Ask LH: Am I Allowed To Booby Trap My Thumb Drive?

Image: iStock

Dear Lifehacker, I always take my thumb drive wherever I go. I'm also a bit absentminded. I want to guarantee my thumb drive gets returned to me if I ever lose it. My idea is to have malware hidden on the drive in a specific folder labelled 'porn101' or 'myprivatefiles'. If the person opens that file, it will automatically encrypt their computer and ask them to email me to get the unlock code. (I will give it to them once they return the thumb drive to me, of course.)

Which brings me to my question - is this legal? It's not like I'm demanding money or anything. I just want my property back! Thanks, Professor Moriarty

Dear PM,

That's an, uh, interesting contingency plan you have there. We'll need to remember that one for our next Evil Week.

Under Australian larceny laws, members of the public are legally obligated to take reasonable measures to reunite lost property with its owner. The whole "finder's keepers" thing is actually a myth - especially when it comes to items of value.

However, this doesn't give you the right to take the law into your own hands with booby-trapped hardware. (This reminds me of a guy I knew in high school who used to leave a bottle of bourbon laced with rat poison in his glove box in case his car got stolen. He's in jail now.)

In short, you can't purposely infect a stranger's computer and hold it to ransom just because you were silly enough to misplace your thumb drive. This would fall under fraud and/or extortion in the eyes of the law and make you no different to other so-called "cybercriminals".

For example, under the NSW Crimes Act, SECT 249K it is illegal to threaten to damage property if a certain demand is not met. Threatening to brick a laptop unless your thumb drive is returned would definitely fall into this category.

Instead of employing the stick, we suggest using the carrot. Place a sticker on the drive promising a reward for its return at a denomination of your choosing. Also, try to have a little more faith in humanity, eh?



Got your own question you want to put to Lifehacker? Send it using our contact form.


    Perhaps a better solution would be to setup a sync, so when your drive is attached to your PC, laptop or whatever, it syncs all of your files to dropbox or similar.
    That way if you lose your drive, worst case scenario you lose a day or two's data.

    Last edited 25/05/17 1:46 pm

    if you are carrying around a usb stick with contents so precious you feel the need to protect them that enthusiastically and you admit you're absentminded then i think you need to rethink your data transport plans not hold other people accountable

      Yep. USB sticks are only used these days to transfer a few select files from one system to another if it can't be done over a network.
      Any data that's precious shouldn't be on a USB stick.

    If the person opens that file, it will automatically encrypt their computer and ask them to email me to get the unlock code. (I will give it to them once they return the thumb drive to me, of course.) Are you Fkn serious?

    I would simply partition the USB Key, put a Read Me on the first partition which provides the contact details etc.

    Then encrypt the other partition.

    If you loose the USB Key, the data is somewhat secured and you may still recover the USB Key if the person tries to use it and decides to send it back.

    Frankly, you'd be out of luck it is was me as I no longer connect random USB things to my computers as they are too much of a risk.

      Yep, my suggestion was going to be Truecrypt volume with a readme on the USB stick, and regular backups.

        I hope you meant VeraCrypt.

    *giggles* You said booby.

    If I found a random USB and could return it I would, even if I had to pay postage. If in trying to find your details it encrypted my system and you said it would only be decrypted after you got the USB back, I'd probably do a clean install (I back up) and upload your files to the internet for all to enjoy.

    If I found a random USB thumb drive, I certainly wouldn't be plugging it into any computer I own or use... At least this guy was talking about putting the malware in a subfolder and specific file, doesn't prevent truly malicious people from exploiting other bugs and flaws to execute something on insertion.

    Also, thumb drives are for backups and transport, not primary storage. If you lose one, it should be nothing more than losing $30. All you data should be encrypted, and available elsewhere.

    Just, think about it.

    Imagine *you* plug in a found memory stick to try to return it, and it encrypts your hard-drive.

    What would *you* plan for the jerk who screwed your computer?

Join the discussion!

Trending Stories Right Now