Military Secrets for Sale on Stolen USB Drives 225
nTrfAce writes "Per a BBC Article, "US forces in Afghanistan are checking reports that stolen computer hardware containing military secrets is being sold at a market beside a big US base.
Shopkeepers at a market next to Bagram base, outside Kabul, have been selling memory drives stolen from the facility, the Los Angeles Times newspaper says.""
Missing Classified Hard Drives (Score:0, Interesting)
I'm no military fan... (Score:4, Interesting)
Re:Why? (Score:2, Interesting)
At least this way, no president needs to leak [nysun.com] anything himself
Re:why/when. (Score:3, Interesting)
I remember a case at a client in which we had to mail a very sensitive, very important document very quickly.
Turned out we couldn't mail it using the clients own mailsystem, as... it didn't allow Word-attachments (or Zip or
In the end we ended up taking the document on a floppy (yes, this was some years ago), to a 'learning centre' computer which was attached to the internet, and we ended up mailing it with... hotmail...
Roel
Yet another chill pill moment (Score:4, Interesting)
So it's not large scale, hyperterrorsquads selling supersensitive secret soldier material to themselves. but rather small bits of pieces, that together will probably seem as just that. small bits of pieces. It is however always unfortunate that personal and classified information is handled carelessly, but if we can't even handle this properly at home, why should it be any better in Afghanistan.
I'll give the answer right here: First, get better at handling information security at home, before you start using the technology abroad.
Don't give sensitive material to people who haven't been screened on how they handled it (I thought this was already a goal the tried to achieve)
Re:Why? (Score:5, Interesting)
Once upon a time it could force that it is not done. This is what levels of security above C and OSes like Trusted Solaris were all about. Not about being unhackable, but about it being impossible to copy data from a higher security container to a lower. Granted, someone with high enough security clearance and rights to declare his USB drive "secure" could have gotten past that as well, but the average PHB wannabie corporate ladder climber could not do anything about it. He could not "take work home".
This is also coming back. The slashdot crowd keeps bitching about Vista DRM being Digital Wrongs Management and being mostly promoted by pigopolists. Once again wrong. Along with AD it will allow any corporation to force a mandatory encryption policy on all the data on all media in the house at the click of a mouse. Throw in this the usage of TPM chips on all Vista ready PCs and this will make any data that a corporation wants to make unrecoverable without proper access credential on a PC really unrecoverable. All of this centrally controlled. This will also result in much faster adoption of Vista in the enterprise than people can even think off, especially for mobile devices.
This also means that if Linux is to compete for the desktop it will have to have the same features regardless of Stallmans desires. This is one thing on which Linus is absolutely right. The usage of DRM by pigopolists is a current fad which is only a minor fraction of its actual use. The real use of DRM is to enforce a security policy on data across an enterprise. Having this will be essential to the success of any OS out there in 2-3 years. Also, there is no problem with DRM being opensource. Essentially DRM is nothing but a crypto application. Same as with every good crypto - having the source should not allow one to break it.
Re:why/when. (Score:2, Interesting)
Long time ago we had to transfer some sensitive data between two military bases. The data was saved to a floppy (8" floppy at that), put in sealed envelope, in the locked suitcase chained to the carriers wrist, into APC, to the airport, helicopter, APC, and straight to us. The whole nine yards.
And then we found that the caporal on the other end found it bizzare that there was something shuffling in the envelope, and to secure it better he put a couple of staples through the envelope. And through the disk.
Since the data was both sensitive and urgent (no time for the whole nine yards again), we ended by transferring it using modem over unsecured phone carrier.
Scrapping the Military.. (Score:4, Interesting)
Somewhere in California (IIRC) there is a company that specializes in providing military aircraft for the movie industry. At the time he appeared in a documentary which I watched, the owner of this business had apparently assembled more than one Cobra Gunship from parts sold off by the Armed Forces as scrap and was well on his way toward assembling (what was at the time at least) a state-of-the-art Apache assault helecopter using parts draw from similar sources (they showed footage of it being assembled). According to this guy some of the things the US armed forces sell off to civillans as 'scrap' are downright scary both because they are sometimes dangerous (contain live munitions, toxic materials, rocket engines, etc..) and because this 'scrap' includes some pretty sensetive electronic equipment. So stolen PC's are not the only problem, the US armed forces quite freely sells off some pretty amazing stuff as junk. True enough, the information on a stolen PC can cause a significant security breach but an enemy nation getting it's hands on sensetive military electronics at a scrap auction is even worse. I suppose the way the military filters equipment for disposal may have improved over the last few years but somehow I doubt it.
Re:why/when. (Score:4, Interesting)
If thisis only about company sensitive information, then fine. But if you're talking about military secret or confidential, then the rules are a bit different. You can't read a classified document on the way home on the train, as other people around you could see it. And unless your home was certified as a secure site, it would be illegal to have the docement there. You'd also need special paperwork to take the document out of it's original building.
I have to ask who is doing this stealing. If it's by uncleared civilians, then what are they doing in proximity to classified material? Otherwise the stealing must be done by cleared personnel, which is a whole different story of criminal intent. Something doesn't add up here.
Re:why/when. (Score:3, Interesting)
So I suspect that this reporter saw something on a stolen usb drive and just assumed that it would be classified. It may have been sensitive, but of a lower classification that would not have required the measures I mentioned above. Not that loosing such info wouldn't be bad - it very well could have, but that doesn't equate to classified info.
Of course, while we're speculating, he could have seen a document that was created by the soldier that owned the usb drive, who then failed to follow procedures for classifying documents properly, and mentioned classified info in an unclassified document, on an unsecured system. That has been known to happen, especially under combat conditions, and is just as bad as what the article is talking about...
Re:Strong encryption (Score:4, Interesting)
Re:Strong encryption (Score:4, Interesting)
I very much hope that I would.
I am not saying that the ends justify the means
Oh yes you are.