Slashdot Mirror
LANL, Sandia Report Losing Classified Data
dread minerva writes "This week, Los Alamos and Sandia National Laboratories publicly reported that sensitive material stored on removable data storage devices was missing." In Sandia's case, "According to the Las Vegas Sun, this 'prompted the lab to halt all classified work Thursday while officials conduct a wall-to-wall inventory of sensitive data.' Sandia also reported that a 'computer floppy disk was missing.' However, according to the Albuquerque Journal, 'lab officials said they don't believe it contains any weapons information or any other information that could harm national security,' only admitting that the material on the disk was classified. Due to these latest events, LANL has shut down all work on classified projects as of Friday." (Read more below.) Update: 07/17 21:21 GMT by T : A correction -- research was shut down only at LANL (not, as I mistakenly claimed, at Sandia) -- and an update: Sandia's missing disk was recovered.
"These snafus have led the government to open up the labs to defense-contracting bids for the first time in their 60+ year history (until now the labs have been run by UC-Berkeley). As NPR reported on Friday, the researchers at the labs were upset by this move, as they are afraid of the labs losing their academic nature. Perhaps the best question to ask in this situation is why these labs are still using removable data storage devices to store sensitive information."
(Other institutions, including The University of Texas system, are also angling for a share of the lab's management.)
It's all those iPods that the techies bring in.
Get your own free personal location tracker
the 7-11 of government agencies.
Terrorist: I'll take two hard drives with weapons research on them.
Sandia: That'll be $2000. Thank you and please come again.
You write "classified" on the floppy disk - that should be enough warning to people to not steal it, right ? Jeez..
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
I was hoping that somewhere research was being conducted without being attatched to an organization with sports teams.
-I am an elective eunuch.
Remind me again of what form of strong encryption they were using for said data? Oh wait a minute... Really great when people who are trusted with info this sensitive (I'm glad they seem to be _mostly_ certain that it did not contain weapons information) are not held to certain standard security practices.
What is it with computers that they are magnets for incompetent people? Before everything was stored electronically somehow I doubt people obtained sensitive info just because someone forgot to lock a vault door...
It is a miracle that curiosity survives formal education. - Einstein
This is stale. They've already found the data again...
See here.
In any case it's not newsworthy.
Technically anything that touches their Classified LAN is then considered classified to the highest level of the data on the system. Some tech could have brought in a new desktop background on floppy from the unclass side.
"Oh my GOD where is my Britney Spears pictures!!!."
The missing data was stored on Zip drive floppies.
In other words, the media itself will fail in about 6 months, and there wont be any Zip drives still working by then to read it.
While the loss of a floppy, might seem trivial to some, you might want to consider this fact. That single floppy could have contained the results of years of experimentation. Thus allowing anyone that obtained it, to forego that same xperimentation, and advance their studies further at the exspense of the United States Tax Payer. Just because a Secret is small, doesn't make it any less vital, or costly.
My cat's picked up a Hammer. HEY! Put down that Hammer. Put Down that Hamm...THUNK!
A:> unrar moab_blueprint_1.2.3.rar
Unpacking...
Please insert medium containing moab_blueprint_1.2.3.001 in drive A:
[A]bort, [R]etry, [F]ail, [G]o home and drink soup?
- Seth
If it doesn't contain any data that can be used to endanger national security, WHY is it classified? Classification is a way for the government to get around its responsibilities for disclosure in the few cases where disclosure presents a real danger... we all know that the government has been abusing this ability for ages, but this is just blatantly wrong, no?
I've had this sig for three days.
Nobody wants to become the next Wen Ho Lee. So when they make a small mistake, they probably are afraid to report it, even though failing to report will get them in even bigger trouble. This could explain why missing hard drives, instead of being turned in when found, mysteriously turned up behind a photocopier, a spot that had previously been checked.
Of course it's appropriate to be anal about security when dealing with this type of stuff. But it takes a special kind of person to function well in a culture of fear, and such people are very rare, even more rare when you also require that they have advanced scientific degrees. So LANL has to strike a delicate balance between instilling fear to enhance security, and dealing with the unwanted, paradoxically security-degrading consequences of that fear.
