Richi Jennings

Guidance loses it, Amro finds it (and holiday light fight)

December 21, 2005 6:29 AM EST
In today's IT Blogwatch, we look at  how hackers broke into Guidance Software and the curious story of the prodigal data tape -- it was lost but now it's found! Not to mention the latest salvo in the ongoing war between geeks with computer controlled lights and too much time on their hands ...

How embarrassing, How ironic, so go the headings on blogs about the latest hack-attack on no other than Guidance Software. As reported by Brian Krebs in the Washington Post: "Guidance Software -- the leading provider of software used to diagnose hacker break-ins -- has itself been hacked ... Guidance alerted customers to the incident in a letter sent last week ... The Pasadena, Calif.-based company said the incident occurred sometime in November ... [Michael G Kessler, of Kessler International, an NYC-based computer forensics company] received the notice from Guidance at the same time that a company credit-bill arrived with what he said were $20,000 in unauthorized charges for pay-per-click advertising at Google.com [Ouch] ... Guidance's EnCase software is used by hundreds of security researchers and law enforcement agencies worldwide, including the U.S. Secret Service, the FBI and New York City police ... Guidance stored customer records in unencrypted databases ... Secret Service and FBI customers were among those whose information was included in the hacked database."

» The Firebrand comments: "I have talked about security breaches so much, I can’t even harp on this anymore. It’s almost a mantra: There is no such thing as privacy and now, apparently, there is no such thing as 'secure.' ... What delusion do we have to be under to believe that any of us has anything digital that is a secret (or even safe) anymore?"

» The Crab: "The leader in software that exposes hack attempts and diagnose breakins, Guidance Software, has been hacked. Result : exposure of financial and personal data of law enforcement officials and network-security professionals. Professionals ?? Dream on. I sure hope they’re not paid from my taxes, I already have to pay moneywasting incompetent politicians."

You could be thinking that keeping your data stored on tape would be safer? Maybe not. As Lucas Mearian reports, "ABN Amro Mortgage Group Inc. has decided it will no longer send data tapes to its credit reporting bureaus after one of those tapes -- with the private information of more than 2 million customers on it -- went missing a month ago ... Those changes were announced on the same day the company said it had located the missing tape containing sensitive data about residential mortgage customers, which was lost Nov. 18 while being transported by a delivery service to a credit reporting company. The tape was found yesterday, three days after the company began notifying customers that it had been lost."

» Agent99: "As an update to a widely reported mishap involving ABN AmroMortgage Group,the company reported yesterday on their special website the 'lost' data tape has been returned! It was lost after after pickup from ABN Amro's data center while in transit by the DHL courier to Experian ... So, our tip for today is in support of ABN Amro mortgage customers to contact the company if you have not received a notification letter. You have the right to find out whether your personal information was on the 'missing' tape ... if you know of any loved ones or associates who may be customers of ABN Amro Mortgage, please feel free to contact them directly or forward this article to them."

» Random Chaos: "My wife is one of the 2 million customers whose information is on the tape. According to Crain's Detroit Business, the tape contained names, addresses, payment histories, and the key to stealing people's identities: social security numbers ...  The bank is providing 90-days of free credit monitoring through Trans Union to customers ... Pretty scary stuff."

» Frugal Underground:  "First, we recently received a letter from them telling us that we were among the 2 million customers whose data is on a tape that was lost in transit to a credit reporting bureau. This wasn’t exactly good news ... but it seemed to be a mistake that wasn't the bank’s fault (DHL actually lost the data) and they were trying to make it right by offering a free 90 days of credit monitoring ...  Now the latest news is that the tape was found (yay!) at the same facility where it was lost (oops?)."

» Corante's Francois Gossieaux: "Today I received a letter from ABN AMRO Mortgage Group Inc ... To me, this is truly worrisome. I wish the government would implement stricter rules on privacy and on who controls what happens to our personal data. By signing a mortgage with ABN AMRO or any other provider, I should not automatically sign away my rights to what happens to my personal information. Why is it that ABN can chose to ship my personal information on a tape via DHL to a third party? If indeed the sharing is needed to enable the commerce to function, why are they not forced to use dedicated money transport vehicles and services - which they use to transport their own stuff? But more importantly - why cannot I have a say in this?" [Let us know when you get those answers, Francois]

Buffer overflow: And finally...  Some people have too much time on their hands this season...

Next week, your humble blogwatchers will be taking a break, but we've already resolved to see you again on Jan 2nd. Resolved... geddit? [You're fired - Ed.]
Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk. Also contributing to today's post: Judi Dey, our very own Antipodean.