Issues
The History of PodSnaffler
Copyright ©2006 The TakeWare® Company -
Click here for Contact information
Data theft, fraud and identity theft have become major problems over the last few years and now concern us all - whether we use the technology ourselves or not. As a society we have all relied on the NHS, the Education system and businesses to act responsibly, obey the data protection laws, and safeguard our information. But once our information has been divulged - intentionally of not - the Data Protection Act becomes 100% irrelevant. With the new SOCA (Serious Organised Crime Agency) warning of new mafia style tactics from criminals the issue of mass data theft is a major concern.
It has long been known there are a range of powerful hacking tools readily available to anyone on the Internet - in fact there is a whole subculture devoted to this - "The Cult of the Dead Cow" is a good example of just one of the better known websites (see http://en.wikipedia.org/wiki/Cult_of_the_Dead_Cow). Indeed the Internet itself was seen as the biggest threat until quite recently when it was realised that the majority of thefts and frauds involve 'insiders'.
PodSnafflerLogoButton.jpg)
history
'I wrote a program called SNAFFLER over two or three years ago - realising that iPods, MP3 players and other flashdrives would soon become widespread and would also create a significant new threat to the confidential information on which companies all depend - to demonstrate and help to quantify the problem." says Barry James, MD of The TakeWare Company.
It doesn't take too much imagination to realise how devastating this could be when 97% of companies now depend on their confidential data, patient records are increasingly electronic, as well as pupil and student records and databases. Even back then the potential for fraud and identity theft was becoming obvious to us - and there have been numerous instances since. Reported mostly in the US so far, but recently including the exposure of 2,000 UK customers details by a Mastercard and a UK bank.
SNAFFLER was a small program that works on virtually any MP3 player, iPod or pendrive - some mobile phones even. You click on it, it starts and immediately seeks out interesting documents and other information on the host computer - or even any network to which the PC is attached. It's very fast and is capable of removing thousands of documents and millions of bytes of information - in a matter of seconds.
When we realised the nature and the power of this threat - and the potential of SNAFFLER - we felt that we were left with a difficult moral dilemma. Clearly SNAFFLER could do a very good job of raising this increasingly important issue.
However we decided that we could not release it for two reasons: Firstly it would be extremely difficult to ensure that it wouldn't fall into the wrong hands and if it did so it would be likely to proliferate - which could cause untold problems. Secondly: Even raising the issue at that point, as effectively as even a limited release would, would be likely to alert potential perpetrators at least as well as it could potential victims - but the perpetrators would be better placed, since effective countermeasure were still some way away.
'After consulting with trusted colleagues we took the difficult decision not to release SNAFFLER - but to keep working on the problem, and countermeasures."
Finding forward two or three years a lot has changed. The threat has not diminished - rather increased dramatically. Some mobile phones can now hold as much as 60Gb - more than many PCs - and a physically tiny 1Gb device - capable of holding the whole database of a small company for example - has fallen in price to below £15. They are also much faster now - and they are everywhere.
'We have recently become aware that utilities not dissimilar to SNAFFLER have begun to circulate. This is not surprising - the first version of PodSnaffler was written in just two hours - admittedly by one of our most talented programmers. But this does demonstrate that technology for this kind of intrusion is not 'rocket science' and we can virtually guarantee that those now alerted to the opportunities who want it can get it, or get it made, in hours or days."
Paradoxically this is partly due to the excellent work of the UK's DTI. The "Security Breaches Report 2006" published in April highlighted this threat at the top of the 'Emerging Technologies' section. Raising the issue provided a wake up call to potential perpetrators as well as potential victims. We believe that they were right to sound the alarm - but it does inevitably increase the risks - with even non-techies now becoming aware of the power of their mobile phones and iPods in this respect.
This is why we have chosen now to release PodSnaffler - an updated (and de-fanged) version of SNAFFLER. PodSnaffler is available to security experts and bona-fide registered IT consultants via (registered) download at here
Advice to businesses and organisations concerned about the threat to their information and that of their customers is available here
We believe that awareness is an essential element in protection against this emerging threat - hackers and data thieves do not obey the law - much less data protection laws - and are confident that, having reached this point, this initiative will help promote the security we all need.
To get the protection you need click here