Author Topic: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Ordal 
Posts: 14,016
Registered: May 24, '01
Extended Info (if available)
Real Post Cnt: 13,608
User ID: 99,636
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
A colleague of mine is writing a book chapter with Kevin Mitnick about social engineering and psychology. The way the chapter and information is presented is through an example of how Mitnick stole the source code for the Motorola MicroTac Ultra Lite by basically calling and sweet-talking or impersonating staff at Motorola from the comfort of his own home.

Considering this was at the time, extremely top of the line software that was protected by, among other things, a token system using activation codes that change every 60 seconds, how safe would you say information is at your place of residence.

 

-----signature-----
|^^^^^^^^^^^\ ||______
| flag 7.16 ACF'05 flag | ||'""|""\_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
Link to this post
Gaevren 
Title: Wat do?
Posts: 18,183
Registered: Sep 15, '04
Extended Info (if available)
Real Post Cnt: 17,906
User ID: 967,012
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Ridiculously easy.

 

-----signature-----
There are no automatic doors, just very polite ninjas
Link to this post
Immortal_Haze 
Posts: 16,105
Registered: Jan 31, '02
Extended Info (if available)
Real Post Cnt: 15,927
User ID: 639,213
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
So you're asking how hard would it be for a complete stranger to get information we have access to? Depends on the information they're trying to acquire. My job in particular, pretty hard.

 

-----signature-----
flag
"Those who have long enjoyed such privileges as we
enjoy forget in time that men have died to win them." FDR
Link to this post
Arch_Magi 
Title: The Lord of Chaos
Posts: 106,493
Registered: Oct 31, '02
Extended Info (if available)
Real Post Cnt: 102,020
User ID: 733,498
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
If the someone is me, VERY easy.

If it was someone else in the company, moderately hard.

If it was someone outside the company, fairly difficult.

Anything that gets thrown out that is on paper, gets cross cut shredded. We don't hand out ANY information over the phone and emails are pretty well regulated as well. No vendor comes into our place un-escorted and they are watched.

 

-----signature-----
(none)
Link to this post
Ordal 
Posts: 14,016
Registered: May 24, '01
Extended Info (if available)
Real Post Cnt: 13,608
User ID: 99,636
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Immortal_Haze posted:
So you're asking how hard would it be for a complete stranger to get information we have access to?


Correct, I should have specified.

Immortal_Haze posted:
Depends on the information they're trying to acquire.


let's assume it's the most sensitive information available on an important upcoming or current project.

 

-----signature-----
|^^^^^^^^^^^\ ||______
| flag 7.16 ACF'05 flag | ||'""|""\_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
Link to this post
timtheswordsman 
Posts: 14,812
Registered: Mar 1, '02
Extended Info (if available)
Real Post Cnt: 14,453
User ID: 652,472
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Someone who doesn't work for the company? Very difficult.

 

-----signature-----
(none)
Link to this post
Ordal 
Posts: 14,016
Registered: May 24, '01
Extended Info (if available)
Real Post Cnt: 13,608
User ID: 99,636
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Arch_Magi posted:
If the someone is me, VERY easy.

If it was someone else in the company, moderately hard.

If it was someone outside the company, fairly difficult.

Anything that gets thrown out that is on paper, gets cross cut shredded. We don't hand out ANY information over the phone and emails are pretty well regulated as well. No vendor comes into our place un-escorted and they are watched.


Do you ever have PEN tests or whatever they call them? Security testing? If so, how does that generally go? My impression is that they always always always get through whatever security is in place.

 

-----signature-----
|^^^^^^^^^^^\ ||______
| flag 7.16 ACF'05 flag | ||'""|""\_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
Link to this post
FineYoungCannibals 
Title: Top of the food chain
Posts: 74,939
Registered: Jul 14, '03
Extended Info (if available)
Real Post Cnt: 73,108
User ID: 822,330
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
not possible

national security level 29

 

-----signature-----
mischief FYC mischief
Link to this post
Ordal 
Posts: 14,016
Registered: May 24, '01
Extended Info (if available)
Real Post Cnt: 13,608
User ID: 99,636
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
FineYoungCannibals posted:
not possible

national security level 29


Don't briefcases get stolen from the CIA like all the time?

 

-----signature-----
|^^^^^^^^^^^\ ||______
| flag 7.16 ACF'05 flag | ||'""|""\_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
Link to this post
jonus156 
Posts: 10,613
Registered: Oct 12, '05
Extended Info (if available)
Real Post Cnt: 10,418
User ID: 1,084,426
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
easy i have about 30 credit card numbers in my notes just from the last year all they would have to do is get in the building after hours and know where i stash it.

 

-----signature-----
This thread begs the question: do the "women" of ACF use a funnel to get that much sand in their vagina or do they just slide around the beach like an angry Roomba? -deadcactus-
"I could go for some cock"--cute_but_stupid
Link to this post
Immortal_Haze 
Posts: 16,105
Registered: Jan 31, '02
Extended Info (if available)
Real Post Cnt: 15,927
User ID: 639,213
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Ordal posted:
Immortal_Haze posted:
Depends on the information they're trying to acquire.


let's assume it's the most sensitive information available on an important upcoming or current project.


I'd never say impossible, but VERY difficult. I think there'd have to be some link to someone with the access.

At my first job out of college, I met a security guy working for the DoD whose job was to infiltrate Army areas, grab really sensitive data and then make a report about the steps he went through. He said he'd go into highly classified exercises, pretend to be a civilian technician or something, get Army guys to log in for him and he'd download craploads of stuff and bounce out lol. Pretty interesting stuff.

 

-----signature-----
flag
"Those who have long enjoyed such privileges as we
enjoy forget in time that men have died to win them." FDR
Link to this post
Arch_Magi 
Title: The Lord of Chaos
Posts: 106,493
Registered: Oct 31, '02
Extended Info (if available)
Real Post Cnt: 102,020
User ID: 733,498
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Ordal posted:
Arch_Magi posted:
If the someone is me, VERY easy.

If it was someone else in the company, moderately hard.

If it was someone outside the company, fairly difficult.

Anything that gets thrown out that is on paper, gets cross cut shredded. We don't hand out ANY information over the phone and emails are pretty well regulated as well. No vendor comes into our place un-escorted and they are watched.


Do you ever have PEN tests or whatever they call them? Security testing? If so, how does that generally go? My impression is that they always always always get through whatever security is in place.


Penetration Tests?

Yes, every couple years. We go the "black box" route, which is the best way, IMO.

And yes, no system, aside from having your network in a Faraday cade and not hooked to the net, is perfect. It's a lot like fire proof ratings on a safe. They all eventually fail, it's just the amount of time before it does.

 

-----signature-----
(none)
Link to this post
Steelwind_Oo 
Title: Lurking Oo
Posts: 32,879
Registered: Sep 30, '00
Extended Info (if available)
Real Post Cnt: 31,007
User ID: 46,829
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Gaevren posted:
Ridiculously easy.
Yup, I have been preaching data security for years now and now that I'm doing PCI compliance they all act friggin surprised when all the crap I have been telling them for like ten years is required and suddenly they have to do it before they can get signed off.

 

-----signature-----
'God is an imaginary friend for grownups.', Walter Crewes (Morgan Freeman), The Big Bounce
Don't be afraid to ask dumb questions they're easier to handle than dumb mistakes!
Xbox 360 Gamer Tag: SteelwindOo
e93% a53% s33% k13%
Link to this post
jonus156 
Posts: 10,613
Registered: Oct 12, '05
Extended Info (if available)
Real Post Cnt: 10,418
User ID: 1,084,426
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
and now it would be hard i just sent my note book through the paper shredder

 

-----signature-----
This thread begs the question: do the "women" of ACF use a funnel to get that much sand in their vagina or do they just slide around the beach like an angry Roomba? -deadcactus-
"I could go for some cock"--cute_but_stupid
Link to this post
Aethelgrin 
Posts: 11,938
Registered: Dec 20, '01
Extended Info (if available)
Real Post Cnt: 11,717
User ID: 563,732
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Yeah...there's no such thing where I work. What do you want to know?

 

-----signature-----
"It's not your welcome. You don't have a welcome. It's, "you are welcome." - Malik_Gynax
"My welcome! MINE!!" - .Sylva.
"I thought men had belly buttons and women had vagina's instead" - Element_X
Link to this post
Terminius_Est 
Title: Moon River
Posts: 40,732
Registered: Feb 27, '02
Extended Info (if available)
Real Post Cnt: 40,160
User ID: 651,096
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
First you'd need to get in the office somehow. That's probably not too hard but you'd need to bamboozle somebody into letting you in without a badge.

Then you'd need to find a computer that's not being used in an empty office. That's not too hard either but if somebody notices a stranger messing around with a computer, you might get confronted.

If you know what you're doing and are prepared, you could boot up the computer off of a memory stick and get it to boot up with you as the administrator.

After that, you can find out a lot because usernames and some data is on the pc's. No data or usernames are on the Linux workstations though, it will take more work but once you're in, we can't keep you out.

You can't keep a really knowledgeable determined person out of any system. You can just throw up a lot of roadblocks to slow him down.

 

-----signature-----
There is no emotion, there is peace. There is no ignorance, there is knowledge.
There is no passion, there is serenity. There is no chaos, there is harmony.
There is no death, there is the FORCE.
Sci/Fi Bookshelf http://tinyurl.com/2z8u9h
Link to this post
Ordal 
Posts: 14,016
Registered: May 24, '01
Extended Info (if available)
Real Post Cnt: 13,608
User ID: 99,636
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Terminius_Est posted:
First you'd need to get in the office somehow. That's probably not too hard but you'd need to bamboozle somebody into letting you in without a badge.

