Slashdot Mirror

← Back to Stories (view on slashdot.org)

Server with Top-Secret Data Stolen

Posted by Zonk on from the don't-walk-around-with-that-stuff dept.

An anonymous reader writes "Usually missing information stories are fairly low key; the loss of a few thousand student records is cause for concern for those involved, but hardly national security. This one is slightly different. The company Forensic Telecommunications Services has announced that a server containing 'thousands of top-secret mobile phone records and evidence from undercover terrorism and organized crime investigations' has been stolen. From the article: 'The company — whose clients include Scotland Yard and the Crown Prosecution Service — has assured the public that the server is security protected, and the breach will not compromise ongoing police operations. The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams.'"

28 of 142 comments (clear)

  1. Just FYI... by daveschroeder · · Score: 4, Informative

    ...Forensic Telecommunications Services is a UK company, not a US company, so please keep that in mind when crafting your comments.

    (And yes, this is fairly plainly obvious to anyone who takes a moment to look.)

    1. Re:Just FYI... by Control+Group · · Score: 4, Funny

      But the British government has been in bed with the US government for years, which means they pretty much do whatever the US tells them to, which means they're pretty much just a US colony, which means that this loss is obviously attributable to FBI negligence, which is clearly linked to the PATRIOT Act, which means that it's the sole responsibility of the current administration - and we all know how Karl Rove likes to publicize secret information; this loss is obviously why he's resigning - which means that George W. Bush wants criminals to go free, so he can further consolidate his power and declare himself interim president for life!!!

      CAN'T YOU SEE, MAN? IT'S THE END OF FREEDOM!

      --

      Reality has a conservative bias: it conserves mass, energy, momentum...
    2. Re:Just FYI... by cHiphead · · Score: 2, Funny

      Oh and ONE MORE! Van Halen just got back together. With David Lee Roth.

      END!

      Cheers.

      --

      This is my sig. There are many like it, but this one is mine.
  2. Isn't it obvious? by thatskinnyguy · · Score: 3, Funny

    I blame the intern!

    --
    The game.
  3. Comment removed by account_deleted · · Score: 2, Funny

    Comment removed based on user account deletion

  4. Top secret public records? by mmarlett · · Score: 5, Insightful

    Which is it: Top secret phone records or information that has already been released in court cases? It doesn't seem like the two are the same.

    1. Re:Top secret public records? by yog · · Score: 4, Insightful

      I don't get it. What happened to locks, keys, and trusted employees? It seems like companies and government organizations are constantly leaving sensitive materials in cars or in unsecured locations where they can be stolen by opportunistic thieves. After thousands of years of civilization, and with all the fancy technology at our disposal today, have we learned nothing about how to keep important materials out of mischievous hands?

      A server with sensitive information should not be on the public internet, and it should not be on the premises of a subcontractor! It should be safe behind locked doors with access only by a select few, and protected by strong encryption too. I just don't get it; it's kind of depressing.

      --
      it's = "it is"; its = possessive. E.g., it's flapping its wings.
    2. Re:Top secret public records? by dmpyron · · Score: 3, Interesting

      I've handled TS and above at a number of contractors over the years. That said, "What happened to locks, keys, and trusted employees?". And how do you get a server out of the building? Stuff in down your pants? I've never worked anywhere where areas with classified information weren't surrounded by cameras. And access control. And lots of other means of tracking the comings and goings. There's more to this story than has been made public.

      The lady doth protest too much, methinks. Something is rotten in the state of Denmark.

      Either there really wasn't much to worry about or they are secretly passing rectangular pieces of firehardened clay out their anuses. And these guys are called a "security" firm!

  5. I could sure trust them by faloi · · Score: 5, Insightful

    Except that their physical security is apparently so poor that I can't imagine their data security is much better.

    "All the data is protected, as long as the thieves don't look at the password sticker hidden inside the case."

    --
    "It is a miracle that curiosity survives formal education." -Albert Einstein
  6. Good thing I didn't have anything to hide, by MrMr · · Score: 4, Funny

    from the Russian mafia.

  7. Wrong Terminology by stewbacca · · Score: 4, Insightful

    "Top Secret" is a term reserved for government classification schemes (in the US) and is clearly outlined by US laws. Using "Top Secret" for a business is just sensationalism. This business lost sensitive data, not "Top Secret" data.

    1. Re:Wrong Terminology by daveschroeder · · Score: 2, Interesting

      Actually, that's incorrect.

      Many nations have equivalent parallel classification schemes, including using the terminology "top secret". Long-standing agreements between various nations allow sharing of information in the same categories.

      See here and here for details.

      If FTS is a contractor on terrorism investigations, it could very well be handling "top secret" data. The article refers to it as "top secret", but you're correct: it's not clear if "top secret" is merely being inappropriately applied here, or whether the information really could be technically "top secret".

      It is (PowerPoint) quite routine for contractors to handle classified information in the US and UK.

    2. Re:Wrong Terminology by stewbacca · · Score: 5, Informative
      I was a contractor that handled real Top Secret data and that term is reserved for government classified data only. Contractor's own stuff is neither Top Secret, nor protected under the provisions provided to government Top Secret data. My point is that there are too many stories from JoeBlow, Inc. that report "Top Secret" information being stolen just to sensationalize the story. To working professionals in the Intel field, the notion that Top Secret data was stolen is a national security crisis, only to read in the story that some stupid company lost some data with private information in it.

      True, that many countries share classification terminology. England, Canada, U.S. and Australia, for example, have all worked to synchronize their terms and laws. But the common thread is that these are all covered by government classification guidelines, not the private sector.

      I suppose the info in the story could be "Top Secret" in the true sense of the word, but if this company was a contractor handling real Top Secret (ie, government classified) data, it would be a much bigger story than something buried in slashdot ;-)

    3. Re:Wrong Terminology by stewbacca · · Score: 4, Informative

      Contractors working with US classified documents are bound to the same rules and regulation as government employees when handling classified data. My point is that companies can't just make up their own classification of something being "Top Secret". Boeing doesn't have the right to make something they created "Top Secret" just because Boeing thinks it is Top Secret. Only the government classification authority can designate a classification of: Unclassified, Confidential, Secret, or Top Secret. Anything else would be internal corporate policy, but any naming convention Boeing comes up with on their own is NOT provided the same protections under US Law that real government classifications are. (I may sound like a broken record, but I used to teach this stuff to government employees).

    4. Re:Wrong Terminology by jrumney · · Score: 2, Informative

      it would be a much bigger story than something buried in slashdot ;-)

      It was front page news in several UK papers over the weekend.

    5. Re:Wrong Terminology by stewbacca · · Score: 2, Insightful

      True, all of what you said (except contractors are not the majority of classified handlers, especially in compartmentalized intel). I was a contractor and I handled classified all day long. My point is that companies are TOLD by government classification guidelines what is "Top Secret" and don't just make up their own classifications because they work with government classified data. Even if contractors CREATE the data, the company doesn't classify the content they created, the government does. I've said too much. The blacksuits are here. Nice knowing you all!

  8. Detailed Cell Phone Bill by sjaguar · · Score: 2, Funny

    Do this mean that I will finally be able to see a detailed listing of my wife's calls? :)

    --
    If at first you don't succeed, call it version 1.0.
    1. Re:Detailed Cell Phone Bill by tehcyder · · Score: 2, Funny

      Do this mean that I will finally be able to see a detailed listing of my wife's calls? :)
      It's OK, I recorded them all from my end.
      --
      To have a right to do a thing is not at all the same as to be right in doing it
  9. Private company????? by Anonymous Coward · · Score: 3, Insightful

    Shouldn't someone explain wtf does top secret policial information in the hands of a corporation? Such information should be gathered, kept and custodied by police.

  10. This was a Physical Break in by varmittang · · Score: 3, Informative

    "FTS can confirm that the company was recently the victim of a break-in at one of our premises in Kent. As a result, some IT equipment including a server was stolen."

    Very important info for all those who want to start a flame war about what OS it was running and why it was connected to the Internet.

    --
    -----BEGIN PGP SIGNATURE-----
    12345
    -----END PGP SIGNATURE-----
  11. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  12. Protected how? by hcdejong · · Score: 3, Funny

    1. Cryptonomicon-style, with a big coil embedded in the door frame of the room where the server was stored (question is, would that even work, without using an MRI as the coil)
    2. with a brick of thermite on a proximity detonator inserted into the case
    3. boring ol' cryptography

    1. Re:Protected how? by Cheesey · · Score: 2, Interesting

      1. Cryptonomicon-style, with a big coil embedded in the door frame of the room where the server was stored (question is, would that even work, without using an MRI as the coil)

      I don't think that would work, even in 1999 when Neal Stephenson wrote the book. Some data would be recoverable: disks are very hard to completely destroy. Encrypted filesystems are the right way to do it, with the key only kept in memory.

      I don't know why Stephenson's characters didn't think of that idea, since they worked for a PGP-style data security company. Nor do I understand why the adversaries used Van Eck phreaking to spy on Randy's laptop rather than just install a hardware keylogger, or why an EMP can destroy a CPU but not a hard disk controller. But hey, at least the ending was better than The Diamond Age.

      --
      >north
      You're an immobile computer, remember?
  13. Bizarre reporting by mattr · · Score: 2, Interesting

    It seems most journalists are just mouthing the press releases over again. "Security Protected" is a talk-down-to-you phrase, "protected" means "secure" anyway, and it intentionally doesn't tell you anything about how it really is protected. The company with the break-in obviously wasn't using security sufficient to deter people targeting them - for a security analysis company not to use more expensive security commensurate with the value of their clients' info is not even mentioned. Something silly about outsourcing is mentioned in TFA but in not the press release of course because it was stolen from their premises. Impossible perhaps to deter a truly obsessed insider, but for TFA not even to talk about what that incredible "security protected" technology stuff is, is just dumb.

    I think it would be in the company's best interest to say everything was encrypted with unbreakable algorithms, but perhaps they have rules about not disclosing anything and maybe they don't want to spread the idea that people should encrypt things, that would certainly put a damper on their business, wouldn't it. I'd understand if they don't want to say they have a cell phone tracker or phone home device in it, but as for trusting them when they say nothing is important on that server they stole sounds very strange. More likely someone knew what they were going for it sounds.

  14. Laptops, always, desktops, yes, servers - ? by caluml · · Score: 3, Insightful

    Well, I always use encrypted partitions for equipment that could be stolen - laptops, or my home PC - but I wouldn't consider it for servers.
    This makes you think though.

    --
    Get your own free personal location tracker
  15. Deliberate theft? by orangesunglasses · · Score: 2, Insightful

    It is probably understandable how laptops and PC's get stolen, as maybe an opportunistic theft, but how the fuck can someone just wander off with a server? This presents two reasons why it was stolen
    1. It was stolen for the hardware, so have a look on ebay soon
    2. It was stolen for the data that the machine contained, which is probably more concerning.

  16. Okay, here's what we've got by spun · · Score: 2, Funny

    The Rand Corporation, in conjunction with the saucer people, under the supervision of the reverse vampires, are forcing George W. Bush to go to bed early in a fiendish plot to eliminate the meal of dinner.

    We're through the looking glass, people

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  17. Yes, actually. The cat does "got my tongue." by Impy+the+Impiuos+Imp · · Score: 2, Funny

    > Usually missing information stories are fairly low key; the loss of a few thousand
    > student records is cause for concern for those involved, but hardly national security.

    Yeah! The problems of tiny organizations are not really worthy of national, much less international, attention.

    > This one is slightly different...'The company -- whose clients include Scotland Yard
    > and the Crown Prosecution Service '...

    Wait, I thought you said this was slightly different. Sounds like the same class of problems as that of a small school, from the point of view of the $2.1 trillion spending, 15 aircraft carrier battlegroup wielding, moon-landing, shuttle-launching, eh, it's only $500 billion for this war, that savings & loan bailout, that geezer drug benefit cha-CHING-ing nation.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.