|
Data raiders steal whole companies with memory sticks |
|
|
|
Crime
|
|
Written by Peter Warren
|
|
Thursday, 10 November 2005 |
High tech thieves are using the latest in memory stick technology to
literally suck the brains and commercial secrets out of companies,
Peter Warren reports.
Computer security experts are warning about the dangers of a tiny James
Bond style spying device used by high-tech thieves that can steal a
company’s secrets in the blink of an eye.
Available from the internet for only £10, the devices, called ‘asset
strippers’ in the computer security industry, are specially modified
USB memory drives capable of holding enormous amounts of data and are
already being used by crime gangs and individuals in the City of
London
.
The dangers posed by the lipstick-sized devices have massively
increased in recent weeks because they can now be bought loaded with
computer software that bypasses a machine’s security measures,
according to Richard Hollis, managing director of the top City computer
security company Orthus.
“This new device has just put up the stakes considerably” said Hollis.
“London businesses have experienced a significant number of attacks
that have exploited physical connections in computers over the last
year by both disgruntled employees and criminals.
“This means these asset stripping attacks are going to increase because
they’re so easy to launch and the risk of getting caught is much lower”
says Hollis, pointing out that because the devices can now execute
programs automatically, they are particularly dangerous.
“Now all you have to do it put your spyware program onto the stick,
plug it in and the program starts to work. In the past someone needed
to install it onto the target computer. That is no longer the case.”
The warning from Hollis comes in the wake of the Sumitomu case, an
incident still under investigation by the National High Tech Crime
Unit, where thieves tried to steal £220m from some 20 accounts by
copying staff password and account data to the little bugging devices
over a long period of time.
Sources close to the investigation claim that the memory drives were
inserted by dishonest employees and then removed after they had
gathered enough information.
According to experts, as a lot of computers now have USB plugs on the
front of the system the risk posed by the memory drives, which can now
store 250 gigabytes of data, is enormous.
“You can pre-program one of these to search for particular information,
pretend to be a cleaner, plug it into the front of a machine, leave it
for an hour and then walk off with the company,” said Jeremy Barker,
Managing Director of Silent Knight, whose company specialises in
preventing copying technology being connected to computers.
According to Barker, the memory sticks are exploiting a design fault in
the technology called ‘plug and play’ which aims to make computers as
easy to use and put together as possible.
”These things go right to the heart of the machine and if you have done
nothing to prevent them, they will work from there unhindered and copy
everything they want, often within seconds.”
|