Jump to content

USB Drive Loaded with British Military Troop Movements Found on Floor of a Nightclub


digip

Recommended Posts

OMFG, Why in the hell do Governments allow this sort of stuff to happen? WHat is their training and who is enforcing protocol? Not just in the UK, but Worldwide, I read about this shit all the time. FBI Laptop stolen, CIA loses hard drives, etc, etc. How in the hell does sensitive shit even get out there. All sensitive data should be kept locally, and mobile media given only rights to VPN into the systems, after full authentication, both Passcode and Biometrics + a smart chip RFID embeded in the body or something. The key should not have been readable in any format, and should have been encrypted or whatever you need to do to conseal the data, rendering it useless in anyones hands who doesn't have authorized use of the device.

http://gizmodo.com/5047278/usb-drive-loade...-of-a-nightclub

http://news.bbc.co.uk/2/hi/uk_news/england...all/7605923.stm

Link to comment
Share on other sites

I am fed up with all these USB Stick and Laptops getting lost. How Though? Like the laptops, I never let my laptop out of sight (mainly for the porn history :lol:), so how can you loose a laptop/memory stick with MILITARY information that is TOP SECRET. I already know my data has been lost by the government as they lost all the Young Scot Card Holder Details (which im one of).

Link to comment
Share on other sites

Personally i don't see this as a big surprise. I work for the government as a contractor and i see retarded stuff like that all the time. People taking government property home, using it for very personal things, or even just stealing it.

Pretty much every morning when i log into my workstation i get bombarded with pop ups pretty much yelling at me that we have to stop the loss of government material, and yet, this stuff still happens.

All i can do is sit back and laugh. I'm surprised we haven't accidentally nuked ourselves.

Link to comment
Share on other sites

I wonder if someone was trying to sell it on the black market, and the seller/buyer dropped it out of stupidity. Maybe the data was fake, and purposely put out there as a honeypot sort of deal, or has hidden software meant to do something else.

Link to comment
Share on other sites

I wonder if someone was trying to sell it on the black market, and the seller/buyer dropped it out of stupidity. Maybe the data was fake, and purposely put out there as a honeypot sort of deal, or has hidden software meant to do something else.

I like how you think!

The sad thing is we have to take (government) training at my workplace to try to combat things like this (espionage, sabotage, etc). So it's very well possible that the person was there to deliver the data. People can be easily compromised, especially if they have family. Or if the money amount is high enough.

Link to comment
Share on other sites

The only way it will change is if data like this is leaked on the internet and someone dies as a result of it. Its the only way governments will take even the slightest interest in the subject.

wanting someone to die are we :P

people are stupid and careless. its just that simple

Link to comment
Share on other sites

I blame the users...I do. It may sound like a cop-out but the policies are in place and training is offered to prevent incidents like these but still they happen. With everything in place there are only two reasons why this kind of thing still happens.

1: It happened because somebody was being paid to do it. (Selling Secrets)

2: All Advice, Training, and Policies were ignored. (Due to lack of convenience or understanding)

With technology becoming so prominent in today’s society, it’s important to have an understanding of how it works. It's should no longer be acceptable for a person to say that they are "computer illiterate" or "Computer retarded". Anyone who says such should not be able to touch a fucking computer, at least not in a business, and especially not in the DOD/GOV.

Information Science or basic understanding of Information Systems should be taught in high school, in college or at least prior to working for the government.

Link to comment
Share on other sites

I wonder if someone was trying to sell it on the black market, and the seller/buyer dropped it out of stupidity. Maybe the data was fake, and purposely put out there as a honeypot sort of deal, or has hidden software meant to do something else.

I've thought of doing something like this to see what happened lol.

Link to comment
Share on other sites

Heh,

Well stuff like this happens all the time, and probably happens much more than it is reported. It's not only military, gov personnel, contractors, all sorts of people probably do similar things like this. Not only lost usb sticks, other media as portable harddrives, sd card and other memory cards etc. Even worse if anyone flies alot you can notice in airports people looking/working on company/military/gov stuff all the time. I believe Johnny Long has covered this alot, awhile back he did the no tech hacking thing at shmoocon, and his book well just explains all of that jazz.

But back on the usb thing, yeah if you have to have this sensitive data on ya, atleast use something like truecrypt, i learned about that program i dunno 2 or more years ago when mubix and irongeek discussed the program.

But yeah this stuff / sensitive data should be on a server, and if you have to access the data atleast have a vpn connection or something. :P

Link to comment
Share on other sites

It is common, and as said not all countries and sectors are subject to disclosure, so especially in the UK for example the data loss is probably much much greater than communicated in the press.

Its hard for people on this forum, and others of a like IT / ITSEC mind to understand as we take care of our kit, and our data. However you have to put yourself in the mind of the user. Its not their kit, so they dont care for it as much, its not their data, they make assumptions, they assume the company must have protection and controls in place.

Companies dont spend enough money on awareness, education and training, and testing of these processes, and I would say many cases face no real action. Security is everyones responsibility, but the company has the responsiblitly as the custodian to take steps to secure it. So devices should be secure and protected for when the human element fails, but the human element needs to be improved, with training and ownership.

Keeps me in a job anyway :D

Link to comment
Share on other sites

A very simple way would be to introduce a sign-out/sign-in policy coupled with a 5 year jail term if you fail to sign-in any data you removed. Couple that with disk encryption and red/green system separation for sensitive data and you have it sorted. I honestly don't know why things like terminal services and smart cards aren't used more as your MP could have access to everything they need while at home via a rdp session.

But the most important thing to get established is if you loose the data, for what ever reason, there is a good chance you will go to jail because of it. If that is drilled into people then things will improve.

Link to comment
Share on other sites

I just like to think some dude was getting ready to go out to a night club, and it was;

Jeans? check.

Clean Shirt? check.

lucky underwear? meh go commando.

Wallet Check, Phone check.

Super special USB stick of mass destruction... check.

The person who lost the USB could have had a fair reason for having it on there person, chances are they weren't trying to sell it. But if it had such importance, you would kinda think they would leave it at home in a safe.

Link to comment
Share on other sites

A very simple way would be to introduce a sign-out/sign-in policy coupled with a 5 year jail term if you fail to sign-in any data you removed. Couple that with disk encryption and red/green system separation for sensitive data and you have it sorted. I honestly don't know why things like terminal services and smart cards aren't used more as your MP could have access to everything they need while at home via a rdp session.

But the most important thing to get established is if you loose the data, for what ever reason, there is a good chance you will go to jail because of it. If that is drilled into people then things will improve.

For the most part, that is exactly the type of policy seen on the classified side of the DOD/GOV sectors. And it is pretty well known that you don't fuck around when it comes to classified shit. Most of the people who have access/clearance are pretty aware of how important that is, but when you work around it all day everyday (depending on the environment), you get more relaxed around it. That is probably how this incident occurred.

I still have a hard time imagining why it wasn't noticed when changing from uniform/work-clothes to club clothes...

Link to comment
Share on other sites

I once found a USB stick from a university in Denmark that had alot of unpublished research data on some medicine, but really none of this surprises me, im just waiting for the day where somebody gets killed because of it, maybe then people will learn to keep their secret documents secret and secure...

Link to comment
Share on other sites

  • 2 weeks later...

None of this surprises me. Every large origination is like that.

I've got a little story. It's about someone here in Canada. We'll call him Timmy. Timmy went to a computer shop and purchased 3 computers that were used, and on for a VERY good deal. After purchasing them and taking them home, he noticed stickers indicating "Property of US government". Two of the computers were clean, while one was completely unformatted. On it, were resumes, SSN's and names of over 200 enlisted personnel, and various military documents including disposal procedures for military sea craft. This all occurred over 4 years ago.

So not only are governments not keeping an eye on their information, but cooperations as well. I don't foresee an end to this any time soon.

Link to comment
Share on other sites

this nothing when umm 3 years ago the company that was contracted to build one of the army Basie over in Iraq posted there plains on there web sit for all to see next day the plains where down there where fined pretty good sum of money and lost the contract but still this just shows how ppl do not think about what they do

it was probably some high up officer that bypassed sop that day cuz he was running late to a meeting instead of going back after horse saying he fucked up going to try ride it in the next day now his probably going to jail i have no remorse for this ppl

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...