Secure USB Drive

In one of the UK’s biggest public-sector data leaks of 2008, the Home Office lost the details of all of the prisoners in UK jails.  The data was on an unsecured USB flash drive that was lost by contractor PA Consulting, as we’ve discussed on this blog earlier this year.

There’s now been a major new development on this data loss.  According to the Government department’s newly released Resource Accounts for 2008-09 (PDF at link), the USB memory stick contained more than just prisoner data.  It also had UK Police National Computer information, making a total of 377,000 records, 250,000 more than originally reported.

As mentioned previously, after the original data breach, the Home Office terminated its contract with PA Consulting, and carried out “a full review of the system and procedures” that led to the breach. 

This example shows just how serious the fall-out can be from a single lost device.  All the more reason to remove the risk of data loss entirely, by using secure USB flash drives.

One of the basic rules of IT security is, as soon as an application or platform becomes popular, criminals are going to target it for malicious purposes.  FaceBook is no exception:  it’s recently been hit with a several rogue applications that try to lure users to phishing sites.

The apps themselves look innocuous, but if installed on a user’s account can set off a chain of events designed to lure friends to phishing sites.  If a friend tries to access the app, it phishes for their username and password, which is then stored and forwarded to the gang behind the app. 

So if you’re using FaceBook, be careful about apps forwarded to you by friends:  they may not have intended to send it to you, and it may not be friendly.  And if the app behaves suspiciously, asking you for additional details such as your username or password, then it probably is suspect.

Our Cruzer Enterprise secure USB flash drives have been further enhanced to meet the needs of government employees.  The drives have been independently tested to be waterproof under Military Standard 810-F, and the user interface has been reconfigured for better accessibility for visually-impaired users. 

The drives are certified as waterproof when immersed or in rainy conditions.

The drives are also suitable for use by the visually impaired under the requirements of Section 508 of the Rehabilitation Act of 1973, which requires federal agencies to make IT accessible to people with disabilities.  The drives’ user interface is compatible with assistive technologies such as screen reader software that recreates the Cruzer Enterprise’s GUI through text-to-speech representation or via a Braille output device.

Of course, Cruzer Enterprise drives feature industry-leading cryptographic modules and encryption algorithms, and are fully compliant with Trade Agreements Act (TAA) requirements, qualifying them under the strictest federal guidelines.  They are also the only secure USB drives listed for Common Criteria certification.

The Marine’s Hymn, the official song of the US Marine Corp, includes the lines:  “In the snow of far-off Northern lands, and in sunny tropic scenes; you will find us always on the job, the United States Marines.”

But right now, you will not find a US Marine on FaceBook, Twitter or other social networking sites.  The US Marine Corps has banned with immediate effect the use of these sites from its networks, because of the opportunities that they present for hackers to exploit careless use and vulnerabilities.

Of course, there is also the risk of soldiers inadvertantly giving out classified or sensitive information, and the use of these applications as a platform for malware.

It’s not known if the ban is a temporary measure until network security measures change.  But it means that homesick Marines will have to rely on more traditional methods of communication with loved ones – like the phone, or email.

At the recent Black Hat security conference in Las Vegas, anti-malware researchers spent a lot of time discussing the Conficker botnet worm, as you might expect following one of the largest-scale infections ever seen.

It was apparent that although business seems to be forgetting about it, Conficker still represents a major threat.  Over 5.5 million infected PCs are still out there, with most of the infections in Brazil, China and Vietnam.  The problem is, no-one really knows what kind of threat, or how that threat will be realised. 

More detail was given on how the worm spreads via unsecured USB flash drives.  Conficker’s code is able to trigger an autorun on Windows, even when a user might have had autorun disabled for USB media.  Conficker’s code actually tricks the user by getting Windows to show the icon for ‘open folder’, getting the user to actually run and execute the code.

As we’ve mentioned before, secure USB flash drives with onboard anti-malware can stop the spread of Conficker via this vector.  But the infection is still widespread – so ensure your systems are disinfected, patched and updated before the sleeping giant wakes up.

The UK Government’s data protection watchdog has recently criticised another health organisation for two incidences of data loss in early 2008, one of which involved the loss of an unencrypted USB flash drive. 

While this can seem negative, it’s an example of how attitudes to data security in the UK public sector are changing.  As a result of the Government’s data watchdog’s vigilance and willingness of organisations that have suffered losses to change, the English National Health Service is one of the most advanced in successfully rolling out DLP systems, including mandatory hardware-encrypted USB drives.

An excellent example of how this can be done is given by NHS Dumfries and Galloway, which earlier this year deployed 1100 SanDisk Cruzer Enterprise secure flash drives to protect confidential patient data.

An interesting point was that NHS Dumfries & Galloway didn’t just hand the secure drives to users:  they held an amnesty so that staff could bring in old USB pen drives containing confidential information for orderly disposal.

The organisation arranged distribution days where they travelled to its various different office locations to give out the new drives.  This helped to ensure that all staff knew about the amnesty, and had a chance to familiarise themselves with the organisation’s updated polices – an example of good practice for anyone planning a similar roll-out.

One of the largest thefts of credit card details was revealed last week by web services provider Network Solutions, when it disclosed that hackers broke into its servers and stole details of over 573,000 debit and credit card accounts from its customers.

The company discovered in early June that its servers had been hacked into by unknown parties.  The servers provide e-commerce services such as Web site hosting and payment processing to nearly 4,500 small to mid-size online stores.

Worse, the hackers left behind malicious code, which allowed them to intercept financial information from people who made purchases at the online stores hosted on those servers from March to June 09.

While we often focus on data losses and leaks through lost or stolen portable storage devices, it’s a useful reminder that there are other attack vectors too.

Our anti-virus partner McAfee has released its Q2 Threats Report (PDF at link), and like the company’s Q1 report from earlier this year, it is sobering reading. 

The report says that spam volumes have increased by 140% since March, driven by major growth in botnet activity.  14 million new computers became parts of botnets in Q2 (that’s more than 150,000 per day), an increase of 16% over the previous quarter.

McAfee also reported growth in password-stealing Trojans, which is more proof that making money from illegal activity on the Internet is now a focus for criminal gangs.

The company also reported a surge in so-called Auto-Run malware, which exploits Windows’ Auto-Run capabilities and is most commonly spread via USB and portable devices.  As you’ll know, our Cruzer Enterprise with onboard McAfee AV can prevent the spread of malware via this vector, helping to protect corporate networks against this fast-emerging threat.