OHIO COMPUTER STOLEN FROM DEMOCRATIC PARTY HEADQUARTERS- toledoblade.com -: "Article published Friday, July 1, 2005
* New * Computer stolen from Democratic Party headquarters in Columbus
BLADE STAFF
COLUMBUS Someone broke into the Ohio Democratic Party headquarters earlier this week and stole a computer and Blackberry belonging to party chairman Denny White.
A police report says the burglary occurred between 9 p.m. June 27 and 9 a.m. June 28.
The police report says one or more people apparently climbed up a wall to a second-story window that was not locked. The party headquarters is located at 271 East State St., which is three blocks from the Statehouse.
The items belonging to Mr. White were a Dell computer valued at $800, a flat-screen monitor valued at $250, and a $250 Blackberry.
A Columbus Police Department evidence technician responded, processed the scene, and lifted several prints of value."
Visit www.barracudasecurity.com
Legend
Friday, July 01, 2005
ARKANSAS COMPUTER THIEF CAUGHTNWAnews.com :: Northwest Arkansas' News SourceArrest made for Hiwasse business burglary
By Tracy M. Neal Staff Writer tracyn@nwanews.com
Posted on Friday, July 1, 2005
Email this story | Printer-friendly version
BENTONVILLE — Authorities were able to recover items stolen in early June from a Hiwasse business, according to Doug Gay, public information deputy for the Benton County Sheriff’s Office.
Jeffrey Michael McGrail, 30, was arrested Thursday after a large bag belonging to Mc-Grail that contained stolen computer equipment from the business was discovered in McGrail’s neighbor’s home, Gay said. Gay said Mc-Grail had a key and access to the residence.
McGrail had worked for the Hiwasse business, Gay said.
The neighbor came home earlier than expected and discovered the bag containing two laptop computers, a Fuji digital camera, a flatscreen monitor, a pair of computer speakers, an optical mouse, a wireless desktop receiver, several A/C adapters and peripheral cords.
The neighbor contacted Centerton police, who checked records and discovered the BCSO was working a case involving the equipment, Gay said.
Richard Wells, a BCSO investigator, interviewed Mc-Grail. Additional equipment was recovered from McGrail’s new place of employment, Gay said.
McGrail was arrested on charges of commercial burglary and theft of property, both class B felonies. He was also arrested on a contemptof-court warrant. He was released from custody on $2,500 bond.
US TAKING CONTROL OF YOUR INFORMATION SYSTEMS ASSETSMicrosoft Certified Professional Magazine Online | Feature Article: Take Control of Your SecurityTake Control of Your Security
Here are five things you can do right now— this minute—that will increase security on your networks.
by Roberta Bragg
We know what we need to do to secure our information systems, but we just don’t do it. Oh, I know we don’t have all the answers. I know there’s always a way that someone can break into a system. But we do have most of the answers. We know how to prevent most attacks from being successful. But instead of systematically hardening the operating system; instead of physically securing systems; instead of instilling a culture of security that includes everyone—yes, I mean everyone—in the business of security; instead of doing these things, we run around patching systems and screaming about the latest vulnerability that evil Microsoft has blessed us with. Then, when we lose data and have to report to the citizens of California that their credit card data was stolen, we blame someone else.
Stop. Look. Listen!
Stop. Stop right now. You’re either blindly reacting, or you’re paralyzed into inaction. Stop reacting; stop sitting on the fence; start acting. Take control of information security. Note that I said information security—computers are one small part of that. You need a comprehensive plan that secures information wherever it resides—on the mainframe, on the Linux Web server, in the Active Directory, on a PDA, in or available through smart phones and in the hearts and minds of employees, contractors, partners and customers of your organization.
Here’s the simple idea to change your reactive model of information security to a more proactive one: “Hardened systems are secure systems.” By hardened, we mean locked down, secured and stripped of inessentials. By systems, we mean computers, networks and people. How do you do this? Write the policy. Engage management in the discussion. Dig out the reference works that tell you how to secure whatever it is you have to secure and get busy. If you have to, harden one computer at a time. Harden one concept at a time. Harden one user at a time.
Above all, mount your hardening, securing campaign in at least two directions: a) The big picture, and b) The intimate reality of your day-to-day work. Much of the cultural change needed won’t come swiftly or easily. It requires planning and commitment. It requires evangelists and disciples, leaders and doers, talkers and strong, silent types. Making security as easy and as pervasive as breathing won’t happen overnight. But you can effect significant changes in the security posture and actual security status of your networks right now by doing things under your control. Here are five things you can do right now—this minute—that will increase security on your networks.
1. Create a Stronger Password Policy
I know that this may be something that organization-wide, you can’t do alone. However, you can, and do, have the authority to change the logical password policy. This means the technical control of changes at the domain level may not be possible right away, but you can, depending on your authority, demand stronger passwords and password management by members of your own staff, by those with local accounts on servers and, if nothing else, by yourself.
There’s no reason you can’t impose policy-based restrictions on IT administrators or anyone who requires special access to servers. They include those who do backups or have admin privileges on a server in order to administer a database or other server application. Think of the damage that an attacker could do by obtaining these administrative passwords. At the very least, change yours, right now!
2. Lock Down Remote Administration
You may need to access a server remotely to administer it, but that doesn’t mean you should allow that access to others. Where possible, use IPSec or other protected communications. You can also use IPsec to block access to ports required by your remote administrative programs, and then allow administrative access to the ports by allowing access from designated administrative workstations. In many cases, only a few accounts need any access at all to a specific computer over the network; lock the rest out. Also, just because the sheer number of managed computers may require remote administration, it doesn’t mean all servers must be managed that way. Require that computers with sensitive roles or data be administered from the console only, and enforce that by preventing administrative accounts from accessing the computer across the network.
3. Lock Down Administrative Workstations
Designate certain workstations as administrative workstations and harden them. How much? Just as hard as you can. Start by putting them in a secured area, reinstalling the operating system and adding the latest service pack and security patches (do this off the network). Use IPSec or a personal firewall to control egress and ingress (what goes in and out) and use software restriction policies to prevent the use of non-approved software. Use the workstations for administration only; no playing Solitaire, no e-mail.
4. Physically Secure All Systems
Begin with your own. Ask yourself these questions: Do you use a cable lock for your laptop when moving around with them, even in your own building? When you travel, do you leave it unlocked in the hotel room? What data is on the hard drive? Remember that with most laptops, the hard drive can be removed even if the computer is cable locked. Data is what the attacker wants anyway.
What about your PDA? What’s on it that would be damaging if lost? If your computer is a desktop, who can physically access it? Can it be stolen? The hard drive removed? Don't make it easy for theives; why would an attacker bother crafting code to break into your systems when all he or she has to do is steal them? Why penetrate your network defenses when she can walk by and insert a CD-ROM with malignant code on it—or use her USB data-storing wristwatch to steal data?
Keep servers locked up. Remove CD-ROMS and floppies from computers in public areas. Provide traveling laptop users with cable locks. Make sure those with access to the data center don’t allow others in. Don’t prop open doors. Don’t allow tailgating—the process where someone follows an authorized person into the data center. Teach security guards to look for contraband. (Even those picture-taking phones should be considered unacceptable in many organizations.)
Take More Control
Take Control of Your Network
http://mcpmag.com/features/article.asp?
editorialsid=390
Take Control of Your Users
http://mcpmag.com/features/article.asp?
editorialsid=392
Take Control of Your Vendors
http://mcpmag.com/features/article.asp?
editorialsid=393
Take Control of Your Career
http://mcpmag.com/features/article.asp?
editorialsid=394
5. Learn To Shut Your Mouth
It’s not rude to refuse to talk about issues that might compromise security. It’s a good practice. It’s one thing to share a security-hardening tip or to alert someone to a bad practice that can be corrected, and another thing to reveal your own systems’ security weaknesses by talking about them to others. I know you would never intentionally do this, but I see on a daily basis information that could be used to successfully attack other networks. You must become aware of what it is you’re telling people or publishing sensitive information to your Web servers where any one can find it by Googling on a few key words. Think of the security of your information systems as if you were protecting your family or your country. Don’t let your complaint, need to impress people with your knowledge or request for help made to a public list reveal more than it should.
Hardening networks isn’t a simple chore, nor is it one that can be done overnight. There are things you can do; I’ve given you some of them. There are many guides to securing systems. The key is to start right now. Remember: Hardened systems are secure systems.
This article is adapted from the upcoming book Hardening Windows Systems, by Roberta Bragg, part of a new information security series, the “Hardening Series” (Osborne McGraw-Hill).
Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems. You can contact Roberta about "Take Control of Your Security" at Roberta.Bragg@mcpmag.com.
FLORIDA COMPUTER STOLEN FROM BUSINESSNaples Daily News: Bonitanews: "A computer valued at $1,500 was reported stolen Wednesday from Publix, 3306 Bonita Beach Road, Bonita Springs"
OHIO COMPUTER EQUIPMENT STOLEN FROM OFFICEcantonrep.com
About $4,800 worth of computer equipment and tools were stolen Saturday from an office in the 2000 block of Harsh Avenue SE, according to a police report.
Thursday, June 30, 2005
NEW YORK SENATE TO PASS FOUR IDENTITY THEFT BILLSFrom the Desk of Senator Kemp HannonFrom the Desk of Senator Kemp Hannon
Hannon: Senate to Act on Four Identity Theft Bills
Senator Kemp Hannon announced the New York State Senate is expected to give final legislative passage to legislation that would help protect consumers from fraud and identity theft by requiring businesses and state agencies whose computer security is breached to notify individuals whose private information was stolen. The bill is one of four bills the Senate will act on that address the escalating problem of identity theft.
"Just last week we learned that 40 million credit card holders are at risk of fraud and identity theft because their private information was stolen by data thieves," Senator Hannon said. "Right now there is nothing in state law that requires consumers to be notified if their private information has been stolen as a result of a security breach. This bill would ensure that New Yorkers receive quick notification so they can protect themselves from being further victimized."
It was reported recently that 40 million Visa, Mastercard and other credit card accounts were exposed to a risk of fraud after data thieves stole records from CardSystems Solutions, a firm that provides information services to the credit card companies.
As computers become more a part of people's daily lives, people increasingly transact business over the Internet. This increases, or in many cases necessitates, businesses placing sensitive personal or private financial information on computers, which are accessible through the Internet. As the amount of personal and financial information accessible via the Internet increases, these computers become increasingly attractive targets of computer hackers seeking to obtain information needed to commit fraud and identity theft.
The case of ChoicePoint, provider of identification and credential verification services in California, exemplifies both the existence of this problem and the usefulness of a state law such as the one proposed in this bill. Identity thieves posing as legitimate businesses obtained access to consumers' personal information maintained on ChoicePoint's computer system and stole the personal information of 145,000 people.
Under the provisions of this bill (S.3492A), businesses must notify customers that their private information was stolen, as soon as possible, once the breach is discovered. This bill strikes a balance between the interests of consumers and the needs and abilities of businesses by permitting businesses to use a variety of means to contact their customers of security breaches.
The legislation requires businesses to provide notice in writing or by telephone. However, because timeliness is of great importance in these cases, and because many people prefer to receive electronic communications over written notices, this bill also allows businesses to send an electronic notice. However, federal law requires consumers to consent to receiving required notices in electronic form for all manner of commerce within their jurisdiction. This bill would also require the customers' express consent to electronic notice.
In the event that the breach exceeds 500,000 names or $250,000 in notification costs, the business may notify the news media, post notification on its website and e-mail the customers.
Government agencies may also be the target of computer hackers seeking personal or financial information. This bill imposes the same notification requirements on state agencies as it does on business.
While the majority of companies can be expected to follow the law, this legislation also calls for appropriate penalties to ensure compliance from businesses that might otherwise fail to comply. Court imposed civil fines would begin at $5,000 and could reach $10 per person who did not receive the requisite notice, with a maximum of a $150,000 fine.
Compared to the cost of notification and potential negative publicity that may or may not follow the announcement of a security breach, these fines should be sufficient to secure compliance. In addition, under this bill, the attorney general would be authorized to bring an action on behalf of victims for a violation of the provisions of this measure.
The Senate will also act on a bill (S.5178) that would mandate the proper disposal or destruction of records containing private information in order to help address the growing problem of identity theft.
"The identity thefts that result from activities such as dumpster diving have a very real economic effect," Senator Hannon said. "The Federal Trade Commission reported that there were approximately 9.9 million victims of identity theft in 2002, costing consumers and businesses $53 billion."
The Senate will also act on bills that would expand and clarify the crimes of identity theft as well as strengthen penalties in the following ways: increase the penalty for identity theft in the first degree from a Class D to a C felony; expand the period between prior convictions of identity theft from five to 10 years; expand the list of unlawfully possessed personal identification information for identity theft in the second degree; and decrease the number of such items possessed from 250 pieces to a more reasonable 10 pieces.
The Senate will also act on legislation (S.5406) that would prohibit employers from putting Social Security numbers on checks, drafts or vouchers issued to employees.
"Under this new legislation, paychecks can display no more than the last four digits of an employee's Social Security number," Senator Hannon said. "This preventative measure has been used extensively in credit and debit card transactions with almost all receipts today displaying only the last four digits of a cardholder's number."
Senator Hannon pointed out that colleges across the United States are doing away with the outdated practice of using Social Security numbers for student identification. Currently 18-29-year-olds are the most subjected demographic to identity theft. "Colleges across the United States have seen the risk of their practices and have responded accordingly. Employers unfortunately have not taken the same initiative. Other states, such as California and Texas, have already passed similar legislation," he added.
The bill would require any medical business, tax preparation business or other business person to properly dispose of records containing personal information through one of the following means: shredding, destruction, modification or other reasonable action to ensure that no unauthorized person will have access to the personal information.
Wednesday, June 29, 2005
SCOTLAND COMPUTERS STOLEN FROM SMALL BUSINESSScotsman.com News - Scotland - Edinburgh - Work is stolen as burglars ransack flatWork is stolen as burglars ransack flat
LINDA SUMMERHAYES
A COUPLE who had £20,000 worth of work stolen when their home was ransacked have offered a reward for information leading to its safe return.
Freelance photographer Janeanne Gilchrist was out enjoying the sunshine over the weekend when thieves used a crowbar to force their way into the couple’s basement flat.
Once inside, the criminals stole computers and electronic equipment worth £8000, which held contract work Miss Gilchrist had been working on for the last three months.
Her partner, graphic designer Will Beeslaar, 28, also had files stored on the computers, and Miss Gilchrist believes that the self-employed pair lost work worth a total of £20,000 in Sunday’s raid.
There were also personal items on the computer such as a memoir she was writing about her father who died recently in Spain. "Our studio was totally ransacked," she said. "They ripped everything out of the cupboards and made a total mess of the place.
"The work we have lost is irreplaceable and has left us devastated. It’s no use to anyone else but, for us, it’s vital we get it back."
The couple said they are prepared to pay up to £1000 for any information leading to the return of their possessions. One neighbour has told the couple he saw someone acting suspiciously in the area at around 2pm.
When they returned to their Easter Road flat, they discovered their studio had been wrecked and there was paperwork strewn all over the floor.
Among the items thieves took were Miss Gilchrist’s Olympus digital camera and lenses, her i-Pod and all its accessories and her G4 Powerbook computer. They also took a range of cables, including the telephone lead so the couple were left unable to use the house phone.
"It all seems very deliberate and the things they took, they took intentionally.
"It does seem as if someone has cased the premises, which I don’t want to think too much about," said Miss Gilchrist.
But it is the files on the equipment that Miss Gilchrist, 34, is keen to have returned as they related to work the couple had been contracted to do by a range of clients.
Miss Gilchrist was in the midst of a photographic project for the Scottish Arts Council which she had planned to submit in the next few weeks.
A police spokeswoman said today: "This is a serious theft which has affected a small business.
"We would like to appeal to anyone who might have seen anything suspicious or who might have been sold this computer equipment to please come forward and contact police."
ISRAEL COMPUTER CONTAINING HIGHLY SENSITIVE INTELLIGENCE INFORMATION STOLEN FROM ARMY BASEYnetnews - News - 'We are speaking about peoples lives''We are speaking about peoples lives'
IDF computer disappears, highly classified information could damage security interests
By Hanan Greenberg
TEL AVIV - Serious screw up: An IDF computer containing highly sensitive intelligence information has mysteriously disappeared from an army base in central Israel, Ynet has learned.
The army has opened an investigation into the incident, headed by a senior officer, but there are no clues as of yet.
"This is a very worrying development," said IDF officials close to the investigation. "It is inconceivable that a computer with such sensitive
information, and is supposed to be carefully protected, just disappears."
Few details about the case have been released, but it is clear tough winds have been blowing in the army since the incident occurred. No less than three channels of investigation have been created to probe the incident, including a security inquest to include representatives of the different security agencies; an internal army investigation from the unit in question, and an investigation by military police.
Disappeared in April
The incident began in April, when the computer, which serves as a server to receive intelligence information on an army network, was moved from its home base. The computer was held by a unit at an training base, but disappeared after a few days.
"There have been incidents like this in the past, when computers have been lost or stolen from army bases or officers, but this is not a private computer belonging to this or that officer. It belongs to an entire department, and it contains very serious information," said one officer. "If some of this information falls into enemy hands, the damage would be immeasurable."
Officers questioned
The source said the unacceptable ease with which the computer disappeared requires tough disciplinary steps against soldiers and officers at the offending base, some of whom have already been questioned as part of the investigation. Others, including senior officers, are due to be questioned soon.
Sources close to the investigation say they will soon be forced to act against some senior officers at the training base for failure to protect the computer, but we are speaking about technical treatment only: "There are senior officers watching the investigation very carefully. It is important to understand just what happened here and only then to deal with those responsible for the failure."
They said, "We estimate we are not speaking about an enemy agent that snuck into the base and stole the computer, but rather a soldier that may not even understand the seriousness of what could happen. We are speaking about peoples lives here."
The sources admitted that despite the various channels of investigation there are currently no clues in the case.
The IDF spokesman confirmed the details, and said the results of the investigation would be forwarded to the military prosecutor's office.
(06.29.05, 11:51)
ARIZONA ARREST DROPPED IN CASE OF COMPUTER THEFT AT UNIVERSITY OF ARIZONA Arizona Daily Wildcat - Charges dropped against suspect in McKale burglary - Wednesday, June 29, 2005Charges dropped against suspect in McKale burglary
By Holly Wells
Arizona Daily Wildcat
Wednesday, June 29, 2005
Print this
Charges were recently dropped against a woman thought to be connected with the theft of computers, sporting equipment and autographed UA memorabilia from the McKale Center last fall.
Charges are still being brought against the woman's two sons, one a former McKale Center employee, and her husband, former associate director of Parking and Transportation Services, for involvement in the burglary.
Clint A. Thomson, 20, was arrested Oct. 29 for burglary after police connected him with items missing from the McKale Center, 1741 E. Enke Drive. The theft was thought to have taken place over the span of a year.
Police began investigating Thomson after the owner of a computer repair shop contacted them to report a suspicious person who dropped off a computer.
Thomson told the owner of the shop he had purchased five computers for $1,000, but did not have a receipt, reports stated.
Thomson, who had been employed at the McKale center, his father Gary L. Thomson, associate director for PTS, his younger brother Colin Thomson, and his mother were later indicted.
Sergeant Eugene Mejia, UAPD spokesman, said Clint Thomson's immediate family was charged because the stolen items were all found in the family's home.
A search warrant found items in Clint Thomson's bedroom, his brother's bedroom, a spare bedroom and the garage, reports stated.
"The fact that there were so many stolen items at the home led us to conclude that no reasonable person could believe that the items were not stolen or somehow gotten illegally," Mejia said.
At the time of the search, Gary Thomson told police he had noticed a few things, but said he never suspected any wrong-doing, reports stated.
Items discovered included five computers, 20 pairs of Nike shoes, UA clothing, cameras, a television, sporting equipment, tools, cases of water and soda, coolers, three stadium chairs, autographed memorabilia, three boxes of baseball bats, two boxes of athletic tape, two buckets of baseballs, golf and cheerleader bags, bobble-head dolls and a set of master keys.
Four UAPD vehicles were required to take the stolen items to the station. Since then the items have been returned to the rightful departments, Mejia said. Photographs of the items were placed into evidence.
At the time of arrest, Clint Thomson told police that a supervisor had given the items to him. He later admitted that he had stolen the items and said his younger brother had nothing to do with it, according to reports.
Mejia said at the UA, efforts are made to hire the best person capable for the job. He said it is not a perfect system.
"There may be a person who has never shown any propensity for theft and then when they're exposed to expensive items they fall prey to temptations," he said.
Mejia said items were found at Thomson's home that were not even known to have been missing.
"The items were taken from locked areas where no one would know they were gone - there was no regular inventory," he said.
UK THE FUTURE OF ENTERPISE DATA BACK-UP AND RECOVERYThe future of enterprise data back-up and recoveryA new approach is required to protect business critical data often stored outside the reach of conventional enterprise back-up mechanisms.
By Charles Harmer.
One of the greatest challenges facing IT professionals is effectively protecting business critical information, particularly the growing amount of data stored on distributed desktops, remote and laptop computers.
Most storage management and backup software products lack the critical features required for the complete protection of all information stored on these machines. Specifically, users need comprehensive recovery tools to help them easily find and restore lost data and quickly bring idle computers back to full operation.
A new approach to data storage management and protection is essential. The ideal solution should allow quick and easy recovery from any type of information loss, including simple user errors, failed software installations, hardware failures and lost or stolen laptops. It should also address local storage on desktops and laptops as well as distributed server storage.
Data at risk
In many businesses, critical data is stored on desktop and laptop computers outside the reach of most enterprise storage management software products. This data is at significant risk. Many IT departments encourage users to save critical data to available network servers under the control of enterprise software. This policy, in most cases, is not successful, since users store data locally, especially mobile users who are seldom connected to a network.
There are many ways that users can corrupt or lose information, including inadvertent file deletion, inadvertent file overwrites, new software installs, lost or stolen computers, hardware failures, virus or hacker attacks and natural disasters. The cost of restoring the lost information or restoring a computer to operation after a hardware or software failure is high due to the costs of technical support and lost employee productivity.
One of the primary reasons organisations do not perform frequent backups is that traditional storage management software runs over the network and can negatively impact network performance. As a result, many companies can only perform backups during off hours. However, this approach is also flawed because it exposes data to loss. A storage management solution that minimises network loading enables companies to perform backups as needed during the day.
Protection for all information types
The ideal storage management solution should back up files and information automatically and in real time. In addition, organisations need a storage management and data protection solution that enables them to cope with rapidly increasing storage volumes and the increased complexity of desktop and laptop computers.
There are two main types of information stored on laptops and desktops:
* Recoverable information - this is information that can be recovered through reinstallation if it's lost. This includes operating system or application software.
* Unrecoverable information - this is information that cannot easily be recreated, such as documents, presentations or spreadsheets.
A storage management solution should address the protection of recoverable as well as unrecoverable information. The need to protect unrecoverable data is obvious — unless this data is protected, it must be manually recreated if it is lost. As for recoverable data, although it may be recoverable through reinstallation, the process can be extremely time-consuming and costly. To reinstall an updated application, users must install the application plus all the updates. In addition, all preferences and options need to be reset to their exact state prior to the loss.
Real-time client backup
A real-time client backup solution can fulfil today's storage management needs. Real-time backup operates automatically as changes are made. It does not rely on a schedule, since data loss does not occur on a schedule. Increasingly, the most valuable information is mission-critical, meaning it has just been created or is being continually modified for the task at hand. Easy-to-use recovery tools are also critically important to bring back lost files and systems. These tools should include:
* Self-serve file recovery - the ability to recover from simple file loss without IT assistance.
* Fast system restores - the ability to have all files quickly restored to a previous functioning or uncorrupt state.
* Bare-metal disaster recovery - the ability to have entire systems and settings easily rebuilt after a disaster strikes or when the system is lost or stolen.
If users are to embrace client backup, the backup process must be transparent. Users must be able to continue to work with little or no interruption. There must be protection while the computer is disconnected from the network, and there must be automatic storage management synchronisation when the computer is reconnected to the network. New or changed data should be replicated immediately to the disk drive whenever a file is saved or closed.
Furthermore, the solution should automatically protect files that typically remain open, such as e-mail databases. Replicating all non-temporary data to a storage device that is physically separate from the machine can protect this valuable data. This is typically done through mirroring to a backup storage device such as a network server. This enables the user to quickly recover the lost data by simply accessing the redundant storage.
Ideal characteristics
The solution should also provide a versioning capability. That is, it should allow users to roll files back to a particular previous version. This allows them to recover from inadvertent changes made to the files. The solution should employ data compression and eliminate redundancies and temporary data in the backup data repository.
To qualify as a true enterprise solution, a storage management system must be able to scale across the entire enterprise. This means it must be able to handle multiple servers spread across wide geographical areas. The solution should further leverage technologies such as clustering and load balancing to support hundreds or even thousands of client computers. It also must support various network infrastructures and firewall configurations.
Network administration and management represent a major component of the total cost of network ownership. The administrator should be able to install, configure and administer storage management client software from a central location without travelling to each client site.
Meeting the challenge
Storage is growing at an accelerating rate, and data is becoming more valuable. In addition, desktop and laptop software is growing in complexity and size. As a result, storage is becoming much harder to manage and protect.
Therein lies the challenge for IT professionals: ensuring the effective management and protection of increasingly valuable data and software automatically and in real time, including data on desktop and laptop computers. The ideal storage management solution must address all data in real time, deliver continuous rather than periodic protection of all data and provide comprehensive, easy-to-use data and disaster recovery tools.
Charles Harmer is sales manager, SpectrumITech. SpectrumITech is exhibiting at Storage Expo the UK's largest event dedicated to data storage. Now in its 5th year, the show features a comprehensive free education programme, and over 90 exhibitors at the National Hall, Olympia, London from 12th – 13th October 2005 www.storage-expo.com
Tuesday, June 28, 2005
CALIFORNIA THEFT RING BROKENSix Arrested for Alleged Involvement in Manteca Theft RingManteca police have arrested six suspects and recovered a substantial amount of stolen property in what authorities say appears to be an active fencing ring.
The arrests followed the theft of a computer and vehicle belonging to an Internal Revenue Service employee. The woman, who has not been identified, put up a $250 reward for the return of the computer. A man identified as Scott Hamilton reportedly called her and arranged to meet her to return the computer. The woman informed the Manteca Police Department and officers also showed up at the meeting. Hamilton was arrested on a stolen property charge.
According to investigators. Hamilton told them where other stolen merchandise could be found. On Saturday, police went to a home in central Manteca and found a stash of tools, a motorcycle, a bicycle and an auto diagnostic machine belonging to the Manteca Unified School District. Four individuals were arrested on outstanding warrant and drug charges. "Several different subjects had been stealing, going to the homeowner for money, or drugs, or other property", said police spokesperson Richard Smigelski.
The homeowner, Richard Carter, was arrested on suspicion of receiving stolen property and tampering with property serial numbers.
