630,000 Laptops Lost at Airports Each Year

Another amazing statistic - across 46 states in USA there were more than 630,000 laptop computers reported lost in the past year. That’s more than 12,000 a week. And when you consider that most people still keep documents on their laptop computer when they travel they haven’t just lost a piece of hardware, they’ve potentially lost control of private and confidential documents.

What can you do?

airport1 Laptops can be insured. Anyone who carries a laptop around for work would have it insured, it’s just a cost of doing business. Nothing new here.

As for the documents stored on them, delete them before you travel!. If this sounds extreme then you need to wake up and realise what’s happening in the world.

At many airport security checkpoints customs officers now have the authority to look at the contents of your laptop’s hard drive before they let you board the plane or enter a country. And they don’t always just "look" - sometimes they make a copy of your hard drive so they can look more closely at a later time. Is this legal? Yes, in some places (including most US airports today). Read more about this in this article.

So you now have two reasons to delete all documents from a laptop before travelling:

  1. You could lose your laptop (like 630,000 other people each year in one country alone).
  2. You could be asked to hand over your laptop’s data to customs officers.

What a lot of large organisations do these days is hand their employees "clean" laptops that have no documents on them. Employees are given VPN access, so when they arrive at their destination they can access their office network and carry on with their regular work. If you’re new to the concept of a VPN read our previous article on its benefits. Another trick is to carry your files on a USB flash drive, and hide it in your wallet or luggage. This could be encrypted as well for security, in case you lose it.

Whole disk encryption is another technology that can help you with lost laptops. Whole disk encryption makes the entire contents of the laptop useless without a password. There’s no known way to recover the data. There are still two risks with this method:

Now if you’re thinking that your laptop needs a password to startup and that this is enough to stop people, remember that the files on your laptop’s hard drive can be copied without a password. You just need to pull out the hard drive (easy to do with laptops). Whole disk encryption is the only effective password protection for laptops.

airport2 And while we’re talking about travelling now’s a good time to remind you not to trust free or hotel wireless networks. You never know who’s monitoring the network traffic (read our previous article on this).

Read the study on lost laptops here, sponsored by Dell.

So in summary:

Don’t use old browsers

A new report has concluded that 637 million people are using out of date web browsers. This is bad.

expired Old web browsers have security flaws and vulnerabilities. You’re meant to update your web browser to the latest version because the developers have worked hard to patch it and fix up security holes. And in almost every case an upgrade is completely free. Why would anyone choose to use an old browser?

There are no legal obligations to upgrade a web browser but with this many people ignoring the very simple task of upgrading maybe it’s time for something to change. Now’s a good time to check for updates (the option is often in the Tools menu of the browser you’re using right now).

The report is here.

New Fraud Statistics

Sometimes it’s hard to believe these statistics, the numbers are so large. The Australian Bureau of Statistics has finished their first survey of personal fraud. Their findings are that 800,000 Australians fell victim to fraud in some way.

453,100 of those lost money, for a total of $977 million. That’s a lot of people and a lot of money for a rather small population.

329,000 Australians lost money after responding to lottery scams and other phishing related scams.

A lot of people keep falling for scams. The best thing you can do is help them become aware of what scams and fraud tricks are being used. Remember that you can always subscribe to Fraudo.com by email or with an RSS reader.

Nigerian 419 Scams

How much money do you think Australians send to Nigerians because of the old Nigerian 419 scam? (Keep in mind that Australia has a small population of 21 million)

wallet The answer is millions of dollars.

This very interesting interview with the head of the Queensland Police Corporate Crime Investigation Group (what a long title) discusses these scams and provides some interesting details.

People who fall for these scams often don’t report it, and in many cases repeatedly fall for these scams. Watch the video, discuss it with your friends, family and colleagues, and help raise awareness of this particular kind of scam. You can also read this article on how Nigerian scams work.

Link to video.

AusCERT Survey

look An Australian security organisation called AusCERT has conducted a survey and come up with the following results. I’ve added my own comments on the right.

Survey Results Comments
84% of respondents use the internet for banking 84% of internet users have something to lose if they’re not careful.
5% have used a neighbour’s unsecured wireless internet This is not only illegal but they’re using an untrusted network
11% never update their operating system Updates exist to patch known vulnerabilities, so these 11% of people have computers that can be hacked
8% never update their anti-virus software New viruses are discovered every day so these people are at greater risk
23% have malware infections on their computer Malware such as spyware and internet banking don’t go well together (i.e. this is how criminals steal money). Malware is always a bad thing to have on your computer. Do something about it.
68% are confident or very confident with computer security The other 32% should be reading FraudO.com

The full survey results have been published here. It’s an interesting read, especially seeing the reasons why some people don’t use anti-virus and anti-spyware software.

Malware Statistics

Symantec, a  large security company, have reported that there are now more malware writers than legitimate software writers.

They state that 65% of the 54,609 Windows applications released to the public in the past 6 months were malicious.

Another interesting statistic from this report is the percentage of browser plug-in vulnerabilities:

What this means is that by disabling ActiveX from your web browser (Internet Explorer) you can avoid 79% of web browser plug-in attacks. Here’s an article on how to disable ActiveX.

As for the other types of plug-ins, keep them patched and up to date to reduce the risk of infecting your computer.

Here is Symantec’s internet security report.

3.6 Million People

crowdGartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

Some tips you might find useful to avoid being of of these 3.6 million people:

eBay Fraud

eBay fraud is rampant in Romania, Russia and China. In fact, eBay says that the majority of all eBay phishing emails comes from these countries.

Mark Lee is the trust and safety manager for eBay UK and he’s made the following comments:

There have been several hundred arrests in Romania after eBay initiated a campaign to stop fraud, in June 2007. But this hasn’t stopped them and it’s still rampant in these parts.

Techniques used by these criminals include asking eBay shoppers for personal details (when people bid or ask questions on the site) - this is known as phishing and the personal details are later used to commit other crimes.

If you use eBay to buy or sell goods have a read here [ http://pages.ebay.com/securitycenter/ ] for tips and tutorials on eBay security. And continue to read FraudO.com for online security tips.

Statistics on Malware

Some new statistics on how widespread malware has become. This research comes from Google’s Anti-Malware team (full document is here)

That’s 3 million web pages that will attempt to install some form of malicious code on your computer.

With things this bad you’d be crazy to use the internet without some kind of web filtering. This is different to virus scanning. Web filtering scans each web page before your web browser loads it, looking for things like phishing and malicious code.

All of the big antivirus products include web filtering these days, it’s a good investment if you haven’t purchased one already.

Fraud Statistics

The US Federal Trade Commission (FTC) has released a report showing some statistics on fraud for 2007. These statistics come from people who report incidents of fraud to them, so it’s really limited to USA. The problem worldwide would be much much worse.

The top 20 complaint categories were:

Rank    Category    Complaints

  1. Identity Theft    258,427
  2. Shop-at-Home/Catalog Sales    62,811
  3. Internet Services    42,266
  4. Foreign Money Offers    32,868
  5. Prizes/Sweepstakes and Lotteries    32,162
  6. Computer Equipment and Software    27,036
  7. Internet Auctions    24,376
  8. Health Care Claims    16,097
  9. Travel, Vacations, and Timeshares    14,903
  10. Advance-Fee Loans and Credit Protection/Repair    14,342
  11. Investments    13,705
  12. Magazines and Buyers Clubs    12,970
  13. Business Opportunities and Work-at-Home Plans    11,362
  14. Real Estate (Not Timeshares)    9,475
  15. Office Supplies and Services    9,211
  16. Telephone Services    8,155
  17. Employ. Agencies/Job Counsel/Overseas Work    5,932
  18. Debt Management/Credit Counseling    3,442
  19. Multi-Level Mktg./Pyramids/Chain Letters    3,092
  20. Charitable Solicitations    1,843

That’s 258,427 cases of identity theft in one year, in one country! The total fraud losses recorded in this report totals more than $1.2 billion. The full report is here.

Only 5% of Windows PCs are fully patched

A recent survey by a security company called Secunia shows that only 5% of computers are fully patched. The other 95% are running insecure software.

pie_chart It’s important to patch all of your software. This includes the operating system itself (e.g. Windows, Mac OS, Linux), your web browser (e.g. Internet Explorer, Firefox), and all your applications. And of course in an office environment patches should be carried out by IT administrators (complete with backups).

This serves as a gentle reminder to our previous post on patching. Read Secunia’s article here.

Can Apples be more secure?

camoThe US Army has been upgrading their servers and workstations to Macs and are claiming they’re harder to hack (i.e. they’re more secure).

The primary reason they state is that fewer attacks are written for Macs than for Windows. This seems true for now.

One common weakness between all operating systems (Mac, Windows, Linux, etc) is the user. People can be tricked into clicking on things or carrying out other hazardous tasks no matter what computer they use (this is where security education comes in).

More details here.

Using Unsecured Wireless Networks

Sophos (a large IT security company) recently conducted a survey of 560 people. 54% of them admitted to using someone else’s wireless network without permission. That’s more than half the respondents. Why should you care?

If you have a wireless network that isn’t well secured then:

aerials The most important reason of these is how easy it makes it for someone to use your network to commit crimes. Imagine being involved in a child pornography investigation, or having your internet disconnected because your network was used to send millions of spam emails.

I’ve written before on how to secure a wireless network and if you haven’t done so it’s worth reading through here.

If you’re in the 54% of people who wouldn’t think twice of using someone else’s wireless network without permission then you should know that:

So the message here is to secure your wireless network, and don’t use other people’s wireless networks without permission.

Statistics Update

Secured CDA quick update about online crime.

In Italy, 26 people were recently arrested for taking part in running phishing sites (web sites that look like bank sites (for example) but are designed to capture your account number and password). Two of these people have already been sentenced (5.5 - 6 years prison). It’s important to realise how common this problem is in the world.

And a short while ago I wrote about some important disks that were lost by the British government, containing personal data on 25 million people. That incident received a lot of press coverage and it’s not an isolated case. This stuff happens frequently, like in Northern Ireland. Two CDs were lost this week by one of their government agencies containing personal data on 6000 residents. These disks were not encrypted, as the previous case. Full article here.

Then in California a laptop was stolen containing personal information on 45,000 patients of Sutter Lakeside Hospital. Again the data was not encrypted, making it all too easy for anyone to use this personal information as they see fit. I recently wrote an article on protecting laptops when used to take home work. Full press article here.

Some lessons to be learnt are: