Slashdot Mirror
LANL, Sandia Report Losing Classified Data
dread minerva writes "This week, Los Alamos and Sandia National Laboratories publicly reported that sensitive material stored on removable data storage devices was missing." In Sandia's case, "According to the Las Vegas Sun, this 'prompted the lab to halt all classified work Thursday while officials conduct a wall-to-wall inventory of sensitive data.' Sandia also reported that a 'computer floppy disk was missing.' However, according to the Albuquerque Journal, 'lab officials said they don't believe it contains any weapons information or any other information that could harm national security,' only admitting that the material on the disk was classified. Due to these latest events, LANL has shut down all work on classified projects as of Friday." (Read more below.) Update: 07/17 21:21 GMT by T : A correction -- research was shut down only at LANL (not, as I mistakenly claimed, at Sandia) -- and an update: Sandia's missing disk was recovered.
"These snafus have led the government to open up the labs to defense-contracting bids for the first time in their 60+ year history (until now the labs have been run by UC-Berkeley). As NPR reported on Friday, the researchers at the labs were upset by this move, as they are afraid of the labs losing their academic nature. Perhaps the best question to ask in this situation is why these labs are still using removable data storage devices to store sensitive information."
(Other institutions, including The University of Texas system, are also angling for a share of the lab's management.)
Sounds like someone was being a little too casual, you'd think Classidied info would be handled with a little more care. But hey I'm not one to comment I'm quite unorganized myself. I can't even count the CDs, floppies etc.. that I've lost.
It's all those iPods that the techies bring in.
Get your own free personal location tracker
the 7-11 of government agencies.
Terrorist: I'll take two hard drives with weapons research on them.
Sandia: That'll be $2000. Thank you and please come again.
always comforting. maybe if i just dont thikn about it, everything will be ok.
hopefully if terrorists do you use this classified info to attack, theyll take out some part of nevada, which probably will be in everyones best interest
You write "classified" on the floppy disk - that should be enough warning to people to not steal it, right ? Jeez..
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
So that's what this thing is!
Sorry guys, I'll bring it back tomorrow.
I was hoping that somewhere research was being conducted without being attatched to an organization with sports teams.
-I am an elective eunuch.
Remind me again of what form of strong encryption they were using for said data? Oh wait a minute... Really great when people who are trusted with info this sensitive (I'm glad they seem to be _mostly_ certain that it did not contain weapons information) are not held to certain standard security practices.
What is it with computers that they are magnets for incompetent people? Before everything was stored electronically somehow I doubt people obtained sensitive info just because someone forgot to lock a vault door...
It is a miracle that curiosity survives formal education. - Einstein
This is stale. They've already found the data again...
See here.
In any case it's not newsworthy.
Sandia Labs found the disk, it was on the wrong inventory.
Technically anything that touches their Classified LAN is then considered classified to the highest level of the data on the system. Some tech could have brought in a new desktop background on floppy from the unclass side.
"Oh my GOD where is my Britney Spears pictures!!!."
The missing data was stored on Zip drive floppies.
In other words, the media itself will fail in about 6 months, and there wont be any Zip drives still working by then to read it.
While the loss of a floppy, might seem trivial to some, you might want to consider this fact. That single floppy could have contained the results of years of experimentation. Thus allowing anyone that obtained it, to forego that same xperimentation, and advance their studies further at the exspense of the United States Tax Payer. Just because a Secret is small, doesn't make it any less vital, or costly.
My cat's picked up a Hammer. HEY! Put down that Hammer. Put Down that Hamm...THUNK!
A:> unrar moab_blueprint_1.2.3.rar
Unpacking...
Please insert medium containing moab_blueprint_1.2.3.001 in drive A:
[A]bort, [R]etry, [F]ail, [G]o home and drink soup?
- Seth
If it doesn't contain any data that can be used to endanger national security, WHY is it classified? Classification is a way for the government to get around its responsibilities for disclosure in the few cases where disclosure presents a real danger... we all know that the government has been abusing this ability for ages, but this is just blatantly wrong, no?
I've had this sig for three days.
Nobody wants to become the next Wen Ho Lee. So when they make a small mistake, they probably are afraid to report it, even though failing to report will get them in even bigger trouble. This could explain why missing hard drives, instead of being turned in when found, mysteriously turned up behind a photocopier, a spot that had previously been checked.
Of course it's appropriate to be anal about security when dealing with this type of stuff. But it takes a special kind of person to function well in a culture of fear, and such people are very rare, even more rare when you also require that they have advanced scientific degrees. So LANL has to strike a delicate balance between instilling fear to enhance security, and dealing with the unwanted, paradoxically security-degrading consequences of that fear.
When Wen Ho Lee backed up his work data, it was not even classified. It was designated "Protect As Restricted Data" (PARD), which is not a classified designation. The government retroactively classified it to prosecute him. Imagine working in that kind of environment. Not fun.
Dont call a war terrorism. We are at war with USA, and of course we will use whatever force available and necessary. But it is not a terorrism.
SHE does throw dice.
There's this old joke that communism comes only after the last communist has died. Makes me wonder, what will happen if the last terrorist is eliminated :H
Man is a slave because freedom is difficult, whereas slavery is easy.
"...Perhaps the best question to ask in this situation is why these labs are still using removable data storage devices to store sensitive information."
I worked on projects that collected classified data and spec'd systems with removable storage. The reason we used removable storage was because it was easier to get DISCO (Defense Industrial Security Clearance Organization, yes, that really is the acronym courtesy of the Department of Defense Overly Contrived Acronym Certification Agency (DODOCACA)) to certify a system for classified use if we could show that all of the storage could be removed from the system and securely stored. Of course this relies upon having people who aren't going to lose the secure storage, which is another thing entirely. Given advances in storage since the 1990s when I was administering such systems I'd be surprised if any classified system wasn't built around removable storage systems. You can get a 320Gb firewire disk for $350. Of course you could also do your work on laptops and then lock them in your classified safe at the end of the day too.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
This would never happen in Canada. Not because of our state of the art security systems, but simply because we don't invest money in developing weapons, and we have no information that anyone wants. hehe... :P
Who cares about some stupid 'classified' data at a nuclear lab? That pales in comparison to this - U2's new album has been stolen! I'm shocked! Shocked, I tell you! Is there no God?!
not just classified but ALL work was stopped on friday. Note this does not mean vacation time. In fact al vacations are cancelled. It mean everyone stops production work and only performs activities related to safety and security enhancement, inventories and training. Really its a good thing and its happening because the head of Los Alamos is a former admiral who runs a tight ship and does not tolerate anything but teamwork.
Some drink at the fountain of knowledge. Others just gargle.
The ones at Los Alamos may contain something that actually matters, but nobody is saying what.
The big secrets in this business have to do with exactly how implosions behave. The US has run tens of thousands of conventional explosive tests, often with real-time X-rays. With test data, you get to skip much of the experimental program needed to design a physics package. That's why this matters. Iraq and North Korea need that info. Everybody knows in general how an implosion works, but putting solid numbers underneath the design requires test data.
There's also one highly classified insight that makes the whole implosion problem much simpler.
Who is 'we'? While discussing the difference between war and terrorism is a good debate, you have to agree that to attack and kill people (even those armed) with no prior public warning (to the general public, so they can talk to their leaders) is cowardly and disgusting. Even if you don't (for example) support the war in Iraq, the US did provide plenty of warning. It didn't just lob bombs onto Bagdad out of the blue. Al Q attacked the US out of the blue, although I did see an interview with Bin Laden on US TV in about 1999 when he issued a warning, but it probably wasn't taken seriously.
O'WONDERWe're working on it.
"These snafus have led the government to open up the labs to defense-contracting bids for the first time in their 60+ year history (until now the labs have been run by UC-Berkeley)."
Given that the disks have already been found, and never left the possesion of those authorized to have it, why make such a fuzz about it? Why do we see this on the news (I did)? Why shut down all work? Wouldn't you want to keep the fact anything is missing quiet, if only to cast doubt in the mind of any one being offered stolen secrets as to whether they really are genuine?
And why suddenly decide to break open the bidding for the contract, within days/hours of an incident?
How convenient.. Perhaps.. a bit too convenient?
SCO employee? Check out the bounty
Is this classified data something that could be embarrasing?
What I'm getting at is this, the secret on nuclear weapons is out. Everyone in the world knows HOW to make them, the problem is that it isn't easy to get fissionable materials. Biological and Chemical weapons are even easier to make. Anyone here could mix up lethal chemical or biological weapons in their garage.
The genie is out of the bottle, so what kind of information has been lost?
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
It is only your problem that you do not take warnings seriously. Who is 'we'? The people who feel that current USA is the main threat to our happy lives.
SHE does throw dice.
Only if Tom Ridge wants you to.
This time the matter is being handled internally and their is a move to get people at the bottom to tell each other "dont be a cowboy" not just have managers turn red and fume about it. So it looks like this is being hanlded the right way for a change. Seriously but not brutally.
I was recently talking about this very problem with a friend's mother, who has worked at LANL for 20+ years. Apparently they are trying to move everything they can to central systems with NCs just providing an interface to the stuff without storing anything locally (and without removable media drives), but it's taking a while to replace all that equipment.
Sandia National Labs, unlike Los Alamos, is not run by the University of California system. Rather, Lockheed-Martin (and before that AT&T) ran the Labs after they were split from Los Alamos as a separate division.
dread_minerva wrote that, not me :)
I just posted those (italicized) words to the page; However, I did add the snippet (non-italic) at the end about the folks vying to replace the UC system in managing LANL.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
A few terrorists with box cutters have got us to the state that the US government is now prepared to shoot down a commercial aircraft if its transponder and radio systems fail. Yet the US seems to be focussing on a "missile shield" in former Warsaw Pact countries, and doing research into ever smaller more efficient nuclear weapons. Why? What credible threat is there that the present arsenal can't meet? If no new data on yet more advanced nuclear weapons was being created, there would be no security problem in keeping it secret.
Oh well, enough naive rant for one day.
Panurge has posted for the last time. Thanks for the positive moderations.
The quickest and easiest way to keep your spying WMD researching evil enemies at bay is to ensure that from time to time they get weapons and research data that is entirely fake and will result in billions of dollars and many years of fruitless research and development on the part of your enemy.
To ensure that they believe that what they have is real, it is quite important to ocassionally make a big stink about the faked data that was lost. However, if you loose real data, it is better to keep it quiet and even produce lots of alternative data sets (a form of data denial of service attack) that pop up around the acquirer...
Don't you guys know anything about information warfare?
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
Considering the way that Congress classifies even the most mundane stuff these days, and assuming that this practice has spread (as it helps the CYA crowd) there's probably a good chance that this information really wasn't of any importance. For all we know, it could have been someone's list of Pr0n sites.
But, here's how to get a story posted on Slashdot.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
What are you talking about, dread minerva? LANL isn't run by UC-Berkeley in particular, it's run by the University of California System. See the University of California office of the President -- "10 campuses, 5 medical centers and 3 national labs." Secondly, Sandia isn't run by the UC at all, it's run by Lockheed-Martin, and, as another poster pointed out, was previously run by AT&T. Jeeze, when one of your points is that there's a management problem, you'd think you'd actually check who the management is.
...sorry, I needed to make a DOS boot disk, so I re-formatted it and then ran "sys a:". Won't happen again, I swear!
Uhh, your idea of a war is to kill innocents.
The rest of the world calls that "terrorism." Changing your own personal meaning of a word does not alter the idea behind the word; it merely emphasizes your delusion.
feh. stuff.
But then again, there hasn't been any innovation in the field of nuclear explosives since the 60's; and I'm not really sure I'm sad about that, actually.
I am strongly AGAINST killing of innocents. But who does kill them? US army. And those who are so desperate that they do not see other defense.
Well, certainly math is involved.
And then what? It turned out to be a MS DOS 3.3 boot disk that someone was gonna throw out? I wouldn't be surprised.
