Australian government data found on old memory sticks

Summary:Used memory sticks being sold on the internet have been found to contain sensitive Australian government data, according to a new study.

Australians are risking identity theft by offloading old memory cards on eBay without properly deleting their personal data, experts warn.

The research paper, to be presented at a cybersecurity conference in Perth, reveals how researchers discovered the government information amongst a "treasure trove" of confidential material on the discarded memory sticks.

And the results have prompted authors Patryk Szewczyk and Krishnun Sansurooah, of the Security Research Institute at Perth's Edith Cowan University, to urge sellers to beware that they could be handing over their secrets by taking money for old memory sticks.

"The results show that sellers are sending memory cards with no evidence of erasure, poor attempts to erase data — or simply asking the buyer to erase the data prior to use," the study concluded.

"The data recovered is not only of a personal nature, but also appears to originate from Australian government departments and business."

A total of 140 second-hand memory cards were purchased during the year, each having its data recovered and subsequently analysed — with some sellers not even bothering to delete their old data themselves. Twenty cards showed no attempt to delete data, and some senders merely requested that the buyer ignore or delete the contents.

In a further 82 cases, researchers managed to retrieve poorly deleted files using forensic software.

Two of the memory cards were suspected to contain illegal content and were handed to police, while another held governmental information plus a handful of SMS messages and pornography.

Previous similar studies by the same authors have also revealed government data on memory sticks sold, with authors concerned that sellers are not learning the lessons of increasingly common cases of identity theft.

Last year's analysis of dozens of sticks purchased online also revealed that nearly 20 percent of all the memory devices contained suggestive or sexualised images.

And the authors are now suggesting that sellers such as eBay need to issue warnings when data storage devices are being offered online.

"It is evident that actions must be taken by second-hand auction sites, and the media to raise awareness and educate end users on how to dispose of data in an appropriate manner," the study says.

The risk is projected to grow as people increasingly conduct their lives on mobile devices rather than laptops and desktop computers, the researchers say.

The Security Research Institute conference, to be held over three days, will discuss all aspects of cybersecurity, and expert concerns about it.

These include an investigation into the possibility of hacking into the controls of a remote control aerial drone, with the results finding that devices are open to attack, which means they could be controlled by a third party.

The influence and potential deception on Twitter — through fake tweets and automated robots — and how they affected the 2013 federal election were also studied.

An analysis of the Twitter activity for the two major party leaders was examined, with the results showing fake online personas and fake bots deploying automated Twitter dissemination.

The authors concluded the existence of a tolerance of new media "slacktivism", where Twitter users mistake auto-narrative for genuine political sentiment.

Topics: Security, Australia, Government : AU, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.