in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

BBC's Modern Sherlock Holmes Adaptation Teaches Data Security Lessons

I finally got to watch the last episode of the first season of the new Sherlock Homes series by the BBC.  What does this have to do with data encryption like AlertBoot endpoint security?  Everything.

Episode 3, The Great Game, is a mishmash of classic Sherlock Holmes stories.  Right off the bat I recognized "The Adventure of the Bruce-Partington Plans."  Its combination with "The Naval Treaty" did not come as surprise because as a child I used to get those two stories confused.  And, of course, the words "five" and "pips" instantly recalled to mind "The Five Orange Pips."

However, what really caught my attention was the portion of the drama that was partly based on Doyle's "The Adventure of the Bruce-Partington Plans."  It's not really the story that roused my interest per se.  Instead, what awakened my brain from its pre-planned stupor (is there any other way to watch TV?) was the fact that top secret plans were saved to a USB flash disk.  That's pretty pathetic.

Art Imitating Life?

In the episode, Andrew West is found lying on train tracks, dead.  Supposedly, his USB flash drive, which contained the Bruce-Partington Program for some type of missile defense system, is missing!

This already kicks my brain into overdrive.  What?  You've got this super-important defense system and a person's carrying it around in a USB memory stick?

This is problematic.  Was the thing at least protected with strong encryption software?  (The answer is appears to be "no".)

Furthermore, there is footage that shows how Mr. West went to a bar with this super-secret missile defense system plans, got drunk, and waved the USB key around and showed it off.  Jeepers, what kind of former MI6 agent is this, dropping state secrets after a couple of pints?  Maybe that's why he's formerly of MI6....

On the other hand, this is not the first time such things have happened.  And I'm talking about real life, not some cockamamie made-up story.

There is this story, where a USB flashdrive was lost at a pub, affecting over 26,000 people.

Then there is this other story where 12 million residents were affected when a USB key was found in a parking lot.  The parking lot of a pub.

How about this story where a military laptop is left in a pub by a drunk sailor (with a military rank of captain no less).

Not all such stories have a sad ending.  In this story, an Army laptop is stolen at a burger joint.  Thankfully, the thing was protected with disk encryption software (like any portable devices with sensitive information ought to be).  Maybe non-pub visitors have a better grasp of data security?

What Not to Do

There are a number of lessons that can be gleaned from this Sherlock Holmes episode.  First off, don't go to a place of inebriation with your work, especially if said work happens to be classified top secret.

Second, do not walk around with state secrets.  Especially stored in a USB drive.  If you must, at least ensure that the thing is encrypted.  Certainly, the likes of a Dr. Moriarty would find ways to get around it (the sand-bag decryption method is always a popular way of doing an end-run on strong disk encryption).  Then again, that's why the first sentence to this paragraph recommends not walking around with state secrets.

Third, if possible, keep the number of people who can access data low.  According to the story, West was involved with the project in a minor capacity.  If that's the case, why is he allowed to walk around with secrets in a USB drive?

Disk Encryption Works.  But There Are Limits

Let us assume that the West's device had been protected with USB memory stick encryption.  Would it be in the interest of the government to find and retrieve the the device?  Or can they just say "meh, it was encrypted.  Let it go", or would someone have to get involved?  In other words, would Holmes and Watson get to proclaim that the game's afoot?

The answer is yes.  Although encryption is virtually impossible to break if proper care is taken (whether it was or wasn't in West's case is another line of questioning that I won't go into for the moment), it should be noted that there are certain ways to get around such impregnable data fortresses.

For example, threaten someone's life: your password or else.  Threaten West.  If he cares not for his own, then his fiancee's.  Most people have a breaking point.

Then there is the sand-bagging decryption process.  That's when you repeatedly hit someone over the head with a sand bag until they can't take the abuse no more and spit out the password.  Obviously other forms of torture would work as well.

Considering that it was unknown how West had ended up next to the railway with his head bashed in, wouldn't it be a real fear that someone had used the sand bag method?  Just because encryption was used doesn't mean Holmes and Watson wouldn't need to work on the case.

Astute readers might ask, "well, what was your haranguing about strong encryption all about?"

The point is that there are many ways you can have a data breach other than Professor Moriarty and his goons coming after you.  You could, for example, lose it at a bar or a McDonald's.  Heck, your idiot of a brother-in-law-to-be could steal it from you.

If you deal with sensitive information, make sure it's protected.  Use encryption.  If you carry around sensitive information definitely make sure it's encrypted.

 
<Previous Next>

More X-Rays Stolen: Good Samaritan Hospital Has Data Breach

Medical Laptop Encryption Software: 16,800 Fairview, North Memorial Patients Affected By Laptop Theft (Updated)

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.