SEC Workers Fail to Encrypt Computers with Sensitive Information
November 9, 2012 9:12 AM
comment(s) - last by
Sources say workers involved are being disciplined
With the myriad
high-profile hacks and attacks on government and corporate computer systems around the world
, it's easy to believe that the U.S. federal government and its many arms would do all they can to keep its networks secure. However, that is not always the case.
reports that workers at the U.S. Securities and Exchange Commission failed to encrypt some of their computers that contained highly sensitive information from stock exchanges. The failure to encrypt the information left data vulnerable to cyber attacks according to people familiar with the situation.
The computers left unencrypted reportedly belonged to a small number of employees in an office within the SEC Trading and Markets Division. That particular division is tasked with ensuring that various stock exchanges follow guidelines to protect the markets for potential cyber threats and system problems.
That makes it incredibly ironic that the employees tasked with ensuring systems are protected from cyber threats would leave their own computers unprotected.
Some of the staffers are known to have taken the unprotected computers to a
Black Hat convention
where computer hackers gather. There is no clear indication of why the staffers would have taken unencrypted and unprotected computers into the hackers den.
The SEC insists that no data was breached from the insecure computer systems. However, the SEC was forced to spend around $200,000 to hire a third-party firm to conduct a thorough analysis to come to that conclusion.
This article is over a month old, voting and posting comments is disabled
Encryption is a Joke
11/30/2012 7:36:40 PM
Encryption of hard drives is a joke. It is only effective when the computer is powered off. While the computer is on, the decryption keys are stored in memory and are used to decrypt any data read from the hard drive. The keys can be hacked to decrypt the entire drive.
Meanwhile the encryption will clog up the performance of your hard drive and make everything more sluggish.
And this is all to protect against someone saving/keeping confidential data on a laptop and then losing the laptop.
Confidential data should never be kept on a laptop. It could be presented on a laptop through an encrypted connection to a server in a data center, but should never be stored on the laptop.
This whole model of encrypting down to the user device is outdated by about 8 to 10 years. Even if these employees complied with the policy...nothing is protected.
All of these encryption corporate policies come from a legal liability standpoint. The problem is legal teams are not technical and are always way behind the curve. The idea is to argue that if a laptop is stolen or lost, that the company is not responsible for any data lost, because it was all encrypted and thus "secure."
This is far from being reality, but it sounds good enough for a legal defense. Despite all of the productivity that it kills. In reality, there is about a 1 in 10 million chance that someone who steals a laptop is going to go searching the hard drive so some crucial corporate secret that just happens to be stored on it...as opposed to just sell it for a quick fix.
Cross this probability with the likelihood that the person using the laptop was smart enough to actually have access to something really important and/or dumb enough to save a whole bunch sensitive data to their laptop...and you have a snowball's chance in the sun for anything of significant value being stolen and captured.
All across Coporate America, these encryption policies are being put or have alredy been put into place...So even if people wanted to get some work done...their laptop will ensure that they get the least possible amount of work completed.
"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
Amid Recent Cyberattacks, Senate Poised to Revive Cybersecurity Bill
November 1, 2012, 2:37 PM
Apple to Break Its Vow of Silence on Security Issues at Black Hat
July 25, 2012, 7:37 AM
LinkNYC Terminals to Blanket New York City With Free WiFi, Free Calls, and Ads
November 17, 2014, 6:50 PM
Microsoft is Open-Sourcing Most of .NET, Adding OS X and Linux Support
November 12, 2014, 8:27 PM
Home Depot Lost 53 Million Emails, Blames Windows, Buys Execs New Macs
November 9, 2014, 5:00 PM
Former NSA Lawyer: If Google, Apple Encrypt User Data, They’ll Wither on the Vine Like Blackberry
November 6, 2014, 12:15 PM
Report: AT&T Eyeing $40B DirecTV Purchase
May 1, 2014, 8:00 AM
WebOS Class Action Settlement Costs HP $57 Million
April 1, 2014, 10:22 AM
Most Popular Articles
WSJ Report Implies That Google Leveraged Lobbying to Kill Antitrust Abuse Probe
March 25, 2015, 5:37 PM
Texan WISP Owner With Colorful History Sues to Block FCC Net Neutrality Rules
March 24, 2015, 1:19 PM
Samsung, Dell, Pegatron to Preinstall Microsoft Office 365 on Android Devices
March 23, 2015, 4:02 PM
Half a Billion Dollars of U.S. Weaponry May be Lost to al-Qaeda, Rebels in Yemen
March 23, 2015, 2:12 PM
NVIDIA's Latest Windows 10 Drivers: Still Too Unstable For Primetime
March 24, 2015, 4:45 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information