Information Technology Reference
In-Depth Information
2008 includes Spy Sweeper, CounterSpy, Spyware Doctor, and SuperAntiSpyware, which
cost in the range of $17 to $30.
39
DirectRevenue was a major distributor of adware, a form of spyware that monitors the
viewing habits of Internet users and displays targeted pop-up ads. The company received
more than $80 million in ad revenue from its clients before it eventually ceased
but failed to disclose that downloading this software would load adware as well. Once it was
installed, it was nearly impossible to identify, locate, and remove the adware. DirectRevenue
agreed to a settlement with the FTC that barred future downloads of their adware without
informed consent on the part of consumers. The firm was also fined $1.5 million.
41
Information and Equipment Theft
Data and information are assets or goods that can also be stolen. People who illegally access
systems often do so to steal data and information. To obtain illegal access, criminal hackers
require identification numbers and passwords. Some criminals try different identification
numbers and passwords until they find ones that work. Using password sniffers is another
approach. A
password sniffer
is a small program hidden in a network or a computer system
that records identification numbers and passwords. In a few days, a password sniffer can
record hundreds or thousands of identification numbers and passwords. Using a password
sniffer, a criminal hacker can gain access to computers and networks to steal data and infor-
mation, invade privacy, plant viruses, and disrupt computer operations.
In addition to theft of data and software, all types of computer systems and equipment
have been stolen from offices. Portable computers such as laptops and portable storage devices
(and the data and information stored in them) are especially easy for thieves to take. In many
cases, the data and information stored in these systems are more valuable than the equipment
and there is a risk that the data can be used in identity theft. In addition, the organization
responsible receives a tremendous amount of negative publicity that can cause it to lose
existing and potential future customers. Often, the responsible organization offers to pay for
credit monitoring services for those people affected in an attempt to restore customer goodwill
and avoid law suits.
Perhaps the worst single example in terms of number of people affected by theft of
equipment was in May 2006, when the Department of Veterans Affairs announced that a
laptop and hard drive containing some 26.5 million personal records of current and former
contained personal information. In most cases, the laptops were left in plain view where
others could see them and the data was not encrypted or protected in any manner.
•
August 2007
: The Connecticut Department of Revenue Services revealed that a laptop
containing personally identifiable data about more than 106,000 taxpayers was
missing.
43
•
September 2007
: The Gap Inc. revealed that a laptop storing personal information on
800,000 job applicants was stolen from a contractor that managed job applicant data for
the firm.
44
•
December 2007
: Laptop computers were stolen from the Davidson County, Tennessee
election office containing personal information for more than 337,000 registered
voters.
45
•
January 2008
: Horizon Blue Cross Blue Shield of New Jersey revealed that an employee
laptop containing personal information of 300,000 clients was stolen.
46
Many companies are putting into place tough measures to protect the data on laptops amid
the epidemic of thefts. These policies include the following elements:
•
password sniffer
A small program hidden in a
network or a computer system that
records identification numbers and
passwords.
Clear guidelines on what kind of data (and how much of it) can be stored on vulnerable
laptops. In many cases, private data or company confidential data may not be downloaded
to laptops that leave the office.
•
Requiring that data stored on laptops be encrypted and doing spot checks to ensure that
this policy is followed.
