Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers,

desktop computer A desktop computer (often abbreviated desktop) is a personal computer designed for regular use at a single location on or near a desk due to its size and power requirements. The most common configuration has a case that houses the power supply ...

s and a growing list of hand-held devices capable of storing digital information, such as USB flash drives,

iPod The iPod is a discontinued series of portable media players and multi-purpose mobile devices designed and marketed by Apple Inc. The first version was released on October 23, 2001, about months after the Macintosh version of iTunes ...

s and even digital cameras. Since employees often spend a considerable amount of time developing contacts, confidential, and copyrighted information for the company they work for, they may feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. Information can be sold and bought and then used by criminals and criminal organizations. Alternatively, an employee may choose to deliberately abuse trusted access to information for the purpose of exposing misconduct by the employer. From the perspective of the society, such an act of whistleblowing can be seen as positive and is protected by law in certain situations in some jurisdictions, such as the USA. A common scenario is where a sales person makes a copy of the contact database for use in their next job. Typically, this is a clear violation of their terms of employment. Notable acts of data theft include those by leaker Chelsea Manning and self-proclaimed whistleblowers

Edward Snowden Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...

and Hervé Falciani.

Data theft methods

Thumbsucking

Thumbsucking, similar to podslurping, is the intentional or undeliberate use of a portable

USB mass storage device The USB mass storage device class (also known as USB MSC or UMS) is a set of computing communications protocols, specifically a USB Device Class, defined by the USB Implementers Forum that makes a USB device accessible to a host computing devi ...

, such as a USB flash drive (or "thumbdrive"), to illicitly download confidential data from a network endpoint. A USB flash drive was allegedly used to remove without authorization highly classified documents about the design of U.S. nuclear weapons from a vault at Los Alamos. The threat of thumbsucking has been amplified for a number of reasons, including the following: *The storage capacity of portable USB storage devices has increased. *The cost of high-capacity portable USB storage devices has decreased. *Networks have grown more dispersed, the number of remote network access points has increased and methods of network connection have expanded, increasing the number of vectors for network infiltration.

Data Leakage

Data leak is part of insider attack that accidental or unintentional data loss because of specific circuit stances.

Investigating data theft

Techniques to investigate data theft include stochastic forensics, digital artifact analysis (especially of

USB drive A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...

artifacts), and other

computer forensics Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensical ...

techniques.

References

External links