Jul 11 2009

You lick it, you keep it

Published by at 8:55 am under Humor,Phishing, scams, etc.,Risk,Simple Security

Some encounters are almost too strange to believe.  That doesn’t make them any less real.

I was walking down the street in San Francisco at lunch time Friday afternoon.  As I came up to a busy street corner I saw a paper grocery bag sitting on a bench with no one around it.  I walked up to the bag and peeked in to find three external hard drives, one Maxtor and two brands I didn’t recognize.  The drives looked like they were either well used or the product of a dumpster dive.  I knocked on the door of the one business nearby, but no one answered.  After a few minutes someone came out who worked in the building; he said there’d been a break-in recently but that he didn’t know anything about the drives.  I tried to call Rich for advice, but he was busy so I decided I’d finish my walk to lunch and think on the situation for a little while.

One burrito later, I walked up on the scene again.  This time a homeless man in dirty, ripped slacks was surveying the bag of hard drives.  He looked around much like I had done thirty minutes earlier, then scuttled up to the bag and pulled out one of the external hard drives.  After sniffing it for a second, he licked one side of the drive and put it back in the bag.  He then ran over to a parking meter and licked it, licked the taillights on both sides of an SUV and vanished from my sight behind the car. 

I lost any interest in the hard drives at that point.  That takes mom’s caution of “you don’t know where that’s been” to a whole new level.

Saliva incident aside, what would you do if you found a bag of hard drives in a park or public place?  Calling 911 didn’t seem appropriate, though there is a slim possiblity of explosives.  Taking the drives home and performing some forensics research on them crossed my mind; I have the technology if not much skill in the area.  I tried to turn them in to the business, but there was no one there.  I guess the gentlemen with the inquisitive taste buds saved me from a moral dilema. 

What would you have done?

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

15 responses so far

15 Responses to “You lick it, you keep it”

  1. Robinon 11 Jul 2009 at 9:02 am

    I would have tried like you to see if anyone near by owned them and if not I would have definitely have taken them home to see what was on them. Depending on what I found I may have tried to contact a company/individual if one had been obviously recognisable from the contents.

    There is no way my curiosity would have let me leave them sitting there, despite the licking!

  2. Jam3son 11 Jul 2009 at 11:32 am

    I would of done the same as Robin, but saying that, it could of been a larger version of the USB Hacksaw (http://is.gd/1v1vx) that tried to upload your information? I highly doubt it, but you never know.

    Maybe it’s a new way of trying to spread viruses?

  3. db_nzon 11 Jul 2009 at 12:40 pm

    I’d just drop them at a local police station.

    I definitely wouldn’t just leave them there for anyone to find and lick but neither would I plug them in. Curiosity would tempt me but the outcomes aren’t worth it. As I see it the outcomes are:

    a) they’re blank – time wasted, now what do do with them.

    b) I eventually find the owner, return, probably be thanked heaps, some payoff in warm fuzzies there

    c) there’s crap on them but nothing identifiable – time wasted

    d) there’s nasty stuff which I then need to give to police & e-crimes. Maybe some payoff with sense of satisfaction of finding something, but I may have tainted the evidence and screwed any prosecution – all in all a negative

    so, a small chance of a positive payoff, a big chance of negative one, so dropping them directly into a local police station seems the easiest way of dealing with it.

  4. ax0non 11 Jul 2009 at 3:24 pm

    I’d have tried to find the owner (a local business) like you, then I’d have brought them home for perusal. Had I found anything very sensitive, I’d have acted on it accordingly. Bomb plans? DHS. Loads of PII? Datalossdb.org and then try to return it to the rightful owner (both anonymously)

    Some person’s banal photo/document dump? Erase. New external drives for me.

  5. HaFueon 13 Jul 2009 at 2:31 am

    Taking them home and make some forensic analysis, I guess that would have been my choice. Of course it is risky, because it could be a method of trying to spread viruses or trojans, otherwise it could contain illegal data and you become guilty as soon as you bring them into your house.
    However, licking the harddisk seems to be the best way to handle the situation, if your are the first in row 😉

    In the end I would have brought them to a “lost and found” office

  6. Allen Baranovon 13 Jul 2009 at 3:36 am

    Wow.. what a story.. sounds like something J.J. Abrams would come up with.

  7. Martinon 13 Jul 2009 at 6:02 am

    I almost stopped when I passed them by a third time two hours later. I was in traffic headed away from the bag and decided it wasn’t worth turning around. Glad I didn’t, I had too many other things to do this weekend.

    I couldn’t make up a dilemma better suited to security professional’s attention. I probably would have been more suspicious if it had been three USB sticks, since they’re so much cheaper to leave lying around. But three external hard drives still cost too much to leave sitting around on the off hand chance of someone with the technical skills will wander by and pick them up. I would have spun them up on an Ubuntu system I’m in the process of rebuilding, just in case.

    There was no one willing to take them in the nearby business and I had no idea where the nearest police presence was, so leaving the drives where they were was probably my best choice. If they’re still there next time I go back, I’ll pick them up. Most likely the garbage crew tossed ’em already.

  8. Garryon 13 Jul 2009 at 6:04 am

    What would I have done?

    The same thing I’d have done if the bag contained a soccer ball or an oscilloscope or potted geraniums.

    Nada. Zilch. Nothing.

    That’s how I normally respond to someone’s random junk sitting unattended in some random public place.

  9. Jimmyon 13 Jul 2009 at 7:22 am

    I would have definitely (even after the licking… have alcohol wipes for that) taken them home and at least seen what data was on them… and as posted above;

    if dangerous/bad – contact the authorities,
    if sensitive and/or identifiable – contact the company,
    if sensitive and non-identifiable – contact datalossdb.

    …and I would also start carrying more alcohol wipes and start wiping anything before I touch it in the neighborhood… door knobs, parking meters, walk buttons… no telling what else that guy has been licking.

  10. Walton 13 Jul 2009 at 1:07 pm

    This reminds me a lot of the Honey Stick Project (http://www.honeystickproject.com/) except it was external drives instead of thumb drives. My reaction? Even without licking I think I’d have tried to return them (as you did) or leave them…no telling where they’ve been or what’s on them. Like mom said…

  11. DUI attorneyon 13 Jul 2009 at 9:38 pm

    I would have called the police, reported the drives and the saliva spreader, and recorded my call to play for my friends later because no one would believe me.

  12. Fizzyon 13 Jul 2009 at 10:17 pm

    I understand why you contacted “the one business nearby”, but the likelihood of them actually belonging to someone there is low, especially in a city like SF. Almost all of the replies here are in favor of taking the drives and doing SOMETHING with them, so I’m wondering why you didn’t the first time you had a chance. Or even on your second or third pass as this story definitely shows that this abandoned bag had your attention. At the least, you could have grabbed a photo of them with your cell and if you really wanted the drives without having to touch them, just grab the bag or get another bag to put this one in and deal with the hygiene aspect later.

    I’m with Garry though, I wouldn’t have done anything. In fact, I probably never would have looked in the bag.

  13. Randyon 14 Jul 2009 at 1:11 pm

    Hilarious telling of hobos saliva meets technology. Personally I’d have left them there. Minus the hobo spit I may have taken them and loaded up a Backtrack CD and just looked at the data to see if there is any identifying information that would allow me to return them.

  14. Scott Wrighton 15 Jul 2009 at 12:54 pm

    Well, you never know what Google Alerts will bring you to. Hi guys. I don’t drop in here often enough, even if the feed’s in my reader. (Thanks Walt, for the plug!)

    I monitor “honeystickproject” in Google Alerts and saw this one pop up.

    My vote is with db_nz, above, and I would have left it. But it wouldn’t bother me if any of you with the technology and guts – won’t say anything about the intelligence – were to pick the thing up. Let the bomb squad – or more appropriately, the guys in the beekeeper suits – pick it up and do what they need to. I’ll wait to see what their verdict is.

    Yes, the chances of any of the drives having malware are certainly low, given the situation, and it hardly looks like a targeted attack. But who knows what they might have been infected with, besides saliva.

    Best story I’ve heard in a long time, though. Just the image in my mind as he went from hard drive to parking meter brought tears to my eyes.

    Will tweet about it, might do a blog article, too.


    Scott Wright

  15. Du0d3c1mon 10 Sep 2009 at 12:45 pm

    As a recent victim of theft. I would hope you would make an effort to return them to the original owner. I guess you should have picked them up before they were licked…

    This brings up an interesting question. How do you secure the data on your removable hard drive, while at the same time making it portable and identifiable?

%d bloggers like this: