Re: What would you do?: All the media in your [home|data center|office] have been sto

well, i'll speak towards the "small business" and "home office" side of things since those are the two places that i oversee. we can toss laptops into the bargain, as well, i suppose.

1. small business

chances are very strong that i would simply wait for authorities to fully secure and go over the crime scene for any forensic details. at the places where i consult (some are businesses and some are schools) they are all small enough to either close for the day (think: a sign on the front door saying "water pipe burst, hope to reopen friday") or just operate without technology resources for a while.

all critical data is backed up on external volumes at my facilities, but not every single client has opted to go whole hog and actually swap media around to the point that they're rotating out a copy somewhere off-site. eh, what can you do?

after letting police do their thing, i'd begin rebuilding and restoring, much in the same way that i would if a fire or flood took out the technology. none of these companies has privacy-critical data on volumes that aren't somehow encrypted. (typically software encryption, not at the controller level*)

2. home office

at home i'd be extra-pissed due to it being a more personal matter, but again i wouldn't be devastated. all my data is backed up rather routinely (users' home directories are all encrypted volumes and the crypto files are copied whole to backup volumes nightly. my obscenely huge "content" archive gets its backup refreshed when i get around to it about once a month.) and i could rather comfortably survive a theft of my resources about as well as i could survive a house fire, etc.

again, it would just be a matter of getting some boxen running again and starting to restore the materials. fortunately, in both my home life and business life i don't oversee massive enterprise networks with any regularity at all. "restoring" a network could easily mean "recreating" a domain and back-end as opposed to recovering and keeping alive a 500-user account database etc and an assload of complicated permission sets.

3. laptop

well, i have had my laptop stolen, more than once, in fact. in the past when it happened each time i wasn't as prepared for it as i was the next time, but overall here's the lessons i learned and the policies i put in place for myself in order of establishing them...



* NOTE - hard disk controller encryption

has there been a talk about this at any con? there must have been... i plan on doing some searching after i post. i know almost nothing about this and would love to hear how strong it is, etc. when i swapped out the stock drive in my Fujitsu (see note above about the larger disk i now have) i was surprised to see it i couldn't read it when i installed it in my desktop workstation. it was not until i had placed it into a Dell that a message appeared reminding me of the hard disk protection.

i was surprised at how rather effective things were with this protection. i could not access the disk in any way. i had expected to just boot and nuke the old drive. that wasn't possible. i couldn't even get in and low-level format it. how is this protection implemented? something on the drive circuitry and not the platters? how easily can LEOs or .gov types bypass it, anyone know? i have some serious reading to do.

also interesting... do different manufacturers implement this in their own way? there seems to be some sort of standard, given that the Dell picked up on what the Fujitsu had done to the drive... but when the Dell asked that i input the password i had used to lock the drive, it wouldn't honor it. I had to re-install in the Fujitsu, go into the CMOS, unlock the drive there, etc. What if my laptop had been crushed under a car? Would i have had to get a new Fujitsu 7010 to unlock the drive? Would any laptop by that manufacturer have worked? like i say, i'm well behind the curve on this technology and plan on spending a lot of this friday doing very, very little work at my job and instead sitting here googling and reading.

Re: What would you do?: All the media in your [home|data center|office] have been sto

Well, I am under the office space/home scenario.

First off, all of my "important" data (generally, content my friends/coworkers and I have generated) is stored in an SCM that I regularly (albeit manually) back up and have distributed to multiple (albeit unreliable ) locations. For me the cost of replacing the hardware is likely to be greater than that of recovering the data, so I'll answer from that perspective.

Perhaps I'm a cynic, but I don't believe the police are going to care about recovering my data. I would probably call the police because I believe it would help with insurance. My priority is getting everything back up and running so I am unlikely to wait for an investigation.

As for the information leak, I would be out of luck. My general data isn't strongly protected and a reasonably intelligent person would likely recover the data without a problem. Fortunately, that data isn't valuable, either. Everything that is likely to be valuable (where valuable is measured as personal impact on my life) is protected through various (software) means that an attacker isn't likely to break.

In the end, I'm sure there wouldn't be enough evidence or motivation to find the person or people involved, and they would likely get away with their crime. My greatest protection is that I'm too much of a small fish for most people to take notice.

Re: What would you do?: All the media in your [home|data center|office] have been sto

I will speak for the home scenario as that is the only one I feel comfortable discussing. I would call the cops and weep until the renters insurance buys me a new set up. I format my PC for the hell of it, sometimes just cause I'm bored or just because I want to renew my limited/trial software. :-P

I have nothing on my computers that isn't either replaceable such as games, videos, media or is PGP'd. I speak for myself when I say that if i back up my shiznit won't the externals just get ganked too? It's not worth it to me to go through such lengths to secret squirrel ninja and make multiple copies of my crap. anything that is remotely sensitive data is PGP'd, and likely at work too. Aside from my Firefox remembering my myspace PW and various random shite (yes i know, shame on me) The infiltrator will see I search for hello kitty pictures every day, play a lot of WOW, have a really aristocratic sense of humor and will know based on my "DEBTSSHITE" Spreadsheet that I pay way less on my car insurance since I left Geico.

So in short, I would file a report, try to assess the value of what's lost, change my PW's JUST IN CASE. Maybe I am getting older and care less, i'm not sure. I have a lot of CD's with stuff on it I would be really sad to loose, old pirated versions of programs, drivers, random tools and what not. I'm not sure you could put a value on it but i'm starting to care less about it's worth. It's just stuff, the important stuff is all "up here" as they say.

