Announcement

Collapse
No announcement yet.

What would you do?: All the media in your [home|data center|office] have been stolen.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • What would you do?: All the media in your [home|data center|office] have been stolen.

    Today is a new problem...

    What would you do?: All the media in your [home|data center|office|car] have been stolen.

    If you oversee a Data Center, then select that.
    If not, but you have a computer inn your office space, then select that,
    If not, but you have one or more computers at home, select that.
    If not, and you live out of your car, then select that.

    Only choose one location even if you have multiple data centers, homes, offices, or cars.

    Assume someone has stolen all of the Hard Disks/Fixed Disks, Floppy Disks, Tapes, and other media from your selected location.

    What would you do?

    Would your priorities be to get your operation back on its feet, or call law enforcement and not disturb the crime scene so they can collect evidence admissible in court with proper chain of evidence documented?

    Do you have media/tape backups stored offsite? Do you have video of your location to help locate the people on video? Are your tapes and fixed disks encrypted by the OS or controller?

  • #2
    Re: What would you do?: All the media in your [home|data center|office] have been sto

    well, i'll speak towards the "small business" and "home office" side of things since those are the two places that i oversee. we can toss laptops into the bargain, as well, i suppose.

    1. small business

    chances are very strong that i would simply wait for authorities to fully secure and go over the crime scene for any forensic details. at the places where i consult (some are businesses and some are schools) they are all small enough to either close for the day (think: a sign on the front door saying "water pipe burst, hope to reopen friday") or just operate without technology resources for a while.

    all critical data is backed up on external volumes at my facilities, but not every single client has opted to go whole hog and actually swap media around to the point that they're rotating out a copy somewhere off-site. eh, what can you do?

    after letting police do their thing, i'd begin rebuilding and restoring, much in the same way that i would if a fire or flood took out the technology. none of these companies has privacy-critical data on volumes that aren't somehow encrypted. (typically software encryption, not at the controller level*)

    2. home office

    at home i'd be extra-pissed due to it being a more personal matter, but again i wouldn't be devastated. all my data is backed up rather routinely (users' home directories are all encrypted volumes and the crypto files are copied whole to backup volumes nightly. my obscenely huge "content" archive gets its backup refreshed when i get around to it about once a month.) and i could rather comfortably survive a theft of my resources about as well as i could survive a house fire, etc.

    again, it would just be a matter of getting some boxen running again and starting to restore the materials. fortunately, in both my home life and business life i don't oversee massive enterprise networks with any regularity at all. "restoring" a network could easily mean "recreating" a domain and back-end as opposed to recovering and keeping alive a 500-user account database etc and an assload of complicated permission sets.

    3. laptop

    well, i have had my laptop stolen, more than once, in fact. in the past when it happened each time i wasn't as prepared for it as i was the next time, but overall here's the lessons i learned and the policies i put in place for myself in order of establishing them...
    3a. no irreplaceable info on a laptop, ever. it's a glorified flash drive for me, really. it's a USB key that can send email and watch movies. if you treat any of your "file taxi" devices like the master archive of your content or documents you're a moron. i have never kept anything on my laptop that wasn't copied somewhere else.

    3b. heavy crypto for any work product. i keep my most commonly-used field laptop partitioned. i have bootable system partitions for any O/S that i want to run, then i dedicated the rest of the hard drive (recently installed a 120-gigger, they seriously dropped in price) as just a data partition. that has all movies, music, games, etc. with which i can pass time if need be. it also has ghost images that i've made of the system partitions so that if things get wonky i can restore on the fly without erasing my data. also the data partition contains a large crypto file which i can mount as a drive anytime i need. anything that is not entertainment content gets saved here as a matter of routine.

    3c. laptop embedded security. my Fujitsu 7010 supports hard disk encryption* as well as some pretty great CMOS locks. i require a password to get into the CMOS or even just to boot. one nice feature is that when the system pauses and awaits said password, the Fujitsu CMOS lets you custom set a text string that appears on the bottom of the page. i call it the "can't pawn shop this easily" feature. currently, my computer says "this laptop is MINE, fucker... not yours!" and includes my email address and phone number, facilitating someone maybe contacting me if it falls into somewhat honorable hands.



    * NOTE - hard disk controller encryption

    has there been a talk about this at any con? there must have been... i plan on doing some searching after i post. i know almost nothing about this and would love to hear how strong it is, etc. when i swapped out the stock drive in my Fujitsu (see note above about the larger disk i now have) i was surprised to see it i couldn't read it when i installed it in my desktop workstation. it was not until i had placed it into a Dell that a message appeared reminding me of the hard disk protection.

    i was surprised at how rather effective things were with this protection. i could not access the disk in any way. i had expected to just boot and nuke the old drive. that wasn't possible. i couldn't even get in and low-level format it. how is this protection implemented? something on the drive circuitry and not the platters? how easily can LEOs or .gov types bypass it, anyone know? i have some serious reading to do.

    also interesting... do different manufacturers implement this in their own way? there seems to be some sort of standard, given that the Dell picked up on what the Fujitsu had done to the drive... but when the Dell asked that i input the password i had used to lock the drive, it wouldn't honor it. I had to re-install in the Fujitsu, go into the CMOS, unlock the drive there, etc. What if my laptop had been crushed under a car? Would i have had to get a new Fujitsu 7010 to unlock the drive? Would any laptop by that manufacturer have worked? like i say, i'm well behind the curve on this technology and plan on spending a lot of this friday doing very, very little work at my job and instead sitting here googling and reading.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: What would you do?: All the media in your [home|data center|office] have been sto

      Originally posted by TheCotMan View Post
      What would you do?: All the media in your [home|data center|office|car] have been stolen.
      Well, I am under the office space/home scenario.

      First off, all of my "important" data (generally, content my friends/coworkers and I have generated) is stored in an SCM that I regularly (albeit manually) back up and have distributed to multiple (albeit unreliable ) locations. For me the cost of replacing the hardware is likely to be greater than that of recovering the data, so I'll answer from that perspective.

      Perhaps I'm a cynic, but I don't believe the police are going to care about recovering my data. I would probably call the police because I believe it would help with insurance. My priority is getting everything back up and running so I am unlikely to wait for an investigation.

      As for the information leak, I would be out of luck. My general data isn't strongly protected and a reasonably intelligent person would likely recover the data without a problem. Fortunately, that data isn't valuable, either. Everything that is likely to be valuable (where valuable is measured as personal impact on my life) is protected through various (software) means that an attacker isn't likely to break.

      In the end, I'm sure there wouldn't be enough evidence or motivation to find the person or people involved, and they would likely get away with their crime. My greatest protection is that I'm too much of a small fish for most people to take notice.
      Last edited by Voltage Spike; September 21, 2007, 11:06.

      Comment


      • #4
        Re: What would you do?: All the media in your [home|data center|office] have been sto

        I will speak for the home scenario as that is the only one I feel comfortable discussing. I would call the cops and weep until the renters insurance buys me a new set up. I format my PC for the hell of it, sometimes just cause I'm bored or just because I want to renew my limited/trial software. :-P

        I have nothing on my computers that isn't either replaceable such as games, videos, media or is PGP'd. I speak for myself when I say that if i back up my shiznit won't the externals just get ganked too? It's not worth it to me to go through such lengths to secret squirrel ninja and make multiple copies of my crap. anything that is remotely sensitive data is PGP'd, and likely at work too. Aside from my Firefox remembering my myspace PW and various random shite (yes i know, shame on me) The infiltrator will see I search for hello kitty pictures every day, play a lot of WOW, have a really aristocratic sense of humor and will know based on my "DEBTSSHITE" Spreadsheet that I pay way less on my car insurance since I left Geico.

        So in short, I would file a report, try to assess the value of what's lost, change my PW's JUST IN CASE. Maybe I am getting older and care less, i'm not sure. I have a lot of CD's with stuff on it I would be really sad to loose, old pirated versions of programs, drivers, random tools and what not. I'm not sure you could put a value on it but i'm starting to care less about it's worth. It's just stuff, the important stuff is all "up here" as they say.

        The one breach I am concerned about is my "address book" I have a lot of contacts.....Any suggestions on how to encorporate syncing and encrypting? Its not loosing the cotmans number I am worried about, it's sharing it :-) I am sure a lot of you have some sensitive numbers on your phones and a lot of us sync to back up that data...what do you do?
        "Haters, gonna hate"

        Comment


        • #5
          Re: What would you do?: All the media in your [home|data center|office] have been sto

          I'll attempt the office scenario first.

          All important files are backed up and every month copies are sent to the capital coordination team, who send copies to the headquarters. In addition we also keep hard copies of most important files (medical, logistics and finance/admin) at project level as well as in the capital, at least for a few months. So, there's no huge worry about the data, it's more of an inconvenience than anything else: just contact capital and ask for the files.

          As for contacting the authorities, it depends on the context. I know of a case a few years back when the government of the country where my organisation was working in confiscated computers and files (as well as arresting a couple of guys for "spying"). Obviously it would be next to pointless to contact them. Otherwise, I would contact the local police as more of a formality, as in not really expecting to get anything back.

          The operation will not be affected in any great deal. Primary health care can be pretty low tech ...

          At home, I'll be a wee bit more pissed off if somebody nicks my kit, but nothing on my computer is sensitive or irreplaceable.
          Last edited by theCount; September 22, 2007, 13:21. Reason: Grammar, spelling and added content

          Comment


          • #6
            Re: What would you do?: All the media in your [home|data center|office] have been sto

            What about SSN or private customer information like account numbers?
            Would policies or laws require you to notify customers about the loss of information about them to possible thieves?

            Could the attackers user any of your private key information against you? What about passwords? If you have thousands of users, there is risk for a few passwords to be easily crackable within 24 hours.

            If at home, what about credit cards, or account information? Would you call to close accounts? Re-open new accounts?

            Comment


            • #7
              Re: What would you do?: All the media in your [home|data center|office] have been sto

              Google for it, and search irc of course.

              xor

              Man you guys are slipping :)
              Last edited by xor; September 23, 2007, 22:40.
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment


              • #8
                Re: What would you do?: All the media in your [home|data center|office] have been sto

                Hey there, just wanted to give big ups to a fun thread from Cotman...
                ======================================
                DJ Jackalope
                dopest dj in the galaxy. *mwah!*

                send in the drop bears!
                ======================================

                Comment


                • #9
                  Re: What would you do?: All the media in your [home|data center|office] have been sto

                  I'm still interested to know what any of you do regarding your phone and email address book/ Phone Contacts. How do you keep that info Private? How do you back it up? I have 650-ish numbers in my phone...


                  Also, XOR I don't get your answer at all.......
                  "Haters, gonna hate"

                  Comment


                  • #10
                    Re: What would you do?: All the media in your [home|data center|office] have been sto

                    Originally posted by Nikita View Post
                    I'm still interested to know what any of you do regarding your phone and email address book/ Phone Contacts. How do you keep that info Private? How do you back it up? I have 650-ish numbers in my phone...


                    Also, XOR I don't get your answer at all.......
                    I think he's reffering to how to reclaim his stolen warez and pr0n collections
                    Never drink anything larger than your head!





                    Comment


                    • #11
                      Re: What would you do?: All the media in your [home|data center|office] have been sto

                      Originally posted by renderman View Post
                      I think he's reffering to how to reclaim his stolen warez and pr0n collections
                      That would make sense! No offense to XOR but the comment he left was way to open, i interpreted it in several different ways. I think Renders explanation is probably the most accurate.
                      "Haters, gonna hate"

                      Comment


                      • #12
                        Re: What would you do?: All the media in your [home|data center|office] have been sto

                        Originally posted by Nikita View Post
                        I'm still interested to know what any of you do regarding your phone and email address book/ Phone Contacts. How do you keep that info Private? How do you back it up? I have 650-ish numbers in my phone...


                        Also, XOR I don't get your answer at all.......
                        Ok, let me explain. Say your laptop was stolen out of your car. Was it stolen by some super secret agent man tracking you for months with the intention of trying to sell your data to Iran for millions of dollars, probably not. Was it stolen out of your car by some crack head who will sell it to the first person he sees for $5.00, more likely scenario. Will said crack head sell it to a leet hacker who will then sell your data to the Russian mob, maybe. Someone please calculate the odds of that actually happening. Or will they most likely run into some computer neophyte, n00b, tard in front of 7-11 who will then not being able to get past your password(95% of the world) format the drive and make your laptop his thus destroying all your data and your porn collection :).

                        So before freaking out and calling out the marines I would look for some trace of the information on either Google, IRC, and or USENET or other similar dark corners of the net. If not found the more likely of the scenarios probably happened and I can rest easy therefore starting a new warez and porn collection.

                        GET IT :). Just because someone steals your data, doesn't mean they know what to do with it. It's a lot like crypto, just because someone understands crypto doesn't mean they know how to code and vice a verse a. Don't be so self important, because your not. :)

                        xor

                        Make decisions based on facts, not what you think you know, assume you know, or believe you know.

                        Occam's razor, hellllllo!!!!!!
                        Last edited by xor; September 24, 2007, 18:14.
                        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                        Comment


                        • #13
                          Re: What would you do?: All the media in your [home|data center|office] have been sto

                          I'm speaking of a personal or SMB laptop of course. Obviously, you would do different stuff if it had a million SSN's or nuclear launch codes. But I would still look for some trace of the information on the net. Knowing whether or not the information is actually in the wild and or being sold for profit will help you make better decisions for you and your clients. People who steal professionally aren't going to sit on the information. They if professionals must assume that you know the information is missing and that there is a time limit on that information before access is changed. So they will most likely try and move it as quickly as possible. People steal for fun and profit. Critical data always has an expiration date.

                          xor

                          "Stop chasing the mice in your skull,"
                          Last edited by xor; September 24, 2007, 16:53.
                          Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                          Comment


                          • #14
                            Re: What would you do?: All the media in your [home|data center|office] have been sto

                            Originally posted by Nikita View Post
                            I'm still interested to know what any of you do regarding your phone and email address book/ Phone Contacts. How do you keep that info Private? How do you back it up? I have 650-ish numbers in my phone...
                            Who are you Paris Hilton :)?

                            xor

                            Many phone carriers today offer a remote wipe. Kerio Mail Server one of my favorites has a push service, with a remote wipe function to. KMS is something you can warez :)
                            Last edited by xor; September 24, 2007, 17:01.
                            Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                            Comment


                            • #15
                              Re: What would you do?: All the media in your [home|data center|office] have been sto

                              Originally posted by xor View Post
                              GET IT :). Just because someone steals your data, doesn't mean they know what to do with it. It's a lot like crypto, just because someone understands crypto doesn't mean they know how to code and vice a verse a. Don't be so self important, because your not. :)

                              xor

                              Occam's razor, hellllllo!!!!!!
                              OK, yes, It is far more likely a crack head would steal your crap versus the US or foreign Govts, however I do think it is unprofessional, unwise and plain mental to not go by the (minimums of) industry standard and some common sense and take immediate action in damage control. Report loses, change sensitive data, notify the appropriate authorities, clients, users etc. I have a pretty accurate mental recollection of what might be considered sensitive, ONLY after they get passed the drive encryption and also decrypt those particular files. I would take action on that info regardless if I thought bubba at the pawn shop or K-rad has my shit.


                              Knowing whether or not the information is actually in the wild and or being sold for profit will help you make better decisions for you and your clients.
                              You would rest easy after an empty google search?, i shiver in many not so good places at thinking someone with even mildly sensitive data of mine would do that. Perhaps I am schooled on a different level of thought. I always assume it is in the wild, think of worse case and act accordingly. There is no harm in being over reactive to a such a thing, is there? As far as wanting to pretend it didn't happen so's not to embarrass yourself in front of your clients, then that person would be a loser. I prefer someone responsible and takes swift action when presented with a mistake/failure. Your sensitive stuff should be protected anyway,(crypto/whole disk encryption) if its not you need to own up to it. There is always going to be something. If you were careful to start with the theft shouldn't take the piss out of you too much.
                              "Haters, gonna hate"

                              Comment

                              Working...
                              X