Police say theft victims should contact the department and be able to show proof of property ownership. They warn that might be difficult because serial numbers on much of merchandise was scratched off.
VANCOUVER ABSOLUTE SOFTWARE REPORTS RECENT SUCCESSES IN EDUCATIONAL MARKETPLACE Absolute Software Reports Recent Successes in Educational MarketplaceAbsolute Software Reports Recent Successes in Educational Marketplace
Tuesday June 28, 12:58 pm ET
Company Helps Schools Protect Against Computer Theft and Recover Stolen Assets
VANCOUVER, June 28 /PRNewswire-FirstCall/ - Absolute Software, the leading provider of patented Computer Theft Recovery and Secure Asset Tracking(TM) solutions, announced today recent successes in helping IT departments manage and secure PC assets at several K-12 and collegiate institutions, including Boise State University (Idaho), Bryant University (Rhode Island), Charlotte ISD (Texas) and Selwyn House School (Quebec).
Laptop learning programs are expanding throughout North America, raising new security challenges for IT administrators - challenges that can be addressed with Absolute's solutions. Absolute's Computrace technology enables users to track up to 100 percent of their computer population - including where they are, who is using them and what is on them - all from one single point of control. In the event a computer is stolen, Absolute guarantees the recovery of the computer, and can remotely delete sensitive data from the stolen computer when data privacy is a concern. If the computer is not recovered within 60 days, the customer may be eligible for a Recovery Guarantee payment of up to $1,000(x). In addition, Absolute provides customers with a cost-effective solution for tracking computer location, providing computer hardware/software inventories, managing lease returns and enabling software title tracking and license compliance.
"Laptops and other computer assets have become an integral part of today's learning process, but they have also become a target for theft and misuse," said John Livingston, Chairman and CEO of Absolute Software. "As a result, the education market has emerged as a significant market segment for Absolute and a key contributor to our sales growth this fiscal year. We are committed to protecting the business and personal interests of faculty, staff and students of both schools and universities, and our recent successes demonstrate the value proposition that our products can deliver to educational institutions of all sizes."
The following are recent successes that Absolute Software has achieved in the education market:
- Boise State University - Managing Unauthorized Computer Content
The school was prepared to execute an innovative laptop loaner
program, but faced the daunting task of ensuring that the equipment
would not go missing and would remain structurally intact. By
installing Computrace, the Boise State IT team was able to prevent
computer theft, monitor the illegal installation of programs and
quickly remove unauthorized content. This proactive approach has
helped ensure the longevity and success of the laptop loaner program.
- Bryant University - Recovering Stolen Laptops
A small private university in Smithfield, Rhode Island, outfitted all
its incoming freshman with new notebooks that could be used for
school or personal use. Within the first year of the program, 30 of
the 750 laptops were reported stolen, with a zero rate of recovery.
In response, Bryant implemented Computrace and by the second year of
the program, the University had dramatic results - out of the 1,500
laptops distributed, only 10 have been reported stolen and eight of
them have been recovered to date.
- Charlotte ISD - Protecting Technology Immersion Project (TIP)
Computer Investment
A small independent school district in Charlotte, Texas, Charlotte
ISD initiated a program that would provide all students and staff
with laptop computers. The project, which received funding from the
Texas Education Agency's elite Technology Immersion Project (TIP),
was protected with the installation of Absolute's Computrace. Within
a few months, two computers went missing from the school's inventory.
The investment in Absolute quickly paid off and the computers were
located within two weeks.
- Selwyn House School - Reducing Laptop Theft
A private all-boys school in Westmount, Quebec, Selwyn House School
contracted Absolute Software's Computrace after losing 18 of its 22
laptop-program computers to theft. Since the installation, the
school has reduced its computer theft issues, and has successfully
expanded its program to 350 laptop computers.
In addition to these recent successes, Absolute's Computrace was recently selected in Media & Methods Magazine 2005 Awards Portfolio as a leading technology product and service that contributes to excellence in K-12 schools. Additionally, Absolute has helped a number of other schools across North America track and manage their computing assets, including: Flint Community School District (Michigan), DeSoto ISD (Texas), Episcopal High (Texas) and Newton County Day School (Massachusetts) to name a few.
The Recovery Guarantee is subject to terms and conditions. Please see www.absolute.com/pdf/EULA.pdf for details.
For more information on Absolute's success in Education, please visit http://www.absolute.com/public/education/PC-security.asp
About Absolute
Absolute® Software (TSX VEN: ABT) is the leader in Computer Theft Recovery and Secure Asset Tracking(TM) with more than 350,000 subscriptions under management. Absolute's uniquely patented Computrace® technology is optimized for remote and mobile users. Absolute Software provides organizations with simple and cost effective solutions to help track their computing assets, deter computer loss, and reduce incurred liability costs. Absolute Software has a history of delivering first-to-market technology innovations along with a recovery guarantee making it one of the most reliable asset tracking and recovery solutions in the market today. The company also has partnerships with global leaders, including, Dell, IBM, HP, Toshiba, Gateway, Phoenix Technologies, and Apple.
UK COMPUTERS STOLEN FROM OFFICECEN News : Newmarket : Man denies stealing IT equipmentMan denies stealing IT equipment
COMPUTER equipment was stolen from a busy office - and sold on an internet auction site, a court heard.
Dean Wickers is alleged to have made about £1,500 by selling items belonging to his employer.
The 25-year-old denies stealing cable management systems and deskmounted flat-screen monitor arms, worth about £2,000, from Workspace Office Solutions, of Hamlet Green, Haverhill.
Hugh Vass, prosecuting, told Ipswich Crown Court Wickers was selling the items on eBay under the name Spike 05. But he said Wickers, of Old Rope Walk, Haverhill, was discovered when area manager Shane Baker went on the internet and found them for sale.
Mr Vass said: "He had made something like £1,500 off the items he had taken. He said they were rubbish which was going to be thrown out."
Jurors heard Wickers had previously asked permission to take scrap plywood, but the monitor arms were in wrapping.
Mr Vass said: "Surely he would have asked a member of staff."
He said the full value of the stolen computer equipment was about £2,000.
He said Wickers had advertised it on eBay as "brand new" and made about £1,500 from the sales.
Mr Vass said: "If you are describing them like that in eBay, they must be in a fairly good condition or you would not be able to make that claim."
Mr Vass said Wickers had a previous conviction for theft from an employer in 1997, when he was 17.
Giving evidence, Wickers said the items were damaged and he cleaned them up before advertising them on the internet side. He said the items were in an area designated for the skip which is why he believed them to be abandoned.
The trial continues
US DATA SECURITY ENFORCEMENTMoving ahead with data security | InfoWorld | Column | 2005-06-23 | By Mario ApicellaMoving ahead with data security
Vendors at all levels begin to focus on storage-specific data protection
Storage Insider, By Mario Apicella
June 23, 2005
How does your company enforce data security? I bet most of your answers will involve procedures based on host applications that have varying degrees of sophistication, depending on how much is at stake with a security breach.
A different question, "Does your company have independent, storage-based data protection measures?" will probably just trigger blank stares, because data protection is mostly entrusted to host-residing applications and, at the moment, there are very few alternatives to that approach.
Host-based data-protection works well (and has for many years) in cohesive environments where servers or mainframes never release their grip on data. Unfortunately, with the growing use of networked storage, cohesive environments are becoming less and less common.
In fact, in many SANs, no single host has a comprehensive view of all LUNs (logical unit numbers), so assigning the proper watchdog often becomes a challenge. Moreover, those LUNs often move from one host to another to allow for, say, maintenance or contingency procedures. Obviously, the host-based security apps (and their licenses) should obediently follow.
To complicate things further, consider that many LUNs are created without host involvement or awareness, perhaps from mirroring applications residing on a storage appliance or on the storage network.
Add all of this up and it's easy to see how immensely complicated the work of the host-bound security administrator really is. It seems obvious that applications residing on a storage network can better protect data residing on that network than applications that reside on a host can.
With that in mind, Symantec's (Profile, Products, Articles) soon-to-be-completed acquisition of Veritas Software (Profile, Products, Articles) sounds like a significant step toward protecting networked storage because it will bring together a strong presence in security applications and an exceptional portfolio of storage applications.
We should see the effects of that deal in the near future, but not everybody agrees with my optimistic outlook, as I learned during a conversation with Danny Milrad, senior product marketing manager at Veritas.
Milrad doesn't mention a specific date or product, but he is sure that the merger with Symantec will generate storage applications that are more security conscious. "I don't understand why people have a hard time grasping that," he says.
Marketing hype? Perhaps, but the recent announcement that Network Appliance will buy Decru is another indication of a renewed sensitivity for data protection in a big storage company. As you may remember from a March 1 post to The Storage Network, Decru (Profile, Products, Articles) offers host-independent, appliance-based encryption for networked storage, supported by a robust authentication system that uses smart cards with varying degrees of authority assigned to each user. To me, the most important aspect of this acquisition deal is that Decru's approach to security -- and to storage-hosted data protection in general -- gets a significant nod of approval from an influential vendor such as NetApp.
Will NetApp transplant Decru security into every storage appliance they sell? I'm reluctant to second-guess a storage company these days, but I'd say that approach would probably be overkill. It's more likely that NetApp will let the ongoing partnership (the two companies have recently pursued several joint projects) take a more committing turn, while still offering add-on security appliances to customers with storage gear from other vendors.
There's yet more built-in data protection blooming in the storage world: A third, and no less important, novelty comes from Seagate, which recently unleashed a cascade of announcements covering (what else?) new disk drives.
There's so much to talk about Seagate's announcement. Among them is the first deployment of disk drives with perpendicular recording, a technology that allows greater density by doing exactly what its name implies: It piles up bits vertically on the recording surface.
Along the lines of security, Seagate is offering a first in data protection: A notebook drive with built-in hardware-based encryption that the company should begin shipping early next year. Mark the name Momentus FDE (full disc encryption), because Seagate is going to secure the data content of this 120GB serial or parallel ATA device with lock and key.
The drive will implement a remarkable shield that will accompany the unit from cradle to grave. In essence, it will provide an OS-independent encryption mechanism to secure its data content in scenarios such as loss or theft.
Obviously FDE will come at a price, but the unprecedented possibility of securing gigabytes of files hosted on mobile devices should be welcome if the possible embarrassment from a stolen or misplaced laptop keeps you awake at night.
I look forward to a not-too-distant future when it won't be news if an FBI agent or a Bank of America consultant can't find his laptop, and when losing or misplacing backup tapes won't be a big deal. The data that matters will be encrypted at the source.
Am I dreaming? I don’t think so. Make data protection easy to implement and everybody will use it. After all, the alternative can be a lot more expensive.
Join me on The Storage Network blog to discuss this and other topics. And starting next week I'm heading off on vacation, so hold your storage excitement in check -- or let it all out on the blog -- until Storage Insider resumes its normal schedule the week of July 18
US SECURITY RISKS ASSOCIATED WITH PORTABLE STORAGE DEVICESHNS - Security Risks Associated With Portable Storage DevicesSecurity Risks Associated With Portable Storage Devices
by Lisa Dozois - Originally published in issue 1 of (IN)SECURE Magazine - Monday, 20 June 2005.
It seems that nearly every new electronic device on the market today comes equipped with data storage and transfer capabilities. From USB sticks to smart phones, MP3 players to hand-held PCs and iPods, the portability of data has reached new levels of simplicity as the prices of these devices continue to fall while storage capacities continue to rise.
There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior's toolbox. The ability to easily transport data between client and company sites, not to mention taking work home for the weekend, make these devices almost irresistible.
Portable storage devices are also handy for making quick backups of important documents and even system registry files. Unlike CD/ROM disks, the stored data can be edited and saved over and over again.
Yes, today's portable personal storage devices have revolutionized the concept of "sneaker net", but are the rewards worth the risks?
These electronic conveniences have created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.
Old Risks and New
Portable data storage devices provide the same functionality as floppy disks, hard drives and CD/ROM and, therefore, are subject to the same virus and spyware risks as their more traditional counterparts. This is a particularly onerous threat for organizations that allow their employees to transfer data between company and home or remote computers.
While most threat-savvy IT departments have complete virus and spyware protection enabled within the enterprise, most organizations have little control over the protection of employees' home computers or computers that employees use at client and vendor sites. With new virus and spyware threats appearing every day, it is entirely possible that the organization's anti-virus and spyware systems may be unaware of the latest threat which has just been introduced by an employee.
Portable storage devices are also subject to your standard day-to-day perils such as mechanical or electronic failure, damage from being dropped or being exposed to harsh environmental conditions or just plain getting lost or stolen. The latter two circumstance create a whole new threat level if sensitive data happens to be stored on the missing device.
The term "Business Intelligence" takes on a new and dark meaning when the stealth capabilities of portable storage devices are factored into the equation.
Corporate spies are more common that you may think they are and it's a relatively simple task for a dishonest employee or visitor to transfer company phone books, customer lists, product and pricing lists or other sensitive and potentially damaging data to their electronic device before leaving for the day. The profit potential for these wayward employees is huge. You don't have to look any further than the recent case of the AOL employee who sold 93 million AOL members' email addresses to spammers for $52,000 and later sold another list for $100,000, to get an idea of what people are willing to pay for the valuable data that your employees have access to every day.
Short of actually conducting body cavity searches at the employee exit, there is no secure way to ensure that illegally obtained valuable data isn't sharing an employee's commute home. Even with body cavity searches, security personnel could never have the time to thoroughly examine every portable electronic device that employees and visitors carry with them onto the premises every day.
Public corporations that are subject to Sarbanes-Oxley (SOX), as well as those who face the data security and storage requirements of HIPAA and the USA Patriot Act, have even more at risk from spies who have access to easily stolen data. These laws provide for heavy fines, possible prison sentences and even the potential loss of the right to continue operating the business in some instances. How can so much trouble come from such small devices?
Multiple threats require multiple solutions
The easiest way to protect against 99% of the unauthorized use of portable storage devices is to disable or otherwise control the USB port since most devices communicate through USB. However, some devices are capable of using FireWire and infrared technology, so security of those ports must be considered as well.
Methods for securing against USB access range from simply removing or disconnecting the port, to installing special software that is designed to control who has access to USB devices and what these devices are able to do when connected.
Disabling USB access on an Enterprise-wide basis might not be a reasonable approach for some organizations, but at least publicly accessible machines such as those in conference rooms, lobbies and other common areas should be protected.
There are security products available which will alert the network administrator when portable devices are connected and removed from any PC in the network. While the average network administrator cannot possibly monitor these alerts 24/7, especially in organizations where there is widespread usage of these storage devices, logged alerts do provide a good starting point for after-the-fact investigations.
If a USB-disabling or monitoring program is going to be used, then IT managers need to ensure that accommodations are made for USB-connected pointing devices, printers and keyboards. This can be done either by using software which specifically recognizes and allows those devices, or by moving these devices to legacy ports.
Some IT managers have taken a "cast a wide net" approach by completely disabling the Windows "Plug and Play" setup options on deployed machines after their initial configuration. This creates additional work for the PC support group when authorized hardware needs to be installed later, but it is effective in controlling what users can and cannot add to their machines.
At the very minimum an organization needs to implement an automatic PC "lock down" policy which ensures that unattended PCs drop into "password required" mode after some defined period of activity. That "defined" period is open to interpretation, but the shorter the period of time, the better.
Beyond the physical "Lock and Key" approach
If organizations that are subject to SOX or other federal requirements must issue portable storage devices to key personnel in order for them to fulfil their job responsibilities, then there are devices which come equipped with internal security protection available such as biometrics identification, secure password schemes and encryption methodologies.
Get it in writing
While a written data security policy won't do much for stopping willful illegal activity, and it won't make any of your users smarter when it comes to installing protection on their home computers, it does give you a leg to stand on when it comes to taking either disciplinary or legal action against violators when warranted.
At a minimum, your portable storage security policy should address these issues:
Define who is permitted to use portable data storage devices and what types of data are permitted to be stored on these devices.
Establish rules for vendors and visitors who want to attach devices during presentations or visits to the organization.
Establish virus and spyware protection standards for employees who use home or off-premise computers.
Establish password and data encryption standards for portable storage devices.
Establish a reporting procedure for notifying a responsible party in the event that a portable data storage device is lost or stolen
ARIZONA ENVIRONMENTAL TECHNOLOGIES DELIVERS INVESTOR UPDATE ON ANTI- DEVICE PROJECT AND DISCUSSES MARKET AWARENESS OF ISSUE Portfolio HomeHeightened Awareness of Data Spurs Interest in EMTI's -Guard(TM)
TUCSON, AZ, Jun 28, 2005 (MARKET WIRE via COMTEX) --
Environmental Technologies International, Inc. (OTC: EMTI) is pleased to announce that it continues to achieve progress towards bringing to commercialization both its -Guard(TM) security device (www.-guard.com) and its hi-tech, AWE indoor environment 'HVAC' system.
RESPONSE TO SHAREHOLDER ENQUIRIES
In response to many shareholder enquires as to the reasons for the upward move in the Company's share price on abnormally high volume recently, we can only attribute this positive activity to perhaps a growing awareness of the progress being achieved by the Company, as well as a general market response to the low price levels reached by the shares in recent months.
DATA
Several high-profile cases of data have dominated news headlines recently, driving home the seriousness of this growing crime and the critical need for individuals to alleviate their personal security concerns by doing all they can to protect their data.
More people than ever now have anti-virus software and firewall software installed, which provides a high level of protection of their pc data from surreptitious cyberspace 'operators.'
However, having data directly from your desktop at the office or in the home, by use of the ubiquitous USB Memory Keys or 'Thumb Drives' continues to represent a very real threat. By using one of these memory devices, someone can download large amounts of valuable information from your desktop in a matter of minutes while you are 'out to lunch' or away from your desk for any reason.
-Guard(TM) Provides The Protection You Need
Essentially, the -Guard(TM) system protects the user's information by rendering the useless whenever the authorized user is away from the machine. A low price and ease-of-use are expected to meet with an enthusiastic reception from the huge and growing -safety market.
In recent weeks, the Company has received numerous enquiries from potential distributors for offshore markets, and the ongoing marketing launch is expected to include several of these. While the product launch has suffered some of the usual delays encountered in such projects, management is confident that meaningful -Guard(TM) sales will be achieved in the foreseeable future.
In compliance with the "safe harbor" provisions of the Private Securities Litigation Reform Act of 1995, EMTI notes that statements contained in this announcement that are not historical facts may be forward-looking statements that are subject to a variety of risks and uncertainties. Accordingly, EMTI wishes to caution readers of this announcement that its future actual results may differ materially from those that any forward-looking statements may imply. There is no assurance the above-described events will be completed. There can be no assurance of the ability of the company to achieve sales goals, obtain contracts or financing, consummate acquisitions or achieve profitability in the future.
Contact: John Hedges 1-520-749-0746 Email: Contact via http://www.marketwire.com/mw/emailprcntct?id=1F35519969506C9C Website: www.emtigroup.com Environmental Technologies International, Inc. 5151 East Broadway, Suite 1600 Tucson, Arizona 85711
SOURCE: Environmental Technologies International, Inc.
http://www.emtigroup.com
OHIO DATA STOLEN FROM LUCAS COUNTY CHILDREN SERVICES- toledoblade.com -Article published Tuesday, June 28, 2005
Lucas County Children Services data stolen
By DAVID PATCH
BLADE STAFF WRITER
About 900 current and former employees of Lucas County Children Services are being advised to watch and protect their commercial credit after information from the agency's personnel database was compiled and e-mailed to an outside computer, executive director Dean Sparks, the agency's executive director, said.
Members of Children Service information services staff discovered the unusual activity on agency computers and "have been working on it for a few days," Mr. Sparks said yesterday.
Lt. Mel Stachura of the Toledo Police Department said an agency employee is the prime suspect. But because of a backlog of work at a state agency, it could be many months before an arrest - or a determination of how widely the stolen data may have spread - is made, he said.
The information compiled and taken includes names, telephone numbers, and Social Security numbers for the agency's 400 current employees and about 500 others who have worked there at one time or another since 1991, Mr. Sparks said.
No information about Children Services clients is believed to have been compromised.
Current employees have been notified by agency e-mail about the situation, and letters are being sent to the former employees, Mr. Sparks said.
The notices urge everyone affected to put their credit records on fraud watch in case someone tries to use their personal data.
Mr. Sparks confirmed that an agency employee is suspected.
"We believe that we know who it was. I'm not prepared to talk about that until the criminal [investigation] is done," he said.
Lieutenant Stachura said the information would be enough for someone to establish fraudulent credit identities, but investigators don't yet know if it was distributed beyond five computers and data media that authorities seized yesterday from an undisclosed location in Monroe County following the serving of a search warrant.
Why the information was taken is "what I'm trying to figure out," the lieutenant said yesterday. One lead being pursued is that some sort of workplace animosity between the prime suspect and agency management is involved, he said.
But because the Toledo police no longer have a computer division, analysis of the seized computers' contents will be turned over to the state Bureau of Criminal Identification and Investigation, and Lieutenant Stachura said he has been told to expect a seven-month turnaround from that agency because of its backlogged caseload.
Local investigators "have a pretty strong case" against the primary suspect, but they need confirmation that the stolen data was found in the suspect's personal computers before they can file charges, the lieutenant said.
The computer analysis is also needed to discover if the information was distributed anywhere from those computers, he said.
The case appears to be a small example of a growing problem: the theft or loss of sensitive personal information stored on computers.
Eleven days ago, MasterCard International reported that a computer security breach at a payment processing company in Arizona exposed up to 40 million credit card accounts to fraud.
On June 6, Citigroup Inc. reported that United Parcel Service Inc. had lost a package containing data tapes for 3.9 million of its consumer finance customers.
Other similar incidents have affected such prominent firms as Bank of America, Wachovia, Time Warner, and data brokers ChoicePoint and LexisNexis.
While some of the breaches have been exposed when authorities identified unusual patterns of activity on compromised credit accounts, there is a growing fear that leaked personal information, such as birth dates and Social Security numbers, could lead to recurring "identity theft" as thieves sell that data to others who may use it to obtain credit cards or loans under faked identities.
Contact David Patch at:
dpatch@theblade.com
or 419-724-6094.
CALIFORNIA COMPUTERS STOLEN FROM SCHOOLSouth High students arrested in school burglarySouth High students arrested in school burglary
Computer theft at Richardson Middle School in Torrance is one of several such incidents on campuses in recent weeks.
By Larry Altman
Daily Breeze
Three South High School students clad in black masks and rubber gloves were arrested early Monday breaking into a Torrance middle school, where they had snatched computers to pile into their car.
Police found 23 pieces of stolen property, including computers, keyboards and DVD equipment stacked outside a Richardson Middle School classroom. The teens had a car parked nearby, Torrance police Lt. Brad Wilson said.
"They also found, in one of their backpacks, five spray cans," Wilson said. "They didn't get the opportunity to do anything with those."
Police officers found the boys, two 16 years old and another 15, when they responded to a burglar alarm at 3:05 a.m. at the campus at 23751 Nancy Lee Lane. An alarm detected motion in the school's technology room.
The teens tried to run when the police arrived, but officers cornered them and took them into custody.
"They snuck up on 'em real good, so they had nowhere to run," Wilson said.
The teens wore black sweatshirts with dark hoods, rags over their mouths and noses, and latex gloves.
They were arrested on suspicion of burglary and taken to Los Padrinos Juvenile Hall in Downey.
The arrests followed a burglary Friday at Seaside Elementary School in Torrance, where officers found a 14-year-old girl and three 13-year-old boys trying to break in to the YMCA child-care center on campus.
A neighbor in the 4600 block of Sharynne Lane heard a loud noise and called police about 7:45 p.m. Friday. The witness saw one of the teens kick open a vent on the bottom of the boys' bathroom and crawl through the opening.
The teens apparently used the restroom, then removed a screen to a classroom, Wilson said.
Officers found the group's bicycles lying on the ground and the four teens inside the school gates. The teens claimed they were riding their bikes around.
One boy admitted he was trying to get into the classroom because he was hungry and knew food was inside the YMCA room, Wilson said.
The teens were arrested on suspicion of burglary and released to their parents.
Torrance schools have been targets of repeated burglaries in recent weeks, but police do not believe any of the latest suspects were involved in them.
On June 8, someone broke into West High School and ransacked lockers overnight.
That same day, someone broke three light fixtures near the Yukon Elementary School cafeteria and tried to enter a classroom.
Over that weekend, burglars also took property from two Richardson classrooms.
And, on May 22, Torrance police arrested three West High School athletes when they were found on the Bert Lynn Middle School campus with a computer and other property stolen from at least three classrooms. The teens also scrawled a swastika and a racial slur against blacks on a classroom wall.
Police did not know if any of the teens arrested over the weekend were involved in the previous crimes.
Wilson said the crimes show that parents need to pay more attention to their children.
"Parents must know where their kids are all the time," Wilson said. "Three o'clock in the morning -- that's unbelievable."
TEXAS COMPUTERS STOLEN FROM UNIVERSITYStolen equipment from O&M reaches $15,000 - The Battalion - NewsStolen equipment from O&M reaches $15,000
By Ashley Dias
Published: Tuesday, June 28, 2005
Article Tools: Page 1 of 1
Media Credit: Andrew Burleson
SOURCE: Maureen Reap
Texas A&M's Oceanography and Meteorology (O&M) Building has recently been the target of a number of high-dollar thefts, including that of a ceiling-mounted digital projector valued at $6,992.
Maureen Reap, the building proctor for the O&M Building, said that since Thanksgiving, around $15,000 in equipment has been stolen. Reap said the stolen items include four laptop computers, lab equipment, three digital cameras and the ceiling-mounted digital projector, which was stolen earlier this month.
"Multiple thefts have occurred throughout the O&M Building; no floor is immune," Reap said. "The departments of oceanography, geography and atmospheric sciences have all been hit."
Reap said the O&M Building closes daily at 5 p.m. and that labs and offices are properly secured. She said security measures have been increased as a preventive measure.
"(Preventive efforts) planned for this summer are card-swipe door locks and cameras within the building," Reap said.
University Police Department (UPD) Detective Todd Tumlinson said UPD is still trying to resolve this case and that it has had success in the past with returning stolen technology items. UPD has no suspects or leads on the projector theft at this time.
"We have located and brought back a couple of laptop computers," Tumlinson said.
Tumlinson said UPD is encouraging the use of audible alarms on items such as ceiling-mounted projectors to help prevent future theft.
Reap said the Blocker Media Center is held responsible for the audio and video equipment in classrooms.
"They don't have the budget to replace all the projectors that have been stolen this year," Reap said. "This one may not be replaced for some time, which will impact instruction in that room."
Chris McKinney, a senior meteorology major, said the thefts are having a negative effect on the learning environment at the O&M Building, but that the administration is keeping students well informed of the situation.
"Any time you have people taking instructional materials, it's an impediment - it's frustrating," McKinney said. "(The administration) is doing a good job of making us aware. We'll get an e-mail every few months saying, 'Please watch your stuff.'"
