Data raiders steal whole companies with memory sticks

High tech thieves are using the latest in memory stick technology to literally suck the brains and commercial secrets out of companies, Peter Warren reports.

Computer security experts are warning about the dangers of a tiny James Bond style spying device used by high-tech thieves that can steal a company’s secrets in the blink of an eye.
Available from the internet for only £10, the devices, called ‘asset strippers’ in the computer security industry, are specially modified USB memory drives capable of holding enormous amounts of data and are already being used by crime gangs and individuals in the City of London . The dangers posed by the lipstick-sized devices have massively increased in recent weeks because they can now be bought loaded with computer software that bypasses a machine’s security measures, according to Richard Hollis, managing director of the top City computer security company Orthus.

“This new device has just put up the stakes considerably” said Hollis. “London businesses have experienced a significant number of attacks that have exploited physical connections in computers over the last year by both disgruntled employees and criminals.

“This means these asset stripping attacks are going to increase because they’re so easy to launch and the risk of getting caught is much lower” says Hollis, pointing out that because the devices can now execute programs automatically, they are particularly dangerous.

“Now all you have to do it put your spyware program onto the stick, plug it in and the program starts to work. In the past someone needed to install it onto the target computer. That is no longer the case.”

The warning from Hollis comes in the wake of the Sumitomu case, an incident still under investigation by the National High Tech Crime Unit, where thieves tried to steal £220m from some 20 accounts by copying staff password and account data to the little bugging devices over a long period of time.

Sources close to the investigation claim that the memory drives were inserted by dishonest employees and then removed after they had gathered enough information.

According to experts, as a lot of computers now have USB plugs on the front of the system the risk posed by the memory drives, which can now store 250 gigabytes of data, is enormous.

“You can pre-program one of these to search for particular information, pretend to be a cleaner, plug it into the front of a machine, leave it for an hour and then walk off with the company,” said Jeremy Barker, Managing Director of Silent Knight, whose company specialises in preventing copying technology being connected to computers.

According to Barker, the memory sticks are exploiting a design fault in the technology called ‘plug and play’ which aims to make computers as easy to use and put together as possible.

”These things go right to the heart of the machine and if you have done nothing to prevent them, they will work from there unhindered and copy everything they want, often within seconds.”