Top Secret German Police Hard Drive Sold Over Ebay For 20 Euros

Newmarket, 5th April 2005 – This week’s “Spiegel” – one of Germany’s leading weekly papers has revealed that a computer hard drive with confidential data from the Brandenburg police in Germany has been auctioned over eBay for a mere 20 Euros. The used hard drive with 20GB capacity contained, according to Spiegel, internal alarm plans on how the Police should handle “specific incidences” such as hostage or kidnapping situations, gave contact names of who to contact in the crisis management group as well as tactical orders and analysis of political security situations. Such information is declared strictly confidential and is available only to top level people of the intelligent services, the head of police, and the executive group around the Minister of Interior Sch?¶nbohm. After one student from the city of Potsdam bought it for 20 Euros, without knowing about the sensitive content, Minister J?¶rg Sch?¶nbohm immediately initiated an investigation, to find out how the information got sold over eBay and whether the blame was down to a third party or leaked as part of a criminal act.

This oversight by the Brandenburg Police is not the first time a hard drive sold over eBay has triggered a security breach and publicly exposed an organisation. Last summer, Pointsec who are mobile security specialists, conducted research to find out how many hard drives they could buy over eBay containing sensitive company information to prove the point that very few companies thoroughly wipe clean or re-format their discs before disposing of them. They were surprised that the first one they bought over eBay for as little as eight euros contained the access & log-in codes to a major financial services group.

Pointsec found that they were able to read 7 out of 10 hard-drives bought over the Internet at auctions such as eBay, for less than the cost of a McDonald’s meal, all of which had “supposedly” been “wiped-clean” or “re-formatted”.

In Sweden the first laptop Pointsec purchased at auction, contained sensitive information from a large food manufacturer. When the hard disc was analysed they found 4 Microsoft Access databases containing company and customer related information, 15 Microsoft PowerPoint presentations containing highly sensitive company information and 1512 JPG pictures of both a company and private nature.

Peter Larsson, CEO of Pointsec Mobile Technologies said “Our research last summer showed how easy it is to purchase hard-drives at internet auctions such as eBay and access the information on them. Even when companies or individuals believe they have wiped the hard drive clean, it is blatantly clear how easy it is to retrieve sensitive information from them both during their current lifetime and beyond it. This week’s exposure of leaked and highly critical information from the Brandenburg police in Germany reinforces how important it is to never let mobile devices or hard drives leave the office without being adequately protected with encryption and strong password protection – even after they have been discarded.”

If you want to ensure your information always stays secure even after you’ve discarded your computer or mobile device then Pointsec Mobile Technologies suggests you follow these few simple steps.

1. Be aware that desktops can go mobile at different points in their lifetime and therefore you need to be stringent about keeping them secure and encrypted throughout their entire lifetime.

2. Make sure you keep tabs on desktops when they get repaired or upgraded as they often can get mislaid or lost when out in the “wild”.

3. If the data on your old equipment is not encrypted make sure that before you dispose of the device re-format it at least 8 times, or use professional “wiping-clean” software to erase the data. If the information is very sensitive and you want to ensure that not even the cleverest hacker will ever be able to read the old hard drive burn it!

4. Don’t ever rely on mobile workers to secure their mobile devices as most will not bother with the security features. Therefore, make passwords, access codes and encryption mandatory and centrally manage it.

5. Administer a mobile use policy, which sets up company guidelines on securing mobile devices and educate the staff in this policy.

About Pointsec
Pointsec is the worldwide de facto standard for mobile device security – with the most customers deployed, highest level of certification, and more complete device coverage than any other company. Pointsec delivers a trusted solution for automatic data encryption that guarantees proven protection at the most vulnerable point where sensitive enterprise data is stored – on mobile devices. By securing sensitive information stored on laptops, PDAs, smartphones, and removable media, enterprises and government organizations can protect and enhance their image, minimize risk, shield confidential data, guard information assets, and strengthen public and shareholder confidence. Pointsec’s customers include blue chip companies and government organizations around the world. Founded in 1988, Pointsec AB is a wholly owned subsidiary of Protect Data AB, publicly traded (PROT) on the Stockholm stock exchange. The company has four U.S. offices and 11 EMEA offices. Visit our web site at: www.pointsec.com.