back to article USB stick with anti-terror training found outside police station

A memory stick containing anti-terror training manuals and other sensitive material was reportedly found on a street outside a Manchester police station. The Greater Manchester Police-branded stick, which also held personnel files, was found by an unnamed businessman outside a cop shop in Stalybridge, Greater Manchester, the …

COMMENTS

This topic is closed for new posts.
  1. johnB

    Yet again...

    Yet again sloppy security from those who should know better.

    Why are DVD/CD drives & USB ports even available to users ? Just superglue the lot & the problem disappears.

    Leaving only laptops, Blackberrys & smartphones to be left in wine bars, trains, etc.

  2. Ben Rosenthal

    if you go to Staples

    you can get USB sticks that can be encrypted, now that's magic!

    1. Anonymous Coward
      Anonymous Coward

      That's the claim, but...

      How good they are is another matter entirely. On some the 'encryption' is barely worth the name, while even FIPS-140-2 approved devices from big brands have turned out to be vulnerable, much to their competitors' delight. Still I suppose even something simple will stop the chap in the street seeing what's on there by plugging it into a computer, reducing the temptation to hand it to the papers.

      http://www.gss.co.uk/news/article/7037/Kingston_owns_up_to_USB_stick_hack/

      http://www.h-online.com/security/features/USB-stick-with-hardware-AES-encryption-has-been-cracked-746215.html

      https://www.ironkey.com/usb-flash-drive-flaw-exposed

  3. Anonymous Coward
    WTF?

    encryption

    Given all these leaked sticks and whatnot I really wonder when encryption will finally start being mandatory. Losing a stick is easy cracking an encrypted stick not so much.

  4. Anonymous Coward
    Black Helicopters

    WHY?

    why on earth was someone even allowed to copy the information to the drive in the first place?

    surely a system holding that kind of data should have had the USB ports disabled.

    and if they really do have to copy the information, there are plenty of solutions out there that can do it easily, and free.

    i use truecrypt myself. it might not be perfect, but its better that nothing and its going to stop world+ dog reading the data

    black helicopter? well.

    1. Velv
      Terminator

      By Design

      "Why was it copied to the drive in the first place?"

      By design. It's put into a distributed format so that it can be carried around and held in multiple locations so that it can be accessed anywhere when required in the event of an incident.

      Totally agree it should be more secure though!

  5. Witty username
    Thumb Down

    Wouldnt worry about it

    Its not like our police force are actually any good at anti terror training is it.

    i imagine it just says "if they got a tan and a funny accent, beat them up then bill the tax payer"

    1. BristolBachelor Gold badge

      Camera

      i imagine it just says "if they got a tan and a funny accent ***, beat them up then bill the tax payer"

      ***You missed out "or camera".

      1. John Smith 19 Gold badge
        Happy

        @BristolBatchelor

        "***You missed out "or camera"."

        Yes. The camera.

        *Very* provocative.

        Not to mention the rather well developed tan.

    2. Fred Flintstone Gold badge

      Yes and no

      They used to be good - during the time of the IRA they actually did a damn good job (only a couple got through). The problem is that it's not a job where you can advertise success rates, so you actually have no idea what they do, and not owning up to mistakes isn't exactly helping.

      However, it is unforgivable that they don't encrypt portable devices. That's, er, criminal..

      1. Anonymous Coward
        Thumb Down

        Re: Yes and no

        I think the Guildford Four or the Maguire Seven might disagree that the police did a "damn good job" during the time of the IRA.

        1. North Briton

          Re: Yes and no

          I’ll reserve my tears for the Guildford Four and Maguire Seven until I hear what the Guildford & Woolwich Seven have to say on the matter, and perhaps the Birmingham Twenty-one as well. We’ll need a séance though, seeing as the IRA murdered them. Their autobiographies won’t be coming out any time soon. And we’ll be waiting a long time for their film.

  6. Lottie
    WTF?

    How about...

    ... Until you cna use them responsibly, you don't get to play with the fancy USB sticks. I mean, is it really that difficult to, oh I don't know, make sure it's in a zipped pocket before heading out or even more crazily, using one of those lanyards that most suppliers give away with their sticks to tie it to something in the bag?

    Still, I'm quit surprised the finder wasn't tazered, beaten and detained as a ter'rist.

  7. JaitcH
    Thumb Up

    Notice: To all people finding this USB

    Please forward to < www.wikileaks.org > or < http://cryptome.org/ >.

    1. The Indomitable Gall

      cryptome.org, please

      Let's not go feeding Assange's massive ego, and stick with the guys who do it for the cause, not for self-publicity.

      1. Fred Flintstone Gold badge
        Thumb Up

        Agree, avoid wikileaks - at least until Assange goes

        .. which he won't, because what else is going to do to get attention?

  8. Anonymous Coward
    Black Helicopters

    No problem...

    ...just about now, the guy that found the stick is being branded a terrorist, having his door kicked in and will be found to be in possesion of kiddie porn and beastilaty videos.

    1. LuMan
      FAIL

      True!

      Absolutely. Firstly, what sort of bloody idiot stuffs an unknown USB stick into their OWN pc?? Keyloggers, viruses (or viri) and all manner of crap could have got onto his machine.

      Secondly, the rozzers are VERY good at exacting revenge on soft targets. The poor sap will be pulled over every time he starts his car and, as AC above mentions, will magically be pulled for having all manner of kiddie and donkey pron on his pc.

      Quite why the 'businessman' didn't just hand the thing in at the police station is beyond me... actually, no it isn't. There's a chance the newspapers will pay more than the police?

      1. Jimbo 6

        Re: What sort of idiot...

        ...most of them, I'd say. 'Lost' USB sticks could easily be the new Social Engineering, in getting people to install malware on their pooters.

      2. Stuart Halliday
        Happy

        Make them walk the plank

        Oh please - any person with at least two brains cell has disabled the autoplay feature a long time ago...

        I say, sack the IT manager who allows computer policies that do not disable unregistered USB storage sticks and allows data to be transferred to USB or CD/DVD/floppy discs without auto-encryption.

        Also make it a sack-able offence if staff are caught during a random search who do use USB/DVD/CD storage with no encryption.

      3. Anonymous Coward
        Alert

        What sort of idiot? Most computer users

        Most people don't understand the risk of just plugging in a USB stick. A lot of computer security auditors will sprinkle cheap sticks around a location and sit back and watch the naive "self-report" as they plug in newly-found sticks to see what is on them or who might own them.

    2. Woodgar

      Re: No Problem....

      Well, the person that found it is actually guilty of an offence, and so they could in theory be arrested, charged and convicted.

      The article states that the USB stick was clearly branded, and it was obvious it belonged to The Greater Manchester Police and that they would almost certainly want it back. By taking it home and examining the contents, rather than taking reasonable steps to return the object to its rightful owner, the finder is guilty of "theft by finding".

      If I ever found anything belonging to the local constabulary, I'm pretty sure I'd return it straight away rather than risk getting on the wrong side of those with the power to make my life a misery.

      1. heyrick Silver badge
        Big Brother

        @ Woodgar

        So the new rules are... find something lost/abandoned, take it, go to the nearest public library with USB ports active, dump the lot on cryptome, find a big river, smash USB key with a rock and toss into said river.

        After all, if they can freely snoop on us and come up with all sorts of excuses why it is lawful or maybe just not unlawful, surely it is our right as citizens to do what is necessary to keep them in check when we can. If the USB device is handed back, or handed to the press, then it will be "lessons will be learned" or some other stock phrase. That's not going to result in any changes, nor is having government agencies lacking the balls to do anything (ICO are you listening?) and a judicial system that seems as complicit as everybody else...

