Yet more confidential UK government files may have been mislaid by public servants. However, in a sign that Whitehall may be raising its game slightly, this time the data was encrypted - and the copies originally lost have been recovered. The Guardian reports today that a small IT-repair firm near Bolton received a laptop on …
So *what* did he do first?
"We put the disk in the drive to see what it was, but it was encrypted."
"As soon as I saw it belonged to the Home Office I placed it in the company safe and called the police."
If he put in the company safe "as soon as I saw it belonged to the Home Office", how did he manage to put it in the disk drive...?
Or more likely "wow, I can be famous... aww crap. Suppose I better be seen to do the right thing"
Good feedback ?
I wonder if the eBay seller will get good feedback ...or a visit from PC Plod?
clue - a nice tea and biscuits session with the person that took the lappie for repair, followed by a damn good attempt at tracking down the ebay vendor......
They repair laptops inside a safe?
I guess they must, because as soon as the disc, labelled "Home Office Confidential" was seen to belong to the Home Office, they locked it in the company safe, and also put the disc in the drive to see what it was...
BTW, probably best not to buy a laptop on eBay if it needs repairing straight after
Does TheRegister believe in proper journalism?
"However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory. "
Presumably the article is referring to the recent work at Princeton. This attack is simply infeasible in this instance. The main memory of the laptop would have faded and thus the key would not have been recoverable. Furthermore, since the data has held on floppy disk there is nothing to suggest that the floppy disk's encryption key would have ever resided in the laptop's main memory (this relies upon the assumption that at some stage the disk had been used in that laptop, moreover, it must have been used recently)
Hang on, hang on, hang on - is there actaully any evidence that it was sold on eBay, rather than just being stolen?
Also, as an aside - who the hell hides CDs under a laptop keyboard?
did removing the disk that some idiot had crammed under the keyboard fix the laptop?
Optical disk "under" the keyboard?
I can think of better palces to put one. What's that all about? How does a cd end up inside a laptop? That's just weird.
So was the auction for a Home Office CD-ROM with free laptop or vice versa...?
Mines the one with HOIT written on the back...
What user stores a CD UNDER the keyboard? Ho many screws had to be removed to take out the keyboard? This sounds fishy. Possibly an attempt by the HO to demonstrate that they have cleaned up their act re: data security? What better way than to flog a lappy on eBay with a hidden prize. Like a box of cereal.
.. it could be a wind-up! Lets face it - who in the Home Office would have the knowledge to hide a disk UNDER the keyboard. I can believe a forgotten disc in the drive but.....
When they decrypt it it'll probably be the complete "Third Policeman" by Flann O'Brien!
I suspect there'll be thousands of "Property of Home Office - Confidential" disks appearing from everywhere in the coming months.
In fact, it'd be a good line in CD labels.... for those of an entrepreneurial bent.
This is tabloid journalism, Lewis. It's a blatant attempt to criticise the government, even though they've done nothing wrong in this instance. I expect better from The Register.
3 sliding clips
That's all that holds my keyboard down. It's where I keep my emergency €20/£10/$20 when travelling. Never tried to squeeze anything else in there though. Must remember to take them out before I return the laptop.
Its a fix
The HO put this on e-bay knowing what would happen, either that or it was never on e-bay and its an elaborate ruse making us think our data is safe out in the low cost data centres of helmand province.
> Ho many screws had to be removed to take out the keyboard?
I can take mine out just by popping two tabs at the back. never thought about hding a secret disc there, tho'...
Well it must be
I've found a disc, it says Home Office and Confidential on it. It's encrypted - ergo it must belong to the Home Office. That's flawless reasoning right there.
No chance that it's an a) wind up, b) some guys back up of his home and office files?
I'm looking inside a fairly common brand of Dell laptop just now, there's oodles of space (technical specification of oodles can be provided on request) to hide maybe 2 cd's side by side without causing too much damage.
I assume that the disc label was all official looking and didn't just have 'Home Office' scrawled on it in permanent marker (with smudged finger prints, coffee stains etc)?
