Forgot your password?
typodupeerror

Stolen VA Laptop Recovered 202

Posted by Zonk
from the vets-less-nervous dept.
lancejjj writes "Remember how the VA was pinning the theft of 26.5 million veterans' personal records on a hard working-but-renegade employee whose laptop was stolen? Surprise! It turns out that the employee had written permission to bring the sensitive data home. Fortunately, the laptop has been recovered. It is still unclear how the laptop was recovered, or if any of the veterans' personal data was leaked."
This discussion has been archived. No new comments can be posted.

Stolen VA Laptop Recovered

Comments Filter:
  • Yeah, Fooooound (Score:3, Insightful)

    by Goblez (928516) on Thursday June 29, 2006 @04:52PM (#15631372)
    Or a copy of it for publicity sake.
  • Nothing taken (Score:4, Interesting)

    by paganizer (566360) <thegrove1 AT hotmail DOT com> on Thursday June 29, 2006 @04:53PM (#15631384) Homepage Journal
    I believe it said on the FBI's report that it looked like the data had not been looked at.
    • > I believe it said on the FBI's report that it looked like the data had not been looked at.

      "No way!"
      "Yes, way. Looked at the report and it looks like the report says it looks like the data had not been looked at."
      "Who's Wei?"
      "'Yes way', not 'yes, Wei"
      "Who?"
      "Not Hu, not Wei."
      "I dunno!"
      "THIRD BASE!"

    • I believe it said on the FBI's report that it looked like the data had not been looked at.

      If you don't find porn, what's to look at?
    • Re:Nothing taken (Score:5, Insightful)

      by treeves (963993) on Thursday June 29, 2006 @05:21PM (#15631720) Homepage Journal
      I for one am relieved that the data was not accessed, since I am a veteran who received a letter saying that I might be subject to identity theft as a result of this incident.
      They gave us all a years worth of ID theft tracking service at a cost to the gov't of $(several millions?).
      If a class action law suit against the VA for this debacle is successful it will cost them a lot more than that.

      I am more than a little annoyed that they gave the guy permission to take the data home, and now they are firing him for having done so.
      In spite of my feelings, I hope such a lawsuit fails, since it will only hurt those who rely on the VA's funding for their health care, etc.
      The people who allowed this to happen certainly aren't going to give themselves a cut in pay!

      • Re:Nothing taken (Score:3, Insightful)

        by pete6677 (681676)
        They need to fire all of the morons who made this possible in the first place. It's hard to say which is worse, having no data security or not even knowing if your data is secure.
        • Re:Nothing taken (Score:3, Insightful)

          by mpe (36238)
          They need to fire all of the morons who made this possible in the first place. It's hard to say which is worse, having no data security or not even knowing if your data is secure.

          Where would you put them all? These people probably number in the millions, since they include everyone who thinks that a SSN is anything other than a personal name.
      • Re:Nothing taken (Score:4, Insightful)

        by hazem (472289) on Thursday June 29, 2006 @05:53PM (#15632036) Journal
        Do you really believe them when they say the data was not accessed? Ignoring the fact that the data can be accessed with no evidence left on the drive. You're a veteran, and you still believe what the government tells you when it's good news for them?

        The real fault lies with the credit reporting/monitoring companies.

        They have created a system where it's easy for anyone to get credit in another person's name. Their solution, of course, is to pay them to monitor your credit in case someone tries to do it.

        The data is not very valuable for most ID theives if they cannot open up instant credit. So, the "solution" is to for the VA to pay the very companies that make it easy to get instant credit for monitoring services.

        What a racket.

        The easiest first step is to require those agencies to allow every person to put a credit freeze on their credit records. This would stop the instant credit and at the same time would stop a vast majority of the ID theft going on.

        Those very same companies have lobbyist to prevent this, of course.
        • by TubeSteak (669689) on Thursday June 29, 2006 @06:07PM (#15632144) Journal
          Do you really believe them when they say the data was not accessed?
          FBI Analysis:
          Start ---> Documents ---> Recent Documets

          FBI Analyst #1: Doesn't seem like anyone looked at the file.
          FBI Analyst #2: I concur

          FBI Official: We are pleased to announce that it does not seem that anyone accessed the records in question.
        • Re:Nothing taken (Score:3, Insightful)

          by cait56 (677299) *

          I don't see how the credit reporting/monitoring companies can fix this.

          To me the problem is very simple. If I lose my keys, I don't put a "key watch" on my door to see if someone attempts to use the lost keys. I change the locks on the door and get new keys.

