Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.

Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.

As many as 37 percent of German companies were the victim of economic crime in the last three years, a new study has found. Internet fraud and the theft of business secrets have become a particular problem.
The use of USB Flash Drive in high capacity has made it easy to steal even the most complex business or construction plans in just a few seconds.

A USB Thumbdrive is all that’s required to steal valuable information.

A new study carried out by the German research institute Emnid for the financial services firm KPMG has found that criminal methods are being used more and more often in the ruthless and competitive world of business.

The survey, which took in 375 companies of all sizes, found that around one in three companies had been the victim of business crime. Two thirds of the companies surveyed also expected the level of criminality to rise.

The biggest economic crimes remain fraud, theft, embezzlement and breach of trust, but money-laundering and the forgery of accounts and financial information have all risen since the last survey was carried out in 2006.

Ignorance breeds carelessness

According to KPMG spokesman Frank M. Huelsberg, companies still need to be more aware of how crimes operate. “Despite these alarming results, small and medium-sized companies are particularly prone to underestimate the danger of falling victim to crime,” he said.

Fifty-six percent of the employees surveyed said that their company was less likely to be a victim of economic crime than a major corporation, while 76 percent believe they have made adequate security arrangements.

“Privately- or family-owned companies like to put their trust in their employees. But that makes them vulnerable,” Huelsberg said, “Experience shows that basic security mechanisms are often neglected in such companies.”

Third-party threat

In 62 percent of economic crimes involving small and medium-sized companies, employees conspired with an external third party. This figure is only 40 percent with large companies.

The theft of business or operational secrets is a growing threat, according to the study. A third of small and medium-sized companies have been a victim of such theft, the study said.

“The sale of sensitive information to competitors or criminals is particularly strong in times of economic crisis,” Huelsberg says, “Nowadays even the most complex construction plans fit on a USB stick. Data theft and industrial espionage can be child’s play if security fails, and the loss of sensitive designs or formulas can be fatal for a small, innovation-based company.”

Read the enitre article here on DW.

DuPont seems unable to stay away from malicious employees, determined to steal ans sell their secrets. Two years after an insider breach thought to have caused losses of USD 400 million, DuPont has first fired and then filed a lawsuit against a Chinese-born employee, accusing him of misappropriation of trade secrets. As explained by DarkReading, DuPont discovered the employee’s incriminating actions while reviewing his hard drive prior to transferring him to China. He had downloaded a number of proprietary files about the OLED, claims the company.

“As a science company, DuPont acts to protect our unique and confidential technologies,” a company issued statement said. “These events underscore our unwavering commitment to protect the integrity of our proprietary science and technology for the benefit of DuPont shareholders, employees and customers.”

Putting their employees behind bars and making them pay fines might be a solution. But probably not the most effective. If I may, I’d recommend some proactive data loss prevention instead

I’d like to wish you all a happy, sucessful and above all safe 2009! Hope you’ve had and are still having an amazing holiday and that the new year will bring us all everything we wish for! Happy New Year!

Inter Engineering, one of the main players on the data security market in the Balkans, and CoSoSys, vendor of network endpoint security and portable storage device enhancement solutions, announce today their strategic partnership to distribute the Endpoint Protector 2008 solution and additional support services in Greece, Cyprus and Malta. The distribution agreement between Inter Engineering and CoSoSys comes as a natural response to the increasing demand in Balkan countries for the numerous business and technical benefits that CoSoSys technology delivers.

“The developments in enterprise needs make Endpoint Security an indisputable part of a solid Policy” said Josmaarten Swinkels, CEO of Inter Engineering. “CoSoSys provides solutions which combine quality with flexibility and an attractive pricing model fitting extremely well in Inter Engineering’s solutions portfolio. We are happy to work with CoSoSys and optimistic about the future.”

“Inter Engineering has proven to be an absolute first-rate partner committed to the success of our customers,” said Roman Foeckl, director of CoSoSys. “We are pleased to have such a reputable and experienced company representing us in their home market.”

See more in the official press release available on the CoSoSys site.

A USB stick containing classified NATO information was found in a library in Sweden. According to the Registrar, the stick contained sensitive details on NATO’s ISAF peace-keeping force in Afghanistan and an intelligence report on the attempted assassination targeting Lebanon’s defense minister and the murder of Sri Lanka’s foreign minister.

Given the reaction of Colonel Bengt Sandström of the Swedish Military Intelligence described by the Registrar, it is most likely that the USB stick in question was in no way encrypted or protected by any endpoint security solution.

This is not the first time such critical information is misplaced. The Dutch army, as shown in the same article, lost classified data in similar circumstances not once, but twice in the same year, 2006. Also, the US military lost several flash drives containing secret information. The devices were later discovered as they were being sold carelessly in an Afghani market.

I’d like to point out that precedents don’t seem to impose harsher measures when it comes to classified military data. After several such incidents having occured, one would expect army decision makers to upgrade their security policies and have the latest endpoint security software implemented.

Nine NHS trusts say they lost data on patients

Ministers were plunged into another data loss storm yesterday after nine NHS trusts admitted losing patients’ information.

Hundreds of thousands of people were thought to have been affected by the breaches of strict data protection rules by the health service.

But the Department of Health said it thought the lost data fiasco involved a total of 168,000 patients.

Critics said the disclosure raised fresh questions about the Government’s handling of confidential personal data and the future of a new centralised information technology system for the NHS.

It follows anger at the loss of child benefit claimants’ details by HM Revenue and Customs and those of three million learner drivers by a Driver and Vehicle Licensing Agency contractor.

Police are still hunting two customs computer discs which went missing. Transport Secretary Ruth Kelly revealed motorists’ details were lost in Iowa.

Read the whole story here

Data leakage is increasingly a problem. People have to realise that securing this sort of information is not just about technology and software but it requires education of staff.

Security experts have expressed astonishment that the missing child benefit data discs which could leave 25 million people at risk of ID fraud were not encrypted before being copied on to CDs and put in the post.

They said the password protection system could be broken by hackers “within minutes” with software downloadable from the internet.

Tony Harbon, Managing Director of network security firm Clearview Systems, said public sector organisations were coming to realise that having a policy on how information should be used was not enough.

They must also train staff on how to follow the guidelines, he said.
Read the whole story here