Top 10 Breaches By Removable Device

March 11, 2009 by ADMIN
Share |

By Richard Stiennon, Chief Research Analyst, IT-Harvest

Ten Most Important Security Incidents Involving Removable Devices

I thought it would be valuable to put the top ten most important incidents regarding removable devices, including hardware keystroke loggers, USB thumb drives, and MP3 players, together into a list. It helps highlight the risks inherent in removable devices to have all of these incidents in one place.

10. UK Policeman loses memory stick containing terrorist cell information. “The black 4GB stick was lost after being taken out of Castle Vale police station by an officer on patrol. It was reported that the memory stick contains details of terror cells being tracked by police but the force refused to comment.” Article.

9. UK Prison inmate information loss. “a consultant for PA Consulting copied files containing records on all 84,000 prisoners in England and Wales onto a USB drive, which then got lost.” Article.

8. Sumitomo Bank Heist. This incident is still the largest attempted bank robbery in history. A PS2 hardware keystroke logger was used to capture information used to attempt SWIFT wire transfers from the London Branch of Sumitomo Mitsui. More details are trickling out from the trial of the some members of the gang this month. Questions on Sumitomo.

7. Apple ships iPods infected with a windows virus. It turns out that manufacturers of removable media have to ensure antiseptic environments when they pre-load software and data on their devices. Also worth mentioning is Sony’s inclusion of hidden files on USB devices that could prove useful to virus and worm writers.

6. US Military spy incident. A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees, the U.S. Department of Justice said. Price $500.

5. USB Candy Drop. A Security investigator dropped 20 Trojan carrying USB thumb drives in a Credit Union Parking Lot. According to his report “Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers” within three days.

4. New Zealand man buys MP3 player with US military data. ONE News has gained access to the personal files of American soldiers, uncovering military secrets from the most powerful nation in the world.

3. Indian Spy Incident. A CIA operative “Rosanne Minchew, third secretary in the US embassy in Delhi” reportedly paid $50,000 for a USB device loaded with Indian secret information. Note that the CIA pays considerably more for information than other agencies (see above).

2. Countrywide theft of 2 million records. “For more than two years, the employee was able to steal up to 20,000 records a time by copying files from the corporate network to a USB flash drive.” Article.

1. Russian attack on US Military Central Command. The agent for this attack is apparently the USB born worm w32.agent.btz According to F-Secure the worm is installed from an infected thumb drive and places itself on every drive on a computer including any USB drive that is attached to it. Article.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner’s Thought Leadership award and was named “One of the 50 most powerful people in Networking” by NetworkWorld Magazine.

Stay Informed With RSS Feeds or Email Alerts Here: 

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Insider Threat, hackers, identity-theft, malware, national security, privacy 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

One Comment on Top 10 Breaches By Removable Device

  1. nic evans on Tue, 12th May 2009 3:28 am

    2. You miss one security incident that trumps them all:
    The loss of two DVD computer disks holding the personal details of all families in the UK with a child under 16. The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. The unencrypted data was being mailed between two government departments.
    http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!