Then you'd need to find a computer that's not being used in an empty office. That's not too hard either but if somebody notices a stranger messing around with a computer, you might get confronted.

If you know what you're doing and are prepared, you could boot up the computer off of a memory stick and get it to boot up with you as the administrator.

After that, you can find out a lot because usernames and some data is on the pc's. No data or usernames are on the Linux workstations though, it will take more work but once you're in, we can't keep you out.

You can't keep a really knowledgeable determined person out of any system. You can just throw up a lot of roadblocks to slow him down.


So basically someone would just need to come at night and con one of the janitorial staff lol

 

-----signature-----
|^^^^^^^^^^^\ ||______
| flag 7.16 ACF'05 flag | ||'""|""\_,
| _____________ l ||__|__|___|)
|(@(@)""""""""**|(@)(@)***|(@)
Link to this post
Immortal_Haze 
Posts: 16,105
Registered: Jan 31, '02
Extended Info (if available)
Real Post Cnt: 15,927
User ID: 639,213
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Ordal posted:
So basically someone would just need to come at night and con one of the janitorial staff lol


Social engineering is one of the most dangerous risk to sensitive systems. Even on closed systems, you can't protect against stupid decisions from people that have access to those systems.

 

-----signature-----
flag
"Those who have long enjoyed such privileges as we
enjoy forget in time that men have died to win them." FDR
Link to this post
Tai-Daishar_MT 
Title: Moderator
Troll Eradicator

Posts: 18,124
Registered: Mar 9, '00
Extended Info (if available)
Real Post Cnt: 16,150
User ID: 14,326
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Gaevren posted:
Ridiculously easy.


This, and considering what I do and the material available, this should concern people quite a bit.

 

-----signature-----
Fare thee well VN, Vini, Vidi, Vici!
Link to this post
-Ducky- 
Posts: 19,595
Registered: Jun 1, '01
Extended Info (if available)
Real Post Cnt: 19,341
User ID: 143,553
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Easy. Everything is public record. They just have to ask for it. nerd

 

-----signature-----
Love is better than anger. Hope is better than fear. Optimism is better than despair.
So let us be loving, hopeful and optimistic. And we’ll change the world. ~ Jack Layton
Link to this post
-Abysmal- 
Posts: 21,891
Registered: Dec 20, '00
Extended Info (if available)
Real Post Cnt: 21,218
User ID: 59,638
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
pathetically easy...i work within the Department of Justice

 

-----signature-----
Now i LIVESTRONG
GO PATRIOTS
Yankees SUCK!
devil I wish AC looked better, I miss it
sad I love you forever Jamie
Link to this post
gatzby 
Title: Insanity Personified
Posts: 5,770
Registered: Jul 26, '01
Extended Info (if available)
Real Post Cnt: 4,742
User ID: 281,513
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
With PCI compliance at my company, pretty difficult.

You have to enter a 15 digit password just to take a crap around this place.

 

-----signature-----
Radio Shack TRS 80 | 640k | 5.25 Drive INTEGRATED!
A stretched thread = A useless thread
Link to this post
deadcactus 
Posts: 38,266
Registered: Dec 27, '01
Extended Info (if available)
Real Post Cnt: 37,437
User ID: 577,555
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Street gangs steel explosives and automatic weapons from military bases regularly. I don't care how hard you and your security team felate each other, your system is little more than an nuisance. The only thing that keeps anything safe is the trade off between effort and reward...

 

-----signature-----
'member dat?
True dat.
Link to this post
Lynea 
Title: Dances with Trolls
Posts: 82,344
Registered: Jul 26, '01
Extended Info (if available)
Real Post Cnt: 80,243
User ID: 280,742
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Someone off the street? At least somewhat difficult. I work in a DoD facility that has Top Secret restricted areas. For someone who works there, I don't think it would be hard at all.

 

-----signature-----
http://www.thebreastcancersite.com/
"It's crazy that the board newbies think I am a Liberal and B_T is a neo-con." - Gustaive_MT
"God left a very clear instruction to Adam. The ****head couldn't even follow that." - -Abednego-
Link to this post
Stormyblade 
Posts: 5,965
Registered: Dec 20, '01
Extended Info (if available)
Real Post Cnt: 5,929
User ID: 559,323
Subject: If someone wanted to steal sensitive information from your workplace, how easy would it be?
Intel takes it's secrets VERY seriously. There's lots and lots of layers of firewalls, blocked ports, blocked websites. Hell, many of the pictures that get posted in the threads here show up only as a red X on my computer.

There are security cameras and badge access everywhere - more in the areas that are more sensitive. My wife has 4 different badges to get her into specific areas. Even myself, as an employee, find myself very limited and very restricted on places I can go and things I can see and I don't even work in the super-secret fab.

So, if you were someone from the outside trying to steal the secrets on how to build the high-K dielectrics on a transistor, I'd say good luck.

 

-----signature-----
Nothing to see here...
Link to this post

Valid XHTML 1.0 Transitional Powered by PHP