Tumlinson said UPD checks pawn shops and collaborates with College Station, Bryan and Tomball police departments on technology related cases.
Tumlinson also said the O&M Building isn't the only building on campus affected by technology theft. Tumlinson said the Animal Science Building had two projectors stolen and that the Anthropology Building had two digital cameras stolen during month of June.
NORTH CAROLINA COMPUTERS STOLEN FROM CHURCHESHickory Daily Record | $23,078 in items missing from churches$23,078 in items missing from churches
Investigators join to solve at least six different cases
By Jennifer Menster
Record Staff Writer
Tuesday, June 28, 2005
HICKORY - Investigators in Hickory and Newton are searching for suspects involved in at least six church break-ins during the past week.
There is a possibility the cases are related, said Newton Police Investigator Rhonda Webster.
The latest church break-in occurred sometime between Friday evening and Saturday morning at Corinth Reformed United Church of Christ in Hickory. The church also reported vandalism and items missing June 21.
Bill Howell, associate pastor, is angry and hurt. At the same time, he and the church are praying for the thieves.
The church made a few changes to hopefully prevent any more break-ins, Howell said. They are changing the locks and repurchasing stolen items.
“Some things you can’t replace,” Howell said. “There is some sentimental value to a lot of these things.”
Next door to Corinth, St. Luke’s United Methodist Church also reported property damage and items missing on June 21.
On June 19, Episcopal Church of the Epiphany at 750 W. Thirteenth St. in Newton and Trinity Baptist Church at 725 W. Thirteenth St. in Newton both reported damage. Epiphany reported laptop computers stolen.
On Thursday, Word of Life Christian Center Church in Newton reported cash missing but no damage.
Anyone with any information should call Hickory police at 328-5551 or Newton police at 465-7430.
DETAILS: Here is a breakdown of the items stolen from each church:
• $13,940. Corinth Reformed Church of Christ, Sixteenth Avenue, NW, Hickory reported the following items missing during two separate break-ins: Four chairs and a sofa, valued at $5,000; two laptop computers, valued at $2,800; two video projectors, valued at $2,000; computer equipment, valued at $1,500; a television, valued at $1,000; digital camera, $700 value; a DVD player, valued at $300; and $340 in cash. More than $300 in damage was reported.
• $7,348. St. Luke’s United Methodist Church, Sixteenth Avenue, NW, in Hickory, reported the following items missing: computer hardware, $1,848 value; a video projector, $1,300 value; and $200 in cash. About $4,000 in damage was reported.
• $1,240. Episcopal Church of the Epiphany, West Thirteenth Street, Newton, reported the following items missing: laptop computers and damage to property, $1,240 value.
• $530. Trinity Baptist Church, West Thirteenth Street, Newton, reported about $530 in damage.
• $20. Word of Life Christian Center Church, East P Street Extension, Newton, reported $20 in cash missing.
CALIFORNIA COMPUTER THEFT RING DISCOVEREDRedlands Daily Facts - NewsFriday arrest helps police unravel identity theft ring
By DAVID JAMES HEISS, Staff Writer
REDLANDS - The arrest of a San Bernardino man Friday afternoon has helped Redlands police connect a series of people involved in a crime ring involving identity theft, commercial window burglaries and stolen credit cards.
Allen Rupock Boidya, 28, a citizen of Bangladesh who was staying in a room in San Bernardino, was arrested in Cathedral City at a Comfort Suites hotel on June 24 for possession of stolen property, according to Redlands Police Department Public Information Officer Carl Baker.
Boidya was in possession of forged driver's licenses; stolen credit cards, checkbooks and financial statements; stolen social security cards; and methamphetamines.
A woman, Sara Rose Jepson, 25, of Chino Hills, was arrested at the scene, according to Baker, for also being in possession of forged driver's licenses and stolen credit cards.
On June 16 Redlands Police served a search warrant at Boidya's residence, according to Baker, after tracing stolen credit card purchases back to Boidya.
Police discovered "a number" of laptop computers allegedly stolen from a series of commercial burglaries during which windows of local business were smashed, according to Baker.
According to Baker, Boidya claimed to have "never stolen anything," and that Boidya said that he bought computers and sold them on e-Bay.
A fingerprint on one computer belonged to Michael Gutierrez, 23, who had been arrested May 24 for involvement in those burglaries, to which he admitted to three burglaries, though Baker said "We suspect he was involved in others."
Police sought Gutierrez for questioning after a vehicle check on Orange Tree Lane in May led to the arrest of the driver, Robert Roy Reynolds, 24, who was in possession of burglary tools.
Police were led to a room at the Redlands Motor Lodge, where they located Gutierrez, along with a laptop computer that was proved to be stolen in a May 23 burglary of a business on Business Center Drive.
At the time of his arrest, Gutierrez was in possession of ATM cards and a cell phone stolen during a burglary in Yucaipa.
A stolen ATM card supplied by Gutierrez was used at a Citibank in Redlands, which led police to Casey Stockton Young, 25, of San Bernardino, who was arrested earlier this month in Colton and is on felony probation for carjacking.
Young's photo was captured by a surveillance camera and he was identified after the picture ran in the Daily Facts.
Baker said that police would like to return stolen property of several computers seized during the investigation, including a Sony Vaio laptop and an E-machines tower.
Staff Writer Colleen Mensching contributed to this story.
E-mail Staff Writer David James Heiss at dheiss@redlandsdailyfacts.com
NASHVILLE CYBERANGEL RECOVERS STOLEN COMPUTERSStolen Computers Recovered by The CyberAngelPress Release Source: CyberAngel Security Solutions, Inc.
Stolen Computers Recovered by The CyberAngel
Monday June 27, 1:13 pm ET
Critical Information Protected ... Never a Threat of Compromise
NASHVILLE, Tenn., June 27 /PRNewswire/ -- CyberAngel Security Solutions, Inc. (CSS, Inc. - www.thecyberangel.com), a leading provider of data protection and computer recovery, is making headlines across the country by recovering stolen computers at a record pace. Within the past 10 days, recoveries of stolen computers were made in Memphis, TN, Charlottesville, VA, Indianapolis, IN, and St. Cloud, MN, all 4 a result of office break-ins. The files on those computers were a mix of confidential business and client information, some containing sensitive financial and medical information. With The CyberAngel Software protecting that information, no threat of compromise ever existed.
The CyberAngel Software is a unique patented security and compliance tool, providing Single and Two-Factor Authentication, Data and Information Protection, Unauthorized Remote Access Restriction, as well as Tracking and Recovery. For over 9 years, and with an 83% recovery rate, The CyberAngel has been helping companies and consumers fight back.
"I cannot thank the people at CyberAngel enough," exclaimed Vickie L. of Charlottesville, VA. "They really worked hard to coordinate the recovery efforts with the police. Without The CyberAngel, we would have never recovered that computer, since it was a new employee responsible for the theft."
"After they broke into my home and stole my laptop, I figured that was the last I would see that computer," noted Michael B. of Memphis, TN. "But the folks at CyberAngel were right on top of it, and had the computer tracked within days. I am a true believer in The CyberAngel now!"
"Just like the media headlines report, we have seen a marked increase in computer theft, and as a result, our recoveries are on the rise," said Bradley Lide President of CyberAngel Security Solutions, Inc. "We bring great value to the client by protecting their critical information, the victim by recovery of their stolen computer, and to the community by helping remove criminals from the street. The best part of our job is making that call to the victim, letting them know that we have recovered their stolen property."
About CyberAngel® Security Solutions, Inc.
CyberAngel Security Solutions, Inc. (CSS, Inc.) has been providing The CyberAngel Software since 1996, and is considered a pioneer in PC Tracking & Recovery, Intrusion Detection, and Data & Information Security. For more information about The CyberAngel Security Software, please contact CSS, Inc. at 800-501-4344 or at info@thecyberangel.com, or visit http://www.thecyberangel.com
KOREA OVERSEAS US MILITARY BASES RELEASE COMPUTER THEFT REPORTSEuropean and Pacific Stars & StripesCID offering cash to crack unsolved cases in South Korea
Civilians and servicemembers urged to help investigations
By T.D. Flack, Stars and Stripes
Pacific edition, Tuesday, June 28, 2005
SEOUL — A half-page ad in the U.S. military’s Morning Calm newspaper offers $1,000 for information that will help identify, apprehend and convict those responsible for stealing $25,000 in cash from the Yongsan Post Office.
The reward is just one of 16 offered by the Criminal Investigation Command — called CID — for unsolved crimes on the Korean peninsula.
Chris Grey, a CID spokesman from the command’s Fort Belvoir, Va., headquarters, called the rewards another investigative tool used to help solve crimes.
“We often reach out to the community, both civilian and military, for information to assist us in solving a specific crime,” he wrote in an e-mail. “It’s important to understand that investigative work is very grueling and demanding work. CID special agents work extremely hard to solve hundreds of crimes and the vast majority of the time the people who have perpetrated the crime are working very hard not to get caught.”
He said the idea that all crimes can be solved within an hour by using forensics, as portrayed on popular television shows, is a myth. “Although that does occur occasionally, it is routinely the tenacious and untiring detective work of the agent on the street that puts the pieces of the puzzle together … and offering rewards encourages people to come forward with tidbits of information that just may be the missing piece of the puzzle.
“Rewards not only help to identify the guilty party … they also provide leads that, when coupled with other information, can help break a case,” he wrote. “What may seem insignificant to the lay person can be just what was missing to place a person at a crime scene or exonerate a person who has been wrongfully accused.”
The following is a list of rewards for crimes in South Korea, as published on the CID Web site:
Yongsan Garrison:
Call Yongsan’s CID office at DSN 724-6695 or e-mail information to mail038@korea.army.mil.
A $1,000 reward is offered in connection with the March 30 theft of $25,000 cash from the Yongsan Garrison Post Office. The reward offer expires May 21, 2006.
$500 reward, theft of a Biometric Identification Database System (BIDS) scanner from a Hannam Village security building on Oct. 16, 2004. Expires Oct. 27.
$500 reward, sexual assault of a female soldier inside her barracks room during the early morning hours of Oct. 1, 2004. Assailant described as having light skin, of medium height and build and wearing khaki pants, a dark-colored sweater with a two-inch stripe across the chest and arms and a plain khaki-colored hat. Expires Nov. 15.
$500 reward, rape of a female soldier. An unknown male entered her unsecured barracks room while she slept, raped her and left the area when the female soldier awoke and confronted him. Expires July 29.
$250 reward, theft of an Olympus Camera, Nikon lens and Lexar flash memory stick. Between March 15 and March 25, the camera equipment was removed from two U.S mail parcels. Estimated loss: $1,260. Expires May 17, 2006.
Camp Casey:
Contact Casey’s CID office at DSN DSN 730-4256 or e-mail information to mail838@korea.army.mil.
A $2,500 reward is offered in connection with the Aug. 13 theft and damage to government property at Camp Hovey’s Building S-3627. Someone forcibly entered the building and stole two Dell Optiplex computers, serial numbers H23 HT31 and H43HT31; one Compaq 6433C computer, serial number V242LB4ZA357; one Dell 266 MHZ MM8 computer, serial number FP4NP; three Dell 3400, PIII 650 computers, serial numbers 0021956587, 0022005401, and 0022005407; one Dell DHM P4 computer, serial number 4MBZB11; two 17-inch monitors, serial numbers C0017012853 and C0017012862; one Dell P793 16-inch monitor, serial number 47605-23B-DD42; two HP LaserJet 4050N printers, serial numbers USBC045160 and USBC045435; one Tektronix Z740 printer, serial number 8LMEVB19403; and one Okidata 321 printer, serial number 308C0496373. Approximate value of the stolen property is more than $13,700. The reward offer expires Aug. 26.
A $1,000 reward, theft of several Compaq desktop computers and monitors from the third-floor dayroom of Camp Hovey’s Building 3752 from mid-August to Sept. 13. Soldiers living in the building before it was vacated in August used the Army Knowledge Online lab housed in the dayroom. The computers and monitors, last accounted for in mid-August, were reported stolen after a Sept. 13 inspection. Expires Sept. 22.
A $1,000 reward, theft of two Compaq desktop computers, eight monitors and a 50-inch television from Camp Casey’s Building 134 between mid-August and Sept. 13. Last accounted for in mid-August, the items were reported missing on Sept. 13. Expires on Sept. 22.
A $500 reward, theft of a Division Support Command AN/TVS Night Vision Device — serial number 05541. Theft occurred between May 4 and May 26 from Building 2373. Expires June 6, 2006.
Camp Humphreys:
Contact Camp Humphrey’s CID office at DSN 753-6147 or DSN 753-6159 or e-mail information to mail138@korea.army.mil.
A $250 reward is offered in connection with the theft of a Hewlett Packard computer, monitor and keyboard from a barracks room on Suwon Air Base, South Korea. The reward offer expires July 14.
$250 reward, April 6 theft of computers from Camp Humphreys’ Directorate of Information Management, Building 574. Stolen: Three computers valued at more than $4,600. Expires May 4, 2006.
Camp Red Cloud:
Contact Casey’s CID office at DSN 732-6709 or e-mail information to mail338@korea.army.mil.
A $500 reward is offered in connection with larceny and damage to an Army Air Force Exchange Service Korean Telecom phone card dispenser at Camp Bonifas’s Building S-150 from July 6 to July 12, 2004. The reward expires July 21.
A $1,000 reward, July 7 theft of a Panasonic Toughbook notebook computer from Camp Red Cloud’s G-2 Section Bunker Complex. Expires Sept. 1.
A $500 reward, theft of a Panasonic Toughbook notebook computer, serial number 3HYUA01343, from Division Artillery briefing room in Camp Red Cloud’s Upper Bunker Complex. Expires Nov. 1.
