536 lines
29 KiB
Plaintext
536 lines
29 KiB
Plaintext
==Phrack Inc.==
|
|
|
|
Volume Four, Issue Thirty-Nine, File 12 of 13
|
|
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
PWN PWN
|
|
PWN Phrack World News PWN
|
|
PWN PWN
|
|
PWN Issue XXXIX / Part Three of Four PWN
|
|
PWN PWN
|
|
PWN Compiled by Datastream Cowboy PWN
|
|
PWN PWN
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
|
|
|
|
New Phones Stymie FBI Wiretaps April 29, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Simson L. Garfinkel (Christian Science Monitor)(Page 12)
|
|
|
|
"Legislation proposed by Justice Department would change the way
|
|
telecommunications equipment is developed in the United States."
|
|
|
|
For more than 50 years, wiretapping a telephone has been no more difficult than
|
|
attaching two clips to a telephone line. Although legal wiretaps in the United
|
|
States have always required the approval of a judge or magistrate, the actual
|
|
wiretap has never been a technical problem. Now that is changing, thanks to
|
|
the same revolution in communications that has made car phones, picture
|
|
telephones, and fax machines possible.
|
|
|
|
The only thing a person tapping a digital telephone would hear is the
|
|
indecipherable hiss and pop of digital bits streaming past. Cellular
|
|
telephones and fiber-optic communications systems present a would-be wiretapper
|
|
with an even more difficult task: There isn't any wire to tap.
|
|
|
|
Although cellular radio calls can be readily listened in on with hand-held
|
|
scanners, it is nearly impossible to pick up a particular conversation -- or
|
|
monitor a particular telephone -- without direct access to the cellular
|
|
telephone "switch," which is responsible for connecting the radio telephones
|
|
with the conventional telephone network.
|
|
|
|
This spring, the Federal Bureau of Investigation (FBI) unveiled legislation
|
|
that would require telephone companies to include provisions in their equipment
|
|
for conducting court-ordered wiretaps. But critics of the legislation,
|
|
including some members of Congress, claim that the proposals would expand the
|
|
FBI's wiretap authority and place an undue burden on the telecommunications
|
|
industry.
|
|
|
|
Both sides agree that if provisions for monitoring communications are not made
|
|
in the planning stages of new equipment, it may eventually become impossible
|
|
for law enforcement personnel to conduct wiretaps.
|
|
|
|
"If the technology is not fixed in the future, I could bring an order [for a
|
|
wiretap] to the telephone company, and because the technology wasn't designed
|
|
with our requirement in mind, that person could not [comply with the court
|
|
order]," says James K. Kalstrom, the FBI's chief of engineering.
|
|
|
|
The proposed legislation would require the Federal Communications Commission
|
|
(FCC) to establish standards and features for makers of all electronic
|
|
communications systems to put into their equipment, require modification of all
|
|
existing equipment within 180 days, and prohibit the sale or use of any
|
|
equipment in the US that did not comply. The fine for violating the law would
|
|
be $10,000 per day.
|
|
|
|
"The FBI proposal is unprecedented," says Representative Don Edwards (D) of
|
|
California, chairman of the House Judiciary Subcommittee on Civil and
|
|
Constitutional Rights and an outspoken critic of the proposal. "It would give
|
|
the government a role in the design and manufacture of all telecommunications
|
|
equipment and services."
|
|
|
|
Equally unprecedented, says Congressman Edwards, is the legislation's breadth:
|
|
The law would cover every form of electronic communications, including cellular
|
|
telephones, fiber optics, satellite, microwave, and wires. It would cover
|
|
electronic mail systems, fax machines, and all networked computer systems. It
|
|
would also cover all private telephone exchanges -- including virtually every
|
|
office telephone system in the country.
|
|
|
|
Many civil liberties advocates worry that if the ability to wiretap is
|
|
specifically built into every phone system, there will be instances of its
|
|
abuse by unauthorized parties.
|
|
|
|
Early this year, FBI director William Sessions and Attorney General William
|
|
Barr met with Senator Ernest F. Hollings (D) of South Carolina, chairman of the
|
|
Senate Commerce Committee, and stressed the importance of the proposal for law
|
|
enforcement.
