News

Prolific laptop thief offers security lessons

"The astonishing success of a US laptop thief is a warning to IT managers to be far more alert about backing up and encrypting data," said David Hobson, managing director of security supplier GSS.

Career criminal Eric Almly - aka the Khaki laptop bandit - is said to have found his ideal career in computers.

Almly stole an impressive 66 laptops in the first three months of this year, until he was apprehended by investigators.

Almly was finally caught after wandering into the Florida headquarters of a restaurant chain and stealing 11 laptops in his shoulder bag. Even then he almost charmed his was past the security guard. Luckily for his victims, he made no attempt to exploit the personal data gained from the stolen laptops. He simply erased the data in preparation for auction on eBay.

Hobson said, "I suspect that, had he been minded to, he could have made even more money from examining and selling the data on the notebook PCs before selling them on."

The impact could have been far worse, but Almly's modus operandii says much about the vulnerability of companies in the US and Britain, argued Hobson.

Almly would copy the dress codes and habits of employees in his carefully targeted victims, hunting only in corporate offices. He would arrive at four, when receptionists and part-timers have gone and staff are at their most lax. He would by pass security by following a staff member through a secure door. Since he always acted like he belonged, nobody ever questioned why he never swiped his own card or punched his own security code into the system.

Having gained access, he would load laptops into his shoulder bags and smuggle them out. Sometimes he would post the laptops to his latest address.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy