Endpoint Protector Appliance: Stop data theft on Windows and Mac

Second Hand Hard Drive with Missile Defense Data

Buying second hand PCs might be quite an adventure. Especially if they contain sensitive information that could blow one’s mind out, as it happened for a group of researchers from the University of Glamorgan in Scotland. According to a DarkReading article, the researchers found their used hard drives to contain details of test-launch procedures for a U.S. defense missile.

The researchers have included these findings in the results of a a five-year study that aimed to show the dangers of poor hard drive and device data-wiping and disposal practices. Acording to this years’ results, which are not yet final, the research also led them to sensitive data from Ford Motor, Laura Ashley, and other businesses.

This year, the researchers found personal or sensitive data on 34 percent of 300 hard disks bought randomly at computer fairs and online auctions in the U.K., U.S., Germany, France, and Australia. The information was enough to expose individuals and firms to fraud and identity theft, they said.

So if someone indulged in the idea of starting a fraud or theft based scam, all they needed is to start buying used computer parts. It’s easy and far less dangerous than actually atemtping to steal the data directly from the businesses currently using them.

1 TB of data on the Clinton Administration gone missing

May 25th, 2009 by Agent Smith (1) Data Theft & Loss,security breach

The US National Archives have lost a hard drive containing no less than 1 terabyte (TB) of classified information from the Bill Clinton administration. The misplaced sensitive data also contained, according to the Register,  personal information of White House staff and visitors. The drive was stored in an unsecured area of the National Archives, where hundreds of people, including authorized personnel, janitors, visitors, and employees passing through could have accessed it.

Endpoint Protector

The lost critical data also included logs of events, social gatherings, and political records, as well as the social security number of a daughter of former Vice President Al Gore. A representative of the former Clinton administration has been notified and affected former White House staff will also be informed on the breach.

The time of the theft is estimated to sometime between October 2008 and March 2009. Added to the large number of individuals with potential access to the drive, this is going to be one long investigation!

Verizon: Application logs monitoring helps prevent data breaches. Really?

May 25th, 2009 by Agent Smith (0) Data Theft & Loss,DLP,security breach

“Given the nature of data breaches today, organizations are better off saving money and doing ‘lightweight’ security testing across more of their infrastructure than conducting deep assessments across a few systems,” this is what Peter Tippet, vice president of innovation and technology for Verizon Business stated at a the CSI/SX held in Las Vegas, according to a DarkReading quote.

Tippet thinks application logs are more effective than logs of signature based devices and firewalls. He’s probably right. But only for the scenarios he has chosen: data theft caused by outside attacks, most frequently using stolen, but valid passwords and attacking idle, old and forgotten machines.

While Tippet’s method might just prove effective for those using Verizon software and fearing outside attacks, what happens to unencrypted and stolen or lost hardware? What about insiders who can copy/paste an entire database on a thumb drive? Yes, ongoing attacks or failed attempts can be discovered. But that gets businesses nowhere near a comprehensive and effective data loss prevention solution!

DoD can’t handle inside threats

May 20th, 2009 by Agent Smith (2) Data Theft & Loss,In The Spotlight,security breach

The Department of Defense seems to have quite some trouble handling threats in his own backyard. One of their officials with top-secret security clearance, as it happens, has allegedly been leaking classified department data and documents to an official working for the Chinese government.

According to a Department of Justice announcement quoted by Dark Reading,  James Wilbur Fondren Jr., deputy director for the U.S. Pacific Command (PACOM) Washington Liaison Office, has been charged with espionage conspiracy for providing classified information to an agent of a foreign government. Fondren is believed to have sold information to a Taiwanese-American man. The information was subsequently sold to a Chinese government official, but apparently Fondren was unaware of this secon sale.

How was the leak possible? Poor security: Fondren had both a classified DoD computer and an unclassified one on his desk. One would expect a little less trust in high level clearance staff. It’s espionage we’re talking about!

banner-magenta-epp.jpg

Fondren, 62, allegedly funneled the data to Tai Shen Kuo, who was one of his consulting clients, between November 2004 to Feb. 11, 2008, according to the affidavit. Kuo purchased reports from Fondren for anywhere between $350 to $800, eight of which included classified information. Among the classified data Fondren supplied Kuo was information about a joint U.S.-China naval exercise, U.S.-China military meetings, and a DoD draft report on China.

In his turn, Kuo got around 50,000 US dollars for certain documents he obtained from Fondren and other DoD officials. I wonder who the other officials are. Will they be charged soon?

Possible Insider Leak: 10,000 Patient Records

May 18th, 2009 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Over 30 reports of data theft filed since January 2009 have lead investigators to a potential leak at Johns Hopkins Hospital. One of their employees is believed to have used her credentials to access and then leak data on more than 10,000 patients while working at the hospital. Law enforcement agencies also suspect that the thefts might be related to a fraudulent driver’s license scheme discovered in Virginia.

According to Dark Reading, Johns Hopkins representatives stressed the fact that the data leak was not a hacking incident, but that the suspected employee had access to the breached records as part of her job. They also stated the records contain no medical data, but do contain other sensitive details, such as Social Security numbers and addresses. As the Dark Reading article further explained, the hospital took comprehensive measures to balance the loss of data:

Johns Hopkins is offering credit monitoring and fraud resolution services, as well as $30,000 in identity theft reimbursements, to the 31 victims, as well as to any of the 526 Virginia residents in the database who report fraud. It also is notifying the other 10,000 patients whose records were in the database.

I Spy with My Little Eye….

May 13th, 2009 by Agent Smith (0) Data Theft & Loss,In The Spotlight

…70 GB of stolen data behind a new botnet that has caught researchers’ full attention. Security researchers have managed to infliltrate, through the Torpig botnet, one of the well known zombie networks in the virtual world. According to their findings, this impressive amount of data was stolen in only 10 days.

As the Register reports, Torpig bots manage to steal more than 8,300 credentials corresponding to 410 different financial institutions.  The research team from the University of California at Santa Barbara, over 21% of the accounts belonged to PayPal users. Almost 298,000 unique credentials were intercepted from more than 52,000 infected machines.

How could this happen so fast? It’s all due to the “unusually large haul is Torpig’s ability to siphon credentials from a large number of computer programs”.

After wrapping its tentacles around Mozilla Thunderbird, Microsoft Outlook, Skype, ICQ, and 26 other applications, Torpig constantly monitors every keystroke entered into them. Every 20 minutes, the malware automatically uploads new data to servers controlled by the authors. Because the software runs at such a low level, it is able to intercept passwords before they may be encrypted by secure sockets layer or other programs.

Definitely scary!