Cos shurely you could fill a CD with random bytes and then scrawl 'MS Windows 2010 source code' couldn't you? And the 'real owner' as such would be out of their mind to risk the possibility that the disc was in fact legitimate rather than a fake.
@ CD under the keyboard
This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.
A very slim chance, but maybe that's what happened here?
Heh, someones having a lark...
There's a bunch of kerfuffle about the home office losing data.
Then a mysteriously "encrypted" cd turns up from eBay with the words Home Office and Confidential on it.
What's the bet that someone created a CD sized bunch of random data, encrypted it, put it on eBay, then started counting down how long it takes for people to figure out (if ever)?
Half of the point of encryption is that people wouldn't be able to tell if there really is data in there. ;->
Has anybody seen a laptop made in the last ten years or so where it's actually possible to squeeze anything at all in to the case / under the keyboard?
Unless it's a Toughbook, in which case the disc wasn't hidden, it was just sitting in the drive.
Seems like a prank to me...
Do your spies actually label disks, "Home Office" "Confidential"?
This sounds like an elaborate prank to me.
@AC - Flawless Reasoning
Extending your theory a bit - if the bloke who sold the laptop was having a bit of a laugh with some random data, he'll get done for not providing a decryption key.
Or his defence could be - ask the HO!
that EEE PC has a lot to worry about
Looks like the price of laptops have got so low that its cheaper to stash CDs in the keyboard than use a Jewel Case ;-)
@ Jason W
Yes, because none of The Bad Men would want to steal your laptop.
Surely you're supposed to keep the password under the keyboard?
Did they check?
So the government lost a laptop, it happens. They had taken all the right steps to make sure that all that was lost was a bit of kit, and no sensitive data made available. Your weasely attempts to suggest that the data could still have been copied are pathetic.
When they do something wrong, go ahead and kick them. When they do it right, report that or at the very least shut up.
HMG typically uses "Restricted", "Confidential", "Secret" and "Top Secret" as its labelling scheme. Stuff properly marked Confidential shouldn't be taken out of a Government office, regardless of whether encrypted or not and regardless of whether on paper, cd or a laptop. So someone is for the chop if this is true. More likely a prank though.
Looks like eBay is now being used for Dead-Drops...
Good thing that the [Chinese | Ruskies | Terrrrreeeerrrrreeessstttss | Cubans | French] were out bid this time... next time we may not be so lucky...
(shame there isn't an icon of Paris Hilton riding a Black Helicopter with her coat ...)
I don't habitually carry my laptop when out (example for a meal). It's most often safely locked away in the office or hotel.
we should ask the home office to provide the key
or the plain text of the contents of the disk and if not then they can go to jail!
I just checked and...
... guess what I found under the keyboard of this laptop I bought off a dodgy-looking bloke in a pub? A neatly-folded inflatable girlfriend and a tube of KY both labelled "Property of David Blunkett, The Home Office, Queen Anne's Gate, London SW1"
And a couple of Bonio biscuits.
I have a CD on my desk which is marked as property of the Home Office. When I put it in my drive, it comes up blank. Obviously, this is the work of a form of unbreakable encryption which requires access to the entire set of data to use as a decryption key.
This message was encrypted with dual rounds of ROT13 for your protection.
Paris, for your protection.
Q: "Also, as an aside - who the hell hides CDs under a laptop keyboard?"
A: People lke e o all e me, o kow.
I got it: "Home/Office" backup install disk of windows XP.
Nothing whatsoever to do with THE Home Office.
Really, that took 2 minutes of speculation.
Paris? Well, get a clue.
disc under keyboard
i guess those laughing at the thought of hiding something under a keyboard have not used an ibm laptop before with the keyboard you can tilt/lift???
> I can believe a forgotten disc in the drive but.....
Maybe it was an old relic that had the CD drive under the keyboard. If that was the case it could have been a forgotten disc in the drive. :)
Re: @ CD under the keyboard
"This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.
