iPod can be music to a data thief's ear

Everybody loves the iPod -- even criminals.

Apple Computer's portable music players are so popular, and so valuable, that muggers have taken to jacking up anybody wearing those distinctive white headphones.

But iPod users aren't just victims of crime. After all, the iPod is just a big old hard drive, capable of holding gigabytes of information. That makes it a splendid tool for data thieves, and a clever place to hide damning evidence. Identity thieves in Britain have been caught using iPods to store forged personal data; devotees of kiddie porn have stashed their filth collections on them. Even employees at Apple Computer have used their iPods to smuggle corporate secrets out of the building.

And it's not just iPods. Millions of everyday gadgets can double as repositories of illicit information. Cellphones, PDAs, digital cameras, USB ''thumb drives," even the new Sony PSP portable gaming gadget: They're all crammed with megabytes of spare memory that can be used for a variety of info-crimes.

Derrick Donnelly knows. As former head of Information security at Apple, he ran the iPod investigation that nailed his thieving co-workers. Today, Donnelly is chief technology officer at BlackBag Technologies Inc., a Santa Clara, Calif., firm that's in the computer autopsy business. There are plenty of forensics tools for inspecting computers running Microsoft Corp.'s Windows operating systems, but BlackBag makes hardware and software for finding data hidden on Apple Macintosh computers, and on iPods.

''There's a lot of companies and their security officers who don't think of it as a full hard drive," Donnelly said. But the iPod can easily be configured to store data files instead of music, making it an excellent smuggling tool. Of course, people can burn stolen files onto CDs, or just scoop up sheaves of paper. But the iPod holds far more data, and, with millions in use, the average security guard will scarcely glance at them. ''If someone was walking out the front door with a box of CDs, he might be more suspicious." said Donnelly. ''If a person's walking out the front door with an iPod around his neck, is he really going to stop them?"

The music lover may get stopped if the guard has gone through one of Donnelly's weeklong training courses, which are popular with cops and FBI agents. But it's not enough to grab the suspect's iPod. The police must now read the data on the drive without changing it. Accidental alterations could destroy vital evidence, or lead a judge to suspect deliberate tampering.

Simply plugging an iPod into a computer can ruin a cop's day. Macs automatically connect external disk drives to the operating system, a process called ''mounting." But this action modifies some data on the drive, and could destroy some evidence. So Donnelly teaches investigators how to rig a Mac so it won't mount the iPod, but will read the data on it. Then he uses software that makes an exact bit-for-bit copy of the drive without altering it in any way. The copy is protected by a digital ''hash," an electronic fingerprint that makes it tamperproof.

But the copy is no good if police can't read it. Apple's Mac OSX operating system allows you to switch on excellent built-in data encryption. You just drag a file to a folder, and it's scrambled so completely that the CIA couldn't crack it. If the iPod files are similarly protected, you have problems.

Donnelly ran into such a problem during his Apple days. He was asked to help French police inspect two encrypted files on an iPod belonging to a suspect in a child prostitution ring. Donnelly teamed up with other Apple engineers to write a ''dictionary attack" program -- a piece of code that tried one password after another, until the right one was found. The effort was half-successful; the Apple team cracked one of the two files.

Since setting up BlackBag, Donnelly has seen other examples of iPod users at their worst. He has cracked iPods filled with kiddie porn, for instance. Most data security problems are far less ugly. Corporate security experts worry about protecting their firms' data. They also fret workers with portable data devices could deliberately or accidentally inject viruses and spyware into the corporate network.

And for all of Donnelly's expertise with iPods and other Apple hardware, he says that simpler, cheaper gadgets are even more dangerous. ''These little thumb drives are . . . probably one of the scariest things," he said. Far smaller than an iPod, many people use them as key chains. But these nearly invisible devices can hold up to a gigabyte of data.

That's why some companies are using software that limits the ability to connect portable storage devices to their office computers. Companies like PNL Tools Ltd. and Centennial Software Ltd. offer programs that sit on each company PC, and notify a central network computer when an employee plugs in an external storage device. The network machine can ban all such connections, so that the computer won't accept your thumb drive. Or it could allow connections from a PDA with 64 megabytes of memory, but not from an iPod with 20 gigabytes.

But many companies don't install new security patches for their software, even though they're free of charge. So it's no surprise that few businesses will pay for protection against their employees' iPods and thumb drives. Apart from the expense, it's a matter of trust. Most responsible business people don't fancy treating their employees like crooks.

Still, some of them are. A Michigan State University study last year that examined over 1,000 identity theft cases found that 70 percent of them were inside jobs. Millions of office workers have access to sensitive files, and can easily smuggle them home inside some fashionable new digital device. Which means that someone else's iPod could get you mugged.

Hiawatha Bray can be reached at bray@globe.com.