Data theft

Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers, desktop computers and a growing list of hand-held devices capable of storing digital information, such as USB flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they may feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. Alternatively, an employee may choose to deliberately abuse trusted access to information for the purpose of exposing misconduct by the employer; From the perspective of the society such an act of whistleblowing can be seen as positive^[1] and is in certain situations protected by law in some jurisdictions, such as the USA.

While most organizations have implemented firewalls and intrusion-detection systems, very few take into account the threat from the average employee that copies proprietary data for personal gain or use by another company.^{[citation needed]} A common scenario is where a sales person makes a copy of the contact database for use in their next job. Typically, this is a clear violation of their terms of employment.

Notable acts of data theft by a self-proclaimed whistleblower have been done by: Chelsea Manning, Edward Snowden and Hervé Falciani.

Data theft methods

The phrase data theft is actually a misnomer, since unlike theft the typical data theft methods typically do not deprive the owner of their data, but rather create an additional, unauthorized copy.

Thumbsucking

Thumbsucking, similar to podslurping, is the intentional or undeliberate use of a portable USB mass storage device, such as a USB flash drive (or "thumbdrive"), to illicitly download confidential data from a network endpoint.^[2]

A USB flash drive was allegedly used to remove without authorization highly classified documents about the design of U.S. nuclear weapons from a vault at Los Alamos.^[3]

The threat of thumbsucking has been amplified for a number of reasons, including the following:

• The storage capacity of portable USB storage devices has increased.
• The cost of high-capacity portable USB storage devices has decreased.
• Networks have grown more dispersed, the number of remote network access points has increased and methods of network connection have expanded, increasing the number of vectors for network infiltration.

Investigating data theft

Techniques to investigate data theft include stochastic forensics, digital artifact analysis (especially of USB drive artifacts), and other computer forensics techniques.

Wrong term

In some countries this term is incorrect. This is because it is considered theft as theft of a thing ( material object ) and information is not a thing. ^{[4] [5]}

See also

• Pod slurping
• Bluesnarfing
• Sneakernet
• Data breach

References

1. ↑ Lua error in package.lua at line 80: module 'strict' not found.
2. ↑ Lua error in package.lua at line 80: module 'strict' not found.
3. ↑ Zagorin, Adam "A breach in nuclear security." Time, April 19, 2007. Retrieved April 21, 2007
4. ↑ Código civil Argentino art. 2311
5. ↑ Código penal Argentino art. 164

External links

• USBs' Giant Sucking Sound
• Readers Weigh In: Is the IPod a Threat or a Scapegoat?