          If the confidentiality of my social security number is lost then I need to get a new social security number.

          • To me the problem is very simple. If I lose my keys, I don't put a "key watch" on my door to see if someone attempts to use the lost keys. I change the locks on the door and get new keys.

            You suck at analogies. A credit report is like a burglar alarm on your house.

            If the confidentiality of my social security number is lost then I need to get a new social security number.

            And you're going to hope that the thousands of agencies and tiny little companies that have your data will get the updates in a timely manne
    • Re:Nothing taken (Score:2, Interesting)

      by crowemojo (841007)
      Ok, the best you could possibly do is try and reconstruct when the computer was turned on or logged into. At best, you can say that; since the laptop had been taken, it had not been logged into. Even then, that is no assurance that the data was not copied, since the drive could have been taking out and copied.

      There is no reliable forensic technique to determine beyond doubt that data has not been read. Imagine if you had left a page with notes in a public, high traffic area. When you found that page a
  • by Shadow Wrought (586631) * <shadow...wrought@@@gmail...com> on Thursday June 29, 2006 @04:53PM (#15631392) Homepage Journal
    According to the FBI as reported by Reuters [reuters.com]. The FBI said that the DB hadn't been accessed since the date it was stolen. Keep in mind, too that laptop thefts are no different than any other and the vast bulk are crimes of opportunity. So it most likely that the laptop was just at the worng place at the wrong time and the tweaker responsible had no idea as to its value.
    • It does seem that this was a random theft, not a targeted attempt to steal the data.

      However, how does the FBI know the data wasn't accessed?
      • by neonprimetime (528653) on Thursday June 29, 2006 @05:01PM (#15631486)
        You trust Microsoft Windows "Last Accessed Date" on files, right? I mean there's absolutely positivity without a doubt no way no how no possible method of changing that "Last Accessed Date".
        • by bcat24 (914105) on Thursday June 29, 2006 @05:05PM (#15631542) Homepage Journal
          Or using a system [knoppix.net] that doesn't even touch the last accessed date in the first place.
        • by pluther (647209) <pluther@@@usa...net> on Thursday June 29, 2006 @05:40PM (#15631921) Homepage
          I think it unlikely that the VA depended on the "Last Accessed Date" when they made their claim that the data hadn't been stolen.

          Given what we've seen so far in the case, it's more likely that they carefully scanned it, determined the data was still there, and therefore must not have been stolen.

          • Given what we've seen so far in the case, it's more likely that they carefully scanned it, determined the data was still there, and therefore must not have been stolen.

            How much are you paying to sit up at Portland State's CS department and /not/ know about dd or cp? :o) It's not like copying data is destructive.

        • Can you get around it? Of course, however that requires someone who knows what they are doing, and plans accordingly. If they are poking around randomly and open a file, the accessed date gets updated and they can't roll it back to the original date.

          So how much faith do you put in it? Well you look at the circumstances of the crime. Does it look like it was a targeted hit, to get this specific laptop and data, or does it look like a normal theft of opportunity? If it looks like a normal theft, the accessed
          • I'm sure the former KGB agent who lifted the laptop because islamic chechyen rebels was holding his sister-in-law hostage wouldn't know enough to make it look like a crack-head lifted the machine. Seriously, you have to assume that it was an pro who lifted it to compromise national security until proven otherwise, that's the way the game has to be played.
            • This data isn't a national security risk, that's why it wasn't secret or top secret. It was confidential, as personal data like thi is but that's it. It's a risk to those invloved, it isn't a risk to the nation overall. That the people on the list were in the military is a matter of public record.
    • by ewhac (5844) on Thursday June 29, 2006 @05:00PM (#15631478) Homepage Journal

      The data probably wasn't accessed. If the thief knew what they had, and was at all clever, they could have pulled the drive, performed a raw sector copy, and put it back. Poof! No date changes. I'm sure the FBI forensics team will be checking for this possibility.

      Schwab

    • The laptop was recovered, and data has not been accessd (they think). That's not the point.

      First, they cannot know whether the data has been read or not, since they could have simply copied the disk, sector by sector (as anyone with data forensics experience knows, FBI included).

