From: Stefan Wahe (smwahewisc.edu)
Date: Tue Jan 27 2009 - 12:40:42 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

First, I did not mean to call anyone's name out in responding to the
previous email.

I think Chris's point is the most relevant in the fact you have to
remember this is a news article. It does not cover all the details of
the police investigation, the technical controls that might have or
not have been installed on the laptop nor a description of the type of
person who may have stolen the laptop in the first place.

My frustration stems from the issue that people steal laptops for many
reasons. The thief may want to steal the computer to resell it. An
employee may take the laptop because they are upset with their
employer. The perpetrator may actually want to steal the laptop to
harvest the information on it. There are probably several iterations
on these themes. If you look at the type of data that was reportedly
stored on the laptop, where the laptop was stolen from (a conference
room used for interview in a low traffic area of a government
building), and where the laptop was found you may be able to deduce
that the laptop was not stolen for the purpose to harvest data for the
purpose of identity theft related fraud. The person who is
technically savvy enough to break the password, know how to use the
tools to copy the drive without leaving a trail and have have access
to those tools is probably the type of person who is looking for
something a lot larger then a laptop sitting in a conference room
where they have no idea what may or may not be on that drive.

Additionally, in Madison, we have had an increase of similar thefts
related to many types of electronic equipment such as projectors and
network hardware. These thefts are similar in nature to the City of
Madison example in the sense that they were a crime of opportunity. A
door left open without anyone around.

My job as an IT Security Officer is to protect the information that is
managed in my department. What I want to caution against is sounding
needless alarms that detract from the efforts to protect where the
real jewels are located. I have staff working to install full disk
encryption on laptops and desktops. However, my real concern is the
developer who can implement code with a back door that allows someone
to get more than a spreadsheet off a laptop if that laptop contains
sensitive data. It's not the laptop that keeps me up at night, it is
the thoughts of malicious code, SQL injections, man in the middle
attacks etc...

I hope that the City of Madison does a better job securing their
equipment. But it is the training of the staff who administer and use
the systems that need the training and awareness of how to keep this
data off the laptops in the first-place.

Stefan

_________________________________
Stefan Wahe
University of Wisconsin - Madison
Interim Manager
DoIT Applications and Information Security
smwahewisc.edu

On Jan 27, 2009, at 10:09 AM, Chris Walsh wrote:

> The general point, which has been made many times on this list, is
> that it is not possible -- even with the greatest of forensic skills
> -- to make a technical determination that the information was not
> accessed. It just cannot be done, period. Ironically, if it were
> not possible to copy the data in a manner that didn't alter the
> disk, the police themselves would be unable to gather evidence,
> since by the very act of doing so they would be changing it!
>
> Now, this may be sloppy reporting, and certainly the laws of physics
> apply to the police, so this is in no way a criticism of them. It's
> just the way it is. Had the report said "Based on the circumstances
> of the case, their knowledge of local crime patterns, and results of
> forensic examination of the laptop, police are nearly certain the
> data was not accessed following the theft", I think there would be
> much less questioning. Such press reports are rare, unfortunately.
>
> On Tue, Jan 27, 2009 at 8:37 AM, Stefan Wahe <smwahewisc.edu> wrote:
> Living in Madison and working in IT Security, I do know that Madison
> Police Department has a unit that conducts IT forensics on
> electronic devices. They have the appropriate staff, resources and
> training to make such determinations. Additionally they have state
> and university resources at their availability with more than
> adequate training and experience in IT forensics. I am aware of
> this because I have had the opportunity to observe and work with
> them on other IT Security related issues.
>
> _______________________________________________
> Dataloss Mailing List (datalossdatalossdb.org)
>
> Tenable Network Security offers data leakage and compliance monitoring
> solutions for large and small networks. Scan your network and
> monitor your
> traffic to find the data needing protection before it leaks out!
> http://www.tenablesecurity.com/products/compliance.shtml

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]