      2. Anonymous Coward
        Anonymous Coward

        Not gGuilty"

        > Well, the person that found it is actually guilty of an offence

        I think you'll find he isn't.

        > The article states that the USB stick was clearly branded, and it was obvious it belonged to The

        > Greater Manchester Police

        No. It says that the stick had some branding. Given what is quoted in the article, I certainly wouldn't have associated it with the Police.

        > the finder is guilty of "theft by finding".

        Not so. Theft offences are described in the Theft Act 1968, and involve an act permanently to deprive the owner of something. There was no such act in this case.

        > If I ever found anything belonging to the local constabulary, I'm pretty sure I'd return it straight

        > away rather than risk getting on the wrong side of those with the power to make my life a

        > misery.

        I, too, am worried by the tendency of certain Police forces to behave in inappropriate or illegal ways. But that doesn't mean that this guy broke any laws - he just embarrassed some people with a tendency to take the law into their own hands when caught doing something wrong...

        1. Tom 35

          Branding

          > The article states that the USB stick was clearly branded, and it was obvious it belonged to The

          > Greater Manchester Police

          I have lots of USB sticks branded by Micorsoft, Intel, and assorted other companies. They are all free promo items.

          Unless the stick said something like Property of the Greater Manchester Police, if found please return to... There is no way of knowing if this was some free public relations item.

          But it could also be a booby trapped stick that someone had dropped there hoping a cop would find and plug into a police computer, so I would use great care checking the contents.

        2. Anonymous Coward
          Anonymous Coward

          But I was just borrowing it.

          > Not so. Theft offences are described in the Theft Act 1968, and involve an act permanently to

          > deprive the owner of something. There was no such act in this case

          6.-(1) A person appropriating property belonging to another without meaning the other permanently to lose the thing itself is nevertheless to be regarded as having the intention of permanently depriving the other of it if his intention is to treat the thing as his own to dispose of regardless of the other's rights; and a borrowing or lending of it may amount to so treating it if, but only if, the borrowing or lending is for a period and in circumstances making it equivalent to an outright taking or disposal.

          1. Anonymous Coward
            Anonymous Coward

            I do hate the quoting system on these pages

            > 6.-(1) A person appropriating property belonging to another without meaning the other

            > permanently to lose the thing itself is nevertheless to be regarded as having the intention of

            > permanently depriving the other of it if his intention is to treat the thing as his own to dispose of

            > regardless of the other's rights;

            that condition is not met.

            > and a borrowing or lending of it may amount to so treating it if, but only if, the borrowing or lending

            > is for a period and in circumstances making it equivalent to an outright taking or disposal.

            And nor is that one.

  9. BristolBachelor Gold badge

    USB Sticks

    Sounds to me like this was a USB stick given to everyone who went to a seminar. Probably after 3 solid days of powerpoint, the poor plod was brain dead and didn't notice that they dropped it!

    As for encryption on USB; the problems I've found is that the necessary software often has to run on an administrator account to be able to set-up a device driver. Then it doesn't work if you plug it into a different PC that doesn't give you admin rights, or it craps out if you need to use it on Vista or Win7, and in some cases then the USB stick cannot be recognised by the OS ever again (even to access the non-encrypted part)...

    1. Stuart Halliday
      WTF?

      Irrelevant

      > As for encryption on USB; the problems I've found is that the necessary software often has to run on an administrator account to be able to set-up a device driver. Then it doesn't work if you plug it into a different PC that doesn't give you admin rights, or it craps out if you need to use it on Vista or Win7, and in some cases then the USB stick cannot be recognised by the OS ever again (even to access the non-encrypted part)...

      Rubbish. Data is data. OS is irrelevant.

      What program needs admin rights to open a file for god sake?

      1. Anonymous Coward
        Thumb Down

        Re: What software

        As said, a driver - to make seamless contact with the encrypted file to make it appear to be just another file system. Oh, you want plod to use a command line tool and pack the sensitive data into an encrypted file himself? Nice try. The chance of this actually happening is left as an exercise for the reader...

      2. Anonymous Coward
        Thumb Down

        U3

        Actually U3 keys use admin level privs as they present to the usb subsystem as a cdrom AND a file partition. So the cdrom is mapped in as a cdrom by the os with admin privs, then the autorun on it installs their U3 support utilities, encryption, putty/other apps direct from usb key etc. There are some brands that instead of taking this approach to bootstrap themselves in, actually ask the user...

        With a dodgy U3 the user sitting at the pc doesn't need admin privs only because the U3 exploits a known weakness in the usb key handling by windows. Which is why all good security minded types fill the damn ports with araldite or disable them some way...

        Ive got a U3 here with a rather interesting toolkit on the "cdrom partition" in place of the original helpful utilities, and its housed in a new housing so it looks like a old normal usb stick. Automated rooting of a pc when inserted with no interaction from the user...

        As for what program needs admin rights to open a file, its not, its having to open a filesystem and mount it from that file which they usually do by mounting the file handle as some sort of loopback device and insert themselves between the o/s and the file itself to handle this. Or do o/s's allow unauthenticated programs to access the loopback filesystem to do this with no privs in lala land of late?

        Posting anon, because although its my trade to know these things, I really don't trust anyone.

        I'd just make plod's admin's install FreeOTFE everywhere to fix... But there again, we do seem to implement IT in the worst possible way possible at any given point in time, so quelle surprise this hasn't been done.

  10. Anonymous Coward
    Anonymous Coward

    Pray tell

    Why is it imperative for government to put personally sensitive information on just about every thing that can carry data? Or is that it what makes them lose those data carriers? Inquiring citizens demand to know.

  11. Adam West

    Anti-Terror Training

    Lesson #1

    Arrest anyone and everyone taking a picture of anything at all.

  12. Anonymous Coward
    Anonymous Coward

    Isn't it about time

    we gave up on this circus? I mean the current bunch of "terrorists" are pretty amateurish (with two noticeable exceptions) compared to the IRA or ETA. Let's stop poking the middle east problem areas with a big stick and most of them will gradually go away. We seem to be more at risk from our own police these days than any real terrorists.

    While I was working in areas where the IRA were bombing we had the attitude of "carry on as normal and don't let them change our way of life, we won't let them win", nowadays we seem to love to live in fear and suspicion. And, before anyone asks, I was close enough to hear the bombs go off and have had to enter buildings where we thought there might be bombs, I walked past a house where the IRA were placing a car bomb (unbeknownst to me until the next day)... I know I wasn't the only one with these kind of experiences. No, I don't consider myself particularly brave, that's just how it was.

    1. Anonymous Coward
      Black Helicopters

      Absolutely agree

      The main reason terrorists have been needed for the past decade or so was because the axis of evil Blair-Bush was busy filling its pockets. People that are afraid don't ask questions, even when you take their rights away. Starting a war was inevitable - it's the fire hose approach to obtaining tax money.

      Why did they need all that CCTV and those privacy reductions? Well, if you had your hands in the trough right up to your armpits, you would like to know too who was growing wise to it. And the good news is that if you manage to get away with it you can write your memoirs and rip off the naive sheep once more.

      I remember the time of an active IRA. I think the news blackout was a good idea, and the Met Police actually did a good job at keeping them at bay (although a couple got through) without turning into the harassing idiots with WAY too many privileges you find today - it's like giving a character deficient parking warden a gun(*). However, I think that's where some basic principles were established - those who directed those bombing campaigns are now, *cough*, "respected", *cough* politicians..

      The moment people stop being afraid they will start asking questions. See the expense scandal as an example..

      (*) yes, yes, I know I'm repeating myself with "character deficient" and "parking warden" in the same sentence. Live with it.

      /conspiracy mode

      1. Anomalous Cowherd Silver badge

        Not entirely

        Actually the Met & others did a lot of harrasment in the 70's - wrongful imprisonment, coerced confessions and a light beating doesn't sound too far off the mark.

        What's changed is our standards, and the wide reporting of it when they do overstep the mark. Any regular Reg reader knows coppers inappropriately harrass photographers, but how would you have known this in 1980?

      2. Anonymous Coward
        Anonymous Coward

        Yes I agree too...

        ... bin Laden got George Bush reelected. How come they haven't been able to find him after all these years?

        1. Britt Johnston
          Black Helicopters

          still at large? that's easy...

          his cabinet wanted a way to run for a 3rd term.

  13. Shadowthrone

    A different question...

    The person who found the stick, found it outside of the police station, it was marked with the police departments branding......Why did the person not do honourable thing and just walk into the Police station and hand the device into the main desk saying they found it outside.

    1. SteveK

      A title.

      "Why did the person not do honourable thing and just walk into the Police station and hand the device into the main desk saying they found it outside."

      Because there was more money in taking it to the local paper instead.

    2. Graham Marsden
      Thumb Down

      Why didn't they hand it in...?

      Because if they had, the Police would have just gone "Phew! That was a close one, but not *learned* anything from the experience!"

      Each story like this just illustrates the complete ignorance of basic security provisions by those who are supposed to *protect* our security and until they get the message, there will be yet more such stories.

      1. DavCrav

        Police incompetence again

        "Because if they had, the Police would have just gone "Phew! That was a close one, but not *learned* anything from the experience!""

        Exactly this. The only way public bodies learn is through public embarrassment. Hading it in = non-story = they do it again, but this time it might not be a nice, honourable person picking it up. I'd rather it gets sent to the papers than ends up in the hands of criminals, whatever data are on it.

        1. John Wilson
          Stop

          Wait? Wut?

          You'd prefer police "personal data" in the hands of the Daily Star? Yikes.

    3. Adam Foxton
      FAIL

      If I was in Manchester

      I'd have had no idea until now that their police force was called the GMP. A lifetime of American TV shows would have lead me to expect it to end in "PD".

      Plus, as someone above has said- I've got USB sticks labelled Microsoft, Sonardyne, HP, Dell and Fluke. Unless it had a tag on it saying "Property of Gr't'r M'ch'st'r Police" or something I'd not have had the labelling down as the owner.

      But they really shouldn't have had this data available stored on a USB stick anyway. Or if they HAD to have it in an unencrypted form, say if every anti-terror plod had a copy to let them respond quickly and needed to be able to read it on any random PC, then it should have been carabinered/velcroed into a zipped up waterproof pocket on their uniform.

      At the very least they could have put a password on it if it's a PPT/Word Doc/PDF. Doesn't stop anyone who wants to breaking into it, but at least you'd be committing an offence if you opened it.

  14. Anonymous John

    Hmm.

    You find what is clearly police property outside a police station. Do you -

    A) Return it to the police.

    B) Plug in into your laptop to see how cops are told to deal with photographers.

    C) Give the story to a tabloid paper.

    "A" could get you arrested of course.

    1. Anonymous Coward
      Anonymous Coward

      A

      is the only one that shouldn't get you arrested, the others would be classed as stealing by finding.

      B) is stealing the physical memory stick, as well as some king of hacking offence, unauthorised access.

      C) is probably B + anything else they can think of to hit you with for embarrassing them!

  15. Eden
    Stop

    Extreme Pr0n

    Ahh of course with the Extreme Pr0n laws meaning possesion regardless knowledge or means of aquisation is the crime, just stick Extreme pr0n on USB sticks as standard, that way if anyone has the audacity to find one that has been lost they can immediatly be arrested and locked up :)

  16. LinkOfHyrule
    Coat

    I love how

    I love how the usb stick was branded with the police details - I wonder if the MI5 and MI6 usb sticks are branded with the words "Top Secret"!?

    Mines the one with the word "Coat" printed on it!

  17. Anonymous Coward
    Anonymous Coward

    Not the first time I've heard of coppers leaving important stuff lying around...

    ...I've got photographic evidence of coppers in one London Borough having left the keys to one of their squad car lying on a wall , where they were lucky enough that someone stupid/honest found them and handed them in rather than using them to go for a joyride/nick whatever interesting stuff they had in the car/get up to other nefarious fun enabled by plod carelessness.

  18. Trygve Henriksen
    Unhappy

    Now, I'm wondering...

    A guy finds a USB-stick with a POLICe LOGO outside a Police Station...

    What does he do?

    1. Take a small detour inside to hand it to someone in the reception?

    2. Bring it with him to the office, where he can put it into an envelope, address it to the Police and drop it into the outgoing mail at his leisure, or...

    3. Bring it to the nearest news agency...

    Just wondering...

    Did it occur to anyone who looked at that USB-stick that they might just be committing a crime?

    Sure, the cops probably can't touch them at the moment because they'll scream 'harassment' the moment a cop comes within beating distance, but... It never hurts to be on the good side of the law...

    1. Destroy All Monsters Silver badge
      Coat

      Go to Owl and sell it

      Everybody is committing a crime all the time anyway.

      So who cares.

  19. Wize

    If I did this...

    ...my company would kick me out the door in a heart beat.

    We have company policies about not coping company sensitive material onto non company devices (eg personal laptop) or removable media.

    Was anyone sacked the last few times government officials lost unencrypted media?

    I wonder if they will take the finder at his word that he didn't copy it or if they will double check his PC for him.

  20. Martin Milan
    Thumb Down

    Anti-Terrorism eh?

    From the Public Order Unit?

    Are we really back to seeing every peaceful protestor as a terrorist / domestic extremist again?

  21. SImon Hobson Bronze badge
    FAIL

    ASSUME makes ...

    and ASS out of U and ME

    Why do several previous comments all make the statement that it was "obviously the property of the Police" ?

    Have so few people been to events where branded memory sticks like sweets ? All the logo means is that it once belonged to the unit concerned. It may still belong to them, it may have been given out to all attendees at some event, it may have been given out as some sort of promotional tool.

    Having said that, someone local got arrested a while ago for "theft by finding" when he found a wallet in the street - even though he was on his way directly to the Police Station to hand it in ! But it's still only theft if there is an intention to permanently deprive the owner of it.

    1. Jimbo 6

      Promotional Tool ?

      Anyone else remember the Viz advert ?

      "Robbed ? Burgled ? Run over ?

      Why not call the POLICE ?"

    2. Anonymous John

      It's a reasonable assumpion.

      Police logo, and found outside a police station. What are the odds of another explanation? One in a hundred? One in ten thousand?

      1. Wize

        Maybe...

        ...he thought it was a designer label.

  22. Remy Redert

    Re: True!

    I must admit to regularly sticking unknown USB sticks into my PCs, with little fear of their contents. This might have something to do with the fact that on the few Windows machines I have, auto-run and network share drives are off and the rest is all *nix machines running low privileged accounts.

    Now if this person stuck that unknown USB stick into a badly secured Windows machine, then yes, he's a bloody idiot. Similarly, if he did not take precautions to ensure he remained anonymous when he turned that stick in, he's a bloody idiot.

  23. Richard Porter
    FAIL

    Non-authorised devices

    “Companies should ensure all data copied to USB sticks and CDs is automatically encrypted, and the use of all non-authorised devices controlled."

    Isn't this like saying all illegal immigrants should be counted at the point of entry? If the device is non-authorised how do you know it's being used?

    1. Anonymous Coward
      Anonymous Coward

      Not that hard

      USB devices have unique IDs. Block anything but the few IDs you know should be used. Any BOFH worth his salt should be able to do this.

  24. Peter 39

    encryption on the stick

    It's true that some on-stick encryption is not that great, although it'll keep out many.

