[ Think we're being too mean? See “" ]
We live in an increasingly virtual world, where our crucial data lives on the cloud and we live in fear of electronic intrusions into our particular fiefdom in cyberspace. But it does pay to remember that all of that data does, ultimately, reside on metal-and-plastic computers that do occupy real space in the physical universe. These computers can be touched, picked up, and carried away, and that's bad news. For instance, NASA has suffered a number of recent cybersecurity scandals, among them the fact that .
The one thing that makes stealing stuff tricky is that it requires real physical access to that stuff. But getting physical access to things is easier than you'd think. One security researcher demonstrated fairly easily that via attitude (e.g., imperiously waving a badge at security guards, even if it's not a badge that allows you access to wherever it is you're going) and a moderate amount of stealth (e.g., slipping in through exit doors). Oh, did we mention that these techniques worked at an RSA Security conference? Probably it's even easier in your building.
But when your tech goes missing, don't forget the old adage that you should never blame on malice what can be attributed to good old-fashioned incompetence. For instance, maybe those computers weren't stolen by dastardly cat burglars bent on sabotage; maybe someone who was in charge of them just lost them. This didn't happen so much when everybody had a large desktop computer that was hard to lug around, but the convenience of laptops and smartphones makes them also convenient to lose. One survey of small businesses found that . And if a survey of , almost none of those devices were encrypted in any way.
The media world in late 2011 was roiled by the spectacle of the , in which it came out that multiple newspapers in Rupert Murdoch's British media empire broke into the voicemails of celebrities and crime victims in order to get media scoops and sometimes engage in a little light blackmail. Less well publicized was the method used to achieve this seemingly high-tech coup: investigators who had the target's contact info simply called up the number their mobile phone provider set up to retrieve voicemail remotely, then entered some guesses as to what the victim's PIN might be. Many were fairly obvious -- in fact, many were simply the default that came with the account.