Failure to report a loss is a very bad idea. I worked at an installation where the security officer routinely removed pages from classified documents, just to keep us on our toes. If you didn't detect and report the missing pages, you were in big trouble.
Mea navis aericumbens anguillis abundat
As one high ranking program manager at LANL said to his group after the incident, "Hey, at least we're not Sandia National Labs."
Idiots.
Uh, no. Terrorism is the political use of terror. Killing innocents is murder. Terrorism can take place without killing anyone - the IRA, for example, plants bombs in buildings, then calls up and says "we've planted a bomb in one of these four buildings, guess which? Gee, you better get everyone out in the next four hours.". Usually no-one actually gets hurt. But they are forced to live in a constant state of fear.
If "constant state of fear" sounds familiar, it's because the biggest terrorist organisation in the world right now is the US Government-Corporate complex, and they use terror against their fellow americans.
...cause for alarm - as opposed to a political statement.
i cle.asp?ID=12701
From http://www.frontpagemagazine.com/Articles/ReadArt
"Most notoriously, Clinton appointed an anti-military, environmental leftist Hazel O'Leary to be Secretary of Energy, a department responsible for the nation's nuclear weapons labs. O'Leary promptly surrounded herself with other political leftists (including one self-described "Marxist-Feminist") and anti-nuclear activists, appointing them as her assistant secretaries with responsibility for the security of the nuclear labs. In one of her first acts, O'Leary declassified eleven million pages of nuclear documents, including reports on 204 U.S. nuclear tests, describing the move as an act to safeguard the environment and a protest against a "bomb-building culture."
Having made America's nuclear weapons' secrets available to the whole world including the al-Qaeda network, O'Leary then took steps to relax security precautions at the nuclear laboratories under her control. She appointed Rose Gottemoeller, a former Clinton National Security Council staffer with extreme anti-nuclear views to be her director in charge of national security issues. Gottemoeller had been previously nominated to fill the post--long vacant in the Clinton Administration--of Assistant Secretary of Defense for International Security Policy. The appointment was successfully blocked, however, by congressional Republicans alarmed by her radical disarmament agendas. The Clinton response to this rejection was to put her in charge of security for the nation's nuclear weapons labs."
What I think is even worse is that they trust Zip disks to hold ANY data.
You see, the researchers used to be able to roam all over the 'Net. Was a time you could drive a meg of bytes all the way from MAE West to Atlanta. But then, what happened was, these firewalls started popping up and the days of free range data transfer were over.
Naturally, a lot of cowboys were sore about what happened to their livelihood, and they're in an ornery mood. You tell 'em they have to follow these here procedures and they all, "haw haw, listen to the uptight city slicker try to tell us rules!"
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
...hiding behind the photocopier, just like the last time.
I doubt anyone would be able to make much sense or use of the data anyway. The government classifies so much stuff, who knows what it is? Telephone numbers? Ionization cross sections of some rare earth elements?
why do i think this is just a power grab? lanl gets lots of research dollars. if i ran some defense contractor i'd want a piece of that. i might even donate to people that might make that happen.
if i was a reporter i'd go investigate that. bummer news organisations gave up on hiring reporters.
ah well, it's not like a democracy needs a strong press. oh, wait, it's dictatorship that doesn't need that. huh. ah well, the trains run better in those, so who really cares?
US Citizen living abroad? Register to vote!
I was in charge (as an E-4, woo. :| ) of a detail of other E-1s through E-4s monitoring people entering and leaving the building. One of our responibilities was to check all bags leaving the building.
One day, some contractors came through the desk - on their way out - while I was there. My man asked them what was in the box and they said, "Nothing. Just some test equipment."
My man almost let them through when I told them we'd need a look inside. They became a little annoyed and started pleading their case in the hopes that we lowly E-4s and below would just back down; but, I was incistant.
When the box was opened it contained two classified manuals. The base commander, several 'real' security guards and the civilian's boss chewed them out on the quarter deck in front of everyone.
Turned out, they had clearance and even had authorization to carry classified information (but they forgot their cards.) Thinking they'd just brow-beat us they attemted something stupid.
