- The Washington Times - Monday, July 3, 2006

It’s entirely possible, says computer security specialist Paul Henry, that thieves got access to data on a laptop that was stolen May 3 from the Montgomery County home of a Veterans Affairs Department employee and later recovered.

Here’s what might have happened, said Mr. Henry, a senior vice president of Secure Computing Corp., who is based in Ocala, Fla.:

The thieves could have hooked up the hard drive to a Linux machine or other system and made a bit-by-bit image — a digital “photocopy” — of the data, without the trouble of copying specific files from the hard drive, something that would have shown up as part of the disk’s mandatory access control (MAC) time records, the times of latest modification, access and change of status or creation of a file.

“The statement that the data had not been accessed on the [hard disk] from the recovered stolen laptop is a very ‘convenient’ [one],” Mr. Henry said Friday.

“There are multiple ways to create an image of the HD without modifying a single bit on it; further, there is freely downloadable software that can modify the MAC times for a file such that it appears not to have been accessed even though it had been. … It is a trivial matter to have copied and accessed this data without leaving a trace.”

Though there is no way to know whether the thief or thieves have done this, my chat with Mr. Henry revealed a bunch of ways the bad guys can try to get away with sensitive data. Yes, the pros know about most of them, but with so many notebook computers around out there — not to mention older computers and their less than perfectly erased hard disks available secondhand or at scrap prices — there’s more than enough reason to worry.

The portability of laptop computers is one factor: What’s easy for us to carry to work is also easy for a thief to steal. Many notebooks offer easily removed hard disks; almost every notebook has a universal serial bus, or USB, port.

“We have enough trouble alone with the fact that laptops automatically come with multiple USB ports,” Mr. Henry said. “While it may be convenient, it’s also an inherently insecure way for a malicious person to gain access to that information.” His answer: Information-technology managers either can password-protect or disable the USB ports by reprogramming the portable’s basic input output system, or BIOS, chip.

Some Krazy Glue in a USB port — carefully applied — also might be a good idea.

If there’s “any corporate intellectual property, health care records or personal data” on a notebook, it should be encrypted. Forget about Pretty Good Privacy, or PGP as it’s known. Use the full-disk encryption found in Microsoft Windows Vista, due later this year. PointSec, a Windows full-disk encryption program, is another good choice, Mr. Henry said.

Looking for illicit “keys” to unlock major software programs such as Microsoft Word, or downloading “free” music and other programs, can leave a computer open to “malware” such as keystroke loggers, which are great for figuring out network destinations, IDs and passwords.

Mr. Henry’s firm sells software to protect corporate systems, not laptops. But his advice seems very sound, and may let you sleep more easily. More on physical laptop security next week.

Read Mark Kellner’s Technology blog, updated daily on The Washington Times’ Web site, at https://www.washingtontimes.com/blogs.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide