Data Leaking

Data leakage is not new thread covered and   has his roots in before modern IT technologies   but with emerging new technologies are create new ways for data leaking such Instant Messaging , VoIP , Social networks like Tweeter , Facebook and etc.

The scope for data leakage is very large , and not limited to email and web . There is a cases of data leaking from laptop theft , hacker break-ins , backup being lost or stolen . Many vendors have products that reduce electronic data leakage , but do not address all possible vectors.

What is Data Leakage  ?

Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient. This may be electronic, or may be via a physical method . Data Leakage is synonymous with the term Information Leakage. Sometimes unauthorized does not automatically mean intentional or malicious. Unintentional or inadvertent data leakage is also unauthorized .

Types of information

  • Confidential information
  • Intellectual property
  • Customer data
  • Health records

Internal threats

According to data gathered from different sources 52% of Data security breaches are from internal sources compared to remaining 48% by external hackers , but only small percentage of this internal breaches are malicious . The further analysis shows that 48% of the cases of unintentional data leakage is due to employee oversight , and 50% due to poor business process . This presents a challenge for businesses as the solution to these problems will be far greater than simply deploying a secure content management system. Business processes will need to be examined, and probably re-engineered; personnel will need to be retrained, and a cultural change may be required within the organization. These alone are significant challenges for a business .

External threats

Whilst the data presented suggests the main threat to internal  data leakage is from inadvertent   actions, organizations are  nevertheless still at risk of intentional unauthorized release of data and information by internal users. The methods by which insiders leak data could be one or many, but could include mediums such as  Remote Access; Instant Messaging; email; Web Mail; Peer-to-Peer; and even File Transfer Protocol. Use of removable media, hard copy, etc  is also possible .

Motivations are varied, but include reasons such as corporate espionage, financial reward, or a  grievance with their employer. The latter appears to be the most likely.  Most  of insider related offences was following a “negative work-related event”. Of these, the offenders were predominantly male (96%) and the majority held technical roles (86%). Whilst the consequences of these attacks related not just to data, of the attacks studied, 49% included the objective of “sabotaging information and/or data”.

Vectors of Data leakage

Instance Messaging / Peer to Peer

Many organizations allow employees to access Instant Messaging from their workstations or laptops, these are products like MSN Messenger, Skype, AOL, Gtalk and others. Many of the clients available are capable of file transfer. This simplifies sending confidential document to someone outside organization, or release sensitive information in Instant messaging chat session. In this figure you can see how easy internal user can share information with outside parties.

UntitledEmail

Traditional email clients, such as Microsoft Outlook, Lotus Notes, Eudora, etc are ubiquitous within organizations. An internal user with the motivation could email a confidential document to an unauthorized individual as an attachment. They may also choose to compress and / or encrypt the file, or embed it within other files in order to disguise its presence. Steganography may also be utilized for this purpose. Alternatively, instead of attaching a document, text could be copied into the email message body. Email also represents a vector for inadvertent disclosure due to employee oversight or poor business process. An employee could attach the wrong file inadvertently, select the wrong recipient in the email, or even be tricked into sending a document through social engineering.

Web Mail

Web Mail is well entrenched with users. Gmail, Yahoo, and Hotmail are popular examples. It represents another way for an individual to leak confidential data, either as an attachment or in the message body. Because Web Mail runs over HTTP/S a firewall may allow it through un-inspected as port 80 or 443 will in most organizations be allowed, and the connection is initiated from an internal IP address. HTTPS represents a more complex challenge due to the encryption of the traffic.

Blogs / Wikis

Blogs are web sites where people can write their thoughts, comments, opinions on a particular subject. The blog site may be their own, or a public site, which could include the input from thousands of individuals. Blogs could be used by someone to release confidential information, simply through entering the information in their blog. However, they would most likely be able to be tracked, so this is perhaps a less likely medium. A wiki site is “a collaborative website which can be directly edited by anyone with access to it”, such as wikipedia.org. These sites are often available to most internet users around the world, and contain the possibility that confidential information may be added to a wiki page.

Malicious Web Pages

Web pages that are compromised and intentionally malicious , create risks of visitor computer being infected with Trojan.

FTP

FTP server that resides in DMZ zone and does have anonymous access from outside can be also source of leaking of information .

USB/Mass storage device

USB and mass storage devices represent very easy way to distribute very large quantity of information that can be sensitive for organization.

Mitigation

Mitigation of all these can be done with different technological ways like Context aware / Application Firewalls , encryption for mass storage devices , Antivirus programs and  black list for web sites for employees  of organization .