The News On The Web

News and Press Releases On The Internet

What is the real cost of laptop computer theft ?

Peter Yexley looks at the real cost after the act of laptop computer theft.

Laptop computers may be the best thing since sliced bread, to others laptop computers are an absolute pain in the backside but an evil necessity. A crime programme on television only yesterday showed a frightening experience caught on an hidden camera, a man pulled out a seven inch knife and demanded his victim hand over his laptop computer. He wisely did and ran off, seen moments later reduced to tears and in shock, although thankful for his life. A grown man crying, not because he may have lost an entire project or handed over security sensitive information but because someone threatened his life - just for his company's laptop.

Why do we need to carry a laptop, why not simply carry a type of hard drive? Floppy disks are too small, we need something that can be used to transport data from work to home, Just store files at work, take home the drive only , plug it into our home PC, complete the work and bring back to work the next day ! Back up the data on to the work's hard drive and our if laptop is stolen, we still have the data in our pocket. We can then go to any suitable PC, download the driver from internet, plug in the device, enter our PIN and access our data. Why is this not possible?

It is !! Chirson in the UK have such a device. The USB Crypto PicoDisk from Chirson is Discreet, very small, about the size of your little finger and weighs only 12 grams. It is highly portable due to its small size and will fit to a key ring or in your pocket. The Crypto PicoDisk be used as a portable hard drive with an option of 8mb to 512 mb. Data encrypted so that without the correct PIN thieves cannot access it. Crypto PicoDisk works with Win 98, SE, ME and 2000. It is easy to use, just plug into the USB port of PC/Laptop, enter PIN Number and access data or save data to it - just like a normal drive on your PC. Simply unplug it when you leave and put it in your pocket. Cheap too - 8mb - £25, 512Mb only £310 - how much is 512mb of your data worth? Can be used on Desktop computers and laptops

Other benefits are the risk reduction of having to send data through the post, simply load the Picodisk, send it by recorded delivery, and the recipient downloads the driver from the Internet, plugs the device in and calls you for the PIN . If the device is intercepted nobody can access the data because it is encrypted.

I don't usually subscribe to conspiracy theories but cannot help wondering why the likes of Toshiba, Compaq, Dell and other big names in laptop computers don't fit better security to these portable computers. It may be that additional computer security will increase the retail price - some would say that one stolen laptop computer equals one insurance claim on a 'new for old' basis and the victim of the laptop computer theft gets the latest model - very nice indeed, if you have a cheap old banger with no data!

A friend of mine is a serving police officer and we were discussing the theft of laptop computers, he recalled an article relating to Thames Valley Police and an initiative they had embarked upon to reduce computer crime in both theft of data information and the laptop itself. Unlike car theft where in most cases the vehicle is worth more than its contents, the information, data and indeed software can easily out weigh the value of the laptop computer. So in the majority of cases, the real loss is not in the laptop computer but business to which it is used.

I learned that over 8,100 Laptops were reported stolen in the Thames Valley Police area during 2001.That is a staggering amount for one region in the UK. The crime is also self propagating because as more employers provide portable PC's to staff, the more exposed they become to crime and more likely to become victims.

There is rarely just one victim after the theft of a laptop computer, the user is the first victim, followed by the owner - in the case of a company providing a laptop computer to an employee. The laptop may contain work belonging to many clients who also become victims.

A Laptop is highly desirable to thieves who realise that like mobile phones, they are easy to steal, easy to access and most importantly easy to sell.

Alarms are fine if we didn't ignore them and if you saw a man in a suit swearing at a laptop computer because the alarm was screaming and he couldn't find his switch-off gadget - you'd probably ignore the situation too. The fact that men in suits steal computers didn't cross your mind .... and you are not alone!

Laptops can be stolen from anywhere; vehicles, homes, offices, in the street, at the airport, dock or harbour, on the train or as we walk from office to office, in restaurants, pubs and indeed fast food cues. For a laptop user the PC Immobiliser from Chirson provides a 'barrier' prior to completion of the systems 'boot up'. If your unique 'iButton' is not in the port the PC just locks the screen and keyboard and prevents any further access. If your 'iButton' is in the port the PC boots as normal, you don't even know it's there!

"The theft of Laptop Computers continues to be a serious problem due to their high desirability. In our police area alone in the last 12 months over 8000 laptops have been stolen, of these 3000 were stolen from vehicles.
The Chirson immobiliser is a piece of technology that reduces the value of the stolen laptop by restricting access to the database, making it less desirable. It also incorporates a clear warning that the equipment will be rendered useless, this reduces the motive to steal it in the first place".

Barry Keane CH/INSP Thames Valley Police, Business Crime Centre

The Chirson PC immobiliser can also be used as security in a day-to-day work related environment. Often we visit clients and suppliers, we still need to protect our companies data when we go to lunch,or simply visit their washrooms.

Normally you would have to turn the PC off and hope that no one can guess your password or may be fail to do so because you don't want to look like you don't trust anyone. With the Chirson PC immobiliser you can simply leave your PC running and just remove your button to prevent access to your PC. The button can fit to accessories such as your key fob.

Chirson offer a 'Reward for Return' scheme. Each system is provided with a special Tamper Evident Label to be affixed to either the Desktop PC or the Lid of the Laptop computer. The label destructs into tiny pieces if it is removed.

This can take a lot of time and effort!!! The Label clearly states that the PC is immobilised and unauthorised access is prevented. This acts as a deterrent to any thief as they are immediately aware that they cannot access the data and may choose to dump the PC, or not even steal it in the first place!

The label has a unique serial number, and providing that you register your details with Chirson, if the PC is recovered or found, Chirson act as a central contact point for repatriation to be arranged.

Chirson even provide a clearly marked key ring for the outside of your Laptop carry case which identifies the fact that you have a security device installed and may stop the thief from stealing it in the first place!!

Chirson Tamper Evident Label

Chirson LO2Kis an identity theft deterrent system. It allows the user to 'wear' a device that immobilises standalone or networked WIN2000, NT 4.0 and XP PC's by using a Federally Certified security device the size of a button. Network Administrators centrally program and issue a pre-programmed iButton to their users. The user does not know their password, so it cannot be copied, lost, compromised or forgotten.

Each users profile is stored in a Java applet running inside the crypto barrier of the Java-powered Button. Once the user logon credentials are read LO2K software swiftly passes the encrypted user profile to the WIN2000 Server automatically granting the user logon to their machine. No more typing user name/passwords for logon.

As an additional security measure an individual PIN number can be centrally assigned to the user for two-factor authentication. i.e. Have something (iButton), know something (PIN Number)

The common problem of lost or forgotten passwords can be eradicated as the iButton protects its data from hacking and the password does not need to be reset every 30 days. This removes the need for Network administrators to waste valuable time and resources dealing with support calls for forgotten passwords, or even worse a user writing their password on a Post-It Note and leaving it next to their PC!

The Java iButton is one of the worlds least counterfeitable devices known to man, and has been certified to FIPS 140-1 Level 3 for security. This is a device that has been tested by the National Institute of Standards & Technology for the USA and also the Communications Security Establishment for the Government of Canada.

Administrators can be safe in the knowledge that a user can be identified by the fact that they have an individual iButton that is their personal property and responsibility coupled with a unique PIN number for network access.

The key features of LO2K are :-

1. Windows 2000/NT 4.0/XP network Logon authentication
The System Administrator has the ability to control passwords centrally. No more typing of passwords, or leaving written notes of ever changing passwords for 'identity thieves'. Passwords are issued and stored on the iButton centrally by the Network Administrator. The iButton erases the information if it is tampered with, or anyone tries to 'hack' into it.
Additional security measures are available by the Administrator issuing an additional PIN Number for 'have something (iButton), know something (PIN number)' user authentication.
Access to the network is controlled by the administrator and cannot be altered by the user. All the user knows is that they have an iButton and a PIN Number issued to them and it is required for PC to work.
2. True ability to 'Hot desk'.
If you use roaming profiles in your organisation, simply plug in the iButton at any PC and it will load your user profiles and gain network access automatically from any network connected PC.
3. PKI support for signing/encrypting email
Electronic signatures refer to any method used to associate a person's identity with an electronic record. LO2K will support the eSignature standard using PKI technology to deliver Digital signatures. The users private keys are stored on the iButton allowing users to digitally identify themselves every time they send an email.
4. FTP file transfer for the storage of sensitive data for virtual transportation
The iButton has a 127K (24 page Word Document) memory allowing secret files to be FTP transferred to the button so that they are not left on the machine. These could be documents such as merger agreements, patent filings, PR Campaigns, legal documents, accounts, etc, etc. If an attempt is made to hack the iButton it destroys its secrets rather than revealing them.
5. PGP key storage.

