work and IT @ 12 Nov 2008 06:49 pm by ayoi
I’ve read one of the news from SANS Newsbite about how critical data belongs to the Australian Federal Police (AFP) has been accessed by public (at least by some of the guests of the hotel in Kathmandu, Nepal. Among the documents are the AFP’s Bangladesh Office strategies, priorities and also some pictures of a plane crash. OKay, it is not because some clever attackers managed to break through their network or access the AFP network via encrypted, stealthy channel created by malware.
This leakage is caused by human tendency of being careless and forgetful. It seems that AFP’s personnel is accessing these documents that are stored in his thumbdrives using the hotel’s computer. Somehow, someway he or she forgot to retrieve the thumbdrive from that machine when finished using the facility. As a result, anyone who uses the same computer can see all these supposed to be highly confidential documents.
My questions:
a). First of all, how on earth he or she access these documents using public (ok not to public but I guess anyone can use any hotel’s business center provided they pay the services) facility? What if the machine has malwares like keylogger, worms, trojans etc partying inside. I dun know how these hotels perform their computers maintenance but I guess not that often and not that detailed tho.. Don’t they have their own laptops or something. I never use any public facility to access not even my office emails. Heck even my personal email as well. That’s why I always bring along my laptop wherever I go. Too big? HP mini anyone?
b). Don’t they have any regulation or policy on data protection like encrypting all your information stored in any mobile or removable storage devices? I have this habit of misplacing my thumb drives. Recently wifey gave me 8GB thumb drive which only last for 2 days. I’ve forgot where did I keep that thumb drive. Because of my forgetfulness, I always encrypt my other thumb drives, my external drives and my laptop as well.. Just in case. It probably saves me from having my confidential data viewed in case of IF my laptop or any removable storage devices were stolen or misplaced.
But still it wont saves me from my wife’s nagging.
Btw you can read the rest of the story here and here.
Anyway I like the way Mr Ulrich comment on this news,
“Some people are less careful with public hotel computers then public bathrooms. The opposite should be true”
