logo

Used Laptops Yield Secret Data

Return to Company News
date:
2/25/2007

Laptops contain sensitive financial details and corporate secrets.

LONDON (Reuters) - Laptops containing sensitive financial details and all manner of corporate secrets can be snapped up at auctions for a pittance, a security firm revealed on Wednesday.

Stockholm-based Pointsec Mobile Technologies said it bought 100 laptop computers from a host of Internet and public auctions over the past two months.

The exercise intended to demonstrate that the scores of lost or stolen laptops that wind up at auction every day have hard drives with little or no security, giving identity thieves and fraudsters easy access to lucrative data. What it did not expect to find was a cache of corporate laptops too that were as easy to crack as grandma's PC. In all, the firm's technicians were able to pull sensitive details from 70 of the 100 machines it bought.

In one case, it obtained a particularly vulnerable hard drive from online auction site eBay that apparently once belonged to one of Europe's largest insurance companies.

On the hard drive were current details of customers' pension plans, payroll records, personnel details, login codes and administration passwords for the company's Intranet site. Home addresses, telephone numbers and dates of birth of customers were also listed in 77 Microsoft Excel files, the company said.

Even when companies or individuals believe they have wiped the hard drive clean, it is blatantly clear how easy it is to retrieve sensitive information from them.

Peter Larsson

Pointsec CEO

Wiped clean?

Companies usually go to the trouble of wiping a computer hard drive of any sensitive details before discarding them, but even that is not foolproof, Larsson said. A bigger problem is laptops lost on the train or the airport, which are often auctioned to the public if the owners don't claim them.

From laptops it acquired at an auction from Britain's Gatwick Airport, Pointsec used generic password recovery software -- many free varieties are on the Internet -- to access information on one in three of them. It scored a similar rate of success from laptops acquired at auction in the United States, Germany and Sweden.

In Sweden, the first laptop Pointsec bought at auction contained information about a large food manufacturer and its customers, plus a PowerPoint presentation about a product line. "Pointsec's research demonstrates just how easy it is to access information which is not adequately protected," said Tony Neate of Britain's National Hi-Tech Crime Squad.

Encryption and other security measures are vital to ensure that security is not compromised -- something as simple as a hard disk drive password can deter the opportunist.

Tony Neate

Britain's National Hi-Tech Crime Squad

Copyright 2004 Reuters All rights reserved.

Return to Company News

Integrated Waste Analysts, Inc.

7455 New Ridge Road, Suite A-B
Hanover, MD 21076
Phone (410) 872-0000 - Fax (410) 850-4152

Copyright © 2016. All Rights Reserved.