Why Are UK Defense Ministry Officials Carrying Classified Info On USB Keys?
from the seems-like-a-reasonable-question dept
Over in the UK, the Defense Ministry is admitting to the fact that it’s lost plenty of laptops with classified info on them. That, alone, isn’t really all that newsworthy, given how common it is for governments around the world to lose such things. What was more interesting was the admission that employees have also lost 26 portable memory sticks (USB keys) with classified info on them (out of a total of 131 memory sticks lost). Given just how easy it is to lose such USB keys, it makes you wonder why they would ever put classified info on them. One would hope that any such info would be encrypted, but the report doesn’t seem to indicate one way or the other on that.
Filed Under: classified, lost data, memory sticks, uk, usb keys
Comments on “Why Are UK Defense Ministry Officials Carrying Classified Info On USB Keys?”
first!
they need IRON KEYS!
Re: first!
no … they need to not put classified information on USB keys. EVER. Encryption can be broken.
third
gg brits
wtf?
it’s just a better floppy. This is completely a non-story. Floppies got lost, thumbdrives will get lost. And before you go spouting off about the capacity being an order of magnitude different, let me just ask you this. Do you have any idea how many zipped text records can be stored on a floppy?
The need for convenience doesn’t come to a complete standstill because somethings *OMFGCLASSIFIED*. It’s an absurd knee jerk reaction to make that claim. People still need to get work done, even when their work involves confidential documents.
Oh, and before anyone goes all ape shit over confidential being matter of utmost national security or other stupid shit, let’s just clear this up right now. Almost every damn thing an office worker does for any gov’t department does is classified. Even NOFORN is considered “classified”.
Re: wtf?
Capacity is a huge issue. Take your argument about the zip files and turn that around on yourself. Humans are worse than raccoons when it comes to storing files on removable media. USB thumb drives have become the vehicle of choice for intellectual property theft around the world. They are convenient, concealable, and have huge storage capacities (note the espionage elements). A while back I created a batch script that would auto-run on a computer (if enabled) that was designed to collect doc, xls, ppt, pdf, pst, and mdb files from a computer, zip them up, and copy the zipped file to my thumbdrive. When my collection was completed the script would wipe the zip file from the computer.
You have to weigh the risk against the convenience.
I agree that convenience does help get work done, but there can be some technical protection put in place. Certainly something like an IronKey would help, but there are other solutions out there that would prevent the disclosure of information should one of these standard USB devices get plugged in and later turn up missing (i.e. PGP utilizing USB tokens where the secret never leaves the token).
Not everything a govt. office worker does is classified, and as a matter of fact, subscribing to that school of though is what has landed the Bush administration in some hot water. If you classify everything, then nobody will treat the information as sensitive. It is like crying wolf, if human intelligence reports and the organization’s annual BBQ hold the same classification then you have cheapened the caveat and compromised lives.
There is such a thing as UNCLASSIFIED, and most govt. workers operate at that level. Depending on what agency you work for you may have other levels such as FOUO (For Official Use Only), which basically means don’t distribute it to the media or others without an official need, and LAW ENFORCEMENT SENSITIVE. If these documents were to be leaked they would not cause a nuclear holocaust.
Just to close up on your rhetoric; NOFORN is a caveat modifier, not a classification itself, and can be added to any level of classification. It places a restriction that the originating country should not share it with intell partners from other countries.
Next time you decide to post something get your OMFG//SHIT//STRAIGHT.
I will not allow jackasses like you to blow this off as a non-story. It is 2008 and there is technology to protect data that lazy, over-billing, fat-asses (much like yourself), have access to. I know your type (govt. contractor) and I take pride every time I get to pull a $100K salary and maybe even a retirement away from one of you. Stop being a leach and jump on board with the rest of us, or, suffer our policies, procedures, and best practices. Information has become worth more than gold my friend.
Re: wtf?
The issue isn’t really over the format being used, but this: Why are classified records being carried around on the person of civil servants? There are many ways to securely transfer documents with a relatively low risk of interception. So, why are they being carried on an easily-mislaid physical device?
