in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Hard Disk Encryption: WikiLeaks has Bank Of America Executive's Hard Drive?

After embarrassing the US government, it looks like WikiLeaks may be looking to turn its sights on the corporate world.  Media concerns around the world are speculating that Bank of America might next on WikiLeaks's list, seeing how WikiLeaks founder Assange had announced that a large bank would be the next target and the fact that, last year, Assange had admitted in passing to be "sitting on 5GB from Bank of America."  Laptop encryption software anyone?

We Have BofA Executive Hard Drive

Apparently, the Bank of America heard the rumors as well.  Per cnbc.com:

"More than a year ago WikiLeaks claimed to have the computer hard drive of a Bank of America executive. Aside from the claims themselves, we have no evidence that supports this assertion."

This claim, from a year ago, was also quoted by cnbc.com:

"At the moment, for example, we are sitting on 5GB from Bank of America, one of the executive's hard drives," [Assange] said. "Now how do we present that? It's a difficult problem. We could just dump it all into one giant Zip file, but we know for a fact that has limited impact. To have impact, it needs to be easy for people to dive in and search it and get something out of it." [my emphasis]

Maybe I'm reading too much into it, but it sounds like WikiLeaks has in their possession an entire hard drive belonging to a BOA executive.  This raises a number of questions:

  • Was encryption software like AlertBoot endpoint security used to protect the drive?  If not, why not?
  • If encryption was used, how did WikiLeaks manage to get past it?
  • What kind of hard drive has only 5 GB of capacity?
  • Does WikiLeaks mean they have a BOA executive's hard drive, and that it contains 5GB of sensitive material?

Full Disk Encryption - Would It Have Been Useful?

As this, and other, incidents show, the use of disk data encryption is recommend if you're carrying significant amounts of sensitive data, be it in your laptop, backup tape, external hard drive, or other type of data storage medium.

For the most part, the use of cryptography helps organizations from experiencing a data breach, which is just a stepping stone to the real fallout of an information security incident: fines, legal action, letters of apology, consumer revolt, loss of competitive advantages, etc.

For the most part, though.

For example, when it comes to WikiLeaks, we have to assume that, encryption or not, the whistle-blowing site has access to the data.  I mean, it's a site dedicated to whistle blowers.  A whistle blower is generally an insider.  Insiders who blow the whistle tend to step forward with evidence in hand.  Hence, assuming it was a BOA executive that submitted the evidence, one would assume that any passcodes to the (presumably) encrypted data would also be revealed to WikeLeaks as well.

Encryption cannot help you if an insider with access is involved--period.

And yet, I'd have preferred that the hard drive mentioned above had been encrypted.  Not knowing how it made its way into WikiLeaks, there is always the possibility that someone other than an insider turned in the hard drive.  Plus, there are other ways, besides having your data published on WikiLeaks, that a data breach can negatively affect a company.

(Ultimately, it's kind of like having a door for your house.  Even if you live in a safe area, nobody makes a point of not having a door.  I mean, you've got to keep the stray cats out, for starters.)


Related Articles and Sites:
http://www.cnbc.com/id/40437169/Bank_of_America_May_Be_Wikileak_s_Next_Target

 
<Previous Next>

Data Encryption Software: If So Good At Protecting Data, How To Account For Wikileak?

Disk Encryption For All Photocopiers? Possibly In NJ

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.