USB stick with anti-terror training found outside police station A memory stick containing anti-terror training manuals and other sensitive material was reportedly found on a street outside a Manchester police station. The Greater Manchester Police-branded stick, which also held personnel files, was found by an unnamed businessman outside a cop shop in Stalybridge, Greater Manchester, the …
...my company would kick me out the door in a heart beat.
We have company policies about not coping company sensitive material onto non company devices (eg personal laptop) or removable media.
Was anyone sacked the last few times government officials lost unencrypted media?
I wonder if they will take the finder at his word that he didn't copy it or if they will double check his PC for him.
and ASS out of U and ME
Why do several previous comments all make the statement that it was "obviously the property of the Police" ?
Have so few people been to events where branded memory sticks like sweets ? All the logo means is that it once belonged to the unit concerned. It may still belong to them, it may have been given out to all attendees at some event, it may have been given out as some sort of promotional tool.
Having said that, someone local got arrested a while ago for "theft by finding" when he found a wallet in the street - even though he was on his way directly to the Police Station to hand it in ! But it's still only theft if there is an intention to permanently deprive the owner of it.
I must admit to regularly sticking unknown USB sticks into my PCs, with little fear of their contents. This might have something to do with the fact that on the few Windows machines I have, auto-run and network share drives are off and the rest is all *nix machines running low privileged accounts.
Now if this person stuck that unknown USB stick into a badly secured Windows machine, then yes, he's a bloody idiot. Similarly, if he did not take precautions to ensure he remained anonymous when he turned that stick in, he's a bloody idiot.
“Companies should ensure all data copied to USB sticks and CDs is automatically encrypted, and the use of all non-authorised devices controlled."
Isn't this like saying all illegal immigrants should be counted at the point of entry? If the device is non-authorised how do you know it's being used?
It's true that some on-stick encryption is not that great, although it'll keep out many.
Better is to have the stick as an encrypted filesystem so the crypto is done in the host. Of course, that only works if the host itself is secured well enough. If it's WIndows (probably the safest of all the assumptions in this thread) then this could be problematic.
Superglue on all the USB ports, optical drives etc isn't really a viable idea.
A better one would be to fire the IT firm and hire one that knows how to do it. Probably not the lowest bidder.
How about this: spotting the USB/Storage/computer/keys loose in the wild, immediately take a picture/video with time stamp of it in that location.
Take more pics/videos while on route to cop shop/MI5/6 showing that you're not plugging it in or whatever.
Take pics/video of handing it in (this might be tricky...).
Get banged up for taking images.... oh wait.
I was doing a roll out of new laptops to Federal law enforcement agency. They have software that automatically encrypts all data , even removable data such as CD-rom burners and thum drives . The software loads before windows and can only be disabled if you have the admin pass word which only IS has . So what is so hard about encrypting data ?
No document that was an "essential reference for all officers" (Star article) would be "top-secret" (again, Star Article). The vast majority of bobbies have SC clearance, which means Restricted at best, with occasional, supervised Top-Secret access (which does not include everyone being given it on a USB drive!).
Come on El Reg, this article has more holes than a golf-course, apply some of your usual logic rather than just jumping on the anti-police and data-loss bandwagons.
1) Encrypt ALL sensitive data. Even if every-one involved gets the same password. (True-crypt). Even a bored plod at a seminar can probably remember that. Make the password "doughnut" or "accidental death in police custody", or "tourist". You get the picture...
2) Disable USB in password protected BIOS
3) Hot Glue / super-glue shut all USB ports just to make sure. Takes, at most, 5 minutes, on an unplugged box
4) Remove or don't order CD / DVD write capable devices. A DVD reader for those who REALLY NEED them. PC Plod doesn't need external data, it's ALL on the network FFS.
5) Carry on executing electricians, ejecting pensioners, harassing photographers, etc. Ad nausea, and WE will probably never find out.
Cheques to the usual address please.
Oh, and put one of these penguins on your pooters!
In fact, WTF don't the UK.gov just fork their own branch of Red-Hat or Debian / Umbongo and sort out the whole governmental IT landscape. You know, like those "backward" Latin American electrician training types seem to have managed.....
That's another £45 million consultancy in the bag! kthnxbye XXX
Whilst the stick may belong to GMP as stated some of the data was from the NPIA, Now, the NPIA operate restrictions on USB and CD Burning where not only is access controlled to both but data is encrypted when written. Also only 'approved' memory sticks will work so the GMP stick couldnt have been plugged directly in.
So then, end users always the weakest link in the chain. Ho Hum
"Firstly, what sort of bloody idiot stuffs an unknown USB stick into their OWN pc?? Keyloggers, viruses (or viri) and all manner of crap could have got onto his machine."
Well, I would. I run Ubuntu and gentoo, sensible OSes do not randomly start autorunning code just because some USB stick or CD was shoved into the machine. I certainly wouldn't run any random executables I find on there!
@By Design
No - it was copied through primitive document centric thinking.
Did they carry a printer around as well? If not the chance of them being able to read any of the PDF documents on a tiny screen and search for the relevant parts is about 0. And they would probably be out of data anyway.
And as we taxpayers have paid a fortune for some form of always available connectivity perhaps they ought to look into some of this ere modern technology and security stuff (I say modern it was around 20 years ago) that can not only present you with up to date files but check who has access to them)
But hey, why use the 20th century internet when we can piss all our money up on 19th office technology.
Write me a PDF in response and send me the link so I can ignore it.
This post has been deleted by its author
the branding was with the initials GMP POTU. How many people instantly associate that with the police (without first reading this piece)? I could well imagine accessing the stick in order to find out who it belonged to (on a secure Linux box). If he then found that the police was seriously bungling things, I could well imagine reporting this to the paper AND returning the stick to the police.
How much of this was labeled as "confidential", etc. and how much was already public domain information? Isn't a fair bit of this SUPPOSED to be public information?
Like all security through obscurity; if the process can only work because you hope no one else knows HOW it works - its doesn't really work. And all your faith to defend it is misplaced hope in a process that has already failed in the first place.
Have your procedures open and available to all - if they are good and effective, it won't matter that they are publically available, and will help a LOT with public relations in case anything does happen.
All "secret" and "cofidential" procedures offer is the ability to change your minds without attracting reprimand when you find that your procedures are, in fact, shite.
A certain VERY LARGE retailer... have an IT security policy that essentially locks down
all pc's on each of their many networks.
i.e No access to cd rom, only limited access to local h.d.d
The security policies are controlled from India, but when ever I need log files.....
Woohoo, anyone can take a USB Memory Stick from home, plug it in, and then copy the stuff I need
and email it to me, with no questions asked.
If anyone can guess the company, I'll buy you a beer.
Beer well, it's free on the Reg
Before I read this, I would never in a million year think it has anything to do with police.
Assume even you know, as stated already, it is only a logo.
Not to forget, You have a higher chance to find some free bit been lost at the front door of the same company. I once attended event hosted by a very very large IT company. when I left there, there were people finding those free stuffs just been handed out.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
