Slashdot Mirror
Military Secrets for Sale on Stolen USB Drives
nTrfAce writes "Per a BBC Article, "US forces in Afghanistan are checking reports that stolen computer hardware containing military secrets is being sold at a market beside a big US base.
Shopkeepers at a market next to Bagram base, outside Kabul, have been selling memory drives stolen from the facility, the Los Angeles Times newspaper says.""
First Proust: Desire makes everything blossom; possession makes everything wither and fade.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
One would have thought that something was afoot when the PC failed to boot? And would someone explain to me how a non US citizen got into the "secret" areas to be able to pick up a "secret" disk drive. This story if true is just plain stupid - someone should hang!
I hope that those soldiers were using strong encryption for file systems. ...
I hope that those soldiers were not storing sensible data on those drives.
I hope that those soldiers were not storing weird photos involving prisoners
Real world tends to be different from hopes!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
...but how do they know the 'secrets' are actually that and not some kind of decoy?
Let me be the first to ask: Why the hell is the military storing sensitive data on USB drives, which are prone to both theft and failure?
I guess retro computing has its limits after all.
More like 'donated', so they can purchase more at inflated prices to keep bush and his mates in power....
Why and when are rules ignored?
Here in the Netherlands, there has been a series of cases where sensitive information has leaked through stolen/lost hardware, and every time some official was breaking the rules.
The rules were unworkable: DO NOT TAKE YOUR WORK HOME.
So, no reading of a report on the train, no after-dinner report writing. Nothing. Ambitious people break the rules to perform better. So they take stuff home anyway. As long as the hardware doesn't get stolen, nothing is noticed. Big publicity when sensitive information makes it to the press.
But if they were to start policing the policy, a lot of the ambitious people would eventually give in to the rules, and simply watch tv after dinner, and read the newspaper on the train. Results? Productivity drop.
I was wondering why my free Microsoft USB drive hasn't arrived yet. It's so obvious it's fulfilling it's patriotic duty as an information decoy. With that move, I don't think MS will be harrased by regulations n' stuff.
So it's not large scale, hyperterrorsquads selling supersensitive secret soldier material to themselves. but rather small bits of pieces, that together will probably seem as just that. small bits of pieces. It is however always unfortunate that personal and classified information is handled carelessly, but if we can't even handle this properly at home, why should it be any better in Afghanistan.
I'll give the answer right here: First, get better at handling information security at home, before you start using the technology abroad.
Don't give sensitive material to people who haven't been screened on how they handled it (I thought this was already a goal the tried to achieve)
Blah blah sig blah blah blah irony blah blah
...just buy the stuff back.
The BBC article is based on a LA Times article which contains more details like the fact that on the thumb drives they found a list of soldier's SSNs which which they were able to track down the soldier's home addresses.
Original LA Times article
"Intelligence seems to be one of the few things the military doesn't overpay for - one Afghan spying on al Qaeda gets $15 for every successful mission."
Sheesh, evil *and* a jerk. -- Jade
But also, who's to say that it is not some kind of psychological campaign from the Taleban themselves. Some bazaari's probably have connections with them and now the military and the media themselves are lapping the false information up. Terrorists have stolen our computers! OOGEY OOGEY BOOGEY!
SSN should stand for Supposedly Secret Number.
Everybody knows your SSN. Every employer you've had, every school you've been to, everybody you've applied for credit from, every company that's provided a service like long distance to you. Also, every firm any of those organizations have contracted out their data handling to.
Fewer people know what shoe size you wear.
Forgive my little bit of flaming here... but what's new? Just yesterday we had an article saying that all kinds of information about air force one, from layout's (and secret service agent locations in the plane) to information on the counter measure systems it has. And that was on a government website.
Our government has a long way to go to fix it its own security issues before it can even start worry about outsiders compromising its security (I know there was another article recently about it scoring D's and F's in various departments...)
Scott Swezey
The report states the hardware was "stolen" and I'm sure many Afgans don't read English otherwise they would do more with what they've stolen.
Certain government organisations have really bad networks and capacities to move documents from one person's PC/laptop to another which is why people inside use USB keys.
Also when you are at certain level you are allowed to take your work home or work from home, and some of the laptops given out to such employees leave a lot to be desired in performance which is why people email documents to themselves or copy files to USB keys.
A blind eye is turned to all this unless of course something gets lost and leaked to the papers.
Similarly we've had several reports in the press about MI5/6 agents/staff leaving their laptops in Taxi's - whenever data is portable it is at risk of loss or theft...
Good lord, the BBC article is a piece of watered down crap compared to that one. Good find. I wish the /. submitters would look into other sources before just submitting anything. Makes you think they did it just for the flame war...
I wish I had mod points now...
noone will ever be held responsible, so nothing will change. it will happen again and again and again, with all sorts of data. see here, more "leaked infos": Security lapse reveals secrets of Air Force One
I hope I didn't brain my damage.
I wish I had literature points right now...
Good points above, but there are a couple of things that I would like to know:
1. How big are the drives? I find that my 256MB one fills up all the time. If these are 512MB or more, I may want one.
2. How much? I can get a (new) 1GB drive at Costo for $60 (Canadian), so I'd hope these (used) ones are going for less then that.
I'm surprised that Afghanistan has the infrasructure to support stolen computer hardware. So much for third-world status.
...is that the market where these things are being sold at is right beside the base.
What that tells me is that these things aren't being sold with the thought that they may hold valuable information and that the insurgents will pay a high price for them. It's that they're just another product and the Afghans who happen upon them are selling them as such. I guess small miracles save lives.
Ever get the feeling that the people who don't have anything to say are the ones doing the majority of the talking?
In Soviet Russia, military secrets sell you!
Mission accomplished!
If you were blocking sigs, you wouldn't have to read this.
Poor guys... Now their addresses are in the hands of the entrepreneurs in Kabul... they're going to be getting tons of junk mail for "Habib's Roof and Tile" and "Afghan National Platinum MasterCard"... :(
Hm. Invading a country. Letting the invaded people work for you at your base with your stuff. And now there's stuff missing you say? Really? Who would've thought ....
In situations like this you have to remember that things are rarely stolen, they rarely dissapear, and rarely get disposed of properly.
So there's G.I. John out in Iraq on almost basic army salary, and poor Mohammed running his market stall and a thriving economy for small items (I've even heard of trucks just 'going missing', then ending up miles away carting opium/hashish/people around the country).
G.I. John can't sell this stuff directly because he'd get his ass kicked by sarge, but once it gets passed onto the iraqi retailers there's almost no tracing it.
At the end of the day, there are always going to be a few corrupt people selling army goods, but for fucks sakes atleast wipe the drives before selling them (so you atleast try and avoid jail time).
This is all I could get off it though.
---
Date: Tue, 12 2003 21:54:35
From: DiamondDonny
To: George
Subject: too easy?
dude - go to google. Type in : weapons of mass destruction.
Dont hit search tho press the I'm feeling lucky button.
Date: Tue, 12 2003 22:03:15
From: George
To: DiamondDonny
Subject: RE: too easy?
> dude - go to google. Type in : weapons of mass destruction.
> Dont hit search tho press the I'm feeling lucky button.
wtf? Why didn't we think of using google for this before?
Join the Slashcott! Feb 10 thru Feb 17!
Good. Then the people wishing to have a life and a family can still be competetive. Requiring them to match the level of work of the more "productive" workers (the ones spending more of their life on work) isn't fair to the ones who can't. I simply don't care if the guys want to spend more life working; they're not only endangering other people by toting their information everywhere, they're making it harder for people unable to work so much to stay attractive to their employer.
Tell you what, I'm your banker. How about I take your debit information with me everywhere I go? Don't worry, I'm doing it so that I can make sure your account is balanced and accurate. I won't lose it, and my friend won't get to see it, even though its on my unencrypted USB key that might fall off my keychain like my last one did.
The issue here isn't productivity; that's work done per amount time. What you were speaking of was simply an increase in time spent working. I don't care if Joe Government gets payed more money because he's working long hours, he's endangering my information. Am I get compensated any for this? He's not cutting me an some of the surplus on his paycheck. Were he doing so, I wouldn't be so inclined to say "tough."
For example, if you kept leaking keys and established their credibility, you could start making up keys about high value targets coming to Afghanistan in order to draw out insurgents. For example, you could leak a key saying Rumsfeld will be at Bagram in July, will do a one day road tour, along this road, and let the insurgents come out in numbers and pay them back with cluster munitions.
This is my sig.
"How much money is there in enterprise-level security? "
The current "losses" of data by corporations to outside sources should tell you that it's a great deal. Just because "/." doesn't cover the subject on a nausuatingly regular basis doesn't mean it's not important.
"Now compare that with the balance sheets of the music and the film industry. Seems to me that the weight and influence of the those industries far exceeds the interests or fiduciary responsibilities of security professionals."
See my above comment and remember "out of sight, out of mind" is a poor way of arguing one's position. There are balance sheets that make the film and music sheets look like small potatoes.
Data could have been wiped first, to help them in their denial as to where they were stolen from (or that they were even stolen).
The revolution will not be televised... but it will have a page on Wikipedia
We just assume the information is some military secret. There is a distict possibility that the information on those drives is nothing more than family pictures or some other relatively mundane piece of information. I have friends in the FBI who have thumb drives and I just assume that the information on them is classified, but in truth, I know that it is probably a collection of pictures of them at the local bar or on vacation that they are toting to the local photo lab for processing. Nothing like a good reason to freak out though, right?!
We'll find out on CNN sometime that the drives contained Osama's location, Sadam's smoking gun, Slobadan Milosevich's memoirs, and Jimmy Hoffa's remains...oh, and the location of Salmon Rushdie's appartment that he shares with Elvis, the Loch Ness Monster and Bigfoot.
who is facing a court martial for refusing an order to return to Iraq. He has been there in action twice before, so we aren't talking about a 'lack of moral fibre'. In fact, since he would be going in a non-com position, and he knows he's going down for this refusal, I would rate his bravery as a lot higher than most of the soldiers out there.
His stated reason is that the occupation is illegal, and that the American forces behaviour out there is frequently indistinguishable from that of the Nazi occupiers of Europe.
'Otherwise, how will we ever know what our armed representatives abroad are doing in our names?'
with every leak of photos I now realise that not only are they abusing prisoners (in my name), but I've seemingly armed a complete bunch of retards.
At least if they kept the abuse quiet, whilst it would be equally bad, I'd know we only had abusive non-redneck-retards.
G.I. 1: "Who stole my @#$^ING USB drive? Do you know how @#$%ing long it took me to collect all those @#$%ing kill songs?!? I will !@#$%ing turn the guy into @#$%ing pink mist when I @#$%ing find him."
G.I. 2: "Man, that sucks."
G.I. 1: "Sh!t! And ALL my @#$%ing pr0n was on their too!"
G.I. 2: "Damn ponies."
is one of those nifty $100 computers to read the stolen media drives...
Windows - it's that insecure, you don't even need physical access to a machine to steal it's componants! ;-)
Somewhere in California (IIRC) there is a company that specializes in providing military aircraft for the movie industry. At the time he appeared in a documentary which I watched, the owner of this business had apparently assembled more than one Cobra Gunship from parts sold off by the Armed Forces as scrap and was well on his way toward assembling (what was at the time at least) a state-of-the-art Apache assault helecopter using parts draw from similar sources (they showed footage of it being assembled). According to this guy some of the things the US armed forces sell off to civillans as 'scrap' are downright scary both because they are sometimes dangerous (contain live munitions, toxic materials, rocket engines, etc..) and because this 'scrap' includes some pretty sensetive electronic equipment. So stolen PC's are not the only problem, the US armed forces quite freely sells off some pretty amazing stuff as junk. True enough, the information on a stolen PC can cause a significant security breach but an enemy nation getting it's hands on sensetive military electronics at a scrap auction is even worse. I suppose the way the military filters equipment for disposal may have improved over the last few years but somehow I doubt it.
Only to idiots, are orders laws.
-- Henning von Tresckow
Who's brilliant idea was it to put that kind of information on small, portable storage devices? How stupid to you have to be to think that's a good idea?
I'm gathering from the article that these USB drives, which had critical secret information on them, weren't even encrypted. I mean, encryption is free, for fuck's sake! Then again, that's probably why the government didn't use it. Why use something free when you can pay a contractor to do it for millions?
Transistors and Beer!!
They tell me what they want done, I explain any possible issues to them and they make the decision on what they're willing to accept.
This will stop the non-CxO's from taking work "home" and losing it. But it SHOULD NOT stop me from setting the CEO's machine to copy anything from any device.While it may be true that it will allow me to more securely lock down the machines at work, that is not why it is being pushed.
It is being pushed because the home users are ripping CD's/DVD's and sharing the content online. If I'm allowed to set the privileges of the devices attached to my home machine, then DRM becomes useless for securing the content of CD's/DVD's.Again, if I can set the privileges, then DRM is useful for protecting my corporate secrets
In order for it to be used to protect the CD's/DVD's, it MUST BE A BROKEN IMPLEMENTATION.
FTA: A shopkeeper interviewed by the Associated Press news agency said he was not interested in the worth of the information on the memory drives.
I guess those copies of Mambo_No_5.mp3 arent so popular at the bazaar?
Actually, the first time around they voted for the other guy. But, having had Bush as accidental president for four years, they clearly liked what they saw, and approved of his behaviour, because the second time they did vote for him.
Which is, when you think about it, fucking terrifying.
Real Daleks don't climb stairs - they level the building.
Wouldn't be nice if they had built in gps?
Get up!
In a military environment it is normal to use portable storage for secret documents. That way you can take it with you in case of evacuation.
My brother signed up (his idiot girlfriend made him do it) and got to discover what military life is like.
Basically, the military is full of people who'd be in jail if they didn't have military jobs. Lots of stuff gets stolen. Even in the USA, soldiers have to stand guard duty to reduce theft. Some of the people sign up because they just like to kill.
If there were no military, we'd need bigger prisons and we'd have more crime at home.
I have your military secrets right here! It's yours for only 3 easy payments of 19.95?! That's right only 19.95! And if you act now before you finish reading this post, we'll throw in keys to the pentagon, absolutely FREE!!!! *NY residents must pay sales tax. Offer only good in the continent u.s.
Maybe you think having a broom handle shoved up your arse is open to subjective interpration (I have no idea what you get up to on the weekends), but I think most of us would accept the description "sexual abuse" as entirely appropriate.
This doesn't surprise me at all. I was stationed at the U.S. hospital at Bagram for six months back in 2003-2004, and we caught local workers stealing things almost every day. Each one was searched by an MP at the main gate when they came in and before they left for the day, but there were literally thousands of them in a huge pen waiting to be searched by three or four MPs. Needless to say, the searches were less than thorough, really just a quick pat down. This is why we searched them again before letting them in or out of the hospital compound. We did it correctly - made them empty their pockets into one hand, hold their arms out while we wanded them, then we took out all of the items they kept in their pockets, usually tins of opium paste and whatever they stole and thought we wouldn't find. It's not rocket science. You just have to take the time to do it correctly.
What's really sad is that this hardware may not be coming from nationals working menial tasks on the base. Some of that lost hardware could just as easily be coming from the troops themselves. I spent some time in the military, and did a tour overseas. I had a short stint in the comm center, which requires a minimum secret clearance just to get into the main room because we recieved and routed classified messages. A foreign civilian would never be allowed to set foot in that room. We got a single new machine which was a big deal for us because we were running nasty green screen things, and playing dos based dopewars to kill downtime. The new machine was broken within a week, and was found to be missing the processor. Turns out one of my friends(go figure) had stolen it and sold it to some foreign civilian out in town. That was a MAJOR security breach considering they even bash the monitors that they get rid of with sledgehammers a few times before they send them out of the room. Hopefully they understand that this is a reality as well, and don't go all willy nilly on the civilians working for a living.
Seeing as how the market in question is next door to the base, while the terrorist headquarters is over fifteen minutes away by bus, I think the military has a fair head start to rectify the matter. Also, don't you think that when reporters interviewed/questioned the military about this breach, that might have tipped them off that there was a problem?
.uh . . .computer security?
Anyway, you're basically making the security thru obscurity argument. If that model doesn't work for computer security, why should it work for . .
It's not offtopic, dumbass. It's orthogonal.
"Pssst...hey you....yeah you...come here."
"What?"
"Would you like to buy a usb drive?"
"No, leave me along."
"Wait, buddy. See that US base over there?"
"Yeah, so? This usb drive came from that base."
"Really?"
"Yes. Contains important US government data."
"I'll take it!!"
----
Takes drive home to find that it contains:
Three love letters.
One Word Doc. (A memo requestion vacation time.)
And a copy of solitaire.exe.
Coder's Stone: The programming language quick ref for iPad
The CBC had run a story on this a couple nights ago, some of the info were large databases of soldiers personal info - sin numbers etc - from I think they were pay records. The reporter had randomly picked a few and confirmed that they were real and matched.
If this stuff gets to the 'terrorists' and they are able to track down someone's wife/husband and kids, the soldiers are not going to be too happy with the fact that the enemy can all of a sudden go and hold their kids hostage or kill them outright.