I got an 'atta-boy' for that one. {sigh - oh well.}
Plus if you fail to report a security problem, You'll probably get kind of nervous and jerky during your next polygraph. If you work in a government facility like that, being nervous and jerky during a polygraph is a good way to end up in Waskington DC for a few days of debreifing, plus you'll probably loose your clearance credentials, which is likely to result in you getting fired.
I keep telling my spies... Don't take the freakin drive. Make a copy of the data for peete's sake, they won't notice a thing.
My Karma is so low that even my own postings are beyond my current threshold
As a quick reality check, visit LANL's ASC site to convince yourself that (1) there's no way that they are carrying all that data around on floppies and (2) that given the scope of the computational effort, there are probably some operations that exceed the capability of a Javastation, XTerminal, or diskless Linux box.
"In one of her first acts, O'Leary declassified eleven million pages of nuclear documents, including reports on 204 U.S. nuclear tests"\ Where do I get them? I've checked eBay... I can trade a copy of the Navy Seals' IND manual (Improvised Nuclear Device) designed to build INDs from wreckage of unexploded nuclear weapons and soviet nuclear power plants. Andy Out!
University of Texas will get the contract to run Los Alamos, and will start doing real nuclear weapons tests again. Expect more dirt on Los Alamos until this transfer is completed.
--jeff++
ipv6 is my vpn
> Of course you could also do your work on laptops...
.cn and .ru sites.
Ummm... yeah. Just make sure that the standard internal microphone has been removed. Even more so if it's your "unclassified" system on the green LAN that you use to surf
Does anyone remember the unusual stink that DoD made when Back Orifice was released? Never mind everything else it did... it could record audio and control a webcam. Not good if the system in question is in a classified area.
Y'all are visualizing the problem all wrong.
Everything with even a single classified datum has a classified marking and is tracked. It has a current owner, and all past owners are (also) identified. (To aquire a classified document (paper,disk, whatever) you sign for it filling out a carbon copied slip in triplicate.)
Destroying classified paper documents was easy where I worked, but destroying disks was a process not yet clearly identified - so they were not destroyed, but stored forever in the back of safes.
Anyway, the problem in this article is about primadonnas who won't dot their i's and cross their t's when transferring classified documents (eg disks) so that their BOOKKEEPING can be handled properly and thus successfully tracked.
This is an article about BOOKKEEPING and the conflict between workers and management on the importance of secutity when workers are world experts who can't be fired - well not replaced anyway.
The solution is to hire secretaries (administrative assistants) who do nothing but maintain the security logs for the semi-irreplaceable experts. The same kind of handholding primadonnas get in movies, corporate boardrooms, etc.
and now this...
Thank you for the counterpoints and clarifications with real-life scenarios. Removable data storage devices are difficult to avoid these days (as opposed to the days where the computer was the size of a garage), and almost anything is removable if you want it badly enough.
To reply about this not being newsworthy (as judged by a much earlier post, not multiplexo's):
While this is not the first time either Los Alamos or Sandia has reported sensitive data missing, it was more widely reported. I also felt it merited a free discussion, as improving security should be everyone's right and duty (though to some more than others), and open debates are one of the best ways to introduce and test new ideas (and flames and trolls), as well as disseminate information (and disinformation). Thirdly, Slashdot must receive a lot of post suggestions and takes the time to review each of them; therefore, some lag must be expected.
If I worked there, I would just want to ride that cool elevator thing that takes me to the research lab where I get to wear the cool suit and kill alien bugs...though my first order of business would be to turn off that ladies annoying voice that keeps welcoming me to the lab.
/HL Ref Off
wait a minute...maybe thats where the disks went!
Those damn alien bugs...I'm sooo tired of them eating my floppies
Its go time!
It was designated "Protect As Restricted Data" (PARD), which is not a classified designation. The government retroactively classified it to prosecute him.
PARD is never intended to be a permanent marking. All PARD must be properly identified and marked with the appropriate level of classification in relatively short order.
Why do you believe that marking Wen Ho Lee's PARD as "classified" (SRD, presumably) was out of line? What is "retroactive" about the normal procedure of handling PARD?