Sometimes, it’s not the use of data security tools like hard drive encryption that protect you. Sometimes, it’s doing nothing that can protect you. Take the case of the unasked-for laptops.
The FBI is currently investigating why unsolicited laptops were sent to US governors. The Governor’s Office in West Virginia received five laptops, for example; nobody at the office ordered them, though, and there was no explanation on why they were sent. According to the article at computerworld.com, the same thing happened at ten other states.
It’s believed that the computers may contain malicious code (unconfirmed so far). The idea is that the, ahem, “benefactor” may have sent the free laptops in the hope that government officials would just take the free swag and use them. If that had happened, there is the distinct possibility that the computers would be used within the workplace, and that’s when the malicious code–be it Trojans, viruses, or whatever–would be able to breach any security in the workplace.
In a sense, the computer is the Trojan. (It would have been highly symbolic if the computers were branded with a horse logo, like the Acer Ferrari laptop series.)
The plan, assuming using the laptops as a Trojan horse was the plan, failed. It looks like government officials are not venal as they’re portrayed…well, pretty much everywhere. Officials decided that this was just too suspicious, and got in touch with the FBI, who are investigating the issue.
Not only are they looking to confirm the presence of malware on the computer, they’ve gotten in touch with the computer manufacturer to see if they can provide any leads.
So far, I’ve neglected to mention that all the computers were HP-branded. Personally, I don’t see how it would be relevant…unless this happens to be some kind of weird marketing campaign by the computer maker, which it’s not.
HP has admitted to knowing that there have been attempts at fraud linked with such shipments, and that they’re cooperating with the law enforcement to get to the bottom of the issue. My own assumption is that whoever is doing this probably decided to buy the machines in bulk, and that’s why they’re all HP computers.
Officials did the right thing by being suspicious and not using the computers. Personally, being slightly paranoid, I may have wondered if the computers were rigged to blow up (similar to what the now-imprisoned Unabomber may have done), and not turned them on.
As they say, you want the right tools for the job. If you’re looking for data security, generally you use a firewall (for on-line attacks) and encryption software (for off-line theft), among other tools of the trade. But best tool of all, bar none, is the use of commonsense.
Related Articles and Sites: