Network Endpoint Security News - Watch Your End

Gary Min a scientist who worked at DuPont for 10 years, focusing on research involving a type of high-performance film, had covertly used DuPont’s computer systems to steal trade secrets valued at more than $400 million shortly before joining a rival company.

According to the court records, Min pleaded guilty in November to stealing proprietary data from DuPont by illegally downloading or accessing thousands of documents stored in an electronic library. Min, is scheduled to be sentenced March 29 and faces a maximum of 10 years in prison plus a fine of up to $250,000.

Although in this case the data was transfered to a laptop, it woudl have just as easily (if not easier) been loaded onto a USB flash drive, iPod or other removable media devices.

Source: Computer World

In Ohio a High School student faces felony charges after police say he hacked into school personnel and student files and downloaded the data to his iPod. The student has been charged with unauthorized use of a computer, which is a felony. He is also being charged with “possessing a criminal tool”- which in this case is the iPod used to commit the illegal data transfer.

It seems that it would be a good idea for many schools to start using endpoint security software such as DeviceWall to block use of iPods in computer labs. One benefit of using such software is that they can enable some “school sanctioned” devices, while blocking other devices. This can help to keep kids focused on learning and less time downloading music. Another benefit of using DeviceWall in this case is the auditing capability which would allow administrators to see what data is copied to devices.

Given the number of malicious tools currently available that can be run from an iPod and other removable media devices, one would assume that schools would like to start considering endpoint security.

Sourec: Toledo Free Press

Nationwide Building Society, one of the UK’s leading financial institutions, has been fined £980,000 (US $1.9 million) by the Financial Services Authority (FSA) following a security breach which put nearly 11 million customers’ data at risk.

The security breach happened when a laptop containing highly-sensitive data was stolen from a Nationwide employee’s home. Neither the FSA or Nationwide have said whether the laptop had any security measures in place to prevent data theft, but Nationwide claims that no PIN numbers or passwords were held on the machine.

The FSA criticized Nationwide both for not initially knowing what data was held on the stolen laptop and for its slow response to the security breach. The case highlights the dangers of allowing sensitive data to leave the corporate network and how important it is for organization to control the flow of information from endpoints using anti-data leakage and encryption solutions.

More on BBC.co.uk

Up to 32,000 workers at New York’s District Council 37 have been warned that they may be at risk of identity theft following the loss of an unspecified “computer disk” containing their names and social security numbers.

The news was leaked by an Emergency Medical Service worker who recieved a notification in January 2007.

The UK’s Lord Chancellor, Lord Falconer, has announced that individuals found guilty of deliberately misusing other people’s personal information could face up to two years in jail. This new proposal would replace the financial penalty previously stipulated for the charge in the Data Protection Act 1998.

Legal experts expect more data theft cases to come to court in 2007 than ever before. The Information Commissioner is said to be in favor of even tougher laws, but welcomed Lord Falconer’s proposal: “a custodial sentence will act as a deterrent”.

More on Silicon.com