The reporting is predictable for the national press. No discussion by technology professionals on the implications and probability of compromised data. The implication is that the tapes contain freely readable text data. Highly unlikely.
Let me go out on a limb with this analysis:
- It is public knowledge that Bank America credit card applications run on IBM mainframes. Therefore, the tapes are likely mainframe data backup tapes.
- Mainframe backup software comes from a variety of sources including IBM and Computer Associates. You would need to understand the backup software's data layout and its compression routines to decode the tapes.
- You'd need an IBM tape drive with the right options for encryption and compression.
- IBM mainframes have a hardware encryption option, which makes files thoroughly illegible with Triple DES (I made that up, but you can look up the specs at IBM's web site). In other words, the data may be double encrypted and compressed.
- The data files probably come from an unloaded database. You'd need to understand the database unload format to be able to reconstruct records, tables or rows.
- Then, with the uncompressed decrypted data, you'd need to map the data to individual records and fields -- without a data map or a program to provide reverse engineering help.
In short, if I hypothetically had those tapes in my hands, it would take tens of thousands of dollars and access to some heavy duty hardware and software in order to -- maybe -- get some private data. Eventually.
So, if you are a federal employee with a Bank America SmartPay credit card, I would not lose any sleep over these lost tapes.
Peter S. Kastner
No comments:
Post a Comment
All comments are moderated.
Note: Only a member of this blog may post a comment.