A New York City Police Department sergeant has admitted he illegally obtained a name contained in an FBI terrorist watchlist and gave it to an acquaintance to use in a child custody case. Haytham Khalil, pleaded guilty to one misdemeanor charge stemming from the unauthorized access and dissemination of information from the FBI's …
So having a similar name to a suspect ...
Means now not only you can't travel, but you lose custody of your children as well.
But: "Cop accesses database illegally" is news? In further reports, El Reg investigates the pope's religion and the defecation habits of bears.
"The episode is exactly the kind of red meat that feeds critics of government watchlists, who say such databases are rife with potential for abuse."
It's a list of more than a million names for which there is no evidence to even launch an investigation, yet is used to bar people from public transport / airplanes / some jobs and cause all sorts of daily difficulties for them as they open bank accounts and live their lives. So how much more abusive can you get?
If you're stupid enough to be critical of the DHS using your real name, expect some power crazed tw*t to stick you on the list. Expect the same power crazed tw*t to be angry when others usurp his power.
It's just one of Bush's legacy leavings that needs to be scooped up and bagged. Still a week to go of that idiot. Don't underestimate the damage he can do in his last few days!
How many times does this happen but go undetected?
This was detected because the stolen info was used in a court filing.
Who knows how many thousand times such abuse happens, but goes undetected?
How long you figure?
This is where we get to hear all those megalomaniacal types controlling these sort of databases say that this was a one time happenstance and incidents like this don't happen regularly and they still need every piece of data they can get their grubby hands on to protect us from ourselves and in fact need more power to prevent these sort of irregular incidents from occurring while doing absolutely nothing to protect anyone from anything with the one exception being their own job.
Oh well, doesn't quite roll off the tongue after all.
Failure of Organizational IT
This just goes to show, in vivid detail, what happens when an organization makes it too difficult for employees to acccess systems and information -- The one person in a department who's pulled enough teeth to be given access to a needed system/database ends up leaving "his credentials on a notepad so his co-workers could access the system when he wasn't around."
@ Keith T
All I can say is that it happens far more often than anyone outside of certain agencies know. This one case is a drop in the bucket, this and worse happen more frequently than anyone would be at all comfortable in admitting. It's one of those dirty little secrets and while in some respects the controls have gotten marginally better. In other ways they have stayed the same lax levels or gotten worse.
The conclusio of the story is wrong...
For supporters of government databases this is a perfect example to claim, that with biometric authentification this would have never happened...
And I'm just realistic...
Hang on a minute....
So unauthorised access to a classified federal database is a misdemeanour?
What about the guy who left his password on a notepad? Surely he is the problem, if the users are the weakest link then they need to be punished. If the one guy can get 1 year in prison for using the information the other guy should get 10 for failing to protect it.
So the watchlist that you can be placed on simply because you share the same name as an alias or actual name of a terrorist (who may even be a SUSPECTED terrorist)--the same watchlist that takes hours to get on and years to get off of--that watchlist's security is now based on whether you can read detective Joe Blow's handwriting on a Post-It?
And now your inclusion on this list might be used to help take your kids from you in a custody case (assuming you know a crooked co-worker of detective Blow)? This would be besides being held up in airports or train stations, potentially having your email or phone calls go in for extra surveillance by the NSA/FBI, and potentially complicating or obviating your recruitment for certain jobs?
I for one am delighted to hear this! I welcome our freedom-protecting, Post-It note password recording overlords!! Personally I think that everyone should go on the watchlist!!! This is especially true of those devoted public servants who cooked up the wathclist in the first place. Obviously, their freedom is more important for society that humble lil' old me, so they deserve to be "protected" more than I do!
It isn't remarkable at all
If you have a system for which access is "needed" for people's jobs but hard to get, then people *will* share passwords. It's a fact of life.
If something needs to be really secure, it should be protected by something more than passwords: hardware access tokens, putting the terminal in an area that you have to show authorised id to visit, putting the terminal in a secure area and having users take their requests to a counter (like the Registry in most old-style MOD facilities).
Last few days...
...before the real damage starts!
Reminds me of a time
When I got a DWI (yes yes bad in and of itself I know) and went infront of the judge here in the states, only to be told I was charged with Burglary 1st, Assault 2nd, Criminal Trespassing and a laundry list of other charges. Needless to say my jaw was on the ground and only thing I could say to the judge was "All this for a DWI charge?" took them 15 minutes to sort out that I wasnt the same James J. O'Brien that had those charges. . .and the person who got them was in his mid 40's apparently.
Damn near shit myself that day.
/mines the one with the pair of Depends in the pocket in case that even happens again
>"Remarkably, the fellow officer left his credentials on a notepad so his co-workers could access the system when he wasn't around."
I don't know what universe *you* come from, but round about these here parts, coppers aint exactly noted for their powers of intellect and reasoning.
I can just see it...
"...left his credentials on a notepad so his co-workers could access the system when he wasn't around".
That really should be the epitaph of the national ID card (and database) scheme.
what's wrong with databases?