      Second, the fact that the data this time was not accessed is not the important thing. The important thing is that the security policy regarding this type of data is not tight enough. Maybe the next time a laptop is stolen someone wi
    • Suppose the laptop owner had some bad gambling debts. Suppose the creditors involved offered him a choice: steal us some names for our ID theft operation or you sleep with the fishes. Laptop owner gets permission and brings the laptop home, leaving it in plain sight with the porch light on while he goes to get some smokes. He comes back and Horrors! the laptop, but nothing else in his house, is gone. The thugs take the hard drive out and image it, spend some time verifying that he didn't give them a bogus l
      • Actually you don't have to have your tinfoil hat on too tight to believe that.

        The situation you describe is not at all unlike how the mafia cargo-theft operations run (or used to run...the people I know are all ex-OCTF types). Basically they'd find some truck driver who had a gambling problem, and make him a deal: he parks his truck at a certain rest area on a certain night, and goes into the restaurant to have dinner. When he gets out, his truck is missing. Sometimes they'd even arrange it so that the cargo in question that night would be particularly high-value (load of VCRs, whatever), or easy to fence merchandise.

        The key question in the data-theft is whether or not U.S. organized crime is really involved in large-scale identity theft, to the point where they would have wanted to get their hands on a laptop full of data that badly. If you think that they are, then the whole scenario doesn't seem totally implausible.

        I'm fairly confident, however, that the FBI is probably looking down this angle -- it's not really that hard a thing to imagine, so I expect that they're going through the employee's finances and everything else, seeing if there's some way he could have been compromised.
        • The situation you describe is not at all unlike how the mafia cargo-theft operations run (or used to run...the people I know are all ex-OCTF types). Basically they'd find some truck driver who had a gambling problem, and make him a deal: he parks his truck at a certain rest area on a certain night, and goes into the restaurant to have dinner. When he gets out, his truck is missing. Sometimes they'd even arrange it so that the cargo in question that night would be particularly high-value (load of VCRs, whate

      • That's just plain goofy. Simply burning the thugs a copy would be more effective, as none of the 26.5 million people would have gotten notice that their data was compromised.
    • That they were actually using a Microsoft Access database. Hey, I guess it finally paid off that the "modified on" date gets updated everytime you open the file, regardless of whether you actually modify anything. Hooray for Microsoft bugs! ...I mean undocumented features!
  • I'm sure it's safe (Score:4, Interesting)

    by jeffmeden (135043) on Thursday June 29, 2006 @04:54PM (#15631405) Homepage Journal
    There is no way the thief who had it thought to himself "Hmm all these VA logos, some huge files with a bunch of names and 9 digit numbers. I obviously have nothing important here, I should just return this to the rightful owner." I mean it's not like this was all over the news or anything. Where would he get an idea like 'steal the identities of 26 million veterans'??? I know I can sleep a little easier (mostly because I was never in the armed services). On a more serious note, why aren't the headlines reading "VA wrongly accused employee of negligence, prepared to take full blame"? That seems to be the gist of this event.
    • I received one of those official letters in the mail from the VA stating the jist of what the original news article talked about. Although I wasn't surprised that I got it, it still made me feel uneasy knowing that someone out there has mine (and countless others') information. I'm relieved to see that the laptop made it back...whether or not my information is still out there is another story....
    • Well, the thief was, most likely, not an educated person. He may not have even turned on the laptop. Also, what if the laptop had a password prompt (i.e. Windows XP)? The thief would most likely not be a technological mastermind, so may not have even been able to log in.

      Also, this laptop was most likely taken by a small-time, petty thief. The last thing he'd want is so much government attention--I would not be surprised if the thief returned it himself.

      Put yourself in his situation--if you were a s

      • True, there's a 99% chance the thief didn't know how important the laptop was or how to get the data off. But that means there's a 1% chance that some guy copied an important government database. I just hope it was encrypted.
        • Well, we will likely never know weather or not the data was accessed. But I can tell you that the data was not encrypted. If it had been then the VA would not have been required to disclose the loss of the information.

          For this reason the Department of Veterans Affairs has been looking at whole disk encryption systems for deployment on all portable computers. It looks like Pointsec will likely get this contract in the near future.
        • ... there's a 1% chance that some guy copied an important government database. I just hope it was encrypted.

          Oh, it probably was . . . with DES . . . in ECB mode . . . with the key 00000000 [slashdot.org] . . .

      • How exactly do they "know" that it hasn't been accessed?

        Perhaps this was an organized gang, they could have booted off a live cd, mounted the hdd in read only mode, pulled the database onto the network and then set up a bungling thief to take the rap.

        If you were working for the mob then that would seem like one of the best ways to pull this off without causing suspicion
    • 1) The theif probably didn't even check. People steal laptops to sell them, not to mine their data since 99.9% have no valuable data.

      2) Identity theft on a large scale is nearly worthless because it's news. People get notified accounts get watched, you get caught if you use it. It's the small stuff where the harm happens. You get one person's identity and they don't know so you can abuse it for a couple months.
  • by bunions (970377) on Thursday June 29, 2006 @04:54PM (#15631406)
    Seriously. Attention any/all US federal legislators reading this: just mimic the EU on this one. It's a no-brainer and will win you the all-important geek vote.
  • Surprise, surprise, surprise! Renegade employee? So when did the VA become a branch of the CIA?
    • Renegade employee?

      If the VA is like an any other U.S. Government installation (non-military), then information security is very weak.

      Example: All users, at DoD installation that I was a contractor on a desktop migration, where given local Admin permissions on their Workstations and Laptops.

      I brought this to the attention of the sites "Admin" who didn't seem to worried. Not sure if it was ineptitude or the bureaucracy that prevented the site admins from making changes without the permi

      • Not sure if it was ineptitude or the bureaucracy that prevented the site admins from making changes without the permission of some central office but, this type of security is mostly to blame for the recent incident.

        If access to the network is being granted by Active Directory, giving the user access to the local admin account is relatively OK for them updating software/hardware on their machine since that account can't get on the network. That's how the machines at my current job are set up and I wouldn
      • Example: All users, at DoD installation that I was a contractor on a desktop migration, where given local Admin permissions on their Workstations and Laptops

        Let me guess, you're one of those people who goes bonkers every time your IDS detects a port scan, right?

        Users can get admin access to both their workstations and their laptops anyway. The only good reason I can think of to not give them admin access is to keep them from accidentally breaking something, if they're extremely un-tech-savvy. On the

  • by 88NoSoup4U88 (721233) on Thursday June 29, 2006 @04:56PM (#15631429) Homepage
    It is still unclear how the laptop was recovered


    They probably just put up a blog [evanwashere.com]. ;)
  • TrueCrypt (Score:5, Informative)

    by Spy der Mann (805235) <spydermann@slashdot.gmail@com> on Thursday June 29, 2006 @04:56PM (#15631431) Homepage Journal
    After discovering truecrypt, I realized how easy it is to have your sensitive data secured. Provided that the laptop doesn't contain spyware, only the person with password to the truecrypt volume can read it. After it's turned off, nobody else can.

    And the hidden volumes feature in truecrypt makes it much harder to steal the data (not only you'd need the normal volume password, you'd also need the hidden volume password - IF there is a hidden volume, which you don't know).
    • Re:TrueCrypt (Score:5, Informative)

      by VertigoAce (257771) on Thursday June 29, 2006 @05:44PM (#15631963)
      That isn't the purpose of the hidden volume. You only need the hidden volume password to access that volume. The actual purpose is so that if you are compelled to give access to the encrypted data you can just give out the outer volume's password. Used properly, there's no way to tell if there is a hidden volume or not, so no one can compel you to give the password for that volume. So basically, store some semi-sensitive data in the outer volume and your very sensitive data in the hidden volume. Maybe also create some volumes without hidden sections so you have plausible deniability.
    • Re:TrueCrypt (Score:4, Insightful)

      by e40 (448424) on Thursday June 29, 2006 @05:48PM (#15631995) Journal
      Problem is that if the hidden volume is mounted and the laptop suspended... does Truecrypt unmount in this case? (In other words, does the user have to remount of resume?) If not, it's the same as not having any encryption at all.
    • I, too, am pleased with TrueCrypt; the cross-platform feature allows removable drives to be interchanged between my (k)Ubuntu Dapper systems and my wife's Win2k system (she refuses to use WinXP). Finally we can easily store something on a CF card, pull it out and not worry about data being stolen!

      Unfortunately, this does not work on our laptops at work; I am being coerced to use WinXP at work (damn you!) without admin privileges, and TrueCrypt refuses to install without admin privileges.

      Does anyone know a
      • Will they let you install VMWare player, Qemu, or something like that?
        • Wow. Thanks for the reply. I was expecting no replies, or perhaps some snarky replies about "of course it wouldn't be possible". Thanks also to the uncle poster for letting me know about Puppy Linux. Brainstorming in a geek community does have its merits.