|
|
|
|
Modifying the nation's communications systems won't come cheaply. Although
|
|
the cost of modifying existing phone systems could be as much as $300 million,
|
|
"We need to think of the costs if we fail to enact this legislation," said Mr.
|
|
Sessions before a meeting of the Commerce, Justice, State, and Judiciary
|
|
Subcommittees in April. The legislation would pass the $300 million price-tag
|
|
along to telephone subscribers, at an estimated cost of 20 cents per line.
|
|
|
|
But an ad-hoc industry coalition of electronic communications and computer
|
|
companies has objected not only to the cost, but also to the substance of the
|
|
FBI's proposal. In addition, they say that FCC licensing of new technology
|
|
would impede its development and hinder competitiveness abroad.
|
|
|
|
Earlier this month, a group of 25 trade associations and major companies,
|
|
including AT&T, GTE, and IBM, sent a letter to Senator Hollings saying that "no
|
|
legislative solution is necessary." Instead, the companies expressed their
|
|
willingness to cooperate with the FBI's needs.
|
|
|
|
FBI officials insist that legislation is necessary. "If we just depend on
|
|
jaw-boning and waving the flag, there will be pockets, areas, certain places"
|
|
where technology prevents law enforcement from making a tap, says Mr. Kalstrom,
|
|
the FBI engineer. "Unless it is mandatory, people will not cooperate."
|
|
|
|
For example, Kalstrom says, today's cellular telephone systems were not built
|
|
with the needs of law enforcement in mind. "Some companies have modified their
|
|
equipment and we can conduct surveillance," he says. But half of the companies
|
|
in the US haven't, he adds.
|
|
|
|
Jo-Anne Basile, director of federal relations for the Cellular
|
|
Telecommunications Industry Association here in Washington, D.C., disagrees.
|
|
|
|
"There have been problems in some of the big cities because of [limited]
|
|
capacity," Ms. Basile says. For example, in some cities, cellular operators
|
|
had to comply with requests for wiretaps by using limited "ports" designed for
|
|
equipment servicing. Equipment now being installed, though, has greatly
|
|
expanded wiretap capacity in those areas.
|
|
|
|
"We believe that legislation is not necessary because we have cooperated in
|
|
the past, and we intend on cooperating in the future," she adds.
|
|
|
|
The real danger of the FBI's proposal is that the wiretap provisions built in
|
|
for use by the FBI could be subverted and used by domestic criminals or
|
|
commercial spies from foreign countries, says Jerry Berman, director of the
|
|
Electronic Frontier Foundation, a computer users' protection group in
|
|
Cambridge, Mass.
|
|
|
|
"Anytime there is a hearing on computer hackers, computer security, or
|
|
intrusion into AT&T, there is a discussion that these companies are not doing
|
|
enough for security. Now here is a whole proposal saying, 'Let's make our
|
|
computers more vulnerable.' If you make it more vulnerable for the Bureau,
|
|
don't you make it more vulnerable for the computer thief?"
|
|
|
|
Civil liberties advocates also worry that making wiretaps easier will have the
|
|
effect of encouraging their use -- something that the FBI vehemently denies.
|
|
|
|
"Doing a wiretap has nothing to do with the [technical] ease," says Kalstrom.
|
|
"It is a long legal process that we must meet trying all other investigations
|
|
before we can petition the court."
|
|
|
|
Kalstrom points out the relative ease of doing a wiretap with today's telephone
|
|
system, then cites the federal "Wiretap Report," which states that there were
|
|
only 872 court-approved wiretaps nationwide in 1990. "Ease is not the issue.
|
|
There is a great dedication of manpower and cost," he says. But digital
|
|
wiretapping has the potential for drastically lowering the personnel
|
|
requirements and costs associated with this form of electronic surveillance.
|
|
Computers could listen to the phone calls, sitting a 24-hour vigil at a low
|
|
cost compared with the salary of a flesh-and-blood investigator.
|
|
|
|
"Now we are seeing the development of more effective voice-recognition
|
|
systems," says Edwards. "Put voice recognition together with remote-access
|
|
monitoring, and the implications are bracing, to say the least."
|
|
|
|
Indeed, it seems that the only thing both sides agree on is that digital
|
|
telephone systems will mean more secure communications for everybody.
|
|
|
|
"It is extremely easy today to do a wiretap: Anybody with a little bit of
|
|
knowledge can climb a telephone poll today and wiretap someone's lines," says
|
|
Kalstrom. "When the digital network goes end-to-end digital, that will
|
|
preclude amateur night. It's a much safer network from the privacy point of
|
|
view."
