"Discarded hard disks ??? A treasure trove for cybercriminals: A case study of recovered sensitive data from a discarded hard disk"
| Title | "Discarded hard disks ??? A treasure trove for cybercriminals: A case study of recovered sensitive data from a discarded hard disk" |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | S. Zafar, M. B. Tiwana |
| Conference Name | 2015 First International Conference on Anti-Cybercrime (ICACC) |
| Date Published | Nov |
| Publisher | IEEE |
| ISBN Number | 978-1-4799-7620-1 |
| Accession Number | 15654798 |
| Keywords | advanced persistent threat, background information, Cybercrime, cybercriminals, data protection, data recovery, digital forensics, discarded hard disks, discarded storage devices, e-mail credibility, Electronic mail, hard discs, Hard disks, invasive software, malicious activities, malicious actors, malicious attachment, malicious link, Malware, Media, Organizations, pubcrawl170101, reconnaissance activities, recovered sensitive data, Security and Privacy Awareness, security controls, security threats, sensitive-personal organizational data, social network analysis, Software, Spear-phishing, stolen storage devices, Trust management, unsolicited e-mail |
| Abstract | The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats. |
| URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7351956&isnumber=7351910 |
| DOI | 10.1109/Anti-Cybercrime.2015.7351956 |
| Citation Key | 7351956 |
- security threats
- malware
- Media
- Organizations
- pubcrawl170101
- reconnaissance activities
- recovered sensitive data
- Security and Privacy Awareness
- security controls
- malicious link
- sensitive-personal organizational data
- social network analysis
- Software
- Spear-phishing
- stolen storage devices
- Trust management
- unsolicited e-mail
- e-mail credibility
- background information
- Cybercrime
- cybercriminals
- Data protection
- data recovery
- Digital Forensics
- discarded hard disks
- discarded storage devices
- advanced persistent threat
- Electronic mail
- hard discs
- Hard disks
- invasive software
- malicious activities
- malicious actors
- malicious attachment