Oh, and it’s not just anyone’s data being lost, it’s the f**king Ministry Of Defence! Even if the documents aren’t vital to national security, you’d think they have some idea about how the secure their own files.
Does 4Gb = 1 human lifetime..?
I read an article sometime in the past year that mentioned a human brain has the equivalent of 4GB in it, but I can’t find the link. Numbers not withstanding, in the day of flash USB drives in sizes up to 64GB, this makes me feel sooooo secure.
wtf?
some old guy,
I usually relate to your comments, but I disagree here. USB drives were created for portability, often being so convenient as to have keychain attachments. A floppy drive is portable, but it’s not designed and marketed as such.
In the age of the total connectivity and secure encryption channels, there’s never a reason to transmit sensitive information in an interceptable way. That’s not over-simplifying the issue — it’s fact.
Security does always come at the cost of convenience, but there are plenty of tools today that make security very, very convenient.
Finally, regarding your point about the amount of classified info that’s really worthy of being classified… that’s a red herring. It’s undeniable that there is plenty of information worth being classified, and I shutter at the thought of digitally clueless bureaucrats trotting around with it on their keychain.
Mark
“Confidential” is extremely broad. There are many different levels of classification. Something top-secret would have never left the vault in which the computer is stored.
Today, personal information on government employees is considered classified. So, if you have your address or a colleague’s address on your thumb drive, the loss attributes to the number of cases reported.
I hope someone steals my laptop, so I can get a new one. Oh no! Classified information: 0 me: 1
There's another issue here
Hang on a moment. The Defense Ministry loosing laptops “isn’t really all that newsworthy”?
Do the sums. It’s bad enough that they loose a laptop every 3 weeks, but they’ve had a laptop stolen every 3 days, for 4 years!
Of course the money wasted doesn’t compare with other government scandals, but surely it merits more than a shrug!
USB Key
I could see if they had a USB drive like my dads. It’s got fingerprint recognition built in so no one can see anything on it without the print.
I know, any encryption can be broken, but if we go along that line I hope you don’t have a computer… or paper. Any working computer or any non working computer with chunks bigger than a dime can be cracked and miss-used. Any transport method can be intercepted. We just need to be as careful as possible. Like, don’t leave USB drives in your unlocked car.
Subdermals!
They need bluetooth subdermal implants!
Bob: Hey Jim, I heard you lost your data. How’d that happen?
Jim: Lawnmower accident. (Holds up stump)
Dearest
coleman00007@yahoo.com
Dearest
I am Madam.joycoleman from Israel. I am married to Mr.Eli Solomon coleman who worked with Isreal Embassy here in Ivory Coast for nine years before he died in the year 2004 February 14. We were married for eleven years without a child. He died after a brief illness that lasted for only four days.
When my late husband was alive he deposited the sum of $5.5 Million with a security company here in Cote D lvoire. Presently this money is still in the Vault of the Company. Recently, My Doctor told me that I would not last for the next Eight months due to my cancer problem. Having known my condition (cancer of the liver and stroke). I decided to donate this fund to humanitarian home and l will like the humanitarian home or any faithful brother or sister concern to utilize this fund according to my instruction.
I want somebody that will use this fund according to my Late.husband’s desire to help the orphanages, widows , propagating the good news of God and to endeavor that the House of God is maintained and to help the less privilege people of God. I took this decision because I dont have any child that will inherit this money. And I dont want where this money will be used in an unGodly way. This is why I am taking this decision to hand you over this Fund. I am not afraid of death hence I know where I am going.And I dont need any telephone communication in this regards because of my health.
I want you to always remember me in your daily prayers because of my up coming Cancer Surgery.Write back as soon as possible, Any delay in your reply will give me room in searching for another person for this same purpose. Please assure me that you will act accordingly as I Stated herein. Hoping to receive your Urgent and Positive reponse.
The Joy Of The Lord Is My Strenght
Mrs Joy Coleman