    Better is to have the stick as an encrypted filesystem so the crypto is done in the host. Of course, that only works if the host itself is secured well enough. If it's WIndows (probably the safest of all the assumptions in this thread) then this could be problematic.

    Superglue on all the USB ports, optical drives etc isn't really a viable idea.

    A better one would be to fire the IT firm and hire one that knows how to do it. Probably not the lowest bidder.

  25. Anonymous Coward
    FAIL

    On another note

    Why were the Police 'in the process of findign out who the owner was'...all controlled USBs should be logged with their owner information. Asset management anybody? Blimey, even my company has a list of all USB serial numbers for non-government/sensitive data.

  26. Remy Redert

    @Richard

    By forcing the machine to only read/write to encrypted and authenticated devices, refusing to allow any action to be taken with an unencrypted and unauthorised USB stick. Simple enough in theory, don't know how easy that one is to implement though.

  27. Juan Inamillion
    Coat

    Alternative

    How about this: spotting the USB/Storage/computer/keys loose in the wild, immediately take a picture/video with time stamp of it in that location.

    Take more pics/videos while on route to cop shop/MI5/6 showing that you're not plugging it in or whatever.

    Take pics/video of handing it in (this might be tricky...).

    Get banged up for taking images.... oh wait.

  28. Anonymous Coward
    Anonymous Coward

    ENcryption

    I was doing a roll out of new laptops to Federal law enforcement agency. They have software that automatically encrypts all data , even removable data such as CD-rom burners and thum drives . The software loads before windows and can only be disabled if you have the admin pass word which only IS has . So what is so hard about encrypting data ?

  29. Anonymous Coward
    Anonymous Coward

    The usual script

    "We are aware of..."

    "We are currently looking into..."

    Fill in as required, adding "We are/will be working with...." as and when required.

  30. Thomas Hook
    Alert

    Bandwagon full - please catch next one

    No document that was an "essential reference for all officers" (Star article) would be "top-secret" (again, Star Article). The vast majority of bobbies have SC clearance, which means Restricted at best, with occasional, supervised Top-Secret access (which does not include everyone being given it on a USB drive!).

    Come on El Reg, this article has more holes than a golf-course, apply some of your usual logic rather than just jumping on the anti-police and data-loss bandwagons.

    1. Fred Flintstone Gold badge

      Incorrect..

      "The vast majority of bobbies have SC clearance" - no way. At most they will have "BC" which means they don't have any unpaid parking tickets outstanding. SC gives access to TS, and you wouldn't want the average plod near that - as the losing of the USB stick clearly proves..

  31. Anomalous Cowturd
    Linux

    It's really not that hard...

    1) Encrypt ALL sensitive data. Even if every-one involved gets the same password. (True-crypt). Even a bored plod at a seminar can probably remember that. Make the password "doughnut" or "accidental death in police custody", or "tourist". You get the picture...

    2) Disable USB in password protected BIOS

    3) Hot Glue / super-glue shut all USB ports just to make sure. Takes, at most, 5 minutes, on an unplugged box

    4) Remove or don't order CD / DVD write capable devices. A DVD reader for those who REALLY NEED them. PC Plod doesn't need external data, it's ALL on the network FFS.

    5) Carry on executing electricians, ejecting pensioners, harassing photographers, etc. Ad nausea, and WE will probably never find out.

    Cheques to the usual address please.

    Oh, and put one of these penguins on your pooters!

    In fact, WTF don't the UK.gov just fork their own branch of Red-Hat or Debian / Umbongo and sort out the whole governmental IT landscape. You know, like those "backward" Latin American electrician training types seem to have managed.....

    That's another £45 million consultancy in the bag! kthnxbye XXX

  32. Anonymous Coward
    Black Helicopters

    hmmmm

    Whilst the stick may belong to GMP as stated some of the data was from the NPIA, Now, the NPIA operate restrictions on USB and CD Burning where not only is access controlled to both but data is encrypted when written. Also only 'approved' memory sticks will work so the GMP stick couldnt have been plugged directly in.

