Slashdot Mirror

← Back to Stories (view on slashdot.org)

Military Secrets for Sale on Stolen USB Drives

Posted by ryuzaki0 on from the find-the-battleship dept.

nTrfAce writes "Per a BBC Article, "US forces in Afghanistan are checking reports that stolen computer hardware containing military secrets is being sold at a market beside a big US base. Shopkeepers at a market next to Bagram base, outside Kabul, have been selling memory drives stolen from the facility, the Los Angeles Times newspaper says.""

25 of 225 comments (clear)

  1. Strong encryption by VincenzoRomano · · Score: 3, Insightful

    I hope that those soldiers were using strong encryption for file systems.
    I hope that those soldiers were not storing sensible data on those drives.
    I hope that those soldiers were not storing weird photos involving prisoners ...
    Real world tends to be different from hopes!

    --
    Maybe Computers will never be as intelligent as Humans.
    For sure they won't ever become so stupid. [VR-1988]
    1. Re:Strong encryption by meringuoid · · Score: 5, Insightful
      I hope that those soldiers were not storing weird photos involving prisoners ...

      If soldiers have been abusing prisoners, I'd prefer them to photograph themselves doing it and then store those photographs on disks which are later stolen and leaked to the press.

      Otherwise, how will we ever know what our armed representatives abroad are doing in our names?

      --
      Real Daleks don't climb stairs - they level the building.
    2. Re:Strong encryption by Saven+Marek · · Score: 3, Informative

      > I hope that those soldiers were using strong encryption for file systems.

      Remember encryption isn't the be all and the end all. What happens when you lose your own keys?

      And keys on a laptop itself, well that's all portable too. Laptop + usb key means nothing since you have to carry the encryption keys with you. Without doing that your data is useless, and carrying them with you means when the laptop is stolen, you have the key stolen with it.

      Instant access to your data. If they have your key they also can unencrypt anything else of yours, so you have not just lost the USB drive but more than that. How much do you think an encryption for sale on the black market is?

      Let me tell you it ain't cheap so there's profit to be made. Where there is profit there is motive. By using encryption you are adding additional motive to the thieves.

      So why use the problems with encryption without the benefit? It doesn't make sense. Kapsky and Dilinger's 1999 paper addressed this issue on when widespread use of portable computing was just beginning.

    3. Re:Strong encryption by ObsessiveMathsFreak · · Score: 3, Funny

      Otherwise, how will we ever know what our armed representatives abroad are doing in our names?

      But shouldn't soliders have the right to strip prisioners naked and photgraph their anuses, without fear of government surveillance?

      --
      May the Maths Be with you!
    4. Re:Strong encryption by RandoX · · Score: 4, Insightful

      "The truth" is subjective.

    5. Re:Strong encryption by snoozebutton · · Score: 3, Informative

      By reading as many differing sources as possible, and making your own conclusions.

    6. Re:Strong encryption by patio11 · · Score: 3, Interesting

      There is not too much subjective about the statement "some US troops sexually abused prisoners in Iraq". Thats a fact. Here's another: "the US military found out about it before the press did, through a whistleblower, and immediately started investigating and preparing charges, and as a result some of the culprits are now doing hard time". Unfortunately, the pictures for Truth #2 don't sell nearly so many papers.

      --
      Help poke pirates in the eyepatch, arr.
    7. Re:Strong encryption by meringuoid · · Score: 3, Interesting
      If your life was saved due to someone pulling another person's (not a normal person, someone who takes joy in seeing women and children burning alive) fingernails out with pliers, would you complain?

      I very much hope that I would.

      I am not saying that the ends justify the means

      Oh yes you are.

      --
      Real Daleks don't climb stairs - they level the building.
  2. Re:Missing Classified Hard Drives by x2A · · Score: 3, Funny

    Windows - it's that insecure, you don't even need physical access to a machine to steal it's componants! ;-)

    --
    The revolution will not be televised... but it will have a page on Wikipedia
  3. I'm no military fan... by Anonymous Coward · · Score: 4, Interesting

    ...but how do they know the 'secrets' are actually that and not some kind of decoy?

    1. Re:I'm no military fan... by mrogers · · Score: 5, Funny
      Military Intelligence has released a list of the secrets that have been recovered and those that are still at large. Among the recovered secrets:

      • The B2 Stealth Bomber is just a decoy made out of balsa wood and black paper; smart bombs are actually delivered by UPS
      • Lee Harvey Oswald acted alone; the FBI and Secret Service were so embarrassed by their failure to protect the President from some wandering nutjob that they spent the next 30 years trying to create the impression there had been some kind of conspiracy
      • A 1989 Cheers episode that made reference to the Kennedy assassination was seized by the CIA minutes before it was scheduled to air; the tape went missing, and so far 11 American civilians have been killed in the effort to prevent it reaching a wider audience
      • Aging Cuban guerillas launched a successful coup in Washington DC while the nation's attention was focussed on the last episode of Sex and the City. President-for-Life Fidel Castro described it as "a good day to bury good news".
  4. Why? by bl00d6789 · · Score: 5, Insightful

    Let me be the first to ask: Why the hell is the military storing sensitive data on USB drives, which are prone to both theft and failure?

    1. Re:Why? by michaelhood · · Score: 4, Insightful

      Policy and practice are often quite distant from each other in reality. Especially in government; military or otherwise.

    2. Re:Why? by 1u3hr · · Score: 4, Insightful
      Let me be the first to ask: Why the hell is the military storing sensitive data on USB drives, which are prone to both theft and failure?

      Most likely it's just sneakernet; moving files from laptop to PC etc. After transferring the files they forget to wipe the USB stick. The army will probably try to stop this by mandating it not be done. Which will work for a while till troops rotate and a new batch come in. The only real solution is to physically disable USB ports, which would be difficult with the number of legitimate USB peripherals now. Otherwise everything needs to be transparently encrypted. The military fears losing access to critical data in battle more than possible security breaches though.

    3. Re:Why? by arivanov · · Score: 5, Interesting
      The army will probably try to stop this by mandating it not be done.

      Once upon a time it could force that it is not done. This is what levels of security above C and OSes like Trusted Solaris were all about. Not about being unhackable, but about it being impossible to copy data from a higher security container to a lower. Granted, someone with high enough security clearance and rights to declare his USB drive "secure" could have gotten past that as well, but the average PHB wannabie corporate ladder climber could not do anything about it. He could not "take work home".

      This is also coming back. The slashdot crowd keeps bitching about Vista DRM being Digital Wrongs Management and being mostly promoted by pigopolists. Once again wrong. Along with AD it will allow any corporation to force a mandatory encryption policy on all the data on all media in the house at the click of a mouse. Throw in this the usage of TPM chips on all Vista ready PCs and this will make any data that a corporation wants to make unrecoverable without proper access credential on a PC really unrecoverable. All of this centrally controlled. This will also result in much faster adoption of Vista in the enterprise than people can even think off, especially for mobile devices.

      This also means that if Linux is to compete for the desktop it will have to have the same features regardless of Stallmans desires. This is one thing on which Linus is absolutely right. The usage of DRM by pigopolists is a current fad which is only a minor fraction of its actual use. The real use of DRM is to enforce a security policy on data across an enterprise. Having this will be essential to the success of any OS out there in 2-3 years. Also, there is no problem with DRM being opensource. Essentially DRM is nothing but a crypto application. Same as with every good crypto - having the source should not allow one to break it.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
    4. Re:Why? by Fred_A · · Score: 3, Informative

      You can do so in any Unix by not putting the users in the usb group and setting the permissions accordingly.

      Or by not enabling the usb-storage driver.

      --

      May contain traces of nut.
      Made from the freshest electrons.
  5. why/when. by rew · · Score: 5, Insightful

    Why and when are rules ignored?

    Here in the Netherlands, there has been a series of cases where sensitive information has leaked through stolen/lost hardware, and every time some official was breaking the rules.

    The rules were unworkable: DO NOT TAKE YOUR WORK HOME.

    So, no reading of a report on the train, no after-dinner report writing. Nothing. Ambitious people break the rules to perform better. So they take stuff home anyway. As long as the hardware doesn't get stolen, nothing is noticed. Big publicity when sensitive information makes it to the press.

    But if they were to start policing the policy, a lot of the ambitious people would eventually give in to the rules, and simply watch tv after dinner, and read the newspaper on the train. Results? Productivity drop.

    1. Re:why/when. by plankrwf · · Score: 3, Interesting

      This is a known problem indeed. (Someone modd parent up, I haven't gotten modpoints right now).
      I remember a case at a client in which we had to mail a very sensitive, very important document very quickly.
      Turned out we couldn't mail it using the clients own mailsystem, as... it didn't allow Word-attachments (or Zip or ...) to be sent along...
      In the end we ended up taking the document on a floppy (yes, this was some years ago), to a 'learning centre' computer which was attached to the internet, and we ended up mailing it with... hotmail...
      Roel

    2. Re:why/when. by Darren.Moffat · · Score: 5, Insightful

      "Results? Productivity drop."

      I personally disagree, in my experience you actually in the longer term get a productivity increase. Why ? because the people are more relaxed and more refreshed with a balanced lifestyle that isn't all "work work work". People who constantly take work home are marters to the job or just really bad at planning.

    3. Re:why/when. by Bob3141592 · · Score: 3, Interesting

      So, no reading of a report on the train, no after-dinner report writing. Nothing. Ambitious people break the rules to perform better. So they take stuff home anyway. As long as the hardware doesn't get stolen, nothing is noticed. Big publicity when sensitive information makes it to the press.

      If thisis only about company sensitive information, then fine. But if you're talking about military secret or confidential, then the rules are a bit different. You can't read a classified document on the way home on the train, as other people around you could see it. And unless your home was certified as a secure site, it would be illegal to have the docement there. You'd also need special paperwork to take the document out of it's original building.

      I have to ask who is doing this stealing. If it's by uncleared civilians, then what are they doing in proximity to classified material? Otherwise the stealing must be done by cleared personnel, which is a whole different story of criminal intent. Something doesn't add up here.

      --
      In theory, there's no difference between theory and practice. In practice, there is.
    4. Re:why/when. by rahrens · · Score: 3, Interesting

      I have the same feeling about this. The military is absolutely anal about classified information. Like another poster mentioned, PCs used for classified info have HDs in carriers so they can be removed from the PC for storage when not in use, in addition such PCs are required to have the usb ports disabled through group security policy, if not at the registry level, as well as floppies. They are not allowed to have cd or dvd burners, read only for classified PCs. Such PCs are not allowed to have network connectivity with UNclassified PCs, either, and classified networks are NOT allowed to be connected physically to the Internet.

      So I suspect that this reporter saw something on a stolen usb drive and just assumed that it would be classified. It may have been sensitive, but of a lower classification that would not have required the measures I mentioned above. Not that loosing such info wouldn't be bad - it very well could have, but that doesn't equate to classified info.

      Of course, while we're speculating, he could have seen a document that was created by the soldier that owned the usb drive, who then failed to follow procedures for classifying documents properly, and mentioned classified info in an unclassified document, on an unsecured system. That has been known to happen, especially under combat conditions, and is just as bad as what the article is talking about...

      --
      "Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
  6. Yet another chill pill moment by Xiph · · Score: 3, Interesting
    The stuff that's stolen is probably not aimed getting highly sensitive data, but at getting a bit of cash from selling the hardware:
    "He reportedly said he was selling the items for their value as hardware alone."
    that lack of organization also suggest the problem isn't huge, a claim also supported by
    "Coalition officials regularly survey bazaars across Afghanistan for the presence of contraband materials, but thus far have not uncovered sensitive or classified items"

    So it's not large scale, hyperterrorsquads selling supersensitive secret soldier material to themselves. but rather small bits of pieces, that together will probably seem as just that. small bits of pieces. It is however always unfortunate that personal and classified information is handled carelessly, but if we can't even handle this properly at home, why should it be any better in Afghanistan.
    I'll give the answer right here: First, get better at handling information security at home, before you start using the technology abroad.
    Don't give sensitive material to people who haven't been screened on how they handled it (I thought this was already a goal the tried to achieve)
    --
    Blah blah sig blah blah blah irony blah blah
  7. More details in the original LA Times article by rchatterjee · · Score: 5, Informative

    The BBC article is based on a LA Times article which contains more details like the fact that on the thumb drives they found a list of soldier's SSNs which which they were able to track down the soldier's home addresses.

    Original LA Times article

  8. Good Points Above by jbenwell · · Score: 3, Funny

    Good points above, but there are a couple of things that I would like to know:

    1. How big are the drives? I find that my 256MB one fills up all the time. If these are 512MB or more, I may want one.

    2. How much? I can get a (new) 1GB drive at Costo for $60 (Canadian), so I'd hope these (used) ones are going for less then that.

  9. Scrapping the Military.. by Savage-Rabbit · · Score: 3, Interesting

    Windows - it's that insecure, you don't even need physical access to a machine to steal it's componants! ;-)

    Somewhere in California (IIRC) there is a company that specializes in providing military aircraft for the movie industry. At the time he appeared in a documentary which I watched, the owner of this business had apparently assembled more than one Cobra Gunship from parts sold off by the Armed Forces as scrap and was well on his way toward assembling (what was at the time at least) a state-of-the-art Apache assault helecopter using parts draw from similar sources (they showed footage of it being assembled). According to this guy some of the things the US armed forces sell off to civillans as 'scrap' are downright scary both because they are sometimes dangerous (contain live munitions, toxic materials, rocket engines, etc..) and because this 'scrap' includes some pretty sensetive electronic equipment. So stolen PC's are not the only problem, the US armed forces quite freely sells off some pretty amazing stuff as junk. True enough, the information on a stolen PC can cause a significant security breach but an enemy nation getting it's hands on sensetive military electronics at a scrap auction is even worse. I suppose the way the military filters equipment for disposal may have improved over the last few years but somehow I doubt it.

    --
    Only to idiots, are orders laws.
    -- Henning von Tresckow