According to the Stars and Stripes, more than 900 students at Ramstein Intermediate School (Germany) were affected when five USB memory sticks were stolen from an unlocked vehicle. It’s being investigated whether encryption software like AlertBoot was used to secure the information, and whether the flashdrive device was authorized to be used on government computers.
US Data Breach in Germany
When one hears of Americans’ data being breached in another country, network hacking activities tend to come to mind. However, today’s “flat world” can result in local data breaches that involve information from another region. The Ramstein Intermediate School breach above is such a case.
The US has military bases all over Germany, a vestige of the current lone-superpower’s NATO support activities. Military bases contain military personnel (duh), many who have spouses (duh), with many also having children (duh). So, some of the larger bases tend to have schools ranging from pre-K through high school, which is weird when you first see it. But you get used to it, especially after you see a golf course in a military installation.
More surprising than schools and golf courses in a military base, however, is the use of unsecured USB disk and other portable digital data storage devices. The US military has issued directives, time and again, limiting the use of memory sticks and other easily-stolen (or lost) devices. At one point, it even banned the use of memory sticks completely.
Apparently, that particular ban has been relaxed a bit since I first heard of it in 2008 — or perhaps it doesn’t apply to civilian branches of the military, seeing how this is a school for kids — but that doesn’t mean the DOD has relaxed its stance on data security:
The Defense Department has strict guidelines for the usage of removable media devices, prohibiting, among other restrictions, the use of personal thumb drives on government computers.
[DOD Dependents Schools-Europe spokesman Bob] Purtiman said officials were trying to determine whether the data on the thumb drives was protected by encryption, and whether the devices were personal or government-owned. [stripes.com]
In a sense, the investigation feels like overkill: the only difference between this data breach and the hundreds of similar student data breaches is the fact that, in this particular case, the students are in a military base.
On the other hand, the breach does point to holes in how the DOD’s directives are being (or not being) implemented.
Automatically Encrypting USB Sticks
Problems like the above are why AlertBoot has the option to encrypt USB sticks when they’re popped into an encrypted computer. One of the more common blind spots when it comes to laptop encryption is the fact that the protection does not extend outside the laptop. If you send an email with a file attachment, burn a CD or DVD, or send files to an external hard drive, those digital copies are not protected by the full disk encryption already existing on the laptop.
I almost make it sound like laptop encryption on its own is useless, but that’s not the case at all. Surveys show that loss or theft of laptops tend to account for more than half of all data breach instances. However, such security loopholes are admittedly a present danger. Bradley Manning used CDs to leak classified data to WikiLeaks, for example.
Thus AlertBoot’s automatic USB encryption. With this setting turned on, any external storage devices (including smartphones and iPods and whatnot) that are connected to an encrypted computer will also be automatically encrypted. It follows to reason that if a computer was encrypted, anything that’s being copied off of it should be encrypted, too.
It’s one of the aspects that makes AlertBoot such a great disk encryption service, aside from the TCO aspects or ease of use.
Related Articles and Sites: