MobileMalwareMitigationMeasures·Chapter11 357 natural place to keep some types of information. Information makes a valuable attacker target. It's easy to copy and hard to trace. Unlike the theft of physical devices, information can be "stolen" at a distance, reducing the risk. It can be aggregated easily for bulk sale and can be sold at a distance. Best of all, you may not even know it's been stolen. In computer crime, most data theft is done for the purpose of resale. Identity data is an extremely common example of this. Attackers collect personal information and then sell it in bulk to higher-level fraud operations. In some more targeted cases, attackers are looking for information to make more immediate use of. They may be looking for information they can use to attack something else (often called a "stepping stone") or they may be looking for something more concrete (like product data in a corporate espionage scenario). Let's look at some of the information kept in a typical mobile phone. The Address Book The most common data kept in mobile devices is the address book or contact list. In simple cases, people keep only a few common speed-dial numbers in their phone. In this case, loss of the device or theft of this data poses only a small risk. A thief may get your home phone number, your brother's number, and so on. While this information can be of some value to identity thieves, it's a small risk. On the other end of our user spectrum through are people