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
FBI Fight With Computer, Phone Firms Intensifies May 4, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Taken from Los Angeles Times (Business, Part D, Page 2)
|
|
|
|
"Spy Agencies Oppose Technology That Will Prevent
|
|
Them From Tapping Into Data And Conversations"
|
|
|
|
Top computer and telecommunications executives are fighting attempts by the FBI
|
|
and the nation's intelligence community to ensure that government surveillance
|
|
agencies can continue to tap into personal and business communications lines as
|
|
new technology is introduced.
|
|
|
|
The debate flared last week at a House Judiciary Committee hearing on foreign
|
|
intelligence agencies' attempts to gather U.S. companies' secrets. The
|
|
committee's chairman, Representative Jack Brooks (D-Tex.), called the hearing
|
|
to complain that the FBI and the National Security Agency (NSA) are hurting
|
|
companies' attempts to protect their communications.
|
|
|
|
The issue has been heating up on two fronts. Phone companies have been
|
|
installing digital equipment that frustrates phone tapping efforts, and
|
|
computer companies are introducing new methods of securing data transmissions
|
|
that are almost impossible for intelligence agencies to penetrate.
|
|
|
|
The controversy centers, in part, on an FBI attempt to persuade Congress to
|
|
force telephone companies to alter their digital networks, at a possible cost
|
|
of billions of dollars that could be passed on to ratepayers, so that the FBI
|
|
can continue performing court-authorized wiretaps. Digital technology
|
|
temporarily converts conversations into computerized code, which is sent at
|
|
high speed over transmission lines and turned back to voice at the other end,
|
|
for efficient transmission.
|
|
|
|
Civil liberties groups and telecommunications companies are fiercely resisting
|
|
the FBI proposal, saying it will stall installation of crucial technology and
|
|
negate a major benefit of digital technology: Greater phone security. The
|
|
critics say the FBI plan would make it easier for criminals, terrorists,
|
|
foreign spies and computer hackers to penetrate the phone network. The FBI
|
|
denies these and other industry assertions.
|
|
|
|
Meanwhile, the NSA, the nation's super-secret eavesdropping agency, is trying
|
|
to ensure that government computers use a computer security technology that
|
|
many congressmen and corporate executives believe is second-rate, so that NSA
|
|
can continue monitoring overseas computer data transmissions. Corporations
|
|
likely would adopt the government standard.
|
|
|
|
Many corporate executives and congressmen believe that a branch of the Commerce
|
|
Department that works closely with NSA, the National Institute of Standards and
|
|
Technology (NIST), soon will endorse as the government standard a computer-
|
|
security technology that two New Jersey scientists said they penetrated to
|
|
demonstrate its weakness. NIST officials said that their technology wasn't
|
|
compromised and that it is virtually unbreakable.
|
|
|
|
"In industry's quest to provide security (for phones and computers), we have a
|
|
new adversary, the Justice Department," said D. James Bidzos, president of
|
|
California-based RSA Data Security Inc., which has developed a computer-
|
|
security technology favored by many firms over NIST's. "It's like saying that
|
|
we shouldn't build cars because criminals will use them to get away."
|
|
|
|
"What's good for the American company may be bad for the FBI" and NSA, said
|
|
Representative Hamilton Fish Jr. (R-N.Y.). "It is a very heavy issue here."