A very slim chance, but maybe that's what happened here?"
Yes. How about the CD wasn't properly seated in the CD drive and the CD got pushed under the keyboard.
I've just taken a look at a Dell laptop and you'd need a bent or loose case, but it looks possible.
So, some sausage fingers in the HO looses a CD inside the laptop and fails to own up and send the laptop for repair to get the CD out. Or they'd been stiffed with a money grabbing support contract and a repair would cost more than a new laptop. "It costs too much to get the CD out - just make another".
It looks like another example of not following the rules about documents with protective marking. Okay, the data was encrypted. But the CD was still marked confidential and should have been handled accordingly.
Under the Berlin Wall
"under the keyboard"
My old Toshiba has a pop-up plastic strip near the hinge; pop it up and the keyboard comes out on a little ribbon cable. It's easy, and there's probably enough space there for some cash - thanks to the previous commentator for that wheeze - but a CD wouldn't fit, there are sticky-out prongs that keep the keyboard aligned.
It seems odd to hide something from theft by putting it in a laptop. That would be like hiding valuable sweets by grinding them into powder and sprinkling them into a mobile phone; clever on the surface, but the phone is likely to get nicked, taking the sweets with it. As seems to have happened in this case.
Furthermore, phones are typically nicked by exactly the kind of person who loves sweets.
Actually, hiding a confidential disk under the keyboard of a laptop would be a really good way of getting it off site. At the guard house you solemnly present the laptop and the associated paperwork that lets you take it out, and the guard searches the bag, finds no CDs and lets you out. Then, before you can sell the juicy data to your buyer, you lose the laptop on the train, and some light-fingered git flogs it on ebay.
The laptop should be traceable from its serial number, back to the HO unit that lost it, if it's an HO machine. Maybe it belonged to a bent contractor? What, wait! Surely there's no such thing.
I repaired a desktop yesterday...
...where the user managed to wedge a CD between the chassis and the CDROM drive. I suppose it'd be more difficult, but feasible that someone (especially in government) could get one stuck under a laptop keyboard...
Thankyou for the warning
Nice to know that when you take a computer to this company and you leave a CD inside it that the first thing they do is put it in the CD to find out whats on it.
This is a non-story
"However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory."
Yes, and those circumstances were absent here. You have to find the computer while it's *actually performing a decryption* (so the keys will actually be in memory -- they get zeroed out as soon as you quit the decryption program), and quickly reboot it. And even then, you're relying on the bit of memory where the keys were stored not getting overwritten during the startup process.
So what we had was a disc of encrypted data and no key. In other words, everything done right. No story.
Anyway, anything that says on it "HOME OFFICE - CONFIDENTIAL" is so obviously a fake, whoever called the Old Bill wants charging with Wasting Police Time.
CD under the keyboard
That isn't that far-fetched with my former laptop. Now that could've been some good way to smuggle CD's in and out of my former job... one of my co-workers had 50+ CD's in his desk, despite company policy prohibiting *any* kind of removable media. Wonder if he did this ...
w.r.t keeping money under keyboards...
With regards keeping cash (or anything else, for that matter) under the keyboard. I wonder what the probability of frying the laptop due to the metallic strip.... (Presumably it will conduct electricity)
if I jam a flash drive labelled "secret terrorist WMD locations" inside the casing of an old trash computer, and then call the police can I be considered a war hero?
Re: Two questions
"Also, as an aside - who the hell hides CDs under a laptop keyboard?"
Don't CD drives on laptops sit under the keyboard? ;)
In these politically-correct times, I'll have you know that's a "contractor of non-heterosexual orientation", ducky...
Unless of course...
... The CD contained a backup of the encryption software and the keys for what was on the laptop HD.
Could a user be this stupid? Er.... yes.
@ JasonW-emergency cash
I totally see your point. You chuck money under your laptop's keyboard, so that if you are robbed, you still have money for a beer, a sammich and a bus ride. Clever.
Mine's the one with the banknote taped on the back