Case 2. The Compromised Laptop

A laptop does not have to be physically stolen for valuable data to be extracted.  A few unguarded moments are all that is needed to add malicious software either at the site or remotely. Aspiring thieves, or their electronic proxies, are constantly monitoring for unattended computers either in person or on the Internet and private networks. In fact, the FBI lists the introduction of viruses and other stealth software as the most costly computer crime, ahead of laptop theft. [8]

Networked computers are usually protected by industrial-strength firewalls, secure managed mail services, anti-malware  software, anti-virus software, and a dedicated staff of security professionals who constantly monitor the system and keep it patched and maintained. Laptops only share this protection when connected locally.

Most Windows XP portables have local group policy (GPO) settings that start other protection when the machine is not connected to the main network. These safeguards include enabling automatic updates switching on the Windows Firewall, and activating Windows Defender and a client-side anti-virus program.

Despite these protections, thousands of XP machines are infiltrated every day by malware in the form of viruses, Trojan horses, logic bombs, trapdoors, etc. Once the software is installed, it can carry out a number of insidious functions on the compromised machine, including capturing activity information such as logs and keystrokes, corrupting data, adding other malware, searching for and transmitting certain types of information like Social Security and credit card numbers, sending email, etc.

Thieves extract information from the laptop, and may be able to infiltrate the local area network (LAN) once the mobile computer is reattached.

Case 3. Insider Stealth Activities

Employees and other trusted insiders often access computers without proper authority. They can easily attach external hardware, such as USB storage devices to steal sensitive files or credentials for processing and decrypting outside the network. While companies frequently disable this capability, it is seldom done with laptops because they are more dependent on external devices to be functional.

When unauthorized users gain control of a Laptop that is connected to the network, a whole new world of vulnerabilities unfolds. Direct intrusion tools may be used to send spoofed packets to obtain network information, unveiling new ways to breach security.  Passwords are cracked to log in with administrator permissions, backdoors are built for later incursions, and permissions on the laptop are changed to allow remote access.

Surreptitiously, the computer may be scheduled to send stolen information using normal methods that will not attract attention, such as email, ftp, http, etc. to external machines. Additionally, sniffers or other software may capture network traffic and transfer it to the cyber bandit’s equipment to extract valuable information, passwords, etc.

For businesses or homes using laptops connected wirelessly, spies may camp within range of wireless routers and intercept traffic when strong encryption and passwords are not enabled. Recent surveys of wireless networks indicate that many use default names and passwords or easily guessed keys that may be decrypted in a matter of minutes, allowing complete access to the network.

Laptops running XP are often configured to automatically connect to wireless access points (WAPs) with default names. Crooks can set up their own WAPs with the same names and trick unwitting users to connect and expose their traffic. These are called “evil twins” and can often be found near airports or other high-use areas. Some trick users who are searching for WAPs by using names like “Free Airport Wireless”, or something mimicking a corporate WAP.[24]

Another popular approach is the “man in the middle”, where the user logs on to the correct network, but is actually passing through another WAP that records all of the information sent.

For the laptop user, equal diligence is required both inside and outside to prevent the computer and the network from being compromised. The rest of this article explains features of Windows Vista that will make the job easier.

Back to top

Previous Page   Next Page