The one breach I am concerned about is my "address book" I have a lot of contacts.....Any suggestions on how to encorporate syncing and encrypting? Its not loosing the cotmans number I am worried about, it's sharing it :-) I am sure a lot of you have some sensitive numbers on your phones and a lot of us sync to back up that data...what do you do?

Re: What would you do?: All the media in your [home|data center|office] have been sto

I'll attempt the office scenario first.

All important files are backed up and every month copies are sent to the capital coordination team, who send copies to the headquarters. In addition we also keep hard copies of most important files (medical, logistics and finance/admin) at project level as well as in the capital, at least for a few months. So, there's no huge worry about the data, it's more of an inconvenience than anything else: just contact capital and ask for the files.

As for contacting the authorities, it depends on the context. I know of a case a few years back when the government of the country where my organisation was working in confiscated computers and files (as well as arresting a couple of guys for "spying"). Obviously it would be next to pointless to contact them. Otherwise, I would contact the local police as more of a formality, as in not really expecting to get anything back.

The operation will not be affected in any great deal. Primary health care can be pretty low tech ...

At home, I'll be a wee bit more pissed off if somebody nicks my kit, but nothing on my computer is sensitive or irreplaceable.

Re: What would you do?: All the media in your [home|data center|office] have been sto

What about SSN or private customer information like account numbers?
Would policies or laws require you to notify customers about the loss of information about them to possible thieves?

Could the attackers user any of your private key information against you? What about passwords? If you have thousands of users, there is risk for a few passwords to be easily crackable within 24 hours.

If at home, what about credit cards, or account information? Would you call to close accounts? Re-open new accounts?

Re: What would you do?: All the media in your [home|data center|office] have been sto

Google for it, and search irc of course.

xor

Man you guys are slipping :)

Re: What would you do?: All the media in your [home|data center|office] have been sto

Hey there, just wanted to give big ups to a fun thread from Cotman...

Re: What would you do?: All the media in your [home|data center|office] have been sto

I'm still interested to know what any of you do regarding your phone and email address book/ Phone Contacts. How do you keep that info Private? How do you back it up? I have 650-ish numbers in my phone...


Also, XOR I don't get your answer at all.......

Re: What would you do?: All the media in your [home|data center|office] have been sto

I think he's reffering to how to reclaim his stolen warez and pr0n collections

Re: What would you do?: All the media in your [home|data center|office] have been sto

That would make sense! No offense to XOR but the comment he left was way to open, i interpreted it in several different ways. I think Renders explanation is probably the most accurate.

Re: What would you do?: All the media in your [home|data center|office] have been sto

Ok, let me explain. Say your laptop was stolen out of your car. Was it stolen by some super secret agent man tracking you for months with the intention of trying to sell your data to Iran for millions of dollars, probably not. Was it stolen out of your car by some crack head who will sell it to the first person he sees for $5.00, more likely scenario. Will said crack head sell it to a leet hacker who will then sell your data to the Russian mob, maybe. Someone please calculate the odds of that actually happening. Or will they most likely run into some computer neophyte, n00b, tard in front of 7-11 who will then not being able to get past your password(95% of the world) format the drive and make your laptop his thus destroying all your data and your porn collection :).

So before freaking out and calling out the marines I would look for some trace of the information on either Google, IRC, and or USENET or other similar dark corners of the net. If not found the more likely of the scenarios probably happened and I can rest easy therefore starting a new warez and porn collection.

GET IT :). Just because someone steals your data, doesn't mean they know what to do with it. It's a lot like crypto, just because someone understands crypto doesn't mean they know how to code and vice a verse a. Don't be so self important, because your not. :)

xor

Make decisions based on facts, not what you think you know, assume you know, or believe you know.

Occam's razor, hellllllo!!!!!!

Re: What would you do?: All the media in your [home|data center|office] have been sto

I'm speaking of a personal or SMB laptop of course. Obviously, you would do different stuff if it had a million SSN's or nuclear launch codes. But I would still look for some trace of the information on the net. Knowing whether or not the information is actually in the wild and or being sold for profit will help you make better decisions for you and your clients. People who steal professionally aren't going to sit on the information. They if professionals must assume that you know the information is missing and that there is a time limit on that information before access is changed. So they will most likely try and move it as quickly as possible. People steal for fun and profit. Critical data always has an expiration date.

xor

"Stop chasing the mice in your skull,"

Re: What would you do?: All the media in your [home|data center|office] have been sto

Who are you Paris Hilton :)?

xor

Many phone carriers today offer a remote wipe. Kerio Mail Server one of my favorites has a push service, with a remote wipe function to. KMS is something you can warez :)

Re: What would you do?: All the media in your [home|data center|office] have been sto

OK, yes, It is far more likely a crack head would steal your crap versus the US or foreign Govts, however I do think it is unprofessional, unwise and plain mental to not go by the (minimums of) industry standard and some common sense and take immediate action in damage control. Report loses, change sensitive data, notify the appropriate authorities, clients, users etc. I have a pretty accurate mental recollection of what might be considered sensitive, ONLY after they get passed the drive encryption and also decrypt those particular files. I would take action on that info regardless if I thought bubba at the pawn shop or K-rad has my shit.


You would rest easy after an empty google search?, i shiver in many not so good places at thinking someone with even mildly sensitive data of mine would do that. Perhaps I am schooled on a different level of thought. I always assume it is in the wild, think of worse case and act accordingly. There is no harm in being over reactive to a such a thing, is there? As far as wanting to pretend it didn't happen so's not to embarrass yourself in front of your clients, then that person would be a loser. I prefer someone responsible and takes swift action when presented with a mistake/failure. Your sensitive stuff should be protected anyway,(crypto/whole disk encryption) if its not you need to own up to it. There is always going to be something. If you were careful to start with the theft shouldn't take the piss out of you too much.