Many companies ban or regulate the use of external storage drives to prevent sensitive information from being taken out of the office. But a recent incident involving an Army computer offers a warning about another data theft method.
American soldier Bradley E. Manning was arrested in May after being accused of stealing more than 150,000 highly classified documents and files from government computers in Iraq, including classified video of a helicopter attack that Manning leaked online.
Pentagon investigations have discovered his method for taking the data: He copied them to a compact disc disguised as a music CD by Lady Gaga.
While Manning burned the data to the CD, he said he wore headphones and lip-synched lyrics to look like he was listening to music.
In 2008, the Defense Department banned the use of USB thumb drives to prevent this type of thing from happening. The USB portals on computers with access to sensitive docs had been disabled.
However, the government’s computers still had disc drives installed with CD burning capabilities enabled, the New York Times reports.
Companies take note: You may want to think about policies and controls regarding CD burning for employees who deal with especially sensitive information.
Related posts:
The common problem I face when advising corporations of security risk is the false perception that the companies information is worthless.