    So then, end users always the weakest link in the chain. Ho Hum

  33. Henry Wertz 1 Gold badge

    I'd shove unknown USB sticks into my PC

    "Firstly, what sort of bloody idiot stuffs an unknown USB stick into their OWN pc?? Keyloggers, viruses (or viri) and all manner of crap could have got onto his machine."

    Well, I would. I run Ubuntu and gentoo, sensible OSes do not randomly start autorunning code just because some USB stick or CD was shoved into the machine. I certainly wouldn't run any random executables I find on there!

  34. Tom 7

    "Why was it copied to the drive in the first place?"

    @By Design

    No - it was copied through primitive document centric thinking.

    Did they carry a printer around as well? If not the chance of them being able to read any of the PDF documents on a tiny screen and search for the relevant parts is about 0. And they would probably be out of data anyway.

    And as we taxpayers have paid a fortune for some form of always available connectivity perhaps they ought to look into some of this ere modern technology and security stuff (I say modern it was around 20 years ago) that can not only present you with up to date files but check who has access to them)

    But hey, why use the 20th century internet when we can piss all our money up on 19th office technology.

    Write me a PDF in response and send me the link so I can ignore it.

  35. This post has been deleted by its author

  36. Michael H.F. Wilkinson Silver badge
    Stop

    As I read the article

    the branding was with the initials GMP POTU. How many people instantly associate that with the police (without first reading this piece)? I could well imagine accessing the stick in order to find out who it belonged to (on a secure Linux box). If he then found that the police was seriously bungling things, I could well imagine reporting this to the paper AND returning the stick to the police.

    1. Britt Johnston
      IT Angle

      GMP anecdote

      An IT manager in our Pharma firm was looking on the internet for information on GMP (good manufacturing policy). He was so taken by the Manchester Police's data policy he based his own on it.

      http://www.gmp.police.uk/mainsite/pages/dataprotection.htm

  37. Anonymous Coward
    WTF?

    What chance have we got?

    Our company is that paranoid about losing USB sticks that the directive is that if we must take data out of the building then copy it onto a CD.

    The irony is we have encrypted USB sticks.

  38. Anonymous Coward
    Pirate

    FoIA?

    How much of this was labeled as "confidential", etc. and how much was already public domain information? Isn't a fair bit of this SUPPOSED to be public information?

    Like all security through obscurity; if the process can only work because you hope no one else knows HOW it works - its doesn't really work. And all your faith to defend it is misplaced hope in a process that has already failed in the first place.

    Have your procedures open and available to all - if they are good and effective, it won't matter that they are publically available, and will help a LOT with public relations in case anything does happen.

    All "secret" and "cofidential" procedures offer is the ability to change your minds without attracting reprimand when you find that your procedures are, in fact, shite.

  39. Anonymous Coward
    Pint

    I have a funny story...

    A certain VERY LARGE retailer... have an IT security policy that essentially locks down

    all pc's on each of their many networks.

    i.e No access to cd rom, only limited access to local h.d.d

    The security policies are controlled from India, but when ever I need log files.....

    Woohoo, anyone can take a USB Memory Stick from home, plug it in, and then copy the stuff I need

    and email it to me, with no questions asked.

    If anyone can guess the company, I'll buy you a beer.

    Beer well, it's free on the Reg

  40. "CURLY"
    Thumb Up

    UNSECURED FLASH DRIVE

    If it was on a secured flash drive , like the ironkey . They would not had to worry then .

  41. D. M
    FAIL

    how many people know what GMP POTU stand for?

    Before I read this, I would never in a million year think it has anything to do with police.

    Assume even you know, as stated already, it is only a logo.

    Not to forget, You have a higher chance to find some free bit been lost at the front door of the same company. I once attended event hosted by a very very large IT company. when I left there, there were people finding those free stuffs just been handed out.

This topic is closed for new posts.

Other stories you might like