Charter Employee Data Stolen - Several laptops taken from South Carolina facility
Links: home · search · speed test · login · more ·
Links: New Topic
Forums »
DaMaGeINC @ 14th Aug 01:27PM:
lol
Cant wait for someone to show up on my door step wanting to sell some laptop to me. I have some crazy friends that do things like this, then when things cool down, they try to sell the laptops for drugs or money.
--
Have a Networking problem or question? Stop by the Networking Forum and let us help you.
reply
Smith6612 @ 14th Aug 01:34PM:
wow...
Imagine Charter trying to get out of this mess, with someone running around with all of someone's personal information. If it has Social Security ID or Credit card/bank account info, then they are in for some deep doo doo, especially the employees.
reply
ninjatutle @ 14th Aug 01:36PM:
Re: lol
You need new friends. The next laptop they might steal will be yours.
reply
NetAdmin @ 14th Aug 01:38PM:
Small world
I was talking one of the folks I work with and he was one of the people that received notice from Charter about this. It was ironic too because we were talking about a disk encryption project and how it is going to prevent data theft from our company if a laptop gets lost of stolen.
--
---
Eleven years of carrying The Clue Bat...
reply
DaMaGeINC @ 14th Aug 01:40PM:
Re: lol
True. But I make sure I show them all the security around my house, and I make it a point to know where they live and who they hang around. Plus, I dont let them in when they come over. Anything they have to tell me, they can do it outside.
reply
Lexxion @ 14th Aug 01:49PM:
leave data "at home"
I noticed that a lot of employee/customer data gets stored on laptops. That is just asking for trouble. I would think they have a remote database in the company when one can remote login etc. There should be stricter laws as what can be stored on laptops in the company.
What other solutions to these problems are there?
reply
ITALIAN926 @ 14th Aug 01:51PM:
sigh
Maybe it should be a corporate RULE that personal information not be on LAPTOPS.. HELLOOOOO... Its a lot harder to steal or lose a desktop.
They probably stole the laptops for the actual hardware, not for the information on it.. but now, thanx for tellin them. LOL
reply
insomniac84 @ 14th Aug 02:01PM:
Re: leave data "at home"
I was thinking the same thing. Why are copies of data like this being placed on laptops? It should be in a central protected location. It would be interesting if these companies had to disclose why so much customer information was on one computer.
reply
Matt @ 14th Aug 02:06PM:
Re: leave data "at home"
said by Lexxion :
What other solutions to these problems are there?
One that AIG implemented back in 2005. Full disk encryption and pre-boot password. Type the password wrong 3 times and you're completely locked out.
reply
ninjatutle @ 14th Aug 02:17PM:
Re: lol
So you are their pusher?
reply
DaMaGeINC @ 14th Aug 02:19PM:
Re: lol
No, But I have got calls and people have showed up at my door with stuff like this. People know that im heavily involved in computer stuff, so im sometimes the 1st person they come to, to get rid of stuff.
reply
Skippy25 @ 14th Aug 02:22PM:
Re: leave data "at home"
We use a program called SafeBoot at work.
It makes support a pain in the butt, but it at least provides some serious security.
You can also use TrueCrypt which is free for personal use. I use that on my drive as well. I created a 10GB encrypted file and my personal stuff is in there.
That same type technology is going to be required for all external devices attaching to any company laptop. You wont be allowed to just copy data, you will have to create an encrypted file to put the stuff in and then provide the password to the person that needs access.
reply
Skippy25 @ 14th Aug 02:23PM:
Re: sigh
I think it would be a better corporate policy to encrypt every drive.
reply
Smith6612 @ 14th Aug 02:26PM:
Re: lol
I'm quite involved in computer services as well. A lot of the people I've worked with literally told me that they would really only trust me fixing their computers and cleaning them out. Like most recently I had to fix a computer (a Dell OptiPlex GX270) with blown capacitors on the motherboard, and this system was for a business who used it as a cash register. So I have a lot of trust on my hands, and sometimes quite a bit of important data on my hands as well I have to take care of.
reply
JamesPC @ 14th Aug 02:31PM:
Re: lol
lol, sounds like crack heads. I would have more respect for myself and get new friends.
reply
DaMaGeINC @ 14th Aug 02:36PM:
Re: lol
Not really friends, how about people that I know and know me. My REAL friends would never do stuff like that. And yes, most of the do alot of drugs, and prolly wont go anywhere in life.
reply
bgraham @ 14th Aug 02:53PM:
Re: sigh
The credit card company that I worked for was also very good at protecting their laptops.
We had encryption with only 3 password tries at boot time before it locked us out. Even if the laptop was stolen all the data was encrypted.
Plus we had a keychain with an eight digit password that changed every 30 seconds. We could not logon to the VPN without the keychain password. In addition our VPN monitored our encryption software, so we used to get warnings that if we did not update our encryption software within 24 hours we would no longer be able to connect to the VPN.
It really does not take much to be secure. I think most all of these "lost laptop" horror stories could be prevented if the IT people had any interest in security.
I have told this story hear before, I used to work in a small office building and next door was a company that issued bank cards. One of my co workers got the dreaded RIAA threatening letter from his ISP for running a p2p server at home. The bank card company next door had a completely open wireless network so every day he would bring in his laptop and run his p2p server through their network. All of their desktop computers, their routers and their server was completely open to the public.
reply
NetLarry @ 14th Aug 02:55PM:
Missed me (this time...)
I work for another cable co and we were previously owned by Charter - fortunately not any more. Unfortunately for those employees who have worked here for many years, they just got the letter from Charter about the theft.
"...it is strongly recommended that you take advantage of the free ID TheftSmart service offered by Charter through Kroll, Inc."
Oopsie....lets hope that it was just a crackhead trying to get a few bucks as opposed to an identity theft ring. All we can do is watch and wait. I know there are a few people around the office who are less than happy about this.
NetLarry
reply
anon @ 14th Aug 03:07PM:
msg deleted
deleted by a moderator
reply
Lazlow @ 14th Aug 03:37PM:
Re: leave data "at home"
If the people are really after the data and not the hardware this is easy to bypass. You just pull out the drive and mount it on a system that prevents writes to the drive (easy in linux). It will take time to break the encryption. The more data and the more the people trying to break the encryption know about the data, the faster they can break it.
reply
tekmunki @ 14th Aug 03:43PM:
found one!
I think we found one of those laptops...
»An 802.11 Homeless connection
reply
Matt @ 14th Aug 04:00PM:
Re: leave data "at home"
said by Lazlow :
If the people are really after the data and not the hardware this is easy to bypass. You just pull out the drive and mount it on a system that prevents writes to the drive (easy in linux). It will take time to break the encryption. The more data and the more the people trying to break the encryption know about the data, the faster they can break it.
Easy to bypass? Hardly.
Good luck trying to break AES-256 encryption. This is a pretty cool product. You have to encrypt the drive before even loading the OS. The password prompt is not a BIOS password, is a bootloader that pops up.
Everything on the entire drive, even blank space, is encrypted. So while I won't say it CAN'T be done, have fun trying to decrypt 100GB+ of AES-256 encrypted data, especially since the free space is just gibberish data.
»en.wikipedia.org/wiki/Advanced_E···y_of_AES
reply
Lazlow @ 14th Aug 04:08PM:
Re: leave data "at home"
The breaking of the encryption aside: Defeating the 3 tries section was my main point. If the drive is removed from the machine and put into another machine (that can control write access to the drive). The code that operates the 3 tries program can never execute. Therefore (at least that part) is bypassed.
As I stated above:
It will take time to break the encryption. The more data and the more the people trying to break the encryption know about the data, the faster they can break it.
reply
Matt @ 14th Aug 04:17PM:
Re: leave data "at home"
said by Lazlow :
The breaking of the encryption aside: Defeating the 3 tries section was my main point. If the drive is removed from the machine and put into another machine (that can control write access to the drive). The code that operates the 3 tries program can never execute. Therefore (at least that part) is bypassed.
As I stated above:
It will take time to break the encryption. The more data and the more the people trying to break the encryption know about the data, the faster they can break it.
Right, but the 3 tries only controls the boot, the drive is encrypted regardless, so removing the drive accomplishes nothing unless they can break the encryption ... which to date has not been done. The passphrase is not tied to the encryption ... the drive encryption is handled by a certificate that has to talk to a certificate server. So they'd have to brute force it, or compromise the certificate exchange somehow. Either one is highly unlikely and by the time it was done, (we're talking years) the company would know and can take measures to protect the data.
reply
WALL_E @ 14th Aug 04:23PM:
Re: lol
I just had to laugh at this, because I happen to work in an IT department, and next to my desk is a stack of about 12 OptiPlex GX270s, all with blown capacitors near the memory slots. :D Not to many problems with the GX280s that are used extensively here.
--
One nation, indivisible, with liberty and justice for all.
reply
ossito16 @ 14th Aug 04:27PM:
Re: lol
man don't be shamed who you call friends, if you got people who do "stuff" then so be it. We all need a "hookup" friend. Who doesn't like to buy merchandise that has fallen off a truck or two?
reply
Lazlow @ 14th Aug 04:42PM:
Re: leave data "at home"
I am a little confused about how this system works. The Encryption occurs before the OS boots. The Encryption HAS to phone home BEFORE the system verifies the certificate. So without an OS how does the Encryption phone home? As we have been talking about laptops (presumably wireless) I have a hard time seeing this.
And what about when you are someplace that does not have internet access?
reply
hayabusa3303 @ 14th Aug 05:32PM:
why
What is it with these people/company's and there laptops.
Dont you think they would wake up by now and quit using laptops. Laptops are so easy to steal vs a desktop.
Back to topic:
Sounds like a inside job.
reply
cahiatt @ 14th Aug 05:35PM:
Re: lol
Was the data stolen or part of a NebuAd trial...? :)
reply
Skippy25 @ 14th Aug 06:36PM:
Re: leave data "at home"
Safeboot does not work that way. It is installed in XP/Vista and encrypts the entire drive then. There is a backend server that controls everything.
reply
Lazlow @ 14th Aug 07:42PM:
Re: leave data "at home"
Just to be clear: is the back end server on the machine or at a remote location?
reply
anon @ 14th Aug 08:01PM:
Re: why
said by hayabusa3303 :
Back to topic:
Sounds like a inside job.
I'm inclined to agree. I mean, why would info like a SSN be on anyones laptop? A server I could see, a shared drive, maybe, but a laptop? A company with around 20,000 employees, all over the Country, and someones laptop in South Carolina has enough data on it to compromise 9,000 of their employees, past and current.
This reeks of an inside job.
reply
ninjatutle @ 14th Aug 11:52PM:
Re: lol
They don't respect other people's stuff so what makes you think they won't hesitate to grab any of your stuff? There's no honor amongst thieves..
reply
Nerdtalker @ 15th Aug 12:42AM:
Re: lol
Funny how that logic doesn't seem to apply to teleco's like AT&T, Cox, Charter, Comcast, NebuAD, e.t.c.
I guess being a big "corporation" with "business interests" somehow legitimizes it.
reply
Airwolf7 @ 15th Aug 12:44AM:
Re: lol
Bad capacitors are a known problem with many motherboards and other components. I have fixed many devices with blown capacitors that people were just going to throw away and after repairs they worked perfectly fine and could be put back into useful service. A lot of the computers that I use and gave to friends or needy people were from people that just wanted to throw them away or decided that they wanted to upgrade equipment instead of pay for repair.
I have ran across lots of Intel D845, D865, and D875 motherboards with theses problems and a sack full of the Dell OptiPlex SX270 computers. A local lady that owns a Insurance Company where I live upgraded all of her OptiPlex GX240 computers to OptiPlex SX270 computers and Dell had to replace the motherboard in every single one of them.
Dell had a special out of warranty program for these models for this problem but it is over now.
"Dell OptiPlex™ SX270 / GX270 / GX280 Out of Warranty Support Program.
Dell™ will provide out of warranty coverage in North, Central and South America for OptiPlex™SX270(UFF), GX270, GX280 systems with failed motherboards due to expanding or leaking capacitors for 5 years from date of purchase, or until 31-January-2008, whichever comes first."
Check out this website »www.badcaps.net/pages.php?vid=2 as this fellow has custom capacitors replacement kits for many models of motherboards and computers including the ones you have.
If you or someone in your IT department has patience and soldering skills then you might be able to get your computers back up on their feet again for under $30.00 each or you can send the motherboards out of them to him and he can repair them and ship them back to you probably for under $60.00 each.
You can check out his website for the details about all of this.
Edit: I have not ran across any problems with the Dell OptiPlex GX280 computers that any of my customers use so I'm guessing that only the first batch of these were affected before Dell found the problem and corrected it.
reply
Nerdtalker @ 15th Aug 12:47AM:
Re: lol
I hate the OptiPlex GX270s, every last one of 'em. Capacitor Plague is never-ending, seriously. I've replaced a good 20 or so of 'em on assorted motherboards as well as other electrical components (power supplies, very specific/specialized DSP cards, e.t.c.), and whomsoever's idea it was to fiddle with the electrolyte chemistry should be stoned mercilessly with the thousands of popped capacitors they're responsible for.
Solid state FTW.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB.
reply
Airwolf7 @ 15th Aug 01:06AM:
Re: lol
We could stone them to death like in the old days, but instead of using stones we could pelt them with capacitors. I don't know if it would work to well though because I don't think the capacitors weigh enough. Might could cover them with dump truck loads of capacitors until they were buried under a mound of them. It might suffocate them sooner or later.
On the bright side, I did get a lot of nice equipment for free that with a couple of bucks and a few minutes of my time worked perfectly again.
reply
Nerdtalker @ 15th Aug 01:07AM:
Re: lol
Oh, I'm sure there are more than enough bad/popped capacitors out there to crush a man or two. Seriously. Some days, I honestly wonder what kind of lack of all engineering sense led them to build such terrible capacitors; something so simple and taken-for-granted crippling the most otherwise complicated ICs... ::sigh::
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB.
reply
CATV4life @ 15th Aug 06:00AM:
stolen laptops
What is pretty disgusting about this whole situation...Charter haven't even notified their employees!!
I found out about this from reading it here on the internet. And Charter cares about their employees?? I think it was a farce that Charter was in the "Top 10 places to work".
Charter Named One of the ‘Top 10 Places to Work in Cable’ – When CableFAX Magazine recently requested nominations for its annual “Top 10 Places to Work in Cable” list, more than 900 Charter employees responded. The next largest number of employee nominations was from Cox Communications, with 50. Due in part to the overwhelming response from Charter, the magazine’s editors named the Company to this year’s list. To view the CableFAX article, please click here: CableFAX - July, 2008
I know I didn't vote, probably all Managers and Directors, we know we have plenty of them.
reply
Matt @ 15th Aug 09:35AM:
Re: leave data "at home"
said by Lazlow :
I am a little confused about how this system works. The Encryption occurs before the OS boots. The Encryption HAS to phone home BEFORE the system verifies the certificate. So without an OS how does the Encryption phone home? As we have been talking about laptops (presumably wireless) I have a hard time seeing this.
And what about when you are someplace that does not have internet access?
There is an OS installed piece that does the phone home check occasionally to apply any new system policies and such. I believe it can be configured to stop a boot if it can't phone home in X amount of time.
reply
anon @ 15th Aug 09:15PM:
Re: lol
said by DaMaGeINC :
Cant wait for someone to show up on my door step wanting to sell some laptop to me. I have some crazy friends that do things like this, then when things cool down, they try to sell the laptops for drugs or money.
Yeah, great story. Thanks for making this thread all about you.
reply
SystemTech @ 17th Aug 10:33PM:
Re: stolen laptops
I am in SC and only Charter Media employees were affected from what I Understand.
reply
Skippy25 @ 20th Aug 04:00PM:
Re: leave data "at home"
It is a remote location and only certain people have access to the database to add/remove user or encrypt/decrypt a drive.
To the best of my knowledge the only crack that has ever been done to an encryption process like this was the result of a person being able to freeze the memory while the encryption key was still there for a user logged in.
In a nutshell, it is nearly impossible for even a well above average person to get past it. However, just like everything else, if they really want it they will find a way around it eventually. My company is so concerned about someone maybe being able to easily do this some day in the future now requires us to all do a DOD drive wipe when a drive is removed from production. That's right, we have to securely wipe a drive to DOD standards, that was already encrypted to extremely high standards. It's quite entertaining to see how lawyers infiltrate even financial firms to such a degree.
My argument to management is... if you are truly that concerned with data, then destroy the drive. A pick in a laptop drive puts it in millions of pieces and that is the only true way you can say "yes, the data is not recoverable" to make the lawyers happy.
reply
oldcableguy @ 5th Sep 05:46PM:
Re: stolen laptops
Not true. I worked for the company for nearly 11 years and never in the Charter Media Group. This has affected a large number of employees including former executives. YUK!
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2008 silver matrix LLC