How did my data get there?

If you are like me and are subscribed to any decent security newsletter you probably noticed that more and more personal and confidential information is being lost or stolen every day. Stolen laptops and lost USB drives are just two most common ways of losing valuable information.

But there are (in my opinion) more dangerous ways of losing data. Personally I would notice a missing laptop or hard drive and I might still be able to take some action to minimize the damage. But what if the personal and confidential information is copied from the laptop, which is still in your possession. Would you notice that someone has copied all your data? And it is easier then you might think.

Think about P2P applications such as eMule. When you install eMule on your computer it configures a folder where downloaded content is stored and shared. Anything stored in this folder is also available to anyone else who is using eMule.

Sometimes users will configure their eMule and shear their whole drives thinking that it will give them better rating since they are now sharing more files. I even heard that some people shared corporate network drives for the same reason.

A quick search on eMule revealed quite interesting results. First I searched for files with .pfx extension. PFX stands for “Personal Information Exchange” where I would love to stress the word “Personal”. This means it should not be shared and we should all protect them with our lives. But the search returned more than 300 files.

Larger image.

It is true that these files can be protected with a password, but there is nothing stopping users from leaving blank password on the file or picking a bad password that might be same as the name of the file (e.g. klik)… We know how users pick their passwords. It is also possible to brute force these passwords for as long as anyone wants. Hackers and other criminals are usually very motivated and have all the time in the world.

I recognized few names such as “klik.pfx” and “dohodnina.pfx”. “Klik.pfx” file contains the private key that gives the owner a full access to their online bank account. The other file gives the owner online access to their tax statements.

Larger Image

I guess this is another good reason why banks should only allow access to online bank accounts through two factor authentication (e.g. smart cards or one time password systems).

After searching for pfx files I decided to do a search on any file that has word “contract” or “pogodba” in it. Again, I was rewarded with more than 60 results of files with promising names (and some of the names are really hm – let’s say funny. E.g. "Girlfriend Contract.doc". I will just let my mind run wild on that one) :-) …


Larger Image

The only thing that we can say for certain is that these users, whose files were copied from their computers, don’t have to worry about backup. Their files are “safely” stored on the internet – more or less forever.

Add comment