in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

UPS Loses Dormitory Authority Data Tapes With 800 Employee Records. Data Encryption Not Used

But, according to the Dormitory Authority, potentially affected employees shouldn’t be worried because they require special equipment and software to be read.  Also, the spokesperson for the Dormitory Authority (DA) said the tapes were not encrypted.

 

Social Security numbers, addresses, names, and phone numbers were included in the tape for current and past employees.  The tapes are backups sent from the DA to a separate location for safekeeping purposes.

 

I find that one of the more frustrating aspects of recent press releases when it comes to data breaches is that people equate “I don’t use it personally” with “special equipment.”  I guess it depends on what your definition of special happens to be, but just because you don’t have the equipment at home doesn’t mean that a cassette-like cartridge is “special.”  Depending on what type of data cartridge was used, there are people who possibly have the right equipment at home.  For example, a simple search shows me that I can have a brand‑new HP 5U Rackmount Tape Drive for a measly $1000.  With the above information supposedly trading at $2 a name, that’s a profit of $600 if I decide to buy the equipment.  If I already have the equipment, even better.  But even if you don't, so what?  With today's generous return policies, you can get your hands on anything temporarily (not that I condone it...especially with huge HDTVs.  Especially with the SuperBowl coming up).

 

But let us consider this scenario, shall we?  Guy finds the tape, has no idea what’s in it.  However, he reads the press release and now knows it’s not encrypted, so he puts it up for sale in one of the underground data brokerage centers (read: hacker‑palooza).  He connects with some guy who happens to have a tape drive for that particular data tape.  Does the fact that it feels “special” to some (possibly earnest) spokesman mean that 800 people are not about to become victims of identity theft?  I don’t think so.

 

Let’s say that the guy who found the tape doesn’t know what type of tape it is?  Take a digital picture and post it on-line.  Someone will recognize it and classify it.  Or what if he hasn’t read the press release?  Just offer it for sale “as is” with no guarantee of worthwhile information residing on that tape.  A bonanza for whoever decided to bid for it.  Regardless, that information is not protected by the “special” properties of a floppy disk in cassette‑like format.

 

The point is that general obstacles for the average population are not really obstacles for criminals.  That’s why doors work, although they’re the easiest things to kick down: ordinary people give up on a locked door; criminals force their way.  Likewise, if you have a data tape and the contents are not encrypted with tools like AlertBoot, then it most probably will mean nothing to the layman.  The data is secure, in a sense.  But for the criminally‑inclined, it might very well pay for his next French meal and his plane ticket to Paris.

 
<Previous Next>

Los Alamos National Laboratory: Sometimes Data Security Requires More Than Laptop Encryption

Burglarized Church: Computer Theft Targeted Hard Drives Only

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.