In April Finjan, an online security company, uncovered three servers which contained stolen data.  The largest of these caches of stolen data included information from Europe, the Middle East, and North America.  The amount of data uncovered was 1.4 gigabytes, the equivalent of nearly 100,000 pages of Microsoft Word documents, 140,000 e-mail files, or one million pages of plain text files.

This is a unique example of what we have been talking about for the last year," said Finjan's CTO, Yuval Ben-Itzhak. "When you see a server with the data there, it's the difference between theory and reality. When you see people's medical records and e-mail in this volume, we were kind of shocked."

The server on which the data was found not only served as a drop site for stolen data.  It was also used as the central site from which the malicious attacks were carried out.  Among the data retrieved were nearly 5,400 files that ran the gamut from personal and business e-mails and medical records to financial account information ( login information as well as passwords and codes).  This information had been collected over a period of just three weeks.

The nature of the crime remains the same.  It is theft.  Technology has merely changed the way in which it is carried out.  As Ben-Itzhak describes it, "We entered a new era in which criminals just need to log into their 'data supplier' and download any information suitable for them to conduct their crime, be it financial fraud, industrial espionage or identity theft." Just as criminals have changed their methods for carrying out their thefts, we need to change the way we think about our privacy and security.

Without a change in how we think about electronic security even the most elaborate safeguard will fall short.  The best locks can't help if people leave the keys lying around.  Security and accountability were key concepts for the ElectronicTendering System from its very inception.  It is the most secure on-demand electronic government procurement system available today.  But not even the ETS can keep your data safe if the people who use the system do not realize how important it is to keep certain information secure.

When it comes to technology, it is neither fair nor safe to assume that people are the weakest link.  Nor is it a possibility you can safely ignore.  The best thing to do is make certain you and everyone else has the necessary knowledge to work safely in an online environment.  Whatever extra cost that may involve, it can't be as unpleasant as receiving a call to learn that someone found some of your e-mails on a server full of stolen data.


 

Sincerely,