This is very scary stuff!
In Iraq, most classified data was transferred from computer to computer using USB drives because:
1 - Email servers limited attachments to 5 or 10 MB
2 - Getting a classified network IP address/connection was a bitch
3 - There weren't enough classified authorized computers to work on, so we frequently needed to take classified files onto unclassified computers.
Now, when you do this all day, you usually keep said USB drive in your pocket. Since the laundry is done by locals and other KBR contracted people, the items in your pockets when you're rushing to throw your laundry together to get taken down to KBR end up in the hands of locals.
For what its worth, 99% of these guys are hard working, honest fellows. If you leave change in your pocket, you can expect to have it returned to you, to the penny, when you pick up your laundry. I lost a drive once, and I went down to the KBR manager in a panic trying to find it. And he pulls me aside and shows me two buckets of USB drives to sift through - one for drives labelled "Secret" and one for those not labelled. It turned out I left mine in my office, but that sight certainly woke me up to data security.
This is the LA times... A newspaper that I've long since saw right through their way of doing business. The story itself is so laughable and worse yet to see people "biting for it" on /.
If you guys really think that these things are used in such large numbers much less at all for carrying planning, logistics and other secret data... you really need to get out more.
I'm sorry but this is another obvious "Bush Basher" paper making up a story to try and oust Bush because they're simply a bunch of 1960's hippies that can't handle war and really aren't interested in protecting the USA.
Come on slashdotters... you guys are smarter than this!
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
Excellent point.
Here's another SAS soldier described as first-rate who has refused to return to Iraq:
An SAS soldier has resigned from the army, describing the military intervention in Iraq as a "war of aggression" and "morally wrong". The soldier said he witnessed "dozens of illegal acts" by US forces there.
Ben Griffin, 28, who left after three months in Baghdad, is believed to be the first SAS soldier to refuse to go into combat and to leave the army on moral grounds. His decision comes at a time of growing disenchantment among British soldiers about their presence in Iraq.
This week, pre-trial hearings are due to start into the court martial of Flight Lieutenant Malcolm Kendall-Smith, an RAF doctor who is refusing to return to Iraq on the grounds that the war is illegal. Mr Kendall-Smith's lawyer, Justin Hugheston-Roberts, said yesterday: "We will be arguing that he has no case to answer because, without a UN mandate, the invasion of Iraq was manifestly unlawful and any subsequent order was therefore unlawful."
Mr Griffin told the Sunday Telegraph yesterday that he had expected to face a court martial for leaving the SAS. Instead, he was discharged with a glowing testimonial.
When he was on leave in March last year he told his commanding officer he had no intention of returning to Iraq. He said he was very angry "at the way the politicians have lied to the British public about the war. But most importantly, I didn't join the British army to conduct American foreign policy."
He said he had witnessed dozens of illegal acts by US fighters who viewed Iraqis as "sub-human". Mr Griffin said: "I saw a lot of things in Baghdad that were illegal or just wrong. The Americans were doing things like chucking farmers into Abu Ghraib, or handing them over to the Iraqi authorities, knowing full well they were going to be tortured."
This isn't the first time British soldiers have seriously criticized US tactics in Iraq. A number of officers have done so as well. This goes back the last couple of years.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
He's just been on a discussion panel on Newsnight on this subject. He said that it could easily have been him on trial; if his CO hadn't discharged him when he made clear his intention to leave the Army, he would have refused to go and would have been court-martialled in the same way.
Another man on the panel - I forget his background - suggested that it may be a result of overstretch. Perhaps, he suggested, the Air Force doctor's CO simply couldn't replace him? Recruitment has been difficult in recent years, for reasons which should be bloody obvious.
Real Daleks don't climb stairs - they level the building.
Dear George,
Please next time listen to me and read the resume of the personnel that you employ.
1) Don't hire nerds for foreign jobs
2) Don't hire anyone who knows what a USB stick is for duty outside US
3) Don't hire anyone who knows where "qwerty" is coming from for duty outside US
4) If they know any of they above, they belong to the CIA....
Your ever faithful,
Q
The only real solution is to physically disable USB ports, which would be difficult with the number of legitimate USB peripherals now.
You can just modify the hotplug scripts to no recognize the mass storage device type number (0 and or 14 IIRC) and everything else USB will continue to work just fine. Only root can modify these scripts and we assume the users aren't running as root.
They are using a decent OS, right?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)