Tuesday, January 13, 2015


Personal information
Available for the taking


TWO ARTICLES HIGHLIGHTED by Advisen FPN, an insurance-focused daily publication, caught my attention this morning.

Item One, an article from The Columbus Dispatch titled Printers, copiers are data gold mines for identity thieves warns that casting off old printers, copiers, and fax machines also can mean casting off hard drives containing sensitive information.

Item Two, a UK Daily Mail interview with researchers at Georgia Institute of Technology (Georgia Tech) heded Beware the coffee shop hacker: New breed of cyber criminal spies on your laptop by listening to signals even when it's OFFLINE informs computer users that malcontents can capture information as it is keyed even when the computer is off line.

Pull the drive

The Columbus Dispatch article starts off

All the things you copy at home and the office — tax returns, medical records, financial information and more — could end up in someone else’s hands.

That’s because copiers and fax machines, like computers, contain hard drives capable of storing a large volume of digital information.

According to Matt Fleischmann, owner of Diversified Threat Management of Seal Beach, CA, copiers, faxes and printers “an absolute gold mine for identify thieves.” He said thieves sometimes rummage through garbage for discarded equipment.

In Ohio, the Dispatch reports, hard drives in all computers, copiers and printers are removed under a state policy in effect since 2008. The policy says if state electronic equipment “contains confidential or high-risk information, the (Ohio Department of Administrative Services ) shall either sanitize the equipment or encrypt the information.”

Wiping a hard drive

Turns out there are several methods to delete any data to the point where it cannot be recovered. Period. The method selected depends on the media. Which to use is fairly well set forth in a PC World article titled How to securely erase your hard drive.

The How-To Geek site also offers comments on how to prevent unwanted data sharing on different type media.

Spying sans WiFi

The UK Daily Mail/Georgia Tech article details a number of ways a miscreant can steal data as it is entered into a computer.

The article begins

When your computer performs a spell check, opens a program or even just types a letter, it emits a tiny, imperceptible signal.

At least, it was thought to be imperceptible - but researchers say a new breed of hackers could 'listen' to these signals and find out what your computer is doing.

According to the researchers at Georgia Tech, there are several methods data security can be compromised, all of which depend on "side-channel signals."

Side-channel emissions can be measured several feet away from an operating computer using a variety of spying methods.

Electromagnetic emissions can be received using antennas hidden in a briefcase, for instance.

Acoustic emissions - sounds produced by electronic components such as capacitors - can be picked up by microphones hidden beneath tables.

Information on power fluctuations, which can help hackers determine what the computer is doing, can be measured by fake battery chargers plugged into power outlets adjacent to a laptop's power converter.

The article continues that the researchers are trying to determine where the leaks originate.

'We are trying to understand why these side channels exist and what can be done to fix these leaks,' said Dr Zajic.

'We are measuring computers and smart phones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.'

Meantime there seems little anyone can do to prevent compromise via side-channel signals short of keeping the computer (and smart phones) turned OFF. In China, it's necessary to remove the battery from a phone to keep any phone-based data private. (See Computer Security when Traveling to China.)

No comments: