Australian public servants have lost or stolen more than $500,000 (about $475,000 US) in computer equipment since January 2006 and October 2009. It looks like full disk encryption was not employed on these machines.
Of all the governmental branches, the Department of Primary Industries suffered the most in losses. Energy and Resources Minister Peter Batchelor had this to say, according to theage.com.au: Mr Batchelor said in his response it was possible that some of the laptops had sensitive information on them but the computers were password-protected, meaning it was unlikely the information was accessed or compromised. That is the wrong assessment, of course. Password-protection doesn't really do much for data security. It does a little, but not very much.
Of all the governmental branches, the Department of Primary Industries suffered the most in losses. Energy and Resources Minister Peter Batchelor had this to say, according to theage.com.au:
Mr Batchelor said in his response it was possible that some of the laptops had sensitive information on them but the computers were password-protected, meaning it was unlikely the information was accessed or compromised.
That is the wrong assessment, of course.
Password-protection doesn't really do much for data security. It does a little, but not very much.
The problem with password-protection is that it cannot stand up to people who really want to steal data. And, the method for bypassing password-protection is an open subject, easily found when you Google it. The methods are myriad: you can slave the drive of a password-protected computer to another computer under your control; use a free Linux CD; download free software expressly created for bypassing the password-prompt; etc. I've covered other stories regarding password-protection in the past. My most recent one on why password protection fails at protecting data. Could the Minister have misspoken? Perhaps he didn't mean password-protection, but that the computers' contents were encrypted? If so, it means a world of difference. Encryption is what protects you when you do on-line banking. Encryption is what prompted the Indian and Saudi Arabian governments to threaten BlackBerry service halts in their respective countries; same goes for Skype. Encryption is also what's used by the military, worldwide, to protect their communications from foes, spies, and allies, too. It's easy to see how one could mistake encryption software with password-protection: they look the same on the computer screen. You type in a username and password, and you're in! Under the hood, however, these two are very different machines: one has an engine and the other is Fred Flintstone using his feet.
The problem with password-protection is that it cannot stand up to people who really want to steal data. And, the method for bypassing password-protection is an open subject, easily found when you Google it. The methods are myriad: you can slave the drive of a password-protected computer to another computer under your control; use a free Linux CD; download free software expressly created for bypassing the password-prompt; etc.
I've covered other stories regarding password-protection in the past. My most recent one on why password protection fails at protecting data.
Could the Minister have misspoken? Perhaps he didn't mean password-protection, but that the computers' contents were encrypted? If so, it means a world of difference.
Encryption is what protects you when you do on-line banking. Encryption is what prompted the Indian and Saudi Arabian governments to threaten BlackBerry service halts in their respective countries; same goes for Skype. Encryption is also what's used by the military, worldwide, to protect their communications from foes, spies, and allies, too.
It's easy to see how one could mistake encryption software with password-protection: they look the same on the computer screen. You type in a username and password, and you're in! Under the hood, however, these two are very different machines: one has an engine and the other is Fred Flintstone using his feet.
Related Articles and Sites:http://www.theage.com.au/victoria/case-of-the-missing-laptops-hits-500000-20100914-15axj.html