When Wen Ho Lee backed up his work data, it was not even classified. It was designated "Protect As Restricted Data" (PARD), which is not a classified designation. The government retroactively classified it to prosecute him. Imagine working in that kind of environment. Not fun.
There's this old joke that communism comes only after the last communist has died. Makes me wonder, what will happen if the last terrorist is eliminated :H
Man is a slave because freedom is difficult, whereas slavery is easy.
"...Perhaps the best question to ask in this situation is why these labs are still using removable data storage devices to store sensitive information."
I worked on projects that collected classified data and spec'd systems with removable storage. The reason we used removable storage was because it was easier to get DISCO (Defense Industrial Security Clearance Organization, yes, that really is the acronym courtesy of the Department of Defense Overly Contrived Acronym Certification Agency (DODOCACA)) to certify a system for classified use if we could show that all of the storage could be removed from the system and securely stored. Of course this relies upon having people who aren't going to lose the secure storage, which is another thing entirely. Given advances in storage since the 1990s when I was administering such systems I'd be surprised if any classified system wasn't built around removable storage systems. You can get a 320Gb firewire disk for $350. Of course you could also do your work on laptops and then lock them in your classified safe at the end of the day too.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
This would never happen in Canada. Not because of our state of the art security systems, but simply because we don't invest money in developing weapons, and we have no information that anyone wants. hehe... :P
Who cares about some stupid 'classified' data at a nuclear lab? That pales in comparison to this - U2's new album has been stolen! I'm shocked! Shocked, I tell you! Is there no God?!
not just classified but ALL work was stopped on friday. Note this does not mean vacation time. In fact al vacations are cancelled. It mean everyone stops production work and only performs activities related to safety and security enhancement, inventories and training. Really its a good thing and its happening because the head of Los Alamos is a former admiral who runs a tight ship and does not tolerate anything but teamwork.
Some drink at the fountain of knowledge. Others just gargle.
"These snafus have led the government to open up the labs to defense-contracting bids for the first time in their 60+ year history (until now the labs have been run by UC-Berkeley)."
Given that the disks have already been found, and never left the possesion of those authorized to have it, why make such a fuzz about it? Why do we see this on the news (I did)? Why shut down all work? Wouldn't you want to keep the fact anything is missing quiet, if only to cast doubt in the mind of any one being offered stolen secrets as to whether they really are genuine?
And why suddenly decide to break open the bidding for the contract, within days/hours of an incident?
How convenient.. Perhaps.. a bit too convenient?
SCO employee? Check out the bounty
We once had a HDD end up missing at our company headquarters (Army). All barracks were placed under lock down, everyone near the HQ building in the previous few days was investigated, and a team of searchers were sent to search through our rooms, cars, bags etc. After what was an all day event searching through our stuff, it was later discovered that someone sent the parts to a the repair shop and one hand didn't talk to the other.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Sandia National Labs, unlike Los Alamos, is not run by the University of California system. Rather, Lockheed-Martin (and before that AT&T) ran the Labs after they were split from Los Alamos as a separate division.
The quickest and easiest way to keep your spying WMD researching evil enemies at bay is to ensure that from time to time they get weapons and research data that is entirely fake and will result in billions of dollars and many years of fruitless research and development on the part of your enemy.
To ensure that they believe that what they have is real, it is quite important to ocassionally make a big stink about the faked data that was lost. However, if you loose real data, it is better to keep it quiet and even produce lots of alternative data sets (a form of data denial of service attack) that pop up around the acquirer...
Don't you guys know anything about information warfare?
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
Considering the way that Congress classifies even the most mundane stuff these days, and assuming that this practice has spread (as it helps the CYA crowd) there's probably a good chance that this information really wasn't of any importance. For all we know, it could have been someone's list of Pr0n sites.
What are you talking about, dread minerva? LANL isn't run by UC-Berkeley in particular, it's run by the University of California System. See the University of California office of the President -- "10 campuses, 5 medical centers and 3 national labs." Secondly, Sandia isn't run by the UC at all, it's run by Lockheed-Martin, and, as another poster pointed out, was previously run by AT&T. Jeeze, when one of your points is that there's a management problem, you'd think you'd actually check who the management is.
Because nukes are like any other weapon. We've spent years and billions of dollars researching how to make them most effective. The genie is out of the bottle yes, but we haven't shown the world all the steps in how we got him out.
No matter what we want our equipment to be the most effective out there, no matter what. Being in the military I know that when I'm out there, I'm using the world's best equipment and gear, and personally I'd like to keep it that way.
Failure to report a loss is a very bad idea. I worked at an installation where the security officer routinely removed pages from classified documents, just to keep us on our toes. If you didn't detect and report the missing pages, you were in big trouble.
Mea navis aericumbens anguillis abundat
At the risk of going slightly offtopic, I don't think that risk is too high. If a commercial airliner has lost all radio contact they would not be able to get through to air traffic control at the airport, making the landing dangerous. Under the new provisions military jets would be scrambled and attempt to divert the plane to a secure airbase by all means necessary
It is my understanding that there are universal visual signals such as "follow me" and if a commercial jet was really in such a situation they would follow their military escort, be guarenteed a clear landing and after interviewing the passengers and crew they would all be sent on to their destination (probably by bus) The political fallout from shooting down a passenger jet without warning would be unthinkable, and being landed in a secure military base would not be any terrorists ideal outcome from a hijacking.
As long as the pilot follows the visual signals from the air force they will not fire on the passenger jet.
Who needs the essential data to design a deep bunker buster bomb when help from an NZ cruise missile designer, a few kilos of plutonium, plenty of TNT and a good machine shop would allow you to build a weapon which, while it might not fission, would be able to kill large numbers of people a long way away?
A dirty bomb has two main effects. First, it's a large explosion, just like a conventional bomb, and that blast can kill people. Second, people are incredibly afraid of "radiation" and "nuclear", so it has an incredibly huge fear factor, which is what terrorists aim for. The number of people who would actually be seriously injured or killed by the nuclear materials in any reasonable dirty bomb would be nearly insignificant. (I'm sure it would be significant to those affected, but the chemical explosives would kill many more.)
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
You see, the researchers used to be able to roam all over the 'Net. Was a time you could drive a meg of bytes all the way from MAE West to Atlanta. But then, what happened was, these firewalls started popping up and the days of free range data transfer were over.
Naturally, a lot of cowboys were sore about what happened to their livelihood, and they're in an ornery mood. You tell 'em they have to follow these here procedures and they all, "haw haw, listen to the uptight city slicker try to tell us rules!"
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It is possible, but not very likely, to lose radio contact. A commercial aircraft usually has several generators (one per engine) and at least one battery. The battery is never used, except in emergencies. Normally all generators work and all the equipment is powered up. If one or several generators fail then automatically some equipment is disconnected, in order of importance. The radio stays on even if *all* generators fail (it is then powered from the battery, and will last for long enough to land the aircraft. The battery will also provide electrical power to the engines (fuel pumps etc.)
In any case, if the radio indeed fails, the ATC on the ground will know it before even the pilots do. And as soon as pilots realize that they have no contact, they will take some safe course until instructed by any means possible to land. Any other aircraft may be instructed to approach and to lead them, not just a military one.
I was in charge (as an E-4, woo. :| ) of a detail of other E-1s through E-4s monitoring people entering and leaving the building. One of our responibilities was to check all bags leaving the building.
One day, some contractors came through the desk - on their way out - while I was there. My man asked them what was in the box and they said, "Nothing. Just some test equipment."
My man almost let them through when I told them we'd need a look inside. They became a little annoyed and started pleading their case in the hopes that we lowly E-4s and below would just back down; but, I was incistant.
When the box was opened it contained two classified manuals. The base commander, several 'real' security guards and the civilian's boss chewed them out on the quarter deck in front of everyone.
Turned out, they had clearance and even had authorization to carry classified information (but they forgot their cards.) Thinking they'd just brow-beat us they attemted something stupid.
I got an 'atta-boy' for that one. {sigh - oh well.}
As a quick reality check, visit LANL's ASC site to convince yourself that (1) there's no way that they are carrying all that data around on floppies and (2) that given the scope of the computational effort, there are probably some operations that exceed the capability of a Javastation, XTerminal, or diskless Linux box.