A fact, the recovery of stolen equipment (I)

by Osvaldo Callegari

If we look at different case studies, we notice that the highest percentage of thefts happens in the area of education, but this is not a limitation so that it does not occur in other areas such as airports or companies. Its resonance is due to the fact that when an act of theft occurs in a school it obeys a large number of equipment, statistically the effect it produces is important, however the theft of executives in airports or in companies, although it occurs on a smaller scale, causes greater damage, since business information is very valuable in most cases.

According to absolute software, the biggest challenge the company had to face in preventing data loss and leakage was certainly knowing what data and what devices needed to be secured. Data loss does not always occupy the front pages, in the United Kingdom, for example, companies that took care of important information were also victims of subtractions, this in most part was due to the improper handling of backups and employee responsibility assignments.

An organization that made a strategic decision to get positive action and protect themselves from data loss was Bracknell Forest Council, they activated a product called Computraceone™ from the company Absolute ™ in their portable equipment. This application allows to detect the place where the computer is located and if it is necessary to completely destroy its main disk with security methods at the level of the United States government, preventing in turn the malicious use of the information

The product is loaded onto the hard drive and a control agent is embedded in the BIOS (firmware) of the same, if the hard drive is reformatted or replaced the agent installed in memory rebuilds everything necessary for the application files to reside back on the disk.

It is always helpful to keep these tips in mind

•Security policy: have a security policy that is adopted by each employee of the company
•Authorizations: only authorized personnel should access sensitive information
•Administration: know exactly how many mobile and portable devices exist in the company, when they connect and register on the network.
• Stock control: control what equipment is in the company at the end of the day and what equipment the staff carries externally to do additional work
• Tracking: have the technology to be able to follow those equipment in case of loss, theft or loss.

William Pound, security specialist told us that "organizations need to take responsibility for the data on their mobile devices, often information from customers or partners, the consequences of a data leak is broader than the organization itself. To take that responsibility it is necessary to apply follow-up policies where administration and traceability is the key factor."

Case Studies

Conviction with maximum penalty for selling laptops on eBay

A 34-year-old man from the city of Miami, known as "Khaki Bandit" was sentenced to 10 years in federal prison for stealing 100 laptops from a company in Naples, California and selling them on eBay. The sentence was imposed by the highest district judge, James Moody, on Eric Brando Almy. The judge said that after he serves the punishment he must be supervised for three years with a fine of $ 151,214, amount of the stolen equipment. The effective sentence could be as high as eight years. Almly also had other stolen identity records and would have used 15 false names, which is why the judge carried the full weight of the law, according to his secretary Thomas Palermo.

Evidence in court showed that Almly stole equipment between January 2002 and April 2007, and posed as a cleaner in the companies, wearing the outfit of each place.

In Naples, he stole three computers, an external hard drive and power cables from a health management institute on Pelican Bay Boulevard in March 2007. In turn in HMA a Dell™ computer

This person was shown to have used seven email accounts and cloned 42 in seven states where he still has pending charges. When justice was close to catching him he moved from one place to another. An investigator kept posing as an eBay inspector, when she was able to contact him he told her he was the master in this game, she could never catch him.

Some computers he had stolen had Computrace installed, which allowed them to be recovered in Kansas, Arizona and Washington. The companies he robbed in the state of Florida were Outback Steack House's, Federal Express, Burger King, Lennar Corp and a fuel service station in Doral.

The case was investigated by the U.S. Secret Service, the Department of Defense, Tampa Police, Miami Police and other departments in Arizona and California.

• Failure to protect sensitive data beyond encryption: encryption provides high external security, but the most serious threat is the internal enemy, some employees can obtain encryption keys, and to this is added the loss of equipment due to theft.
• Inability to manage mobile computers: the visibility of the teams is lost, being mobile you can not know where they are.
•In hospitals the risk of losing information is very high, nurses' terminals can be left somewhere while they attend to their tasks and it can happen that they steal patient data with all personal references.
•Unattended servers and terminals must have a login with passwords at all times, when the operator of the same is not locked after three minutes.
•The difficulty of implementing a comprehensive and practical safety plan.
• Put together a scenario of the possible, to establish the gaps.

Practical tips – Tool Tips

1.(Always) back up valuable information before traveling: it is necessary to make a copy of the information to minimize the risk of your company in the event of theft or loss. The information stored on the computer is often more valuable than the computer itself.
2. Store your computer in suitcases in which it goes unnoticed.
3. Always carry it with you: Unless it is necessary not to detach from your equipment, avoid misplacement.
4. Use foam protectors: this will prevent damage to the equipment.
5. Use clamping cable: In places where you can tie up your equipment, do so.
6. Use very secure keys: encrypt and extend the length of your keys
7. Use privacy filters
8. Use tracking products like computrace or lojack and the like.

Other types of theft

Wireless subtraction

How can attackers exploit this weakness? One of the great robberies in history was initiated by a thief sitting in a car in a parking lot, entering a company from his wireless equipment, evading perimeters, connecting to an access point within the company itself. Other wireless devices are compromised on tourist flights or in cybercafes. These elements are used as access doors to the most important sections of the companies. The difficult thing in turn is to detect the origin of this intrusion, since it is not as we talked about in the previous section, in which we said that these are computers to which we incorporate software to detect and pursue them, in this case the equipment is the threat since it is owned by the criminal.

We can define the threats of two main modalities:

Procedures and tools for implementing a WIDS control: Companies that are proactive in this medium often run wireless detection applications and intrusion visualization tools. To evaluate their effectiveness, security personnel periodically activate a wireless access point isolated from the rest of the network within a building monitored by a WIDS device. The team must determine when the system triggers an alert for access to the access point and records the amount of time spent on that detection.

Additionally, the group captures wireless traffic within the perimeter of the company and uses commercial and free analysis products to control in which part of the traffic there is a weakness in the protocol or encryptions that were defined as a security method. When a device presents vulnerabilities, it is verified what type of configuration it has, this information collected allows to analyze which controls were infiltrated to perform a more appropriate security process.

•70% of mobile devices remain unencrypted
•53% of mobile professionals carry sensitive information on their laptops and 65% do not take steps to protect their data. Source: Dell & Ponemon Institute, Airport Insecurity, June 30, 2008
•66% of employees in the US write their passwords in insecure places. Source: IT Facts
•34% of entrepreneurs do not have tools and/or procedures to detect or identify fraud. Source: Data Breaches
•63% of security professionals have reported at least one information breach in the last 12 months. Company: Deloitte, Enterprise @ Risk
•66% of data breaches, your companies don't know where in their system it occurred. Source: Verizon
•31% increased the cost of recovering from a data leak. Source: Ponemon Institute
•50% of laptops were reported with security attacks. Source CSI
•Lost or stolen laptops and mobile devices are the most frequent cause of data loss, reaching 49%. Source: Ponemon Institute
•12,000 laptops are lost at U.S. airports each week and 2/3 of them are never recovered. Source: Dell & Ponemon Institute, Airport Insecurity, June 30, 2008
•The record recovery time of a laptop was absolutely from Absolute Software in 47 minutes. Source: Absolute Software.

We can see that the trend is quite high, but the indicators show that little by little the travel executive is incorporating new tools to protect and track their data. Surely several companies will appear giving this type of service, the important thing to highlight is that today the theft of information and equipment does not go unpunished because the tools are available to everyone.

The brands and or products commented are trademarks and registered products of their respective companies. Thanks to William Pound of Absolute Software and Lojack, Sans Organization.

*If you wish you can write to the author at the email [email protected]