|
|
|
|
The situation is a far cry from the 1950s and 1960s, when companies like
|
|
International Business Machines Corporation and AT&T worked closely with law-
|
|
enforcement and intelligence agencies on sensitive projects out of a sense of
|
|
patriotism. The emergence of a post-Vietnam generation of executives,
|
|
especially in new high-technology firms with roots in the counterculture, has
|
|
short-circuited the once-cozy connection, industry and government officials
|
|
said.
|
|
|
|
"I don't look at (the FBI proposal) as impeding technology," FBI Director
|
|
William S. Sessions testified at the Judiciary Committee hearing. "There is a
|
|
burden on the private sector . . . a price of doing business."
|
|
|
|
FBI officials said they have not yet fumbled a criminal probe due to inability
|
|
to tap a phone, but they fear that time is close. "It's absolutely essential
|
|
we not be hampered," Sessions said. "We cannot carry out our responsibilities"
|
|
if phone lines are made too secure.
|
|
|
|
On the related computer-security issue, the tight-lipped NSA has never
|
|
commented on assertions that it opposes computerized data encryption
|
|
technologies like that of RSA Data Security because such systems are
|
|
uncrackable.
|
|
|
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
For more articles on this same topic, please see:
|
|
|
|
Phrack 38, File 11; The Digital Telephony Proposal.
|
|
_______________________________________________________________________________
|
|
|
|
FBI Seeks Compiled Lists For Use In Its Field Investigation April 20, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Ray Schultz (DMNews)(Page 1)
|
|
Special Thanks: The Omega and White Knight
|
|
|
|
Washington, D.C. -- The Federal Bureau of Investigation, in a move that could
|
|
spell trouble for the industry, reported is seeking commercial mailing lists
|
|
for use in its investigations.
|
|
|
|
Spokespersons for both MetroMail Corporation and Donnelley Marketing confirmed
|
|
that they were approached for services within the last two weeks and other
|
|
firms also received feelers.
|
|
|
|
Neither of the identified firms would discuss details, but one source familiar
|
|
with the effort said the FBI apparently is seeking access to a compiled
|
|
consumer database for investigatory uses.
|
|
|
|
The FBI agents showed "detailed awareness" of the products they were seeking,
|
|
and claimed to have already worked with several mailing list companies,
|
|
according to the source.
|
|
|
|
Metromail, which has been supplying the FBI with its MetroNet address lookup
|
|
service for two years, did not confirm this version of events. Spokesperson
|
|
John Tomkiw said only that the firm was asked by the FBI about a "broadening"
|
|
of its services.
|
|
|
|
The firm has supplied the bureau with a full listing of its products and
|
|
services, but has not yet been contacted back and is not sure what action it
|
|
will take, said Tomkiw.
|
|
|
|
Donnelley was also vague on the specifics of the approach, but did say it has
|
|
declined any FBI business on the grounds that it would be an inappropriate use
|
|
of its lists.
|
|
|
|
FBI spokesperson Bill Carter was unable to provide confirmation, although he
|
|
did verify that the FBI uses MetroNet to locate individuals needed for
|
|
interviews.
|
|
|
|
If the database scenario is true, it would mark the first major effort by a
|
|
government agency to use mailing lists for enforcement since the Internal
|
|
Revenue Service tried to use rented lists to catch tax cheats in 1984.
|
|
|
|
"We have heard of it," said Robert Sherman, counsel to the Direct Marketing
|
|
Association and attorney with the firm of Milgrim Thomajan & Lee, New York.
|
|
"We'd like to know more about it. If it is what it appears to be, law
|
|
enforcement agents attempting to use marketing lists for law enforcement
|
|
purposes, then the DMA and industry would certainly be opposed to that on
|
|
general principles."
|
|
|
|
Such usage would "undermine consumer confidence in the entire marketing process
|
|
and would intrude on what otherwise would be harmless collection of data,"
|
|
Sherman said.
|
|
|
|
RL Polk, which has not been contacted, said it would decline for the same
|
|
reasons if approached.
|
|
|
|
"That's not a proper use of our lists," said Polk chairman John O'Hara. "We're
|
|
in the direct mail business and it's our policy not to let our lists be used
|
|
for anything but marketing purposes."
|
|
|
|
According to one source, who requested anonymity, the FBI intimated that it
|
|
would use its subpoena power if refused access to the lists.