Taegu:
Contact the Taegu-area CID office at DSN 768-8225 or e-mail information to mail438@korea.army.mil.
A $200 cash reward is offered in connection with the theft of a $2,193 Sony DCRVX2000 Digital Camcorder, serial number 1076168-F, from the Visual Information Support Center at Camp Henry. The reward offer expires Dec. 14.
Camp Carroll:
Contact the Carroll CID office at DSN 765-8516 or e-mail information to mail438@korea.army.mil.
A $350 reward is offered in connection with the Jan. 17 theft of computer equipment and cash from Camp Carroll’s 229th Signal Company’s Operations Office. Stolen: a $1,242 Optiplex laptop computer, serial number 701001J411684; a $2,337 Latitude C840 laptop computer, serial number 701001J410413; and a lock box containing about $200 in U.S. dollars and South Korean won. The reward offer expires Jan. 19, 2006.
VANCOUVER ABSOLUTE SOFTWARE AND LOJACK ANNOUNCE AGREEMENT TO TRACK STOLEN COMPUTERSAbsolute Software and LoJack Corporation Announce Branding Partnership to Introduce "LoJack for Laptops"Press Release Source: Absolute Software Corporation
Absolute Software and LoJack Corporation Announce Branding Partnership to Introduce "LoJack for Laptops"
Monday June 27, 7:30 am ET
Absolute licenses the LoJack brand for the computer theft recovery market
VANCOUVER, BC, and WESTWOOD, MA, June 27 /PRNewswire-FirstCall/ - Absolute Software ("Absolute") (TSX-VEN: ABT) and LoJack Corporation ("LoJack") (NASDAQ: LOJN - News) today announced a strategic agreement whereby Absolute will license the LoJack brand for the computer theft recovery market. LoJack Corporation, the premier provider of wireless tracking and recovery systems for mobile assets and Absolute, the leading provider of patented Computer Theft Recovery Secure Asset Tracking(TM) solutions, will leverage LoJack's brand and leadership position by incorporating the LoJack brand name into Absolute's computer theft recovery products.
When a Computrace "LoJack for Laptops" equipped computer is stolen and connects to the Internet (over IP or modem), the embedded Computrace agent sends a silent signal to Absolute's Monitoring Center providing its IP address or phone number to identify its physical location and then Absolute works with local law enforcement to recover the computer. The stealthy Computrace software agent can survive accidental or deliberate attempts to be removed or disabled. Where the agent is embedded in the computer's BIOS, such as in IBM/Lenovo's ThinkPads, the agent can also survive image reloads and hard drive swaps. Should a computer not be recovered within 30 days, the customer may be eligible for a money-back guarantee.
Joseph F. Abely, CEO of LoJack Corporation, said, "The LoJack brand is synonymous with the recovery of stolen assets. Our association with Absolute Software extends our brand to laptops that are very vulnerable to theft. We are pleased to partner with a company that is driving the industry standard in computer theft recovery and secure asset tracking, and we look forward to a long-lasting and mutually beneficial relationship."
John Livingston, chairman and CEO of Absolute Software, said, "We are very pleased to be partnering with LoJack Corporation. LoJack is the undisputed leader in global stolen vehicle recovery and has set the industry standard and commitment for tracking and recovering stolen assets. Incorporating the LoJack name into our Computrace product as 'LoJack for Laptops' will help build both brands and reinforces our leadership position in the computer theft recovery market."
Absolute Software invented the computer theft recovery category in 1994. Since then, the company has helped thousands of corporations, educational institutions and consumers around the globe track and locate their lost or stolen computers. Under the ten year branding agreement Absolute will pay a licensing fee and will also grant LoJack warrants to purchase 500,000 common shares of Absolute. The warrants are for a five-year term, vest over the term, and have an exercise price of $2 per share. Issuance of the warrants is subject to regulatory approval.
LoJack for Laptops is priced at $49.99 USD for a one-year term and is currently available as Computrace Personal in all 240 CompUSA stores across North America. Consumers can also purchase the product online at www.lojackforlaptops.com. The new Computrace LoJack for Laptops packaging will launch in stores and online during the summer.
About LoJack
LoJack Corporation (NASDAQ: LOJN - News), the premier worldwide marketer of wireless tracking and recovery systems for valuable mobile assets, is the undisputed leader in global stolen vehicle recovery. Its Stolen Vehicle Recovery System delivers a better than 90% success rate and has helped recover more than $2 billion in global stolen assets. The system is uniquely integrated into law enforcement agencies in the United States that use LoJack's in-vehicle tracking equipment to recover stolen assets, including cars, trucks, commercial vehicles, construction equipment and motorcycles. LoJack operates in 22 states and the District of Columbia, representing areas of the country with the greatest population density, and highest number of new vehicle sales and incidence of vehicle theft. In addition, LoJack technology is utilized by law enforcement and security organizations in more than 25 countries throughout Europe, Africa and Latin America. Boomerang Tracking, Inc., the dominant marketer of stolen vehicle recovery technology in Canada operates as a wholly owned subsidiary of LoJack Corporation.
About Absolute
Absolute® Software (TSX VEN: ABT) is the leader in Computer Theft Recovery and Secure Asset Tracking(TM) with more than 350,000 subscriptions under management. Absolute's uniquely patented Computrace® technology is optimized for remote and mobile users. Absolute Software provides organizations with simple and cost effective solutions to help track their computing assets, deter computer loss, and reduce incurred liability costs. Absolute Software has a history of delivering first-to-market technology innovations along with a recovery guarantee making it one of the most reliable asset tracking and recovery solutions in the market today. The company also has partnerships with global leaders, including, Dell, IBM, HP, Toshiba, Gateway, Phoenix Technologies, and Apple.
MASSACHUSETTS COMPUTERS STOLEN FROM HARVARD UNIVERSITYThe Harvard Crimson Online :: NewsPublished on Monday, June 27, 2005
Thieves Strike Leverett House
By ADAM M. GUREN
Crimson Staff Writer
More than $5,000 worth of items, including cash and three laptop computers, were stolen in a string of four thefts at Leverett House over the past two weeks.
According to Leverett House Superintendent Paul Hegarty, the thefts occurred while the building was accessible to many people, including Dorm Crew workers, plumbers, carpenters, and electricians, all of whom were preparing the building for summer occupancy.
At least one of the thefts occurred when a laptop was stolen from a student’s room whose door had been propped open by Dorm Crew, a team of students employed by the University to clean the dormitories.
Thefts occurred June 14, June 17, and two on June 22, according to the Harvard University Police Department (HUPD) log. Hegarty said that victims included summer school proctors, reunion workers, and a person living in a guest suite.
A Dorm Crew worker, speaking on the condition of anonymity, said that Dorm Crew was only working in Leverett at the time of one of the thefts that occurred on the 22nd.
Eric I. Kouskalis ’07, a summer school proctor, said that his laptop computer, several computer accessories, jewerly, and a credit card were all stolen from his room on the eighth floor of F Tower when he was moved in last Wednesday, June 22.
He said that during the afternoon, he left his room, leaving his bedroom door unlocked but locking the hallway door. When he returned, the hallway door was propped open and his laptop was gone.
Lisa J. Bloomberg ’08, a Dorm Crew trial captain who was inspecting rooms on Kouskalis’ floor said that another Dorm Crew employee had propped open the door so that it could be inspected.
Dorm Crew is given a master key for all the rooms they clean. Residents were supposed to be notified that inspections were going to take place, but Kouskalis said he did not see any notice.
“My suite was not supposed to be inspected,” said Kouskalis, who called Dorm Crew “very careless about propping doors open.”
Kouskalis said he filed an insurance claim with Harvard. He also said that his stolen credit card and jewerly were found behind a washing machine in Leverett G Tower the night of the theft.
After Kouskalis reported the theft, an HUPD officer unpropped approximately ten doors, according to Kouskalis, who said he saw a copy of the police report.
HUPD was unavailable for comment over the weekend.
Hegarty said that the large number of people working in the building make thefts difficult to avoid.
“I don’t really place the blame on Dorm Crew,” he said. “The kids are great workers and they were here last year and did a great job and nothing happened. Instead, the flaw is in the system, but we have such a short turnaround time that what we have now is the best we can do.”
—Staff writer William C. Marra contributed to the reporting of this story
CALIFORNIA COMPUTER THEFT RING BROKENTechnology News: Calif. Grand Jury Indicts Computer Component Supplier for Trafficking in Stolen GoodsCalif. Grand Jury Indicts Computer Component Supplier for Trafficking in Stolen Goods
by Alan Fein
A Grand Jury in San Jose indicted the owner of a California computer component and supply business Thursday for trafficking in stolen computers and money laundering, the US Attorney's office said.
June 24, 2005 (AXcess News) San Jose - A Grand Jury in San Jose indicted the owner of a California computer component and supply business Thursday for trafficking in stolen computers and money laundering, the US Attorney's office said.
The indictment charges Gilbert Goncalves, 51, of Cerritos, California, a partner in G&G Assemblers/Crystal Technologies ("G&G"), located in Santa Ana, with 1 count of conspiracy to possess goods from stolen interstate shipments, 2 counts of possession of stolen interstate shipments, 13 counts of interstate transportation of stolen property, 6 counts of money laundering to promote his illegal activities, and 6 counts of transactions involving proceeds of over $10,000 derived from his crimes.
According to the indictment, Mr. Goncalves and his company, G&G, were in the business of buying, selling and manufacturing computer memory and networking equipment. Mr. Goncalves allegedly acquired stolen computer equipment, including Cisco components, TV/VCR units and DVD drives, using an intermediary in San Jose in an attempt to conceal these dealings. The defendant also allegedly fabricated false bills of lading and packing slips and made cash payments to conceal the true nature and source of the stolen property. From approximately June 2000 to March 2001, Mr. Goncalves allegedly made 21 separate deposits totaling more than $961,000 into G&G's checking account, which represented the proceeds of the sales of stolen Cisco equipment.
Mr. Goncalves is expected to make his initial appearance in federal court on July 14, 2005 before U.S. Magistrate Judge Howard R. Lloyd in San Jose.
The prosecution is the result of an investigation by the Department of Homeland Security - U.S. Immigration and Customs Enforcement, the Internal Revenue Service-Criminal Investigations Division, the REACT Task Force in San Jose, and the Computer Hacking and Intellectual Property (CHIP) Unit of the United States Attorney's Office for the Northern District of California. Assistant U.S. Attorney Mark L. Krotoski and Special Assistant U.S. Attorney Steve Lowney are prosecuting the case.
AUSTRALIA COMPUTER LAPTOP THEFT COSTLY FOR AUSTRALIAN ORGANIZATIONSIDM.net.auLaptop theft is proving costly for Aussie organisations
Jun 27, 2005: The 2005 Australian Computer Crime & Security Survey has revealed that three in five organisations have laptops stolen which contain valuable and confidential information that would damage them if they fell into the wrong hands.
The survey also found that this rate has been relatively stable for the last three years and the average annual financial loss to each organisations because of laptop theft is on the increase from AU$18,000 in 2004, to AU$22,000 this year.
Bruce Tweedie, the CEO of Tomora Technologies, which provides technology that can track a machine over the Internet after it has been stolen, said that laptop theft could have a devastating impact on businesses.
"Laptops are capable of storing huge amounts of proprietary and sensitive data which in turn can create considerable risks if they are stolen.
"Whether it's the corporate warrior who has lost company secrets or the students whose essay has gone missing, we are all faced with the need to protect our laptop data. These figures from the 2005 Australian Computer Crime & Security Survey clearly demonstrate the risks associated with mobile computing."
Tomora Technologies produces software called Computrace, which the company claims can survive various types of post-theft scenarios, enabling it to survive accidental or deliberate attempts to remove or disable it.
In some PC models, apparently, the software agent can also survive full image reloads and hard drive swaps.
Lieutenant Dennis Raucci, an Investigating Officer based in the U.S.A., was very impressed with Computrace when it helped him track down a laptop stolen from Follett Higher Education Group, a contractor of bookstore services based in North America.
"The product itself performed just as one would hope it would, tracking not only IP information and email addresses, but phone numbers, too.
"In addition the staff were very efficient and provided me with a regular flow of information on the stolen computer's location, enabling an easy recovery of an expensive laptop."
The monitoring centre received IP calls from the stolen computer, which were from a DSL modem in Chicago. The police started work on a subpoena for the network, and an email address was captured with a proper name. When the unauthorised user used his dial-up account, it enabled the recovery offices to track his phone number too.
Raucci then drove to his house and recovered the computer.
Related Article:
PHILADELPHIA COMPUTER STOLEN FROM SCHOOLPolice news - 06/25/05 (phillyBurbs.com):
"PLUMSTEAD
Computer stolen: A computer was reported stolen from a residence in the 4900 block of Old Easton Road sometime between 10:30 p.m. Monday and 10 p.m. Tuesday, police said. The computer was valued at $800. Anyone with information is asked to contact police at (215) 766-8741.
Equipment taken: A Macintosh computer and Canon digital video camera, valued at $3,000, were taken from the Plumstead Christian High School sometime between 3:30 p.m. Wednesday and 8:55 a.m. Thursday, when the school was closed, police said. There was no indication of forced entry, and the computer and camera were kept in a locked area. Anyone with information is asked to call police at (215) 766-8741. "
LONG ISLAND COMPUTER STOLEN FROM BUSINESSNewsday.com: Oyster Bay: "Sea Cliff
A Main Avenue business was entered through a side window between May 27 and 31; a television set and a computer monitor were reported stolen. "
UK COMPUTERS STOLEN FROM SCHOOLCHOOLBurnley Today: News, Sport, Jobs, Property, Cars, Entertainments & More: "Laptops are stolen during high school break in
TWO laptop computers were stolen from a secure lock-up in Towneley High School after raiders smashed their way through a window.
The school's alarms alerted the police just after midnight on Tuesday of last week and officers discovered the invaders had dropped a further eight laptops in the grounds during their escape.
A spokesman for the school blasted those responsible.
He said: 'They smashed a window on the ground floor and it looks as though they went straight to the store room and kicked the door in.
'A set of 10 laptops were being kept in a metal security case, which is designed to recharge the batteries, and they took them out of that and tried to get away. Eight were recovered in the school grounds, but we are checking if they are still usable.'
The school is equipped with CCTV and footage is being investigated so see if the burglars have been caught on video. The schoolchildren, who use the laptops on a regular basis, are now having to share between groups and the spokesman added that steps are being taken to prevent similar attacks.
He said: 'We have got a very good alarm system installed and we are always looking at ways of making the school secure. We will learn any necessary lessons.'
24 June 2005"
US COMPUTER SERVERS STOLEN FROM VERISIGNLawFuel - law, attorney, lawyer, legal news and legal resources24 June - LAWFUEL - The Law News Network - The United States Attorney's Office announced that a federal grand jury in San Jose today indicted Emmett Jones, 35, of Falls Church, Virginia, and Carr Johnson, 35, of Woodbridge, Virginia in connection with a scheme to steal computer servers from a Virginia-based Verisign Inc. warehouse and cause them to be transported in interstate commerce.
According to the indictment, Jones would steal various IBM and Penguin computer servers from Verisign's warehouse in Virginia and sell them to Johnson. Johnson would then sell the servers to several individuals, who would sometimes place them for sale on eBay. As a result of this scheme, the indictment alleges that Jones and Johnson caused Verisign to lose more than $120,000 worth of computer equipment. In the indictment, Jones and Johnson are charged in three counts with causing the interstate transportation of stolen property, namely IBM 330 and 335 servers, in violation of 18 U.S.C. § 2314, from Virginia to the Northern District of California.
The maximum penalties under 18 U.S.C. § 2314 are 10 years imprisonment, $250,000 fine, 3 years supervised release, and a $100 special assessment. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. 3553. An indictment only contains allegations and these defendants, as with all defendants, must be presumed innocent unless and until convicted.
The prosecution is the result of an investigation by the Federal Bureau of Investigation and the REACT Task Force in San Jose. The investigation was overseen by the Computer Hacking and Intellectual Property (CHIP) Unit of the United States Attorney's Office for the Northern District of California. Shashi H. Kewalramani is the Assistant U.S. Attorney from the CHIP Unit who is prosecuting the case with the assistance of Legal Assistants Mimi Lam and Tracey Andersen.
A copy of this press release may be found on the U.S. Attorney's Office's website at www.usdoj.gov/usao/can.
OHIO COMPUTER THEFT HURTS KSU STAFFERBeacon Journal | 06/23/2005 | KSU joins long list hurt by data theftPosted on Thu, Jun. 23, 2005
KSU joins long list hurt by data theft
Many companies, universities smarting after thieves take sensitive information
By Carol Biliczky
Beacon Journal staff writer
A little over a week ago, someone lifted a Kent State laptop out of a staffer's car.
Just like that, there went identifying information on 1,400 current and former KSU employees.
While Kent State is cringing, it is far from alone. Many colleges and companies nationwide -- from Wells Fargo Bank to MasterCard to Ralph Lauren -- are smarting from thefts of sensitive information.
With so much information out there and so many thieves eager to milk it, the computer industry has the makings of a perfect storm, said Robert Richardson, editorial director of the Computer Security Institute, a professional organization in Philadelphia.
``Companies have been slow to take this stuff seriously,'' he said. ``If you just pulled their names out of a hat, you'd find their policies aren't sufficient.''
Among colleges and universities, Purdue, Stanford, the University of Michigan and Duke have been the victims of thefts or hackers recently.
Consider Cleveland State.
Earlier this month, a thief stole a laptop from CSU's admissions office with the names, addresses and Social Security numbers of 44,000 current, former and potential students.
The laptop has yet to be found, university spokesman Brian Johnston said.
In the Kent State incident, a human resources administrator left a university laptop in his vehicle at the Wal-Mart at Severance Center in Cleveland Heights on June 14.
Personal information
Greg Seibert, Kent's director of network services, said the laptop contained a hodgepodge of current and dated information on 1,400 staffers. Names, Social Security numbers and sometimes birth dates were listed.
Seibert said the employee worked in labor negotiations -- two unions are negotiating with KSU -- and in state reporting, and was allowed to take the laptop home.
That is a rare privilege, Seibert said. ``Less than 20, possibly just five or 10'' staffers have that luxury, he said.
Perhaps even fewer should, suggested Richardson of the security professionals organization.
``Never leave confidential (information) in a car unattended, locked or unlocked,'' he advised. ``This is common sense.''
If staffers must go off site with a laptop, sensitive computer material should be encrypted, he added.
An encryption is different from a password, which can be unlocked by those in the know. Even if a thief does break the password or otherwise gets into the hard drive, he or she would get a meaningless jumble that couldn't be unlocked without a secret encryption, or code. Kent State has been encrypting its data, but hadn't gotten to the computer that was stolen, Seibert said.
Cleveland State's stolen data also wasn't encrypted, said Johnston.
Other defenses
There also are ways to design files by obscuring identifying data. The hacker or thief won't know which address goes with which birth date or name, Richardson said.
``We should automatically be thinking, `How can I protect that? What can we do to make theft unlikely and to make that less dangerous if it happens?' '' he said.
There's no evidence that thieves have used the information that was buried in the Kent and Cleveland State computers, officials say. Both universities are making free credit reports available to those who may have been affected.
And there's no evidence that thieves targeted these particular laptops. Officials suggest that the thefts were crimes of opportunity, not design.
But it's not safe to assume that the thieves won't find out what they've got, Richardson said.
``You had better hope they don't know how to do it, because they're the kind of person who will,'' he said.
MISSOURI COMPUTER STOLENKansas City Star | 06/22/2005 | Grain Valley seeks to break stolen-check ring: "The burglary occurred in the 1400 block of Route AA. Police said the thieves removed a rear door off its hinges, ransacked a building and took off with the checks, valuable coins and a computer.
Police said they have a few leads but have made no arrests."
TEXAS STOLEN DATA DEMAND CREATES HUGE RISK FOR COMPANIESDallasNews.com | News for Dallas, Texas | BusinessStolen data demand puts risk in every swipe
Breaches show you have more to fear than just hackers
04:49 PM CDT on Friday, June 24, 2005
By IEVA M. AUGSTUMS / The Dallas Morning News
As consumers, companies, policy-makers and security experts grapple with the increasingly high-profile problem of mass data thefts, the question isn't where consumer information is vulnerable, but where it isn't.
Data breaches occur nearly every day, from a variety of institutions in a variety of ways. In the last four months, 45 cases of exposed data have had the potential to affect about 50 million consumers, according to the Privacy Rights Clearinghouse.
For many people, the stereotype is of a hacker sneaking account information from the computer network of a financial services company. That's what happened recently when someone penetrated CardSystems Solutions, a transaction processor, and exposed more than 40 million credit card accounts to potential fraud.
But an analysis of the 44 other breaches since Feb. 15 shows that usually isn't the case.
Of the 10 million other accounts exposed in that time:
•One-third came from nonfinancial institutions, including 18 colleges, seven government agencies, six businesses and two medical organizations.
•Two-thirds came as a result of lost or stolen hardware or backup tapes.
•Less than a third were caused by hacking.
"Data theft is the currency choice of cybercrime out there right now, and it's not just happening online," said Christopher Faulkner, chief executive of Bedford-based CI Host, a Web hosting company. "Any time companies are physically moving data from Point A to Point B, they need to know who's moving it and assess any vulnerabilities."
Employee error
The huge numbers involved in the CardSystems case have spawned some harsh criticism.
Also Online
Danger everywhere you go
"What unfortunately happens, time and time again, is employee error," said Kimberly Elting, a privacy and health care lawyer at Jones Day in Dallas. "Laptops get lost, computers stolen out of Dumpsters. Even packages go missing in the mail."
Some experts have called for reasonable industrywide standards of security. Others have called for fines based on the number of consumers affected.
"Data encryption is key," Mr. Faulkner said. "Yes, it adds another step and cost, but we're talking about very sensitive, very mobile data."
The issue has come to the forefront thanks to a California law requiring companies with customers there to disclose data breaches.
The first big case occurred in February, when ChoicePoint, a Georgia-based data broker, reported that it was infiltrated by identity thieves posing as legitimate customers.
Since then, numerous others have come forward, including Citigroup, Bank of America, LexisNexis, shoe retailer DSW, Time Warner, Wachovia and dozens of universities.
But Friday's CardSystems hacking case was the largest yet. The data of 40 million account holders were exposed, with 200,000 known to have been copied from the system.
CardSystems is one of hundreds of processors that help merchants and banks process millions of transactions a day. With a swipe of a credit card, cardholders' names, account numbers and security codes are electronically relayed so that a sale can be authorized, the merchant paid and customer billed.
"People who are doing credit card fraud right now are looking at these types of companies to see if they have any loopholes," said Michael Gibbons, vice president for federal security services at Unisys and the former chief of computer investigations for the FBI. "That's why you have to have a continuous cycle of looking at your company's security requirements."
Out of your hands?
Infiltrators have stolen codes to get into data networks worldwide for decades.
"Mass identity theft isn't new," said Mr. Gibbons, who also supervised the Dallas FBI computer and economic crime squad in the late 1990s. "What's changed is technology. We've opened ourselves up to the world where it's easy to do new business anywhere with clients, but we've also made it very easy to access our data."
Experts have plenty of advice to keep consumers from turning their data over to an identity thief themselves, such as shredding sensitive documents and not falling for Internet scams.
But once you've given your information to a legitimate organization, it's out of your control.
In the CardSystems case, the company said it shouldn't have been holding onto the account information but had intended to study the transactions to improve its operations. In a Citigroup case earlier this month, information on 3.9 million customers disappeared when computer tapes were lost by a courier in transit to a credit bureau.
"All your information is very fluid," said Chris Voice, vice president for technology at Addison-based Entrust Inc., which provides security software and services to companies. "It is moving from one organization to the next. Data is in motion at all times."
Market for stolen data
The boom in data collection has created a marketplace of valuable information stored on thousand of computers nationwide. Retailers, credit card companies, and both financial and nonfinancial organizations all share and sell your data.
"When consumers open up a credit card, they know they will be able to buy stuff in a store," said Federal Trade Commission spokeswoman Claudia Bourne Farrell. "What they didn't realize was that the store was going to get something of value from them."
Consumers can try to stay out of it by paying cash, but that greatly reduces their ability to get credit and participate in the global economic system.
"We all live and breathe by our credit cards," said Beth Givens, founder and director of the Privacy Rights Clearinghouse. "When you open an account, your privacy is out there for everyone."
Data thieves find the information valuable as well. But there are no firm numbers on how many cases of fraud have stemmed from the exposure of 50 million consumers' information in the last four months.
"If it happened the day after a data breach, there's great question of how soon consumers will realize it," Ms. Farrell said. "Sometimes you don't know until somebody contacts you or you stumble across something on your credit report."
In 2004, the Federal Trade Commission received 246,570 identity-theft complaints, up 15 percent from the previous year. Of those, 26,454 were from Texans. But those numbers include only individuals who complained. Often cases are resolved when a credit card company contacts an affected customer.
Will Congress act?
A recent study of Washington opinion leaders showed that many feel that Congress has not done enough to protect consumer data.
The Identity Theft and Assumption Deterrence Act of 1998 makes identity theft a federal crime, and many states have passed similar laws and regulations that provide help in recovery from identity theft.
But eight of 10 senior-level professionals in government, policy, consulting, media and technology said Congress should do more to protect Social Security numbers, according to the report commissioned by Adobe Systems and RSA Security, two companies that sell data protection products.
Three-quarters of the 400 people polled say the same for financial data and credit card numbers.
"Legislation is definitely a driver toward change," said Mr. Gibbons of Unisys. "If we are trying to make it so it's not acceptable to cover up data theft that could impact consumers, creating a behavior change, then legislation is a way to go."
But only 8 percent believe it is "very likely" Congress will pass legislation increasing security requirements for companies that collect consumer data. Such legislation is "somewhat likely," according to 47 percent of the respondents.
It's too early to tell whether anything will come to fruition, but almost every agrees that the situation must be improved.
"No one is particularly safe out there, but it's not like it's the wild, wild west either," Mr. Faulkner said. "If you are a data aggregator, you just don't want to be caught with your head in the sand."
E-mail iaugstums@dallasnews.com
ALMOST A DAILY EVENT
The Privacy Rights Clearinghouse compiled the following cases of mass exposure of financial information since Feb. 15.
