What's the betting...
... he found the data left on a train...?
Next week, a 25-year-old man will appear at the drab Magistrates' court in Westminster's Horseferry Road to answer allegations he tried to sell Top Secret MI6 files to a foreign intelligence agency for £900,000. Daniel Houghton, who has joint British and Dutch citizenship, is accused of walking out of a meeting at a central …
... he found the data left on a train...?
Only 9 years? Why not just decriminalize it?
...seeing as he already worked for MI6, although I can appreciate the sarcasm intended.
"How did he manage to walk out of the building with classified material?"
Not exactly hard, send document to printer and put in bag (he may have scanned them later), save to CD or memory stick as part of the local area data backup procedure etc etc. They don't make a habit of strip searching people as they leave the building you know! The whole point of vetting or proper line management is to figure out whether someone is trustworthy or not. Trying to prevent everyone from being able to do anything useful with documents or data would lead to a draconian security system that would actually prevent people from doing any productive work. You just have to accept some risk in that business and manage it as best you can.
I can speculate on how he was caught, but that speculation is not going to be aired here. Either way, he is a totally uthrustworthy jackass!
"....send document to printer and put in bag....." And leave a electronic paper trail of the action that would be easy to trace, even with an unsecure OS like Windoze, let alone a hardened Linux. You can also make documents unprintable unless you have a certain level of clearance. You can lock down an OS in such a manner that even if you try and take a screenshot the IT admin knows about it and the security buys get the rubber gloves and the graphite grease out even before you have collected the material from the printer. Printers too can have security fitted that means users have to login before they can print out a document sent to them, making the paper trail not only more complete but making it much harder for the suspect to deny it was printed by them. Scanners can record docs they scan and even old photocopiers can have monitoring cams to watch for unauthorised copying. I suspect the twit tried something similar, either that or he did something really silly like pinch a drive from the PC of another user with higher clearance. In any of these cases, unless the material was smoking-hot top secret, they'd probably just put him under surveilance whilst they worked out whether he was just a twit or a traitorous twit.
"....They don't make a habit of strip searching people as they leave the building you know!...." Depends on the security level of the building. As a contractor, I visited secure establishments where they conducted random searches and reserved the right for an "intimate search if deemed required". Such sites demanded you surrendered any communication devices such as mobile phones, any cameras, and any data storage devices. Just being caught inside a restricted area in possession of a thumb drive would have been enough to get the red tops stripping you down. You'd be taking a real chance if you ran the gauntlet (or rubber glove) on the chance you wouldn't be randomly chosen for a search. Which does lead me to suspect the twit in question was working in a pretty low security role and the data wasn't that particularly bad, maybe some training manuals.
"...The whole point of vetting or proper line management is to figure out whether someone is trustworthy or not...." Correct, this is the hardest bit, which is why we had people like David Shayler getting in. The good news is that such events are very rare and the vetting is usually good. But I'm told that even after you join they do random checks just in case - a really good spy would be prepped to get through the vetting interviews and have a carefully prepared background story, but they might relax later and get caught out by a random check into their out-of-hours activities. Vetting is usually best for filtering out the amateur twits with an agenda. If we can believe John le Carre, such random checks are even used by MI5 as training exercises to break in noobie counter-spies.
"....Either way, he is a totally uthrustworthy jackass!" A real jackass, for sure. He would have been a lot better off (and probably better paid) if he'd offered the docs for sale to a newspaper such as the Guardian, which loves any opportunity to embarrass MI5 or MI6, and then he would also have the Shayler excuse that he was only trying to expose "slack security" rather than just make a profit.
If you work for a service, part of your job is to keep your mouth shut and keep information where it belongs. That's the deal, because you can cause an awful mess if you don't, and I personally think you deserve all the crap they can throw at you if you don't.
If this was a sting, well done.
"If Houghton was played from the very start to believe he was betraying his country for a briefcase of cash, then the embattled intelligence services have a much-needed victory. "
Oh please, do be serious and try to stay up and abreast of the Current and Currency Power of Spooky Private Developments in the Fields and Lush Pastures of Embattled Intelligence Agencies...... Sub Prime Information Conduits.
Capturing a Home Grown Pharmed and Circus Fed Minnow in a Goldfish Bowl is no Rogue Shark Attack on the Stealthy Phishing Industry but would be quite comfortably shallow water for Thames House buccaneers/play pirates.
"Indeed, MI5 and MI6 are as close as possible to GCHQ, a world centre of information security expertise. They should not be beaten by a young, malicious insider armed with blank media and an undergraduate computing degree." ..... A Failing in Intelligence in the Intelligence Services which allows for Easy Repetition of Similarly Crafted Business Arrangements although Ideally with Information which is not Known or Claimed as being Someone Else's Elsewhere.
"....he telephoned an unnamed foreign intelligence service to discuss a deal. How this alleged treachery came to the attention of British authorities isn't yet clear."
Do you think that unnamed foreign intelligence services have their telephones constantly bugged/monitored?
And what are we to imagine of the competency and cunning of Cyber Security Officials in the New Immediate Intelligence Transfer Space of Networks InterNetworking over World Wide Webs where keeping Secret and Hidden, Dirty Deeds Done Dirt Cheap is replaced by the Constant Likelihood of the Release of Non State Actor Scripts Loaded with Future Goodies/Alternate Source Derivatives for Enterprise Market Speculators/Casino Playing Poker Players.
Power being then transferrred to Controllers and Suppliers of New Information which can be released/drip fed to Media for Present Delivery of Future Plans, rather than IT being wielded as a Big Brother Club to Ensure that Command and Control doesn't change Hands with Other Hearts and Minds in Absolute Charge of a Novel Beta Program/Global Operating Device Project, is then the Changed Abiding Paradigm to Exploit Mercilessly.
And Yes, this Post does Posit than None are Fit for Future Cyber Purpose and that makes All of them Vulnerable to Phishing and Grooming and Private Sector Capture.
Its a Whole New Brave World out there ......... and it doesn't Conveniently Play by Any Convention of Existing Rigged Rules.
Or would you disagree and suggest that not much has really Changed at All and things are just as they ever were, rather than having Changed so Completely and Radically .... Fundamentally?
For the love of Bob, please shut up, tard.
"For the love of Bob, please shut up, tard." .... Anonymous Coward Posted Friday 5th March 2010 23:29 GMT
What have we here, flushed out of the rotten woodwork and dark and dank shadows..... an Establishment Lackey and Anonymous Coward with half a brain which follows orders blindly ...... just like a good little pre-programmed human robot?
I wouldn't be surprised if it's the 2nd one.
Tree that sits right on the roundabout where McLaren Racing have the headquarters in Woking, Surrey on the A320. If you are heading towards Woking on the A320 immediately as you exit the Roundabout on left is where the tree that some well known spies used to use drop/collect messages during the 2nd World war. Another useless piece of info I know.
I know why they terminated him after two years - he was incompetent.
Had he been good, he would have made a "holiday trip" to Sweden, then gone by car to Finland, crossed the border undetected into Russia and offered a "preview" at the local police station. They surely know the phone number of the Rayon's FSB office.
Back to Britain in reversed order. Or he would have visited Venezuela and went to the Russian embassy - that would not have flashed red lights as Hugo's security won't tip off the Anglosaxons.
And then the Russians would have set up a secure arrangement of transferring the USB sticks in Britain.
Maybe he should have studied in Cambridge or Oxford. They must have an excellent Traitor Course.
Blame the media. It says you can't make a step without treading an FSB agent's corn in Britain, why surprised that the dude was so easily fooled.
He probably didn't want to sell the whole Fatherland, just a little bit of...
"offered a "preview"" - that would reduce the silver from 900k by some 300 times then, jlocke.
Oh, was it another Birm Uni grad maintaining the information security there where the flies are from?
I think we can guess which one the assorted Whitehall spin doctors will be briefing.
"Sources say MI5 was first alerted when he contacted the Student Loans Company and said he could pay it all off in a cash lump sum."
I worked for a Bank and there was no way to get the USB ports to work with a USB or external hard disk. Same in the insurance industry.
Nope, either MI6 are idiots or the story coming out has incorrect facts...
you work for government/media, yes?
...should be an excellent method of sending a message to firstname.lastname@example.org. I have one excellent open WLAN here for which I don't know whom it belongs to. I bet you can get dozens of open WLANs in many British towns.
I would ask them "by WLAN" to put a crypto program of theirs at www.fsb.ru/673476735875623/ru_crypt.exe together with the "preview".
A few days later I would download the ru_crypt.exe, and start negotiations via encrypted emails. Using wildly differing open WLANs each time, of course.
Surely this could create a lot of late night work at GCHQ, but I can't see what they can do about it. Well, short of a MITM attack that intercepts all traffic to email@example.com. Using different international web mail services each time could be of great help to defeat MITMA by the govt.
I am not sure about TOR, but even if they have TOR crypto broken, it would probably not be possible for them to MITMA all TOR traffic out of Britain, as TOR nicely blends into general traffic. MITMAing the full British backbone would not be possible even for the doughnut inhabitants. At least so I guess.
Most major UK cities are, sadly, covered in cameras. Biometrics like gait analysis are remarkably effective, too. You'd be surprised what GCHQ can do with traffic analysis, holes the size of a bus in TOR, and a little flicking through camera footage.
I'm more amazed at what they can't do despite having every chance to do practically anything and virtually everything with the technology which is so freely available to all, today. And there is only one valid excuse for that Systemic Failing .... a Lack of Virtually Smarter Base Leadership right at the Top of the Command and Control Pyramid.
CyberSpace is not Actually Real although it and IT and Media can so easily Use and Abuse Space Communications Facilities for a Sophisticated Global Rape of Servers and Serviced Units/Paid Agents/Wage and Monied Slaves, to Pleasure a Future System of Mutually Beneficial Operation.
Command and Control in such AI Environment is not Physically Effected but Virtually Programmed..... and it does not Suffer from Fools who would think Otherwise. Which All in All makes its IT and Media Use and Abuse of Space Communications Facilities something completely different to challenge and defeat Old Style Systems
In other Beta Great Games are Spies the Real Heroes who give Perverse and Obscene MetaData away for Free and make sure that it is Worth a Fortune and always available for Enrichment with Further Additions....... although then I suppose they are Fronted and Feted as Entrepreneurs and Patriots, albeit as Virtual Beings, Totally Unknown to Practically Everybody ....... which does make for such Rapid Unhindered Progress.
A little while ago I developed a "phosphor persistence memory" that could store analogue data in a way that if the power was interrupted the data would be rendered unreadable.
based on spinning hard drive platter and a ZnS:Mg coating with UV LEDs to write the data , green to read and infrared to erase.
Relies on the speed being constant or the decay cycle gets messed up and the data goes away.
Could be built Ipod sized with minimal hassle and store 500MB.
something like this would work well for realllly sensitive stuff, security by obscurity and all that.
What are they doing storing data on Windows b0xen anyway?!
AC, but i post to hackaday a lot... :)
When I showed the salary offered in a job advert for an IT position at the SIS to my Russian wife, her comment was "No wonder our guys can buy them so easily".
probably picked up something about him which is why he got the boot in the first place. Set up and fell into the trap although he may have been playing the game whilst working.
Either way, the traitorous little shit should be shot at dawn.
I hope that it was just a PR stunt.
I would dearly like to think that what actually happened, was that M's PR folk said that what they needed was a PR stunt to make our spooks look better than they have been looking recently.
So in this scenario, they would pull this young lad aside and say "now look, boy. What we what you to do, you see, is take this case into that hotel, and walk out with a different one. Oh; and while you are swapping the case in the hotel room, just follow this script will you? Thank you ever so much".
That would be much better than simply letting the lad walk out with the data unintentionally.