Data theft
Encyclopedia
Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computer
s and hand-held devices capable of storing digital information such as USB flash drive
s, iPod
s and even digital camera
s. Since employees often spend a considerable amount of time developing contacts and confidential and copyright
ed information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.
While most organizations have implemented firewalls and intrusion-detection system
s very few take into account the threat from the average employee that copies proprietary
data for personal gain or use by another company. A common scenario is where a sales person makes a copy of the contact database
for use in their next job. Typically this is a clear violation of their terms of employment.
The damage caused by data theft can be considerable with today's ability to transmit very large files via e-mail
, web page
s, USB devices, DVD
storage and other hand-held devices. Removable media devices are getting smaller with increased hard drive capacity, and activities such as podslurping are becoming more and more common. It is now possible to store more than 160 GB
of data on a device that will fit in an employee's pocket, data that could contribute to the downfall of a business.
(or "thumbdrive"), to illicitly download confidential data from a network endpoint.
The moniker is derived from the act of downloading, or "sucking", data from a network endpoint onto a USB flash drive or similar storage device.
A USB flash drive was allegedly used to remove without authorization highly-classified documents about the design of U.S. nuclear weapons from a vault at Los Alamos.
The threat of thumbsucking has been amplified for a number of reasons, including the following:
Desktop computer
A desktop computer is a personal computer in a form intended for regular use at a single location, as opposed to a mobile laptop or portable computer. Early desktop computers are designed to lay flat on the desk, while modern towers stand upright...
s and hand-held devices capable of storing digital information such as USB flash drive
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
s, iPod
IPod
iPod is a line of portable media players created and marketed by Apple Inc. The product line-up currently consists of the hard drive-based iPod Classic, the touchscreen iPod Touch, the compact iPod Nano, and the ultra-compact iPod Shuffle...
s and even digital camera
Digital camera
A digital camera is a camera that takes video or still photographs, or both, digitally by recording images via an electronic image sensor. It is the main device used in the field of digital photography...
s. Since employees often spend a considerable amount of time developing contacts and confidential and copyright
Copyright
Copyright is a legal concept, enacted by most governments, giving the creator of an original work exclusive rights to it, usually for a limited time...
ed information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.
While most organizations have implemented firewalls and intrusion-detection system
Intrusion-detection system
An intrusion detection system is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor...
s very few take into account the threat from the average employee that copies proprietary
Property
Property is any physical or intangible entity that is owned by a person or jointly by a group of people or a legal entity like a corporation...
data for personal gain or use by another company. A common scenario is where a sales person makes a copy of the contact database
Database
A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
for use in their next job. Typically this is a clear violation of their terms of employment.
The damage caused by data theft can be considerable with today's ability to transmit very large files via e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
, web page
Web page
A web page or webpage is a document or information resource that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a monitor or mobile device. This information is usually in HTML or XHTML format, and may provide navigation to other web pages via hypertext...
s, USB devices, DVD
DVD
A DVD is an optical disc storage media format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995. DVDs offer higher storage capacity than Compact Discs while having the same dimensions....
storage and other hand-held devices. Removable media devices are getting smaller with increased hard drive capacity, and activities such as podslurping are becoming more and more common. It is now possible to store more than 160 GB
Gigabyte
The gigabyte is a multiple of the unit byte for digital information storage. The prefix giga means 109 in the International System of Units , therefore 1 gigabyte is...
of data on a device that will fit in an employee's pocket, data that could contribute to the downfall of a business.
Thumbsucking
Thumbsucking, similar to podslurping, is the intentional or unintentional use of a portable USB mass storage device, such as a USB flash driveUSB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...
(or "thumbdrive"), to illicitly download confidential data from a network endpoint.
The moniker is derived from the act of downloading, or "sucking", data from a network endpoint onto a USB flash drive or similar storage device.
A USB flash drive was allegedly used to remove without authorization highly-classified documents about the design of U.S. nuclear weapons from a vault at Los Alamos.
The threat of thumbsucking has been amplified for a number of reasons, including the following:
- The storage capacity of portable USB storage devices has increased.
- The cost of high-capacity portable USB storage devices has decreased.
- Networks have grown more dispersed, the number of remote network access points has increased and methods of network connection have expanded, increasing the number of vectors for network infiltration.
- Pod SlurpingPod slurpingPod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall.There has been some work in...
- BluesnarfingBluesnarfingBluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phones users can copy pictures and private videos...
- SneakernetSneakernetSneakernet is an informal term describing the transfer of electronic information, especially computer files, by physically couriering removable media such as magnetic tape, floppy disks, compact discs, USB flash drives, or external hard drives from one computer to another. This is usually in lieu...
- Data spillData spillA data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill...