It’s been reported today that the UK security service, MI5 has accused China of bugging and initiating acts of espionage on UK business executives, to obtain sensitive commercial secrets.

The story, from a leaked MI5 document says that undercover intelligence officers from China’s People’s Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of “gifts”. The gifts — such as USB memory sticks and other digital media — have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.

This is yet another example of the use of innocuous-looking devices in an attempt to harvest sensitive or confidential data. The best advice to protect your PC and corporate networks is to use only authorised, secure flash drives, preferably with on-board anti-malware scanning capability, and lock out unauthorised devices. After all, Trojan horses are no longer larger than life and made of wood.

In one of the UK’s biggest public-sector data leaks of 2008, the Home Office lost the details of all of the prisoners in UK jails.  The data was on an unsecured USB flash drive that was lost by contractor PA Consulting, as we’ve discussed on this blog earlier this year.

There’s now been a major new development on this data loss.  According to the Government department’s newly released Resource Accounts for 2008-09 (PDF at link), the USB memory stick contained more than just prisoner data.  It also had UK Police National Computer information, making a total of 377,000 records, 250,000 more than originally reported.

As mentioned previously, after the original data breach, the Home Office terminated its contract with PA Consulting, and carried out “a full review of the system and procedures” that led to the breach. 

This example shows just how serious the fall-out can be from a single lost device.  All the more reason to remove the risk of data loss entirely, by using secure USB flash drives.

One of the largest thefts of credit card details was revealed last week by web services provider Network Solutions, when it disclosed that hackers broke into its servers and stole details of over 573,000 debit and credit card accounts from its customers.

The company discovered in early June that its servers had been hacked into by unknown parties.  The servers provide e-commerce services such as Web site hosting and payment processing to nearly 4,500 small to mid-size online stores.

Worse, the hackers left behind malicious code, which allowed them to intercept financial information from people who made purchases at the online stores hosted on those servers from March to June 09.

While we often focus on data losses and leaks through lost or stolen portable storage devices, it’s a useful reminder that there are other attack vectors too.

Torbay Care Trust, an integrated community health and adult social care organisation in the South West of England, has chosen our Cruzer Enterprise secure USB flash drives to help protect mobile data stored on the drives from unauthorized access.

The organisation has purchased and rolled out 1000 Cruzer Enterprise flash drives. The drives will be issued to and used by all staff members, in particular those employees working remotely or transferring data between sites.
 
“We decided to deploy an encrypted USB solution across the Trust as data security breaches have become a national concern,” said Sue Fankhauser, IT buyer for Torbay Care Trust. “Our IT department felt that it was necessary to employ a best-practice solution to protect data against any potential threats and to reassure the public that patient data is secured. After evaluating numerous encrypted flash drives, we chose the Cruzer Enterprise flash drive because it met all of our security requirements.
 
“We also asked SanDisk to send us the USBs without any unnecessary packaging - which they were more than happy to do. As well as being environmentally friendly, this produced no waste at our end, helping to support our eco-friendly policies.”
 
Recent data security breaches within other Government organisations have led to calls for greater data security with transportable media devices, such as data sticks, and by deploying the SanDisk drive, Torbay Care Trust feels it is setting the standard for others to follow.

Fraudsters are offering details of 21 million German bank accounts for $15 million, according to a recent investigative report.

 Reporters for German magazine WirtschaftsWoche (Economic Week) managed to obtain a CD containing 1.2 million accounts after a face-to-face meeting with criminals in a Hamburg hotel. 

 The bank details were apparently stolen to order for the criminal gang by call centre employees, and smuggled out on personal USB flash drives - a situation that can be controlled with the right USB security in place.

With the right USB security policies, USB encryption, and management software in place, this type of activity could have been identified early, as the software keeps a log of files copied to and from all USB drives. 

 This in-depth audit trail would help to quickly detect the source of these data leaks, so that appropriate action can be taken.

 You’ll already know that the UK has led the world this year in high-profile data losses and leaks, especially from Government departments and their contractors. 

 These losses, from stolen laptops, unsecured USB flash drives and more, are neatly summarised here, and serve as a reminder of how easy it is for a data leak to happen.

 The leak that grabbed my attention was the loss of the details of all 84,000 prisoners in the UK on a USB flash drive.  The data was unencrypted - a large oversight, given the nature and sensitivity of the data.

 It could have been so easily avoided using a secure USB flash drive.  And would have given the organisation a ‘get out of jail free’ card in the event of the drive being mislaid.