|
|
|
|
The approaches, made through the FBI training center in Quantico, VA,
|
|
reportedly were not the first.
|
|
|
|
The FBI's Carter said the MetroNet product was used for address lookups only.
|
|
|
|
"If a field office needs to locate somebody for an interview, we can check the
|
|
[MetroNet] database as to where they reside and provide that information to the
|
|
field office," he said.
|
|
|
|
However, the product was cited as a potential threat to privacy last year by
|
|
Richard Kessel, New York State Consumer Affairs Commissioner.
|
|
|
|
In a statement on automatic number identifiers, Kessel's office said that "one
|
|
firm offers to provide 800-number subscribers immediate access to information
|
|
on 117-million customers in 83-million households nationwide.
|
|
|
|
"The firm advertises that by matching the number of an incoming call into its
|
|
database, and an 800 subscriber within seconds can find out such information as
|
|
whether the caller has previously purchased items from their companies."
|
|
|
|
Kessel included a copy of a trade ad for MetroNet, in which the product is
|
|
presented as a direct marketing tool.
|
|
|
|
Under the headline "Who am I?" the copy reads as if it is by an imaginary
|
|
consumer.
|
|
|
|
"The first step to knowing me better is as easy as retrieving my phone number
|
|
in an Automatic Number Identification environment," it says. "Within seconds
|
|
you can search your internal database to see if I've purchased from you before.
|
|
And if it's not to be found, there's only one place to go -- to MetroNet.
|
|
|
|
"MetroNet gives you immediate access to information on 117-million consumers in
|
|
83-million households nationwide: recent addresses; phone numbers; specific
|
|
demographics and household information."
|
|
|
|
Tomkiw defended the product, saying its primary focus is "direct marketing.
|
|
We're always sensitive to those types of issues."
|
|
|
|
MetroNet works as an electronic white pages, but does not contain "a lot of
|
|
demograhpic data," he said. "It's primarily used by the real estate and
|
|
insurance industries."
|
|
|
|
The 1984 IRS effort reportedly was a failure, but it created a public outcry
|
|
and much negative publicity for the industry. Though Polk, MetroMail and
|
|
Donnelley all refused to rent their lists for the effort, the IRS was able to
|
|
locate other lists through Dunhill of Washington. Most industry sources say
|
|
that such efforts are doomed to fail because lists are useful only in
|
|
identifying people in aggregate, not as individuals."
|
|
_______________________________________________________________________________
|
|
|
|
Do You Know Where Your Laptop Is? May 11, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Robert Kelly (InformationWeek)
|
|
|
|
Are your executives carrying computers with critical data?
|
|
If so, company secrets are vulnerable
|
|
|
|
It was an expensive round of window shopping. On December 17, 1990, David
|
|
Farquhar parked his car in downtown London to browse through an automobile
|
|
showroom. A Wing Commander in Great Britain's Royal Air Force, he was enjoying
|
|
a few moments away from the mounting pressures leading up to the Gulf War,
|
|
which would begin less than a month later.
|
|
|
|
But Farquhar made a huge mistake: He left his laptop computer in his car. And
|
|
although he was gone a mere five minutes, by the time he returned, the laptop
|
|
had been stolen -- as had U.S. General Norman Schwarzkopf's plans, stored in
|
|
the computer's disk drive, for the upcoming Allied strike against Iraq.
|
|
|
|
Farquhar paid dearly for his carelessness. Soon after the red-faced Wing
|
|
Commander reported the incident, he was court-martialed, demoted, and slapped
|
|
with a substantial fine. The computer was anonymously returned a week later-
|
|
with the disk drive intact.
|
|
|
|
Farquhar may feel alone in his dilemma and rue the wrong turn his life has
|
|
taken, but such episodes are anything but isolated. Though electronic security
|
|
sources say it's too soon to keep score yet on the exact number of laptop
|
|
thefts, anecdotally, at least, it appears a computer crime wave is underway.
|
|
According to electronic data experts, during the past 18 months, as laptop
|
|
purchases have soared, theft has taken off also.