Date Organization Type of breach Identities exposed
Feb. 15 ChoicePoint ID thieves accessed 145,000
Feb. 25 Bank of America Lost backup tape 1,200,000
Feb. 25 PayMaxx Exposed online 25,000
March 10 LexisNexis Passwords compromised 32,000
March 11 University of California, Berkeley Stolen laptop 98,400
March 11 Boston College Hacking 120,000
March 12 Nevada Department of Motor Vehicles Stolen computer 8,900
March 20 Northwestern University Hacking 21,000
March 20 University of Nevada, Las Vegas Hacking 5,000
March 22 California State University, Chico Hacking 59,000
March 23 University of California, San Francisco Hacking 7,000
March 28 DSW/Retail Ventures Hacking 100,000
April Georgia DMV Dishonest insider Hundreds of thousands
April 5 MCI Stolen laptop 16,500
April 8 San Jose Medical Group Stolen computer 185,000
April 11 Tufts University Hacking 106,000
April 12 LexisNexis Passwords compromised 280,000
April 14 Polo Ralph Lauren/HSBC Hacking 180,000
April 14 California FasTrak Dishonest insider 4,500
April 15 California Department of Health Services Stolen laptop 21,600
April 18 DSW/Retail Ventures Hacking 1,300,000
April 20 Ameritrade Lost backup tape 200,000
April 21 Carnegie Mellon University Hacking 19,000
April 26 Michigan State University's Wharton Center Hacking 40,000
April 26 Christus St. Joseph's Hospital Stolen computer 19,000
April 28 Georgia Southern University Hacking Tens of thousands
April 28 Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp Dishonest insiders 676,000
April 29 Oklahoma State University Missing laptop 37,000
May 2 Time Warner Lost backup tapes 600,000
May 4 Colorado Health Department Stolen laptop 1,600
May 5 Purdue University Hacker 11,360
May 7 Department of Justice Stolen laptop 80,000
May 11 Stanford University Hacker 9,900
May 12 Hinsdale (Ill.) Central High School Hacker 2,400
May 16 Westborough Bank Dishonest insider 750
May 18 Jackson (Mich.) Community College Hacker 8,000
May 19 Valdosta State University Hacker 40,000
May 20 Purdue University Hacker 11,000
May 22 CardSystems Hacker 40,000,000
May 26 Duke University Hacker 5,500
May 27 Cleveland State University Stolen laptop 44,420
May 28 Merlin Data Services Bogus acct. set up 9,000
May 30 Motorola Computers stolen unknown
June 6 CitiFinancial Lost backup tapes 3,900,000
June 10 Federal Deposit Insurance Corp. Not disclosed 6,000
Total: About 50 million
SOURCE: www.privacyrights.org
US COMPANIES FINDING NEW AND UNIQUE WAYS OF PROTECTING COMPUTERS AND THE DATA THEY HOLDWSJ.com - Warning: In Five Seconds, This PC Will Self-DestructWarning: In Five Seconds,
This PC Will Self-Destruct
Start-Ups Sell Technology to Remotely Zap Data
By VAUHINI VARA
THE WALL STREET JOURNAL ONLINE
June 23, 2005
Companies looking to protect sensitive data on stolen gadgets are taking a page from Hollywood, with hard drives that destroy themselves when picked up by a thief, software that remotely zaps documents from a desktop computer and technology that scrubs clean handheld devices when the wrong password is entered too many times.
The tools are attracting customers from Wall Street to Washington, D.C., who are willing to go to significant lengths to avoid data theft -- and the negative publicity that comes with it -- as new laws compel companies to more fully disclose breaches. "Those types of regulation are really driving corporations to say, 'What can I do to make sure I am in compliance?'" says Ben Haidri, vice president of business development and marketing at Absolute Software Corp., whose software includes a feature that remotely deletes private data.
Absolute Software asks users of its Computrace software to call a hotline to report a lost or stolen PC. If the customer is worried that sensitive data could get into the wrong hands, he can ask Absolute to wipe those files the next time the computer connects to the Internet. The wiping process involves overwriting all of the computer's data with random information several times, rendering the data unrecoverable. The process usually takes less than 10 minutes, Mr. Haidri says, but can last up to half an hour, depending on the amount of data to be removed. The Vancouver company says about 400,000 people -- including employees of 3,000 businesses -- use the software, which sells for about $100 per user for a three-year contract.
For customers who worry that a wily thief might stay away from the Internet, Absolute offers extra safeguards, like the option to delete files if a user fails to enter the correct password on a PC. Meanwhile, closely held Beachhead Solutions Inc. automatically deletes files or shuts down a PC making it inaccessible, unless users enter a password on a regular basis -- say, every three days or once a week -- or if a password is entered incorrectly too many times. The PC can be unlocked by a company's computer administrator.
Some experts warn that such technology isn't a security cure-all. For instance, blasting private data from lost or stolen PCs won't protect companies from theft by disgruntled employees looking for payback. Others say the tools could make it too easy for information to be accidentally removed: "I can see a situation where, if the controls are too stringent, one executive is going to get his laptop hosed because he's been in Malaysia for three weeks inspecting factories," says Andrew Jaquith, a security analyst at the Yankee Group, a technology research firm in Boston. "It takes one mistake to make a piece of software like this very unattractive."
Others ask, what happens when an absent-minded employee simply forgets his password? "I have had mornings where I couldn't remember one of my 13 or 14 passwords -- and I've tried several times," said Stephen Northcutt, a researcher at the SANS Institute, a computer-security research and training organization in Bethesda, Md.
Larry St. Regis, information services manager at Heritage Bank of Commerce in San Jose, Calif., first saw Beachhead's software demonstrated earlier this year at a computer-security conference in San Francisco. "I thought it was outstanding," he said. His small bank equipped 35 desktop and notebook computers with the software, which overwrites selected files when a PC has been unplugged from the bank's network for an extended period, or when it accesses the Internet at a suspicious time, such as when an employee is on vacation. So far, the bank hasn't lost any computers equipped with the software.
Ensconce Data Technologies Inc., a two-year-old company in Portsmouth, N.H., is developing an approach even more reminiscent of James Bond: It hides a chemical mist in a pocket in a special hard drive. If a warning signal is tripped -- say, if a vandal tampers with the computer, or a built-in global-positioning system detects that it has been moved too far from its normal location -- the mist wafts over the hard drive, destroying it layer by layer. "Absolutely everything is gone," says President Jack Thorsen.
Mr. Thorsen declines to disclose details about the chemical used to destroy the drive, except to say that it is no more toxic than "anything you'd find under your sink."
"I wouldn't put my hand in a vat of it, but it's fairly benign," he says.
The hard drive is shock resistant, so dropping the computer won't accidentally trigger the destruction. Because the mist is housed within the hard drive, it also won't damage the rest of the computer. Ensconce aims to start selling the hard drives to military and business customers early next year for $2,500 to $9,000 each.
The market for technology to remotely delete data is still small, analysts say, and as recently as last year, it barely existed. Companies have largely relied on software that encrypts sensitive information so that it can't be read by unauthorized users. But over the past several months, a spate of high-profile thefts has put focus on products that go further in protecting data. Those behind the technology are focusing on customers like banks, military contractors and others most likely to pay a premium to protect data.
"There are customers with very high-value assets that need to be protected, and these solutions are going to help protect that information," says Mr. Jaquith, the Yankee Group analyst.
Among the high-profile tales of theft reported in recent months, a laptop containing social security numbers of MCI Inc. employees was lifted from a car parked in an MCI financial analyst's garage, a laptop with travel account information for Justice Department employees was swiped from a travel agency and two computers with Social Security numbers of Motorola Inc. workers were stolen from the company's human resources firm. Security experts still talk about an incident that took place five years ago, when the personal laptop of Qualcomm Inc.'s chief executive was nabbed from a conference podium. The laptop, which contained confidential corporate information, was never recovered.
"If a user doesn't do a good job of protecting his password, or leaves his security token near his laptop, you might as well not have any security," says Jim Obot, chief executive of Santa Clara, Calif.-based Beachhead Solutions. "The idea of eliminating data is the ultimate form of security." The company says it has about 15 corporate customers, who pay up to $129 a year for each computer using its software.
Still, at least one company is holding back from enabling the self-destruct feature of its security software. PepsiAmericas Inc. -- the soft-drink bottler that is part-owned by PepsiCo Inc. -- recently started passing out handheld devices to members of its sales force to take orders, check stock and send messages back and forth.
The company installed software from McLean, Va.-based Trust Digital to automatically lock the handhelds when an incorrect password has been entered too many times, barring impostors from accessing them. But Laszlo Kovari, an information-technology and security manager at PepsiAmericas, said his department stopped short of turning on the software's "self-destruct" feature. They worried that the sales people could inadvertently erase important data.
Write to Vauhini Vara at vauhini.vara@wsj.com
AUSTRALIA COMPUTER THIEVES APPREHENDEDTrio avoid jail for computer thefts - National - theage.com.auTrio avoid jail for computer thefts
By Daniella Miletic
June 23, 2005
Three computer thieves who stole notebook computers worth more than $120,000 from Wesley College have avoided jail terms.
Rahavo Leviev, Leonid Poel and Stephen Panourakis, all aged 20, stole seven notebooks worth more than $20,000 from Wesley College's Elsternwick campus on July 14 last year. Afterwards, they drove to Wesley's St Kilda Road campus and stole 34 notebooks valued at $99,000. They broke into 99 lockers, stealing musical instruments and cash.
The next day police went to the media with images of the trio, which prompted the offenders to dump the stolen goods outside a swimming pool in Carnegie.
Leviev, of St Kilda, Poel, of North Caulfield, and Panourakis, of Black Rock, had pleaded guilty to two counts of theft, one count of burglary and two counts of property damage. Panourakis also pleaded guilty to two additional counts of burglary and four counts of theft over two other burglaries. Fingerprints from the two campuses led police to investigate Panourakis over two previous burglaries.
Panourakis was also convicted and sentenced to a 12-month jail term that was wholly suspended for two years.
Judge Nicholson said students and staff at Wesley College were significantly inconvenienced by the thefts.
Students also expressed feelings of their privacy being invaded and the school had been forced to hire a night security officer as a result of the men's offences, she said.
FLORIDA AUTHENTIC'S BIOMETRIC FINGERPRINT SECURITY FEATURE ADDED TO HP LAPTOP COMPUTERSAuthenTec's TruePrint Technology Provides Advanced Security to New HP Notebook Computer for Small and Mid-Sized BusinessJune 22, 2005 09:31 AM US Eastern Timezone
AuthenTec's TruePrint Technology Provides Advanced Security to New HP Notebook Computer for Small and Mid-Sized Business
MELBOURNE, Fla.--(BUSINESS WIRE)--June 22, 2005--Advanced fingerprint sensors from AuthenTec, which feature the company's award-winning TruePrint(TM) technology, are being embedded into the newest notebook computer by HP - providing an advanced level of security for the small to medium business (SMB) mobile professional.
AuthenTec, the world leader in fingerprint sensor innovation and sales for more than five years, is pleased to announce that HP has chosen the EntrePad 2501A sensor to be included in the HP Compaq nx6125 Notebook PC, which is specifically designed for the small and medium size business market. The EntrePad sensor is part of an enhanced security solution.
AuthenTec's EntrePad 2501A fingerprint sensor can augment or replace the need for passwords -- allowing authorized users to easily and quickly access their files by simply sliding their finger across the sensor surface. At the same time, the EntrePad sensor restricts access to the computer and its files to only those enrolled - reducing the risk of theft or fraud.
"We are excited that HP has selected AuthenTec and to embed our biometric fingerprint sensor directly into its notebook computer," said Scott Moody, president and CEO of AuthenTec. "Combining AuthenTec's advanced sensor technology with HP's unique hardware and a software security tool raises the bar in business computer security, and provides an extremely high level of protection for users."
"With computer theft and fraud on the rise, safeguarding computer data from unauthorized access is critical for businesses of all sizes," said Dan Forlenza, vice president, worldwide commercial notebook, Personal Systems Group, HP. "Equally important is designing built-in security features, such as biometrics, that are both easy-to-use and convenient. By integrating AuthenTec's unique fingerprint technology into the HP Compaq nx6125, we're adding an important compliment to the HP's ProtectTools security solution portfolio designed to help keep our customers' devices and data safer."
The EntrePad 2501A selected by HP is one of the most secure and proven slide sensor for PCs available today. The sensor uses AuthenTec's award winning TruePrint technology, the only sub-surface based solution that is:
-- Extremely reliable - capable of reading virtually every fingerprint under virtually any condition. Unlike surface based technologies, TruePrint is not affected by grimy, oily or scarred fingers because it reads below the outer surface to the live layer below.
-- Highly accurate and secure - AuthenTec's unique pattern-based matching technique, combined with TruePrint's high-quality images, enables the company to continuously develop smaller sensors, without sacrificing the highest level of security or ease of use.
-- Very durable - TruePrint's high accuracy enables AuthenTec to use thicker protective coating than surface based sensors, making them very durable for the PC and other markets. AuthenTec sensors are durability tested to greater than 10 million swipes - the highest in the industry.
Founded in 1998, AuthenTec is the number one supplier of biometric fingerprint sensors to the PC and wireless markets - with AuthenTec sensors in nearly 5 million devices, including notebook and tablet computers, portable hard drives, password managers, mice, pens, keyboards, memory keys, cell phones and others.
About AuthenTec
With nearly five million sensors in use worldwide, AuthenTec is the world leader in fingerprint sensor innovation and sales to the PC, wireless, and access control markets. AuthenTec's award-winning FingerLoc(R) and EntrePad(R) sensors take full advantage of The Power of Touch(TM) by utilizing the company's patented TruePrint(R) technology to deliver most convenient, reliable and cost-effective means available for enabling touch-powered features that extend beyond user authentication. The company's network of partners, solution providers and customers include: Analog Devices, APC, Compal, Cherry, Fujitsu Computer, Computer Associates, Fellowes, IBM, LGE, Microsoft, Motion Computing, Samsung, Tatung, Texas Instruments, Toshiba, Quanta, among others. Visit www.authentec.com.
Contacts
AuthenTec
Jim Burke, 321-308-1320
jim.burke@authentec.com
or
Zer0to5ive
Jennifer Bannan, 412-580-3675
jbannan@0to5.com
Posts
