Laptops spill out their secrets easily

Laptops containing sensitive financial details and all manner of corporate secrets are being snapped up at auctions for a pittance, a security firm has revealed.

    At least a password is necessary to secure hard disk

    Stockholm-based Pointsec Mobile Technologies on Wednesday said it bought 100 laptop computers from a host of Internet and public auctions over the past two months.


    The exercise intended to demonstrate that the scores of lost or stolen laptops that wind up at auction every day have hard drives with little or no security, giving identity thieves and fraudsters easy access to lucrative data.


    What it did not expect to find was a cache of corporate laptops too that were as easy to crack as grandma's PC.


    In all, the firm's technicians were able to pull sensitive details from 70 of the 100 machines it bought.


    Vulnerable hard disk


    In one case, it obtained a particularly vulnerable hard disk drive from online auction site eBay that apparently once belonged to one of Europe's largest insurance companies.


    On the hard disk drive were current details of customers' pension plans, payroll records, personnel details, login codes and administration passwords for the company's Intranet site.


    Home addresses, telephone numbers and dates of birth of customers

    were also listed in 77 Microsoft Excel files, the company said.


    "Encryption and other security measures are vital to ensure that security is not compromised"

    Tony Neate,
    National Hi-Tech Crime Squad,

    "Even when companies or individuals believe they have wiped the hard drive clean, it is blatantly clear how easy it is to retrieve sensitive information from them," said Pointsec CEO Peter Larsson.


    Companies usually go to the trouble of wiping a computer hard drive of any sensitive details before discarding them, but even that is not foolproof, Larsson said.


    A bigger problem is laptops lost on the train or the airport, which are often auctioned to the public if the owners don't claim them.


    From laptops it acquired at an auction from Britain's Gatwick Airport, Pointsec used generic password recovery software - many free varieties are on the Internet - to access information on one in three of them.




    It scored a similar rate of success from laptops acquired at auctions in the United States, Germany and Sweden.


    In Sweden, the first laptop Pointsec bought at auction contained information about a large food manufacturer and its customers, plus a PowerPoint presentation about a product line.


    "Pointsec's research demonstrates just how easy it is to access information which is not adequately protected," said Tony Neate of Britain's National Hi-Tech Crime Squad.


    "Encryption and other security measures are vital to ensure that security is not compromised - something as simple as a hard disk drive password can deter the opportunist."

    SOURCE: Reuters


    Senegal's village of women

    Senegal's village of women

    Women in northeast Senegal are using solar-powered irrigation to farm food and halt the encroaching desert.

    Inside Baltimore's human trafficking industry

    Inside Baltimore's human trafficking industry

    Survivors of sex trafficking and those who investigate it in the city share their stories.

    A tale of two isolations

    A tale of two isolations

    More than 1,000km apart, a filmmaker and the subject of his film contend with the methods and meanings of solitude.