The Threat to Laptop Computers
by Manuel Cereijo
The greatest threat to laptop computers comes from common thieves. A laptop is valuable, compact, very transportable, and relatively easy to steal in a public place. Police have noted that, in terms of attractiveness to criminals and their customers who purchase stolen goods, the laptop is the equivalent of the VCR and offers criminals the opportunity to exploit a whole new market—putting it at a much higher risk than the VCR that stayed at home.
A survey of 643 major corporations conducted in 2005 by the FBI and the San Francisco–based Computer Science Institute found that 60 percent of these corporations have suffered laptop thefts. Overall, nearly 520,000 laptops were stolen in the United States in 2005. According to Safeware, a computer insurance firm in Columbus, Ohio, 409,000 laptop computers were stolen in the United States during 2004—up from 208,000 in 1995—and 10 percent of all laptop thefts occurred in airports. Only virus attacks are a more prevalent security problem.
Thieves take advantage of airport hustle to steal laptops. One scam has a female accomplice tap an unsuspecting traveler on the shoulder. “You have ketchup on your shoulder,” she tells him, while handing him a tissue. The traveler puts down his laptop and dabs the messy condiment off his jacket. While he is distracted, the accomplice walks off with the laptop.
In another example, a consultant on a large project employing about a hundred other consultants traveled in and out of the same airport every weekend. Each consultant was issued the same company laptop and the same computer bag. On one occasion, the consultant believed that someone tried to switch computer bags with him but that the other individual’s bag was not heavy enough to contain a computer. When the consultant yelled at the individual, he acted confused, said he was sorry, and returned the consultant’s bag.
Throughout Europe, laptops are also a prime target for theft. International travelers who anticipate carrying such items should be particularly wary while transiting airports. Airports offer a particularly inviting atmosphere for laptop thieves because of large crowds, hectic schedules, and weary travelers. Laptop thefts commonly occur in places where people set them down—at security checkpoints, pay phones, lounges and restaurants, check-in lines, and restrooms.
Incidents at separate European airports demonstrate the modus operandi of thieves operating in pairs to target laptops. In the first incident, Brussels International Airport security reported that two thieves exploited a contrived delay around the security X-ray machines. The first thief preceded the traveler through the security checkpoint and then loitered around the area where security examines carry-on luggage. When the traveler placed his laptop onto the conveyer belt of the X-ray machine, the second thief stepped in front of the traveler and set off the metal detector. With the traveler now delayed, the first thief removed the traveler’s laptop from the conveyer belt just after it passed through the X-ray machine and quickly disappeared.
In the second incident, a traveler walking around Frankfurt International Airport in Germany and carrying a laptop in his roll bag did not realize that a thief was walking in front of him. The thief stopped abruptly as the traveler bypassed a crowd of people, causing the traveler to also stop. A second thief, who was following close behind, quickly removed the traveler’s laptop computer from his roll bag and disappeared into the crowd.
A traveler to Russia may have his laptop confiscated by the Russian Government. In 1998, two US Government contractors, working on a joint US-Russian project, had completed their task and were returning home. As they passed through Russian Customs, the official told one of the contractors that they would have to surrender their laptops to Russian authorities. When the contractors protested, the Russian official said that Russian law requires the laptop computers to be examined 48 hours before leaving the country to determine if any Russian “secrets” were being smuggled out of the country. This is the only time of which the US Government is aware that the Russians have used a catchall paragraph in their law to retain a laptop. Letters were sent requesting the return of the laptops, and they were returned six months later.
At Orly Airport in Paris, a US Government contractor had his laptop stolen from an airport bus as he was transferring from one airport gate to another after a change in his flight. The contractor had taken all precautions to guard his laptop while in France until he boarded the bus. Thinking he was safe, he placed his laptop with his other bags on the luggage rack. When he went to retrieve it, the laptop was gone.
In late October 2000, Julien Holstein, information security director at Airbus, warned travelers not to work on company-sensitive projects on laptop computers while flying. During his talk at the Computer Security, Audit, and Control conference in London, Holstein said his firm introduced a companywide policy forbidding Airbus staff to work on projects using their laptops when flying on business. The policy had been introduced “to maintain the integrity of the company’s data after one of its managers reported that he had covertly read sensitive project information off the laptop screen of the person in the next seat.”1
At the Department of State, a laptop that contained thousands of pages of highly classified information disappeared on 20 January 2000 from an allegedly secure workspace in the Office of Strategic Proliferation and Military Affairs in the Bureau of Intelligence and Research. It has yet to be recovered. An inventory at State Department headquarters in Washington confirmed that 15 out of 1,913 unclassified laptop computers are missing. “It’s possible they were stolen,” a spokesman said. “Some could be lost.” Only one classified computer is missing so far, and department officials still aren’t sure if espionage was involved.
The FBI is investigating whether the theft of a laptop owned by Qualcomm’s CEO Irwin Jacobs was the work of thieves or an act of economic espionage. After speaking to members of the Society of American Business Editors and Writers at the Hyatt-Regency in Irvine, California, in September 2000, the CEO went over to speak to a small group of attendees. When he returned 15 to 20 minutes later, his IBM Think-Pad laptop—worth about $4,000—was gone. The CEO said that the laptop contained proprietary information that could be valuable to foreign governments.
The FBI is not exempt from losing laptops. Conducting an internal inventory, the FBI discovered that 184 laptop computers, including at least one containing classified data, were missing or perhaps stolen. The secret data on the laptop concerned two closed cases. Bureau officials also said three other missing computers were suspected of containing classified information.
The loss of classified US Government information and US proprietary information is not limited to laptop thefts in the United States. In Canada, Ottawa businesses and institutions reported that $8.7 million of computer equipment was stolen in 2004.
In May 2000, a laptop was taken from a British naval intelligence officer as he sat on a train at London’s Paddington Station. The laptop contained top secret information on the supersonic Anglo-US Strikefighter. After being stolen, the computer passed through a number of hands. It came into The Mirror’s (a British newspaper) possession after a computer specialist who said that a contact wanted him to wipe a laptop of “fighter plane stuff” contacted the paper. The Mirror, which bought a new machine and switched laptops without the original contact being aware, returned the laptop to the British Government. A relieved military expert said, “It is unbelievable it could be stolen apparently so easily.”
The above laptop was stolen from the same rail station where, two months previously, an MI5 officer (British internal security service) had his laptop stolen when he put it down to buy a ticket. Just a few days later, a laptop was mislaid by an MI6 (British foreign intelligence) officer who had been drinking at a tapas bar near MI6’s South London headquarters. It is thought that he left it in a taxi on the way home. The officer did not realize it was missing until the next day. In April 1999, an Army officer had a laptop stolen at Heathrow Airport. A portable PC belonging to a British Royal Navy Commander was later taken from a car in Pinner, Middlesex. The computer, which contained top secret and classified material, was not password protected.
It appears that British media coverage of missing laptops has had no real affect on security practices because in April 2001 another British Ministry of Defense (MoD) official left his laptop containing top secret information in a taxi. According to the British press, the individual reported the missing laptop to the police station in Wandsworth, South London. The official informed the police that he had taken a cab near Waterloo railway station to Roehampton. When he got out of the taxi, he forgot about the laptop and left it in the cab. Police immediately alerted Scotland Yard’s Special Branch. This is only the latest of a large number of computers that have gone missing through carelessness or theft—sometimes after drinking sessions
The Mirror reported that, since 1997, military and intelligence staffs have lost an astonishing 404 laptops containing official secrets. The problem is so serious that the MoD and security service staffs are to be issued hi-tech briefcases costing 1,000 pounds each. The MoD plans to buy 25,000 of the armoured cases that look like ordinary black briefcases but will destroy data if an unauthorized attempt is made to open them.
The Mirror, citing an MoD spokesperson, stated that the new briefcases are so strong that they can withstand a Semtex explosion. Special versions will have an electronic system that erases the laptop’s hard drive if the case is opened without the right codes. The briefcases were recently displayed at a private security exhibition at the
MoD’s Whitehall headquarters and were passed for use by a secretive Cabinet Office body called the Security Equipment Assessment Panel. Some of the briefcases will also be fitted with electronic trackers so that they can be traced quickly if they are misplaced.3
If your company’s security is not adequate, thieves can enter your office and steal proprietary information. Consider the case of John Labatt Ltd., whose offices were entered by a thief who stole five laptop computers. The physical security at Labatt in the heart of Toronto’s financial district was easily breached. Espionage is suspected because the thief ignored cash and other valuables. Labatt is being eyed by at least two suitors for a hostile takeover so that any private information would be of much greater value on the street than just the physical worth of the laptops.
A laptop is not immune from theft in a hotel. Some countries convince hotel operators to provide intelligence collectors with access to visitors’ luggage or rooms. During these surreptitious break-ins, known colloquially as “bag ops,” unattended luggage is searched for sensitive information, and any useful documents are copied or simply stolen.
Economic and industrial espionage may involve simply breaking into a hotel room or an office containing desired information. Break-ins at the foreign offices of American companies have resulted in the theft of laptop computers and/or disks even when more valuable items are in the vicinity. These instances are not always reported, or they are reported as merely break-ins, without considering the possibility that the target was information rather than equipment.
In another example, a major US consumer products company suffered a possible loss of proprietary information as a result of a theft in East Asia. A laptop computer containing sales data, market estimates, and strategic business plans for one of its business units was stolen from a hotel conference room during a lunch break. Hotel staff—under the supervision of a company employee who was preparing remarks for the next presentation— cleaned the room for the afternoon session. The employee did not continuously guard the computer and discovered the loss shortly before the session reconvened.
When a laptop is stolen, one doesn’t know whether it was taken for the value of the information on the computer or for the value of the computer itself. This makes it difficult to assess the damage caused by the loss. In addition, stolen laptops are rarely recovered mainly because it is difficult to prove ownership if the owner did not bother to record the laptop’s serial number.