Tag Archives: USB

Police suffer data loss after USB drive discovery

A portable USB storage device containing data relating to police officers has been discovered abandoned on the street and has led to serious questions being raised over how such a significant data loss was made possible.

Current reports suggest that over 2000 pages of data which is considered to be top secret were contained on the USB drive. It was allegedly only meant to be accessible to high ranking officers, but this restriction was scuppered after it was found on the pavement close to a station house in Greater Manchester.

The exterior of the USB drive was emblazoned with a logo identifying it as property of the Greater Manchester Police service and amongst the data it contained were details relating to police tactics and strategies when dealing with attacks from petrol bombs and acid, as used by riot officers. On top of this it is claimed that the names, ranks and divisions of many officers were also listed in documents contained within the USB drive.

A 34 year old man, who has asked to remain anonymous, discovered the portable storage device and told the Daily Star Sunday, that it could easily have been exploited by terrorists.

The unnamed individual speculated that a senior officer must have lost the USB device and said that malicious groups could have targeted officers based on their speciality, as outlined in the data.

Also amongst the data, according to the man who found the device, were detailed technical drawings which show how riot police are trained to control crowds. This intimate knowledge of police tactics would be seriously damaging in the wrong hands.

Security expert Terry Greer-King said that this latest data loss scandal shows that many groups are continuing to use unsecure portable storage devices, despite the fact that, by doing so, they leave themselves completely open to exploitation.

Mr Greer-King is one of the many industry insiders who call for blanket encryption of all portable storage devices, to ensure that, even if they are lost, the data which they contain remains inaccessible.

Young MI6 employee incarcerated over data espionage

A 25 year old IT worker from London has been sentenced to a prison term after he was found guilty of attempting to sell data of national importance to foreign security services.

Daniel Houghton worked for MI6 and earned an annual wage of 23,000 by writing software programs for the agency, but he sought more than a million pounds from the Dutch secret service, when he offered to sell them the private details of thousands of MI6 workers.

Mr Houghton used a USB storage drive to steal data relating to over 7000 individuals and then brokered a deal with the foreign buyers, which was eventually reported to total 900,000.

MI6 was alerted to the deal’s arrangement by the Dutch authorities, as they initially assumed that Mr Houghton was bluffing. However, his calls were bugged and the details of the bungled exchange were discovered, resulting in his immediate arrest after he switched the USB device for a suitcase full of cash back in March.

Defence lawyer David Perry said that Mr Houghton had not carried out this act to deliberately put members of MI6 in danger and asserted in a statement published by the BBC, that there were no ideological motivations behind the security breach.

Perry explained that Mr Houghton was simply inexperienced, young and socially inept to the point of being seen as a distant figure even by colleagues. Mr Houghton was allegedly pressured into committing this theft by internal voices dictating his actions, according to Perry.

Mr Houghton was handed a 12 month custodial sentence by Judge Justice Bean last week, but he has already been freed under probationary care, because he has been held for a long period in the run up to the trial, therefore fulfilling the terms of the sentence.

Judge Bean said that there was potential for huge amounts of damage to have been done by the leaked data had it been intercepted or purchased by malicious forces. He concluded that the act was perpetrated by an odd individual.

MI6 has not commented on the level of security with which internal data is protected, or whether the use of USB devices by staff is allowed under its policies.

US military announces biggest ever data loss

Malicious software on a USB memory stick is being blamed for the most significant loss of data ever to have been recorded by the US military.

US secretary of defence William Lynn said that a foreign agent was able to hack into a laptop using malware which was installed from a USB stick and he admitted that it was now being seen as the most severe security breach in US military history.

Mr. Lynn said that the data loss occurred two years ago when an individual who was essentially an international spy gained access to a laptop left unattended at an undisclosed location in the Middle East, circumventing the security of the military network using hacking malware installed on the PC via USB storage.

He described the nightmarish scenario that faced IT managers after it was discovered that malware had infected secure systems, giving third parties access to vast volumes of top secret data relating to ongoing operations from around the world.

The event sent shockwaves throughout the armed forces. Mr. Lynn added that it was a useful demonstration as to the inadequacies of certain security policies and had resulted in the formulation of new practices which should offer better protection against future data loss.

Operation Buckshot Yankee was launched to counteract the effects of the malware and it took a stand against all forms of USB storage, outlawing the use of flash memory drives as a result of the attack.

Mr. Lynn would not be drawn as to whether data had been lost as a result of the infection, let alone volumes and types if indeed such loss had occurred.

Industry analyst John Kindervag has predicted that the US military’s propensity to blame the use of USB memory sticks rather than operative incompetence will result in many others following suit and removing flash memory from circulation.

