[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 9 June, 2004, 07:53 GMT 08:53 UK
Hard drive secrets sold cheaply
Man getting into car leaving pda on roof
Losing a mobile device is easily done
A hard drive containing sensitive information on one of Europe's largest financial services groups has been purchased on an internet auction site for just a fiver.

The hard drive was bought as part of research into what happens to lost or stolen laptops.

It contained information including pension plans, dates of birth and home addresses of customers.

The research was conducted by security firm Pointsec Mobile Technologies.

Easily read

The hard drive in question was purchased on eBay. As well as customer information, it contained personnel details such as payroll records and login codes for the secure intranet site.

Security needs to be put on all mobile devices by IT departments
Access control and encryption should be mandatory
Set up a mobile use policy
Use hard-disk encryption
If exposed, it could have had serious consequences in terms of customer confidence as well as affecting the share price and legal position of the company.

In total Pointsec purchased 100 hard drives and laptops on internet auction sites to find out how easy it would be for criminals and opportunists to get their hands on valuable company information.

Seven out of 10 hard drives could be read easily despite being supposedly wiped clean.

PowerPoint presentations

Pointsec also investigated the life-cycle of a lost laptop. It found that PCs lost at airports or handed into the police were routinely resold with all the information still on them if they were not reclaimed within 3 months.

At one of the auctions used by the lost property department at Gatwick Airport, researchers were able to access information on one in three laptops using simple password recovery software.

Hard drive of computer
Something as simple as a hard disk drive password can deter the opportunist
Tony Neate, National Hi-Tech Crime Unit
On one machine researchers found 15 Microsoft PowerPoint presentations containing sensitive information on a well-known food manufacturer.

They also accessed customer and company information and private photographs.

"Our research has found just how easy it is to purchase second-hand or lost laptops at public auctions as well as hard drives over the internet and easily access the information on them," said Peter Larsson, chief executive of Pointsec.

"There are dozens of websites which offer password cracking software or recoverable software which criminals, hackers and opportunists use when they want to break into laptops or websites," he added.

Pointsec has been contacted by companies which have been targeted by criminals threatening to go public with information gleaned from stolen or lost laptops.

"Security measures are vital to ensure that security is not compromised. Something as simple as a hard disk drive password can deter the opportunist," said Tony Neate, Technical Industry Liaison at the UK National Hi-Tech Crime Unit.

Pickpockets turn to technology
17 Nov 03  |  Technology
Laptops stolen from MTV awards
11 Nov 03  |  Scotland
Government laptops 'not secure'
15 Sep 03  |  Technology
Safer computing versus convenience
15 Aug 03  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific