back to article Confidential Home Office data turns up in laptop on eBay

Yet more confidential UK government files may have been mislaid by public servants. However, in a sign that Whitehall may be raising its game slightly, this time the data was encrypted - and the copies originally lost have been recovered. The Guardian reports today that a small IT-repair firm near Bolton received a laptop on …

COMMENTS

This topic is closed for new posts.
  1. Mike Dolan
    Thumb Down

    So *what* did he do first?

    "We put the disk in the drive to see what it was, but it was encrypted."

    "As soon as I saw it belonged to the Home Office I placed it in the company safe and called the police."

    If he put in the company safe "as soon as I saw it belonged to the Home Office", how did he manage to put it in the disk drive...?

    Or more likely "wow, I can be famous... aww crap. Suppose I better be seen to do the right thing"

  2. Timbo
    Coat

    Good feedback ?

    I wonder if the eBay seller will get good feedback ...or a visit from PC Plod?

  3. Anonymous Coward
    Anonymous Coward

    the obvious

    clue - a nice tea and biscuits session with the person that took the lappie for repair, followed by a damn good attempt at tracking down the ebay vendor......

  4. Anonymous Coward
    Alert

    They repair laptops inside a safe?

    I guess they must, because as soon as the disc, labelled "Home Office Confidential" was seen to belong to the Home Office, they locked it in the company safe, and also put the disc in the drive to see what it was...

    BTW, probably best not to buy a laptop on eBay if it needs repairing straight after

  5. BS
    Stop

    Does TheRegister believe in proper journalism?

    "However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory. "

    Presumably the article is referring to the recent work at Princeton. This attack is simply infeasible in this instance. The main memory of the laptop would have faded and thus the key would not have been recoverable. Furthermore, since the data has held on floppy disk there is nothing to suggest that the floppy disk's encryption key would have ever resided in the laptop's main memory (this relies upon the assumption that at some stage the disk had been used in that laptop, moreover, it must have been used recently)

  6. Davos Summit

    Two questions

    Hang on, hang on, hang on - is there actaully any evidence that it was sold on eBay, rather than just being stolen?

    Also, as an aside - who the hell hides CDs under a laptop keyboard?

  7. Anonymous Coward
    Joke

    So..

    did removing the disk that some idiot had crammed under the keyboard fix the laptop?

  8. captain kangaroo
    Coat

    eh!

    Optical disk "under" the keyboard?

    I can think of better palces to put one. What's that all about? How does a cd end up inside a laptop? That's just weird.

    So was the auction for a Home Office CD-ROM with free laptop or vice versa...?

    Mines the one with HOIT written on the back...

  9. Scott Coe

    What?

    What user stores a CD UNDER the keyboard? Ho many screws had to be removed to take out the keyboard? This sounds fishy. Possibly an attempt by the HO to demonstrate that they have cleaned up their act re: data security? What better way than to flog a lappy on eBay with a hidden prize. Like a box of cereal.

  10. James
    Happy

    Of course...

    .. it could be a wind-up! Lets face it - who in the Home Office would have the knowledge to hide a disk UNDER the keyboard. I can believe a forgotten disc in the drive but.....

    When they decrypt it it'll probably be the complete "Third Policeman" by Flann O'Brien!

    I suspect there'll be thousands of "Property of Home Office - Confidential" disks appearing from everywhere in the coming months.

    In fact, it'd be a good line in CD labels.... for those of an entrepreneurial bent.

  11. Mark Johnson
    Stop

    Tabloid crap

    This is tabloid journalism, Lewis. It's a blatant attempt to criticise the government, even though they've done nothing wrong in this instance. I expect better from The Register.

  12. JasonW
    Happy

    3 sliding clips

    That's all that holds my keyboard down. It's where I keep my emergency €20/£10/$20 when travelling. Never tried to squeeze anything else in there though. Must remember to take them out before I return the laptop.

  13. Anonymous Coward
    Black Helicopters

    Its a fix

    The HO put this on e-bay knowing what would happen, either that or it was never on e-bay and its an elaborate ruse making us think our data is safe out in the low cost data centres of helmand province.

  14. Steve

    @What

    > Ho many screws had to be removed to take out the keyboard?

    I can take mine out just by popping two tabs at the back. never thought about hding a secret disc there, tho'...

  15. Anonymous Coward
    Thumb Down

    Well it must be

    I've found a disc, it says Home Office and Confidential on it. It's encrypted - ergo it must belong to the Home Office. That's flawless reasoning right there.

    No chance that it's an a) wind up, b) some guys back up of his home and office files?

  16. Feef Lovecraft
    Alert

    Dell laptop

    I'm looking inside a fairly common brand of Dell laptop just now, there's oodles of space (technical specification of oodles can be provided on request) to hide maybe 2 cd's side by side without causing too much damage.

  17. Robert Harrison

    Disc label

    I assume that the disc label was all official looking and didn't just have 'Home Office' scrawled on it in permanent marker (with smudged finger prints, coffee stains etc)?

    Cos shurely you could fill a CD with random bytes and then scrawl 'MS Windows 2010 source code' couldn't you? And the 'real owner' as such would be out of their mind to risk the possibility that the disc was in fact legitimate rather than a fake.

  18. andy gibson

    @ CD under the keyboard

    This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.

    A very slim chance, but maybe that's what happened here?

  19. Justin Clift
    Alert

    Heh, someones having a lark...

    No, really.

    There's a bunch of kerfuffle about the home office losing data.

    Then a mysteriously "encrypted" cd turns up from eBay with the words Home Office and Confidential on it.

    What's the bet that someone created a CD sized bunch of random data, encrypted it, put it on eBay, then started counting down how long it takes for people to figure out (if ever)?

    Half of the point of encryption is that people wouldn't be able to tell if there really is data in there. ;->

  20. Dom

    How?

    Has anybody seen a laptop made in the last ten years or so where it's actually possible to squeeze anything at all in to the case / under the keyboard?

    Unless it's a Toughbook, in which case the disc wasn't hidden, it was just sitting in the drive.

  21. Joel
    Black Helicopters

    Seems like a prank to me...

    Do your spies actually label disks, "Home Office" "Confidential"?

  22. Omer Ozen
    Go

    Prankster

    This sounds like an elaborate prank to me.

  23. zedee
    Black Helicopters

    @AC - Flawless Reasoning

    Extending your theory a bit - if the bloke who sold the laptop was having a bit of a laugh with some random data, he'll get done for not providing a decryption key.

    Or his defence could be - ask the HO!

  24. Anonymous Coward
    Joke

    that EEE PC has a lot to worry about

    Looks like the price of laptops have got so low that its cheaper to stash CDs in the keyboard than use a Jewel Case ;-)

  25. Sweep

    @ Jason W

    Yes, because none of The Bad Men would want to steal your laptop.

  26. Anonymous Coward
    Joke

    Surely you're supposed to keep the password under the keyboard?

    Did they check?

  27. Mark Randall
    Stop

    Enough already.

    So the government lost a laptop, it happens. They had taken all the right steps to make sure that all that was lost was a bit of kit, and no sensitive data made available. Your weasely attempts to suggest that the data could still have been copied are pathetic.

    When they do something wrong, go ahead and kick them. When they do it right, report that or at the very least shut up.

  28. Anonymous Coward
    Anonymous Coward

    Really "Confidential"?

    HMG typically uses "Restricted", "Confidential", "Secret" and "Top Secret" as its labelling scheme. Stuff properly marked Confidential shouldn't be taken out of a Government office, regardless of whether encrypted or not and regardless of whether on paper, cd or a laptop. So someone is for the chop if this is true. More likely a prank though.

  29. Anonymous Coward
    Black Helicopters

    Dead-drops...

    Looks like eBay is now being used for Dead-Drops...

    Good thing that the [Chinese | Ruskies | Terrrrreeeerrrrreeessstttss | Cubans | French] were out bid this time... next time we may not be so lucky...

    (shame there isn't an icon of Paris Hilton riding a Black Helicopter with her coat ...)

  30. JasonW
    Happy

    @Sweep

    I don't habitually carry my laptop when out (example for a meal). It's most often safely locked away in the office or hotel.

  31. Damian Gabriel Moran
    Coat

    we should ask the home office to provide the key

    or the plain text of the contents of the disk and if not then they can go to jail!

  32. Sceptical Bastard

    I just checked and...

    ... guess what I found under the keyboard of this laptop I bought off a dodgy-looking bloke in a pub? A neatly-folded inflatable girlfriend and a tube of KY both labelled "Property of David Blunkett, The Home Office, Queen Anne's Gate, London SW1"

    And a couple of Bonio biscuits.

  33. Alan W. Rateliff, II
    Paris Hilton

    Unbreakable encryption

    I have a CD on my desk which is marked as property of the Home Office. When I put it in my drive, it comes up blank. Obviously, this is the work of a form of unbreakable encryption which requires access to the entire set of data to use as a decryption key.

    Ingenious.

    This message was encrypted with dual rounds of ROT13 for your protection.

    Paris, for your protection.

  34. cor
    Black Helicopters

    @Davos Summit

    Q: "Also, as an aside - who the hell hides CDs under a laptop keyboard?"

    A: People lke e o all e me, o kow.

  35. cor
    Paris Hilton

    STOP!

    I got it: "Home/Office" backup install disk of windows XP.

    Nothing whatsoever to do with THE Home Office.

    Really, that took 2 minutes of speculation.

    Paris? Well, get a clue.

  36. Andy
    IT Angle

    disc under keyboard

    i guess those laughing at the thought of hiding something under a keyboard have not used an ibm laptop before with the keyboard you can tilt/lift???

  37. Peter Leech Silver badge

    @ James

    > I can believe a forgotten disc in the drive but.....

    Maybe it was an old relic that had the CD drive under the keyboard. If that was the case it could have been a forgotten disc in the drive. :)

  38. Dennis
    Unhappy

    Re: @ CD under the keyboard

    "This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.

    A very slim chance, but maybe that's what happened here?"

    Yes. How about the CD wasn't properly seated in the CD drive and the CD got pushed under the keyboard.

    I've just taken a look at a Dell laptop and you'd need a bent or loose case, but it looks possible.

    So, some sausage fingers in the HO looses a CD inside the laptop and fails to own up and send the laptop for repair to get the CD out. Or they'd been stiffed with a money grabbing support contract and a repair would cost more than a new laptop. "It costs too much to get the CD out - just make another".

    It looks like another example of not following the rules about documents with protective marking. Okay, the data was encrypted. But the CD was still marked confidential and should have been handled accordingly.

  39. Anonymous Coward
    Paris Hilton

    Under the Berlin Wall

    "under the keyboard"

    My old Toshiba has a pop-up plastic strip near the hinge; pop it up and the keyboard comes out on a little ribbon cable. It's easy, and there's probably enough space there for some cash - thanks to the previous commentator for that wheeze - but a CD wouldn't fit, there are sticky-out prongs that keep the keyboard aligned.

    It seems odd to hide something from theft by putting it in a laptop. That would be like hiding valuable sweets by grinding them into powder and sprinkling them into a mobile phone; clever on the surface, but the phone is likely to get nicked, taking the sweets with it. As seems to have happened in this case.

    Furthermore, phones are typically nicked by exactly the kind of person who loves sweets.

  40. Jonathan Richards
    Pirate

    Hiding place

    Actually, hiding a confidential disk under the keyboard of a laptop would be a really good way of getting it off site. At the guard house you solemnly present the laptop and the associated paperwork that lets you take it out, and the guard searches the bag, finds no CDs and lets you out. Then, before you can sell the juicy data to your buyer, you lose the laptop on the train, and some light-fingered git flogs it on ebay.

    The laptop should be traceable from its serial number, back to the HO unit that lost it, if it's an HO machine. Maybe it belonged to a bent contractor? What, wait! Surely there's no such thing.

  41. Anonymous Coward
    Unhappy

    I repaired a desktop yesterday...

    ...where the user managed to wedge a CD between the chassis and the CDROM drive. I suppose it'd be more difficult, but feasible that someone (especially in government) could get one stuck under a laptop keyboard...

  42. Anonymous Coward
    Paris Hilton

    Thankyou for the warning

    Nice to know that when you take a computer to this company and you leave a CD inside it that the first thing they do is put it in the CD to find out whats on it.

  43. A J Stiles
    Boffin

    This is a non-story

    "However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory."

    Yes, and those circumstances were absent here. You have to find the computer while it's *actually performing a decryption* (so the keys will actually be in memory -- they get zeroed out as soon as you quit the decryption program), and quickly reboot it. And even then, you're relying on the bit of memory where the keys were stored not getting overwritten during the startup process.

    So what we had was a disc of encrypted data and no key. In other words, everything done right. No story.

    Anyway, anything that says on it "HOME OFFICE - CONFIDENTIAL" is so obviously a fake, whoever called the Old Bill wants charging with Wasting Police Time.

  44. Daniel B.

    CD under the keyboard

    That isn't that far-fetched with my former laptop. Now that could've been some good way to smuggle CD's in and out of my former job... one of my co-workers had 50+ CD's in his desk, despite company policy prohibiting *any* kind of removable media. Wonder if he did this ...

  45. Anonymous Coward
    Boffin

    w.r.t keeping money under keyboards...

    With regards keeping cash (or anything else, for that matter) under the keyboard. I wonder what the probability of frying the laptop due to the metallic strip.... (Presumably it will conduct electricity)

  46. Jay
    Joke

    So...

    if I jam a flash drive labelled "secret terrorist WMD locations" inside the casing of an old trash computer, and then call the police can I be considered a war hero?

  47. Les Matthew
    Thumb Up

    Re: Two questions

    "Also, as an aside - who the hell hides CDs under a laptop keyboard?"

    Don't CD drives on laptops sit under the keyboard? ;)

  48. Graham Bartlett

    @Jonathan Richards

    In these politically-correct times, I'll have you know that's a "contractor of non-heterosexual orientation", ducky...

  49. Paul Stimpson
    Happy

    Unless of course...

    ... The CD contained a backup of the encryption software and the keys for what was on the laptop HD.

    Could a user be this stupid? Er.... yes.

  50. Pierre
    Coat

    @ JasonW-emergency cash

    I totally see your point. You chuck money under your laptop's keyboard, so that if you are robbed, you still have money for a beer, a sammich and a bus ride. Clever.

    Mine's the one with the banknote taped on the back

  51. Anonymous Coward
    Coat

    its only recently

    That government computers come with motorized cupholder / donut trays ..

    ( push the little button that says 'eject' on the front of the computer )

    I'm amazed it wasn't an 8 inch 200 K byte single sided floppy disk ....

  52. Anonymous Coward
    Thumb Down

    I sometimes wonder...

    ..If the Reg is still in the business of reporting news or looking for a good reason to slander an unliked agency/corporation.

    Everyone who reads now knows you can recover encryption keys from RAM, why try to hold it against the gov that their encrypted drive could be subject to this. And what kind of speculation is that they 'could have written they keys down'...

    Come on guys. At least it *was* encrypted this time.

  53. Geoff Mackenzie

    Panasonic CF-41

    I have two of these. The optical drives are under the keyboard, and top-loading; a clip on the front allows the keyboard to hinge up to access the drive, which looks like the top-loading CD drive on some cheap old stereos.

    The whole story smells of BS to me though.

  54. Anonymous Coward
    Coat

    The force

    "However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory."

    That's what these guys were trying to do - they lifted the keys then found the CD...

  55. Shaun Rigby
    Happy

    hmmm....

    Watch out, Beadles about?

    or Intel CD Inside?

    Dum, dum dum de dum!

  56. Anonymous Coward
    Anonymous Coward

    Encryption Myth

    The owner of the shop did not actually say that the disk was encrypted - all he said is that he put it in a CD drive and 'it would not boot, or anything'. 'Encryption' was then assumed by the interviewer and has obviously since become 'the truth'.

  57. archie lukas
    Coat

    Never mind whats on it, its a crap designed Laptop

    Of course -you realise they sold it cos they dropped the thing, hence the CD slipping out of the tray into the machine.

    This demonstrates an extremely poor build and I myself have pulled a disc from an end-users machine guts.

    Makes a nice 'nails on chalkboard' numbing screech.

  58. Burt
    Coat

    What follows is Home Office - CONFIDENTIAL data:

    $d3%*gs6%2kij==(*gs4ga;o3r9878rqb;fI8hfob;o8;nEIUF;efu .baFEK.J.KJ

    Someone call in Sherlock.

  59. Anonymous Coward
    Dead Vulture

    Does TheRegister believe in proper journalism?, part deux

    "The possibility also exists of the encrypted government files having been copied, which is much easier than decrypting them - although not as trivially easy as copying normal unprotected files."

    Have you ever actually used a computer? This sentence is garbage. A file is a file and copying it is exactly as easy regardless of whether it's a file full of plain text or encrypted gibberish. How on earth did you manage to type this without stopping short and saying "Hang on a minute, I'm talking complete bollocks"? You really ought to read back your text sometime in between writing it and posting it on the site, because there's really no excuse for this kind of pathetic blooper.

  60. Anonymous Coward
    Black Helicopters

    This story is so full of holes and stinks it must be a piece of Gruyere

    When you start asking the right questions on this story and the others in the 'data loss' debacle in which are our 'responsible' government leaders are involved in then nothing stands up to scrutiny. WTF is going on? Why aren't the media showing that this is all nonsense, like 'it's too expensive to create a subset of data from a rdbms so we sent the whole db', who would have that sort of access anyway?

    Why hide a cd in a laptop? April 1st gets earlier every year . . .

    Come on you guys, get real. Who's doing what to whom here?

This topic is closed for new posts.