Grand Theft Follies of the Late 90s & Early 00s.

09.08.2003 - Lockergnome Windows Daily

Today's report has been crafted by Lockergnomie Claudiu Popa, who is a Toronto-based information security advisor and president of e-business consultancy Informatica Corporation. He's given it the title of: Grand Theft Follies of the Late 90s & Early 00s.

August 2003 will be remembered as an infamous month for various virus and electricity-related losses. This, in addition to the already-alarming reality that this year's hacker and virus activity already exceeds last year's by a factor of 10. With all of this hoopla over Internet-based attacks, malicious software and the constant reminders to 'patch and update,' it's almost too easy to forget about the threat that 'old fashioned' theft and burglary pose to our information. Businesses and large organizations almost invariably have made it their focus to discuss firewalls, network intrusion detection, and other intangible types of breaches - all while leaving the 'low-tech stuff' up to someone else: the traditionally less-than-accountable property management companies, security firms, and door greeters.

Take last week's event for instance; at Sydney International Airport, when two men dressed (and equipped) as computer technicians from EDS entered the cargo processing and intelligence centre. They signed in and were given access to the top security mainframe room, took various elevators to the right building and the correct floor, spent a few hours (!) carefully unplugging two mainframe computers before wheeling their cargo right past the security desk and into their own vehicle. Needless to say, everyone from politicians to tourists has been asking how this was possible and why. More importantly, the large amount of data contained within the servers was apparently sensitive and contained not only business information and account names but also passwords. An anti-terror investigation of the Customs department continues amidst various degrees of confusion and finger-pointing.

To further my point, we only have to scan the news headlines for the past couple of years to recall: Britain's Ministry of Defense 'losing' 594 laptop computers (in addition to 760 others 'lost' elsewhere in the Government); and the FBI's loss of 184 laptops containing sensitive information is only trumped by their missing 449 weapons, including sub-machine guns (but they reportedly still have some 50,000 guns and 13,000 computers). Among the most interesting events reported by the US State Department: two years ago, FBI agents observed a Russian spy seated in the courtyard outside Department Headquarters listening to conversations in a conference room via a bugging device. In 1998, an unknown man calmly strolled into the Executive Secretary's office and calmly strolled out with a ream of classified documents. The list goes on and on.

While these mildly-entertaining (yet unsettling) follies have produced a long line of 'scapegoats' and 'interdepartmental shuffles' over the years, the problem remains - and it is a serious one, if for no other reason than it points to ignorance, apathy, and arrogance. Keep in mind that while hacker and virus attacks tend to be broadly-based, untargeted 'crimes of opportunity,' physical access control and information theft of this type are very much the opposite. If you value your information, chances are, someone else does, too.

Yours Digitally,
Claudiu Popa