Hacker Unable To Bypass DLP

Inexplicably DLP Worked!

Matt Konda Matt Konda @mkonda

(Photo by Bernard Hermant on Unsplash)

Eric (last name changed to protect the incomptent) Albertson had found a foothold in a company’s data systems. He had found precious intellectual property and troves of personal information.

It looked like a heist to end all heists. He thought it might even get a mention on beepingcomputer.com.

But in the end, Eric was foiled by DLP. DLP stands for Data Loss Prevention and it works by detecting the presence or transmission of certain types of data. For example, SSN or Credit Card data. Sometimes DLP can be trained to recognize intellectual property and detect it as well.

When DLP is working right, it can not only detect the data but also prevent (block) the data from being transmitted.

In this case, Eric was stumped! He had files with millions of records but he couldn’t figure out how to get them out of the company’s environment.

It turned out DLP blocked sharing certain files. It also prevented him from emailing it to himself. After so much work it was terrible to have to walk away from a trove of data like this, but Eric just couldn’t figure out a way to bypass the DLP technology put in place to protect the data.

Later, as we asked Eric about the detail, he was in the middle of taking a photo of his USB drive sync’ing photos to Dropbox so that he could explain to his wife how the home movies got replicated from one place to another.

He sighed and reflected on the big one that didn’t get away because of DLP.