          In response to your question, no, they won't let me install anything, but that hasn't stopped me from installing Firefox, Servant Salamander, VideoLan Client and IrfanView (software I know from my Win2k days; there's probably better stuff out there now).
          • Well, there are other ways to access encrypted data, even if you can't use truecrypt. If you have just a few files, or have them stored in 1 zip file, you can use dscrypt, wildcrypt, privycrypt, or other programs that'll run from a USB stick without needing anything installed on the computer. Those other programs aren't as flexible as OTFE, but they do work in a pinch. Tinyapps (http://tinyapps.org/file.html) links to quite a few small encryption programs, several of which will run without needing to b
      • Under those circumstances, I use Puppy Linux and run it off the CDROM. Puppy loads into RAM, then frees up the CD drive, so you can save data back to it - on the same, or a different CD. It also works the same way off a USB stick. It is not just a cool toy, it actually works!
  • by tacarat (696339)
    I'd like to know how they verified that none of the data was accessed. Granted, it's highly possible that the thief probably had no idea what was on the laptop or may have been too scared to try selling that data, but I'd like to know that somebody with tech skills did the check. "Last modified" date doesn't mean the files weren't copied, and we never heard about anything else being stolen from the victem. There was a theft of Tricare (military medical provider... of sorts) server hard drives from a serv
  • by Chyeburashka (122715) on Thursday June 29, 2006 @04:58PM (#15631448) Homepage
    Meanwhile, the Whitehouse published this memo [whitehouse.gov] last Friday. It's about time, IMHO.
  • Why real data? (Score:5, Insightful)

    by JayDot (920899) on Thursday June 29, 2006 @04:58PM (#15631451) Journal
    One of the articles quoted the permission granting documents, saying that the analyst needed real SSNs for his work. I don't understand why that would be the case. Couldn't they have generated a fake list, verified that no two numbers were alike, and assigned a bunch of random names? It seems like the whole issue could have been eliminated from the start by doing this. Also, it's just shameful the way a bunch of middle-management types are trying to shaft the analyst when he's had written permission for ~4 years.
    • SSNs are not given out randomly, there is a pattern to the numbers...in general.

      SO If I wanted to analyz how many people who where assign SSN in new york that were now collecting benefits in LA, I could use the SSN.

      Also, there are batches of SSNs they maintain special relivence, so if you were testing an app you might need to not have any of those.

    • Re:Why real data? (Score:3, Informative)

      by HardCase (14757)
      Also, it's just shameful the way a bunch of middle-management types are trying to shaft the analyst when he's had written permission for ~4 years.

      Yeah, just ask the assistant secretary (Dennis Duffy) and the deputy assistant secretary (Michael McLendon). Oh wait, they've all been fired.

      -h-
  • Bah... (Score:4, Informative)

    by citizenklaw (767566) on Thursday June 29, 2006 @05:02PM (#15631510)

    Nothing appeared to be copied? Bah. What's keeping a would be data thief to boot up with a Linux distro, copy at will and shutdown the computer

    .

    I use a utility called TrueCrypt on my computer. I don't use a Mac (I would if I had the money), but I think the Mac has a utility (built in to the OS to boot) that let's you encrypt the contents of your home folder. This utility (TrueCrypt) enables me to reserve a chunk of space on my HD and encrypt it. I'm pretty confident that if my laptop gets stolen, the data will be *reasonably* safe.

    This is just a mix of bad infosec policies and worse OS.

    • ... and encrypted partitions are also available out of the box on SuSE Linux and Fedora (I think). I have no idea how safe they really are but they're based on cryptfs and use blowfish as the encryption. That said, you could STILL copy the data and brute force it offline, it might take a while though since the min pwd length is 20 chars.
    • As far as I know, TrueCrypt is as good as it gets on Windoze, but bear in mind that while using it, some plain text data may find its way into temporary files and the swap file. So your data will be mostly safe, but far from perfectly safe. On Linux, it is possible to set things up with encrypted swap and home partitions which avoids this plain text leakage.
  • Load of crap (Score:3, Interesting)

    by NynexNinja (379583) on Thursday June 29, 2006 @05:29PM (#15631820)
    It sounds like a coverup to me. They never found that laptop, and if they did, it wasn't the one that was missing. I bet after a whole bunch of politicians got in hot water over this story when it first broke, they quietly orchestrated a nice plan to sweep this mess back under the carpet where it belongs! While this case quietly goes away, the real issues (data security, privacy of sensitive data, etc, etc, etc) do not have to be addressed.
    • Load of tinfoil. (Score:4, Insightful)

      by ScentCone (795499) on Thursday June 29, 2006 @06:08PM (#15632151)
      It sounds like a coverup to me. They never found that laptop, and if they did, it wasn't the one that was missing

      Does your specially-formed tinfoil apparel help you to know these facts? The scoop is that someone turned it into the Baltimore FBI office, and they're keeping it quiet because the $50k reward was part of the picture. Their forensics people were the first ones to look at the machine, and that's what they do all day.