6. Acts like an Immobiliser
The system also behaves like the immobiliser product so that when the iButton is removed if you leave to go to a meeting, lunch, etc the PC is either locked or the user is automatically logged off. If an iButton is lost or stolen you are allowed 3 attempts to logon with your PIN number, then the iButton locks for 30 minutes by its own internal 'unhackable' true time clock. Therefore a 4 digit PIN Number could potentially take 69 days, by which time you can centrally disable the users access to the network.

Your concern, like mine would naturally be how secure this Java-powered iButton really is. Chirson say;
"The National Institute of Standards (NIST) and the Canadian Security Establishment (CSE) have validated a version of the Java-powered iButton for protection of sensitive, unclassified information.
FIPS 140-1 validation assures government agencies that the products provide a trusted, physically secure module to properly protect secure information.

As a starting point for the iButton's extraordinary security, the stainless steelcase of the device provides clear visual evidence of tampering.The monolithic chip includes up to 200K of SRAM that is specially designed so that it will rapidly erase its contents as a tamper response to an intrusion. Rapid erasing of the SRAM memory is known as zeroization. Any attempts to uncover the private keys within the SRAM are thwarted because attackers have to both penetrate the iButton's barriers and read its contents in less than the time it takes to erase its private keys. Specific intrusions that result in zeroization include: Opening the case, Removing the chip's metallurgical, bonded substrate barricade, Micro-probing the chip, Subjecting the chip to temperature extremes.

In addition, if excessive voltage is encountered, the sole I/O pin is designed to fuse and render the chip inoperable.
As a further security measure, the cryptographic iButton contains a True Time Clock that is a tamper-evident real-time clock. "True Time" differs from real time in that a reputable agent sets it and its time cannot be reset and is forever increasing. This clock can be used to time stamp transactions. It can also be used to impose expiration dates for inspection intervals, whereby the iButton is required to periodically check in with a host.

As a further security measure, the cryptographic iButton contains a True Time Clock that is a tamper-evident real-time clock. "True Time" differs from real time in that a reputable agent sets it and its time cannot be reset and is forever increasing. This clock can be used to time stamp transactions. It can also be used to impose expiration dates for inspection intervals, whereby the iButton is required to periodically check in with a host.

The Java-powered iButton is among the least counterfeitable devices ever made by man. In response to tampering, the Java-powered iButton would rather erase the key than reveal its secrets. Would-be thieves cannot copy what they do not know - the private key. The iButton is highly reliable with over 27 million
being used in the world, and over half of those being worn by people. It's design ensures that connection to the PC is both simple and positive in action.

It's design ensures that connection to the PC is both simple and positive in action. The iButton is placed in the Blue Dot receptor, which is good for 1 million 'Hot' contacts. The PC then polls the iButton for it's unique ID verifying access to your PC. If the button is not in place the PC automatically goes into secure mode where the keyboard and Screen are lock up. The Blue dot receptor is spring loaded therefore you do not have to worry about the button falling out, or not being in securely.

Try to bend the iButton: you can't. Drop it on the floor. Step on it. Forget to take it off while you go swimming. No problem. The sturdy button signet has been wear-tested for 10-year durability and 1 million hot contacts to the Blue Dot receptor. "

Postal Address and Contact Details:

Contact Information

Chirson Limited
6 Woodstock Drive
Hasland
Chesterfield
Derbyshire
S41 OEU

Telephone: (07005) 620480
Fax: (01246) 237912
Email: sales@chirson.com

www.thewordis.com

News Release By

Peter Yexley
Hertfordshire Internet
The Granary
Redwell Wood Farm
Ridge
Herts,

AL2 1JG

Telephone 01707 646457

Email. peter@ukhq.com

[ Everything Within ] [ Top Resource ] [ UKHQ ] [ www.britain.ukhq.com ]
[ A Quick Word ] [ Pure Marmarketing ] [ Internet Marketing Experts ]