Corporate Security… Are you listening?
BANGALORE: Just a month ago, a Bangalore-based construction company lost a multi-crore tender by a thin margin. Baffled company officials vowed there was no way the rival firm could have come so near to their bid.
Soon, investigation proved them right and it was found the tender documents were leaked. The company was in a dilemma to find the mole. Only a few persons were aware of the tender details and they were the mosttrusted ones. Also, such an incident had never happened in the company.
Computer forensic tests revealed somebody had accessed the Universal Serial Bus (USB) port to download the tender documents. What surprised the company’s top heads was that one of their employees had used his iPod to download the data.
The data was then passed to the rival company for a price and to evade detection, the file was promptly deleted from the iPod. Investigators , however, retrieved it using advanced data-recovery software.
In another case, an IT company had to face serious problems after its software source code was stolen. On investigation, it was revealed an iPod was used to steal the code. Such data is quickly used by pirates to make cheaper and unreliable copies of original software.
In both cases, complaint was not filed either with jurisdictional police or with the CoD’s cyber crime cell.
“I cannot name the company as I am bound by a non-discloser agreement . Not lodging a complaint was a conscious decision. After a call centre , which had an account in an international bank, lodged a complaint, there was concern about safety of the data in India. It can happen everywhere ,” said Murali Mohan, the advocate representing the firm.
Data theft has been there for a long time. What is new is the use of iPods to steal sensitive information. “We thought iPod was used only to download and listen songs, but as an external storage device holding any file type, iPods or other MP3 players have storage capacity between 1 GB and 80 GB. That is sometimes more disk space than conventional PCs. iPods can be easily misused,” he explained.
Even the companies have erred in their security arrangement to protect data in office. While devices like laptops, palmtops, electronic notepads, pen drives and bluetooth mobile phones are prohibited in such areas, iPods and MP3 players are not banned. “A day after discovering that an iPod was used for theft, I entered the same office with an iPod. Nobody stopped me,” laughed Murali Mohan.
As per law, the employee could be charged under section 43 and 66 of the IT Act. The person may be imprisoned for three years and will have to pay Rs 2-lakh fine or both in some cases.
[ source: Times of India ]