      More likely whatever ever idiot looted the house and took the portable fencables really didn't know what to do with it, and probably saw the government markings on the machine later. Not something you can put on eBay or take to a pawn shop. And people like that are in the habit of asking their equally ass-hattish what friends to do with something like that. Obviously one of the more enterprising ones is looking to turn it into $50k.
  • by HardCase (14757) on Thursday June 29, 2006 @05:30PM (#15631823)
    The employee had permission to access social security numbers. The employee had permission to take a laptop home. The employee had permission to use database software at home.

    The VA still contends that the employee did not have permission to put the social security numbers on the computer and take it home.

    Look at the timeline. He gets permission to access SSNs in February. He gets permission to take a laptop home in September. Sometime during the year he got permission to use a database program at home. It still sounds to me like he took a little personal initiative to take the SSN database home.

    Still, the whole affair was handled pretty damn poorly, particularly the delay in reporting it, among other things.

    -h-
  • by Pig Hogger (10379) <pig@hogger.gmail@com> on Thursday June 29, 2006 @05:37PM (#15631884) Homepage Journal
    The system is deeply flawed if it is possible to steal someone's identity with a mere handful of private information.

    What is needed is a far more positive identification system. Granted, it might be a piss-off to not be able to get instant credit to purchase that new thingamabob, but as things reach unmanageable proportions, something has to be done.

  • by Frightening (976489) on Thursday June 29, 2006 @05:39PM (#15631908) Homepage
    Never, EVER steal a piece of hardware for info without returning it(after taking the info).

    It will be interesting to see the public's reaction when 26.5 million SSN are posted tommorow on a blog.
  • Did they find that the laptop was under a stack of TPS reports at the office the entire time?
  • I smell a fish... (Score:3, Interesting)

    by indigence_is_best (978716) on Thursday June 29, 2006 @05:55PM (#15632060)
    My data just happened to be on that hard drive, so I am a little upset about it to say the least. We in the armed forces have been told that the individual was definitely NOT supposed to take that data home. It even says so on the VA website reguarding this incident. http://www.firstgov.gov/veteransinfo.shtml [firstgov.gov] If he had written authorization to do so, then that is a completely different story, and all of us that were affected should be even more angry. There are procedures in place for bringing ANY government property home; whether it be DATA or PHYSICAL media. Especially privacy act information.

    So which is it? He was or he wasn't allowed to? It is a bit too convenient for my taste that the laptop was recovered so magically and with the data intact.

    This kind of back-and-forth "truth" on these kinds of issues gets very old very fast.

    Smells fishy...
  • From TFA

    "These data are protected under the Privacy Act," one document states. The analyst is the "lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers."

    I'm very skeptical that he needs access to "real Social Security" numbers. If they were doing application testing or statistical analysis on the data, they could have anonymized the data before copying it out of the live environment. 27 million records isn't an impossibly large data set (especially if

  • Amusing aside (Score:2, Insightful)

    by liegeofmelkor (978577)
    Ok, I might be in the minority here, but I'm assuming that this was no conspiracy or well-organized hit to access veterans' SSN's. I'm guessing the perpetrator was some dumb teens or twenties punk who broke into the house looking for something he could sell for a couple bucks. This run-of-the-mill type would barely be able to use the laptop he stole to check email and play solitaire, let alone transfer files without leaving a trace of file access. Imagine his face, when flipping through the TV, he sees a
  • Quick question: What is the difference between a SSN and a guaranteeably unique generated string that can be associated with it in a protected database? Answer: Effectively, none. I don't see why anyone who is not actively interacting with the owner of a SSN should have access to the number itself. I do not need or want to know the passwords of the users on my system, I just need to have an effective means of (relatively) guaranteeing the security of those passwords and resetting them when desired. Both can
  • by alfredo (18243) on Thursday June 29, 2006 @10:13PM (#15633526)
    checks for affected veterans. bush is going to take money out of food stamps and education to pay for it.

    He's not going to cut any of the huge tax cut he gave his billionaire buddies. Kids will have to pay for it.

    What an asshole!

    I do not believe for one minute that they found the laptop.

  • A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.

    CYA.

Time is an illusion perpetrated by the manufacturers of space.

Working...