|
|
|
|
For instance, at the Computer Security Institute (CSI), an organization that
|
|
ironically comprises corporate security experts, a half-dozen members have
|
|
already reported their company laptops stolen, says Phil Chapnick, director of
|
|
the San Francisco-based group. And there are probably more that aren't
|
|
speaking about it, he adds: "Victims prefer to maintain a low profile."
|
|
|
|
So do the perpetrators, obviously. But a picture of who some of them are is
|
|
beginning to emerge, says John Schey, a security consultant for the federal
|
|
government. He says a roving band of "computer hit men" from New York, Los
|
|
Angeles, and San Francisco has been uncovered; members are being paid upwards
|
|
of $10,000 to steal portable computers and strategic data stored on those
|
|
machines from executives at Fortune 1,000 companies. Federal agents, Schey
|
|
adds, are conducting a "very, very dynamic and highly energized investigation
|
|
to apprehend the group." U.S. law enforcement authorities refuse to comment on
|
|
the issue.
|
|
|
|
Laptop theft is not, of course, limited to the United States. According to
|
|
news reports, and independently confirmed by InformationWeek, visiting
|
|
executives from NCR Corp. learned that reality the hard way recently when they
|
|
returned to their rooms after dinner at the Nikko Hotel in Paris to find the
|
|
doors removed from their hinges. The rooms were ransacked, turned upside down,
|
|
but the thieves found what they were looking for. All that was taken were two
|
|
laptops containing valuable corporate secrets.
|
|
|
|
Paul Joyal, president of Silver Spring, Maryland, security firm Integer and a
|
|
former director of security for the Senate Intelligence Committee, says he
|
|
learned from insiders close to the incident that French intelligence agents,
|
|
who are known for being chummy with domestic corporations, stole the machines.
|
|
Joyal suspects they were working for a local high-tech company. An NCR
|
|
spokesman denies knowledge of the incident, but adds that "with 50,000
|
|
employees, it would be impossible to confirm." Similar thefts, sources say,
|
|
have occurred in Japan, Iraq, and Libya.
|
|
|
|
It's not hard to figure out why laptop theft is on the rise. Unit sales of
|
|
laptops are growing 40% annually, according to market researchers Dataquest
|
|
Inc., and more than 1 million of them enter the technology stream each year.
|
|
Most of the machines are used by major companies for critical tasks, such as
|
|
keeping the top brass in touch when they're on the road, spicing up sales calls
|
|
with real data pulled from the corporate mainframe, and entering field data
|
|
into central computers. Because of laptops, says Dan Speers, an independent
|
|
data analyst in West Paterson, New Jersey, "there's a lot of competitive data
|
|
floating around."
|
|
|
|
And a perfect way to steal information from central corporate databases.
|
|
Thieves are not only taking laptops to get at the data stored in the disk
|
|
drives, but also to dial into company mainframes. And sometimes these thieves
|
|
are people the victims would least suspect. One security expert tells of "the
|
|
wife of a salesman for a Fortune 500 manufacturing firm who worked for a direct
|
|
competitor." While her husband slept, she used his laptop to log on to a
|
|
mainframe at his company and download confidential sales data and profiles of
|
|
current and potential customers. "The husband's job," says the security
|
|
expert, "not the wife's, was terminated."
|
|
|
|
Such stories, and there are plenty of them, have led many U.S. companies to
|
|
give lip service to laptop theft, but in almost all cases they're not doing
|
|
much about it. "Management has little or no conception of the vulnerability of
|
|
their systems," says Winn Schwartau, executive director of InterPact, an
|
|
information security company in Nashville. That's not surprising, adds CSI's
|
|
Chapnick: "Security typically lags technology by a couple of years."
|
|
|
|
Playing Catch-Up
|
|
|
|
Still, some companies are trying to catch up quickly. Boeing Corp., Grumman
|
|
Corp., and Martin Marietta Corp., among others, have adopted strict policies on
|
|
portable data security. This includes training staffers on laptop safety
|
|
rules, and even debriefing them when they return from a trip. One company,
|
|
sources say, was able to use such a skull session to identify a European hotel
|
|
as a threat to data security, and put it on the restricted list for future
|
|
trips.
|
|
|
|
Conde Nast Publications Inc. is taking the the issue even more seriously. The
|
|
New York-based magazine group's 65-member sales force uses laptops to first
|
|
canvas wholesalers, then upload data on newsstand sales and distribution
|
|
problems to the central mainframe. To ensure that the corporate database isn't
|
|
poisoned by rogue data, "we have a very tight security system," says Chester
|
|
Faye, Conde Nast's director of data processing. That system's centerpiece is a
|
|
program, created in-house at Conde Nast, that lets the mainframe read an
|
|
identification code off of the chip of each laptop trying to communicate with
|
|
it. "The mainframe, then, can hang up on laptops with chip IDs it doesn't
|
|
recognize and on those reported stolen by sales reps," says Faye.
|
|
|
|
And some organizations hope to go to even greater lengths. InterPact's
|
|
Schwartau says a government agency in Great Britain wants to build a device
|
|
that attaches to a user's belt and disconnects communication to a mainframe
|
|
when the laptop deviates 15 degrees vertically. The reason: To protect
|
|
corporate data if the person using the laptop is shot and killed while dialing
|
|
in.
|
|
|
|
Users say they're taking such extreme measures because the vendors don't; most
|
|
laptops arrive from the factory without adequate security protection. Most
|
|
require a password before booting, but thieves can decipher them with relative
|
|
ease. Some also have removable hard drives, but again, these can be stolen
|
|
with similar impunity and therefore provide little protection.
|
|
|
|
Ironically, none of this may be necessary; experts emphasize that adding
|
|
security to a laptop will not serve to price it out of existence. By some
|
|
estimates, building in protection measures raises the price of a laptop by at
|
|
most 20%. Beaver Computer Corp. in San Jose, California, for example, has a
|
|
product to encrypt the data on a laptop's hard drive and floppy disks. With
|
|
this, the information can't be accessed without an "electronic key" or
|
|
password. BCC has installed this capability on its own laptop, the SL007,
|
|
which seems to have passed muster with some very discriminating customers:
|
|
Sources close to the company say a major drug cartel in Colombia wants some of
|
|
these machines to protect drug trafficking data.
|
|
|
|
Equally important is the need to protect data in the host computer from hackers
|
|
who have stolen passwords and logons. Security Dynamics Technologies Inc. in
|
|
Cambridge, Massachusetts, offers the credit card-sized SecurID, which can be
|
|
attached to most laptops. SecurID consists of a $60 device that is connected
|
|
to the laptop, and additional hardware (Cost: $3,800 to $13,000) installed on
|
|
the host. SecurID continuously changes the logon used to dial into the host;
|
|
by the time a hacker gets around to using a stolen logon, for instance, it will
|
|
be obsolete.
|
|
|
|
But what if all measures fail? You can always insure the hardware; can you
|
|
insure the data? Not yet, but soon, says Nashville-based newsletter Security
|
|
Insider Report. An upstart startup will soon begin offering data insurance
|
|
policies that may include coverage of information lost when a portable computer
|
|
is stolen.
|
|
|
|
Company Cooperation
|
|
|
|
>From protection to insurance, however, no measure can work unless laptop owners
|
|
take the problem seriously. And that doesn't always happen. Case in point: In
|
|
the late 1980s, the Internal Revenue Service approached Schwartau's firm to
|
|
develop a blueprint for securing the confidential data that travels over phone
|
|
lines between the 30,000 laptops used by field auditors and IRS offices.
|
|
Schwartau came up with a solution. But the IRS shelved its security plans, and
|
|
has done nothing about it since, he charges.
|
|
|
|
Even those who should know better can run afoul of the laptop crime wave.
|
|
About 18 months ago, Ben Rosen, chairman of laptop maker Compaq Computer Corp.,
|
|
left his machine behind on the train; it was promptly stolen. Rosen insists
|
|
there was no sensitive data in the computer, but he did lose whatever he had.
|
|
Unlike Schwarzkopf's plans, the laptop was never returned.
|
|
_______________________________________________________________________________
|