What happened to the kid? The article mentions the abuse of the watchlist, but does not comment on the outcome of the "supposed" abuse. Sounds to me like a guy violated the law and is being prosecuted... like the system is working as it should... which is a fricken miracle by itself.
I am more scared about random people being added to the list.
I read a story on a guy who kept getting turned down for job after job after great interviews until someone finally told him ... "we don't hire murderers". Someone made a typo and for several years prospective employees thought he was a convicted murderer. He had no criminal record so he no reason to ever check his record.
I wonder how often mistakes get make on the this huge database. I wonder how hard it would be for someone who doesn't belong on the list to get taken off.
What's the problem with post its?
i mean, a lousy notebook?!
mine's the one with the pencil and notebook in the back pocket...
RSA Key and pin for those with access privs and 10 year Jail sentence for misuse of data accessed with your credentials sounds reasonable.
We terminate employees instantly for sharing credentials, no matter their glowing track record or the circumstances. I'd hope the guy who was clearly negligent in leaving the ID and password freely available is at least fired, even if no criminal charges are pressed.
On the other hand what's sto say it wasn't actually him that accessed the data for his buddy, on the condition that if busted that the excuse would be the notepad stupidity and his firend would take the heat to protect him?
Either way, the guy with the access is just as culpable as the one who passed the information.
AC because I don't want to mess up our hiring of people!
What evidence is there that the person involved should have been on the watchlist in the first place, given that in this country you can have your DNA and details put on a database for being just *accused* of a crime, even if it's thrown out of court with prejudice - and until recently it was damned near impossible to have those details removed from the database.
A woman accuses you of rape, you can prove that you were in different county at the time, but your DNA has been taken and put on the database already by the time you get to make a statement...
The issue here is that data that should not have been available to the persons involved was made available through illegal means - the fact that it is classified as a 'misdemeanour' horrifies me, frankly.
I can remember being in training at BT, and being told that if you went around the systems in a manner in which you were not authorised to [say, doing a number-->address lookup without authorisation] you were sacked and up for criminal charges without any questions being asked and no quarter being given - escorted off site into a police car, along with a couple of press clippings backing this up. And that's for doing a reverse directory enquiry and just getting an address, never mind making potentially false [or at least dubious] statements about someone's character *in fucking court*.
Disgusting state of affairs IMHO.
Flames - because I'm fuming.
"we don't hire murderers"
At least he didn't get hired and then get given a list of people to whack on the first day.
So, they put this case on the news
I wonder why they put this incident on the news. Could it be because he has an Arabic name and that they want to show that you cannot trust Arabic people to do the job?
I am not Arabic. I just find it interesting that this case has been publicised and others have been hidden away.
I think everyone is getting a little over excited here
This would never happen with Jacqui's database. As well all know the British have a stiff upper lip and a back bone which would prevent such a flagrant abuse of power and privilege.
But with the extensive safeguards put in place to prevent such breaches I feel reassured.
No travelling on trains...........
No going to the pub with your laptop.................
No flash drives allowed
and certainly no accountability.
I feel better. Is this racist to rely on our stiff upper lip? I should ask Price Harry, he would know
'Remarkably, the fellow officer left his credentials on a notepad so his co-workers could access the system when he wasn't around.'
Occured here ^
Supplying has always been a greater offence than using... (Piracy/Drugs/Security?)
At least this one's not for the kids....
So what's the actual purpose of this database then? Because surely this one isn't 'for the kids', is it? I mean, as the awe-inspiring overlords, would you want kids being indoctrinated by terrs if you could prevent it?
Ah, maybe I should have shut up. They probably already do that in the penny-happy interfere for no reason, pound-foolish leave injured children with known offenders because we can't be bothered UK.
(1) copper looks up info for fellow copper(?)...you obviously just come out of your cave if you don't understand that coppers ALWAYS look out for / cover up for / their fellow coppers.
(2) the watch list is most likely one of the most idiotic ideas ever thought up - very possibly unconstitutional...if there were NEED to keep a list...I suspect it would top out at around 1000 people...not a jillion...and with such detailed information NO ONE would ever be confused who wasn't specifically ON the list
(3) the copper leaving signon information laying around needs to be fired
(4) the one making unauthorized look-ups needs to be jailed
(5) the database needs an audit trail and to be audited for access to verify who and why
another fail for human rights
Watch List Misuse Should Be An Offence
Proof that someone being added to a watch-list without extremely good information should be grounds for misuse of information & therefore a criminal offence. If someone can tarnish your career or for that matter any part of your life with absolutely no proof & just a mimicked name then the person(s) that added that name in the first place should be charged with a criminal offence.
Anyone accessing that information without proof of context should also be charged with a criminal offence. Anyone caught using this information in the manner that this information was used should be never be allowed to work in law enforcement because they obviously can't be trusted like most of the cops in the world. The criminal offence in this case should probably carry a minimum 10-year imprisonment & a substantial financial payout to the person that was incriminated by the information due to the character assassination that comes with the suggestion of mistrust.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen