrase you could know who and when transferred any info to or from your system.

You could set the key up with an internal hardware recognition so that it would only allow access from an approved source, that way if somebody lost the key it would be useless without access to the hardware and the drive.

You might make it so that the key must be updated every 24 to 72 hrs from the home system just to check that it has not fallen into the wrong hands.

[Krankor]

For the past three weeks, every time I come home from work I discover some Chinese looking kid messing with my computer. I mean, I throw them out and everything but, enough is enough. I put one of those “No Chinese Kids Allowed” signs in my window. So far, so good, but that was only this morning, so who knows.

[muir_redwoods]

Would a good does of high energy magnetism or microwave energy make the drive useless to our Chinese friends?

[Vermont Lt]

And for the next fourteen days those seagate techs will be watching the porno’s on that drive.... ha ha. Then onto another drive.

[dynachrome]

If it were me and I knew there was sensitive info on that drive, I would smash it up and burn the pieces. (hi, algor!)

Eating the cost of the drive world be worth the peace of mind.

[normanpubbie]

Removable drives (particularly USB flash drives) can be easily lost or stolen, and information can be filched from them. So a number of new drives have encryption features built into the drive. And if yours doesn't, you can find all kinds of encryption software out there (some of it free) that will encrypt the info on your drive.

Is there any guarantee that a cybercriminal cannot break the cipher and access sensitive information? Of course not. But encryption would make it awfully difficult for an office rival or career criminal or some other baddie from gaining access to your sensitive information.