Nearly seven million individual devices across tens of thousands of networks are harnessed by the Department of Defense in the US and it takes a team of 90,000 staff across the globe to keep everything in check, according to Mr. Lynn.

MoD announces increase in data security and encryption

The Ministry of Defence (MoD), which was recently the subject of a data loss scandal involving the loss or theft of 340 laptops over a two year period, has said that it will be significantly improving the levels of security to which it subjects its data and portable devices.

A spokesperson for the MoD said that the department was aware that data loss and theft could have a negative impact on its reputation and agreed that the level of concern was growing in line with the threat posed by criminals and simple human error.

Of the 340 laptops which went off the radar between 2008 and 2010, more than 50 per cent were completely unencrypted, leading to severe criticism over the highly accessible nature of the data stored on them.

MoD permanent Secretary Sir Bill Jeffrey said that encryption levels amongst the current stock of laptops operated by the department were around 70 per cent, which is an increase of some 30 per cent compared to last year.

Sir Bill indicated that the MoD had begun to enforce a policy banning the use of unencrypted devices for the storage and transportation of data, together with an initiative to improve the manner in which the department deals with data across the board.

USB storage devices will be encrypted to allow data to be transported securely, which Sir Bill says will hopefully limit the number of incidents of data loss, in addition to increasing the sense of responsibility of employees who are tasked with using the data in their daily activities.

Training schemes introduced by the MoD to raise awareness amongst staff have been completed by 92 per cent of its employees, according to Sir Bill and this has resulted in a reduction of more than 50 per cent in the number of laptops that were lost over the past 12 months. He was keen to point out that this smaller number of lost devices were also far more likely to have been encrypted, thanks to the new policy.

Experts warn of threat posed by employee file transfer usage

Data security experts have highlighted a potential risk facing businesses that comes in the form of employees using third party file transfer services with which they have a personal account, in order to transfer data with colleagues and clients.

Accellion’s Paula Skokowski told Infosecurity magazine that businesses are being left in the dark as a result of this issue, unable to check up on what files are being transferred and how employees are using internal data.

Skokowski said that businesses would need to change attitudes and policies in order to combat the potential problems that could arise as a result of unmonitored file transfer services used by individuals.

She pointed out that there was little media coverage of this issue and said that although it is roughly in the arena of providing employees with the freedom to harness technology as they see fit, it can hardly be seen as safe practice in a business environment where data loss can be a serious problem.

Skokowski points out that the high profile data loss incidents are actually turning businesses onto the idea of using secure file transfers, but while integrating such services into a centralised system is sensible, the independent use of third party services by individual employees cannot be seen in the same light.

The use of portable storage devices, such as USB drives and optical media, is seen to be coming to an end within the business sector, although Skokowski believes that the uptake of secure file transfer services is still in its early stages.

Cloud platforms which allow flexible working environments and simple tools for sharing sensitive data are seen to be the way forward, with improvements to both security and user-friendliness and a lesser impact on email use for file transfer, which can overburden servers as the data load increases.

Experts believe that transferring files digitally can be much more secure and convenient than any traditional method, but there is concern that improper use of the tools will lead to further data loss and security breaches.

Most fail to encrypt USB memory sticks, survey finds

A new study has discovered that the majority of those working with USB sticks in order to transfer and store data do not properly secure these portable devices using encryption.

The study was not carried out over a general, mixed discipline selection of employees, but rather it focused specifically on IT security professionals, which makes the findings all the more troubling according to some.

Credant Technologies polled 277 professionals and discovered that 89 per cent of respondents did not regularly employ measures as simple as basic password protection when using USB sticks.

Respondents said that in 67 per cent of cases they were transporting business secrets relating to intellectual property on unsecured USB drives, with customer data being inadequately protected in 40 per cent of cases and personal information relating to employees making up the smallest proportion, with just 26 per cent transporting it on USB sticks.

A total of 52 per cent said that there was no form of encryption on the USB sticks used regularly by themselves and their co-workers, suggesting that there is still a great deal of complacency in relation to data loss, even amongst those professionals who are specifically tasked with managing this sensitive area.

Credant Technologies’ Sean Glynn believes that there needs to be greater awareness as to the risks associated with unencrypted portable storage devices, particularly since it is relatively inexpensive to ensure that data is properly protected when transported in portable form.

USB data security expert Anders Pettersson said that it would be relatively easy to convince IT professionals to adopt a more secure approach to data storage, but that getting the message across to those who are less technically proficient in different departments of a business could be where the real challenge lies.

Mr Pettersson believes that some IT security professionals are concerned about the potential backlash they could face if they alter current policy and create a safer working environment with widespread USB encryption, or even alternative methods of data transfer. However, he also indicated that there was a general move towards improved security measures and total encryption which is positive for the future.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal