Widely used data security solutions have been found useless against several methods of data theft, according to tests conducted by Innersafe Corporation. Types of data exposed included those useful for fraud, identity theft, phishing, or spamming. And, like tampered votes in certain electronic voting machines, data theft can remain undetected after it happens.
In one test, a text editor exposed protected data on a PC running disk encryption, firewall, antivirus, and antispyware. Exposed data included password-protected private records used by Palm Desktop, a PC application bundled with smartphones such as Palm Treo 650, Treo 680, and Treo 700p.
“Data theft from a PC is surprisingly easy. Password recovery programs can instantly unlock files protected by software such as Microsoft Outlook 2003,” said Richard Amacker, Founder and CEO of Innersafe Corporation.
Disk encryption scrambles data on the disk so it cannot be unscrambled without a secret code such as a password. However, the test revealed security gaps with disk encryption solutions.
“Disk encryption cannot prevent theft while the disk is used, if simply copying or uploading files create unprotected copies. Imagine a jewelry store locking up at night, while freely giving away diamonds to all visitors during the day. Users deserve better security,” said Richard Amacker.
Other solutions, like file encryption, can protect files that might get copied or uploaded. However, analysis by Innersafe also found multiple security gaps with file encryption solutions because they required files to be decrypted to disk. File content can remain on disk because overwriting files can be an illusion on PC hard drives or wear-leveling thumb drives.
Hacked PC’s are estimated to send billions of spam emails each day, but it is unknown how much personal data is stolen from them. In one case, three men arrested for data theft and fraud created a botnet with over 1.5 million hacked PC’s.