Why is it not mandatory to encrypt sensitive documents. its not rocket science
A British secret agent for the Serious Organised Crime Agency left information on dozens of informers and agents on a bus while working with Colombian customs. Agent T had been moved from the SOCA station in Ecuador to Bogota, where she was to liaise with MI5, MI6, and the US Drug Enforcement Agency. She had downloaded "SOCA's …
Why is it not mandatory to encrypt sensitive documents. its not rocket science
Another scandal to be laid at Jacqui Smith's door! Time for her to go and give someone else a chance at fixing this defective piece of government.
I wonder what discount they got from the salesman. Bet it was better than any government.
Hello Mr. IBM is cash all right?
What possible reason could she have to obtain all that information and put it on a memory stick?
Aside from fact that the system shouldn't allow it, even if it is encrypted, I think it should be investigated whether it really was an accident that it was 'lost'.
But if it turned out that the muppets at the top allowed such information to be downloaded and sold to the drug barons, my guess it wouldn't look too good for them.
"Although the incident happened in April 2006, Agent T has not been sacked and negotiations continue, according The Sunday Times."
Negotiations into what? And don't answer that, for IT would reveal far too much about everything.
And I imagine no one on El Reg is at all surprised by revelation, probably thinking it is just par for the course. After All, Sex, Drugs and Rock and Roll is always only going to be Perfectly Suited to the Perfectly Suitable and downloading crown jewels onto a memory stick is a bit daft and scatterbrained and frankly amateurish.
Please tell us that she is not Blonde?
"the agency was just being set up at the time"... . is simple irrelevant.
Anyone working with information they MUST HAVE KNOWN was a little bit secret, should be independantly able to figure out they should be careful.
Fired for gross misconduct (negligence).
However to follow the banking code in the UK, that would put you in line for a big bonus (loosing 100m).
What's wrong with using an encrypted memory stick - heck even PC World sell them, never mind something really fancy like an Ironkey.
Failing that, two words .... use TrueCrypt. It's free and she could have very easily encrypted the whole stick. Sheesh, even my 11 year old daughter (also quite scatterbrained, bless her) manages this okay.
Pretty clear case of negligence - maybe some jail time would be good as an example to the rest of her colleagues. Either that or having to apologise personally to the families of anyone killed as a result of her gross stupidity.
Where's the 'bring back public flogging' icon when you need it....
The keywords really say it all: amateurish; scatterbrain; etc...
.. and as history shows this does not at all appear to be an incident or feature isolated to the SOCA. No matter what people from other departments would want us to believe. The history of information security "hickups" in UK governmental departments overall speak for themselves. These people show an obvious lack of respect for their own professionalism and for those they ultimately are supposedly serving - us as taxpayers. It is what we who belong outside of that spectacularely self important governmentally financed group of people call ARROGANCE.
it was white, male, Oxbridge grads that got recruited in the past.
Although I'm not going to bring up the gender/racial intelligence topic again, lest Harriet Harman takes a swipe with her handbag of reasonableness.
it was password protected.
FFS why not even use a biometric memory stick.
Why dont these imbosiles use encryption. Even installing a truecrypt container on the drive with a good enough key would be what they need. Someone really needs to give them a kick up the arse!!!!
The goverment is a safety hazard these days
why did she put it in her bag, if i had that type of data it would be in a tight pocket, in my sock, i might even put it in a cavity where i couldn't loose it.
if she is such a dopey girl why was she given this data in the first place.
Its just beyond belief.
"She’s a lovely girl but a bit daft and scatterbrained"
Just the person you want covering your back when the drug cartels are out to get you.
Besides, I always thought the preferred way for spooks to carry sensitive information was to wrap it in a condom and insert it where the sun don’t shine. Even easier now that it’s on USB stick rather than a manila folder.
Much as I like the idea of blaming Jacqboots for anything and everything, this was over a year before she got the job of Home Secretary. It wasn't even her predecessor, John Reid's fault. April '06 would make it the fault of that jug-eared garden gnome, Charles Clarke.
Surely the correct way to carry such data is printed out in a clear plastic folder.
We trust the biggest secrets our country has to a section of bimbos who loses her handbag on a bus.
I'm more scared of my own government than any terrorist / pig flu / immigrant.
Sorry, Reg. Anonymous posts from now on, and I2P for all internet activity. It's not paranoia any more, it's simple self preservation.
Do you imagine that the cartel with their inroads into the telco network's details don't therefore also have the capacity to "undo" (read bruteforce) the amateur encryption on commercial USB devices? An AS/400 would provide surprisingly capable at such a mundane task.
No, this operative should have been unable to even put such sensitive information onto such a device. Isn't there a reason why, in the past, this would have been stored on off-line systems?
Grrrr. Still it keeps people in jobs mopping up their mistakes. Can I say fuckups?
Why are they still letting staff carry huge quantities of data.
It should not be allowed or even possible to take a copy and put it on a memory stick.
It's easily done. I once went to work without my sandwiches.
Absolutely; they wouldn't screw you over by accident; no, sir, they'd betray their entire country and cause hundreds (if not many more) deaths on purpose...or have white male Oxbridge grads like Burgess, Blunt, Philby, McClean and Cairncross been forgotten. Of course, we should completely discount the contributions of, say, people like Violette Szabo or Odette Sansom who were neither male nor Oxbridge. Wanker.
or maybe they just bought one secondhand. Colombia is on IBM's embargo list anyway - an AS/400 couldn't be sold there through legitimate channels.
Don't secret agents get Aston Martin's anymore?
Go back and read amfM's comment (he has a nice XXXlator these days) to see 0101 Pawn Chess's involvement - or to be nicer, her lack of it.
I am the only one sorely tempted to poke it with a stick like it were a patagonian giant slug suddenly conjured into my garden, to see if it is capable of locomotion, never mind ministerial responsibility?
How many more, Government employed dumbasses, losing potentially dangerous/fatal information will it take before steps are taken to stop it happening at all?
Set up a computer security agency that handles all security for every government agency or body. Set up all networks, new and old in the same way with the same, well thought out, security measures in place. Ensure all new setups comply with these strict controls before they are switched on and connected to the network. Make it a highly encrypted network with equally highly encrypted data. Audit ALL systems frequently to ensure nothing is amis, automate even so it can happen. Audit all personnel to the highest degree possible.
If data needs to travel from one person to another, encrypt it and do it over the encrypted network and not via unencrypted and portable data transfer mediums. Or even better remove the ability to remove data from the network via portable devices on all, but a few, tightly controled machines. ONLY allow data to travel this way if there is no safer way of doing it, no matter who the person is that wants the data. NO ONE needs to take names and addresses home of people that can be killed if they are lost.
If any person with restricted data loses said data, sack them and the person/s that allowed them access to the data, with no appeals process, as a warning to everyone else in the same position. I'm reluctant to say 'imprison', cos I'm not a complete bastard, but it's a thought.......
And most importantly, stop employing retards. If you have to employ a retard, to meet diversity quotas, then dont give them anything important that they could lose. Let them play with the train set, in the backroom, instead.
And that's all I have to say about that.
"Don't secret agents get Aston Martin's anymore?" .... By Anonymous Coward Posted Monday 27th April 2009 10:51 GMT
Probably the real ones do, AC.
Ahh, I can see it now.. Frankly (with a silent L) McClueless.
How in the name of all unholies, does someone so god awfully clueless get to be any kind of sppok, whether they be 5, 6 or a nappy wearing SOCA "agent".
Paris - 'cos she'd make a better f***ing job of it.
> "She’s a lovely girl but a bit daft and scatterbrained — the sort of person you could imagine forgetting her handbag on a bus.”
Assuming her claims are legitimate (it's not the first time that someone who's been turned would appear as a "lovely" person who's just a bit daft) then why (the f---) was she entrusted with that level of information on an overseas station? Why was she even cleared that high? And why did procedure allow all that sensitive information to be put in one, small, easily-lost device without encryption, being transported by the same person who downloaded it and without independent checks of data safety? Even the method of carriage (in a handbag that could be stolen at any time) is utterly ridiculous. How was that permitted AT ALL?
There should be MANY job losses over this and perhaps worse.
Even I could make a simple to use GUI for truecrypt that a moron could use to set up an encrypted container on any drive.
There is no reason for USB sticks issued by the SS not to have a copy of portable truecrypt on them.
It's so damn simple even that bimbo could do it.
5 clicks of the mouse VS Killing 10 agents.
Whats easier to live with?
I'll get my coat, I hate this country of idiots.
Just about every word of your security design is in place, now.
All the breaches we read abotut are due to people not following stated policy (or, common sense).
Employing retards - well that's another.
And drive her into the arms of you know who? And they'd treat her right and possibly even let her go back him to do a bit of moling for them.
The only people they sack are whistle-blowers and turncoats like Craig Murray, former ambassador to Uzbekistan, who start kicking up shit about human rights violations and the like. They pose no danger at all. Murray isn't likely to go running to the Uzbeki dictator with valuable information to sell, after all.
(Paris cos she's always losing things :-)
James Adams would have remembered his backpack! Even Bruce Norris (the eternal screwup) or Bethany would not have been that dumb!
(And yes, it is sad a 40yr old IT professional reads teen spy fiction but wotyergunnado?)
Don't secret agents get Aston Martin's anymore?"
Because of her actions all none of the agents are secret anymore, they're very public.
It was a Monday morning and she wasn't thinking straight because she'd been on the gak all weekend...
At last, an organisation that takes data loss prevention seriously.
It would appear that the UK government has been inspired by the cartel: interception of communications leading to suppression of dissenting voices.
This story really has everything, doesn't it? Even using big bad evil IBM hardware to help collate and eliminate enemies. But what I really wanted to comment on was the above line. Sure, any agents listed may have been moved to safety, but what about suspects (a subset of whom are merely that, since they undoubtedly have not been arrested and charged with any crime) and informants? I'll bet pence to pounds that no effort will have been made to inform these people of the risks they have ended up being exposed to because of these Keystone Kops.
Welcome to Due Process 2.0. Please expect some level of bugs until at least Service Pack 3.
She did make a killing on ebay selling an "almost blank" USB stick for 2 million pounds to someone in Columbia...
There was a story on here not long ago about some geek with no mates - sorry, I mean a Scandinavian IT worker who was careless enough to lose a finger (although I imagine he noticed, unlike the heroine of this story). He replaced the divergent digit with a false finger comtaining a USM memory stick.
I think this should be made mandatory for anyone working for the government who uses my data. Lop off a finger, replace it with a USB stick and graft it back on. Let's see you leave your finger on a train/coach/bus/tram/tube/prostitute's dressing table then, you hopeless bunch of overpaid snooping government fucktards.
It would be trivial to split the data over more than one device, transported seperately, so that no single courier could betray, or lose, the data.
Of course, the more ruthless Human Resources policies of drugs cartels probably give them a better guarantee that the security policies are followed.
The "war on drugs" is lost. All it's doing is creating an artificial monopoly for the drugs cartels and an ever-increasing volume of drugs-fuelled theft (both at the taxpayers' expense), while keeping the street price of drugs high, to the ultimate benefit of the cartels alone. Time for plan B.
Legalize posession of hard drugs, and give them away to anyone who registers as an addict until he decides he wants to cure himself, or dies. Maintain (preferably considerably increase) the penalties for supplying drugs outside the legal framework, to provide some degree of protection against addiction for silly teens. Doing this would put organised crime out of business. Why engage in the risky criminal business of pushing drugs illegally, when your newly created addicts would turn to the state for free supplies of their substance as soon as they needed to? It wouldn't cost the taxpayer much, because the substances themselves are cheap, and there would be a huge saving of policing and insurance costs.
I can't say I like this much, but it's better than plan A, and nothing else seems to offer any solution.
1) Being as described, how come she was anywhere outside the GCHQ building? As pointed out, other heads should roll. We don't want lovely people on these operations, just grim-mouthed anal-retentives :-)
2) Though I generally believe in open government, this loss should not have been published - if the baddies didn't get the stick straight off, they know about it now and have probably laid hands on it by fair means or foul.
Have we learnt nothing from the movies? I believe even "Mission Impossible"'s NOC list was split in two so that the loss of one half wouldn't burn the agents...
What this twat did was nothing short of utterly moronic. Not sure about recommendations of TrueCrypt use - doesn't it require more than bog-standard privileges on windows in order to mount a volume? However there is this USB stick (a touch pricey but the tax-payer's paying / saved cash in long run etc) called IronKey which is hardware encrypted and sealed to prevent chip inspection. Google it, it would seem like a good idea for these civil service muppets.
Even scatterbrained ditzy girls protect their handbags
She must have passed tests, interviews and selections to be in a position of responsibility
Imagine you have access to £100m worth of data, imagine you're offererd £10m to copy it for someone else (these people may even have threatened to kill you and your loved ones unless you deliver), imagine by acting a bit scatterbrained you'd be able to get through the "loss" of this data, after all if you copied the data and just gave it to them, people would know it was deliberate, "losing" all data that the logs said you accessed gives you plausable deniability.
I have a USB key which is a True Crypt volume... its not exactly rocket science and I wouldn't dream of storing any secret information on there (even if I had access to some!)
Why wasn't her USB key encrypted to look like an empty key to anyone who found it? Hopefully if her purse was found the money taken and the key and bag discarded. Quite serious mistake really.
Actually, nowadays spooks rarely ever, as in say never, make mistakes. So it is more than likely an elaborately simple plant which netted the Service, £100m. Well done, chaps/ladies, a piece of space cake. That's Peanuts though compared to the Fortunes available for Shaking down in the Money Markets and Banking Sector, for they are Rotten to the Core with Dodgy Funds.
...I'm just pleased I'm not paying for this lot with my taxes.
'The government plans to spend £2bn for ISPs to intercept details of their customers' emails, VoIP calls, instant messaging and social networking.'
But details of your online chats with leathergoddesses.com will never be left on the back of a bus. Cos you can trust the govt to make sure your private data is secure.
First thing - this bint was on ops, so why the fuck was she carrying around data that was so obviously sensitive. Jesus H Christ on a bike. You can bet these people (the cartels) will have their own counter intel teams and would in all likelyhood be aware of any "liason" officers coming into play. There is just no need to carry data like this around and as a matter of course data like that should nnot be removed from HMG networks\bulidings without being given authorisation\guidance from someone senior who has at least some understanding of intelleigence matters.
But this is the problem; she was probably a fast streamer Civil Servant, doing a short placement, which was obviously fay beyond her intellectual capability. These people don't fuck about; you make a mistake in that game and the consequences are serious and can end up with people getting killed.
The Civil Service seems to think that getting a good degree qualifies you to handle this level of pressure and make snap judgements. How she got through being DV'd without it coming to light that she was educated but devoid of common sense is laughable.
If there is any justice she will be busted down to a lowly AA and sent to some backwater policy divison.
"She had downloaded "SOCA's crown jewels", including details of operations, code names and addresses of informers, onto a memory stick which she had in her handbag"
"The stick contained five years of intelligence on the cocaine trade, as well as details of informants and agents"
Who in their right mind keeps 'secrets' on a network accessible system. Who in their right mind copies this to a USB stick? It's the first thing they teach you at secret agent school