Slashdot Mirror
UK PM's Aide Loses BlackBerry In Chinese Honeytrap
longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"
Would he have reported the loss of his virginity?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
The level of espionage out of China is pretty ridiculous. I wonder how long this goes on before the trade advantage of dealing with them is over weighed by their rampant spying.
They aren't telling us that Scotland Yard did this deliberately just to see how the Chinese would react.
What the Chinese aren't telling us is they knew this was a trap and reacted accordingly.
What Scotland Yard also isn't telling us is that they knew the Chinese would see the trap and were counting on them to react accordingly.
What the Chinese also aren't telling us ....
oooh my head hurts.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I was just posting in the article about ways of making certs work, and I see this.
Am I the only one who sees a connection between this and the problems we have getting certificates to actually mean what they are supposed to mean?
Actually, I see several connections.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
China is basically using Capitalism as their weapon by fixing the Yuen to the Dollar.
2005 just called, they want their now-outdated analysis back
You just got troll'd!
I promise not to carry anything sensitive, and I'll distract the attractive Chinese women for him so his secrets will remain safe!
"Honeytrap"? Bullshit. What leads anyone to think it was anymore than the guy lost in in a taxi, or if the girl did take it, she sold it on to a second hand phone dealer for a few dollars.
I think if it was really a "vast Communist conspiracy" as the article implies, the agents would have copied the data from the phone and returned it later in the evening, leaving him none the wiser.
Much more important to consider is if the guy used the phone while he was in Beijing, there is an excellent chance that every keystroke, including passwords, was captured en route.
Has General Ackbar been consulted on this matter of international intrigue?
The fault has to lie with the government and not the aide.
This comes down to just bad security governance, even my blackberry is encrypted and our BES servers enforce security down to the handset so that you can't install any unauthorised applications.
These devices of course are prone to loss, and given the confidential information potentially held on these devices should be reason enough to enforce the appropriate security measures on the devices.
The woman was not really attractive, he was just desperate.
Seriously, is the woman's attractiveness really pertinent to what happened, and was her attractiveness fact-checked? Or is "attractive Shanghai woman" a British idiom for "prostitute"?
Only a fool would think that an attractive chinese women in chinese disco is going to go to bed the first night with a westerner.
You've clearly never been to Asia. Rest assured you can see many examples of exactly this happening all over Asia.
Now send in 007 to get that Blackberry!
Brown trouser time!
So the article is trouser snake meets honeypot - but it's a trap! Snap! Ow, Blackberries.
With technology being so important today, they should be hiring proper geeks for their top aides.
Then they wouldn't have this kind of security lapse.
likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers.
So, in addition to stupid aides that fall for Chinese spy-whores, the British government is incapable of changing the passwords on its mail servers?
Ew, if you could lose a blackberry in that
Chinese Honeypot, I wouldn't stick around.
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
They know what the aide looks like.
ba-dump *tsssh*!
Xenu loves you!
...... the 'woman' picked up ended up being a dude in drag and that aide ended up losing more than his blackberry that night. *Always* remember the package check guys!
Logic called. They said that you need a lesson. The yuan is in a "basket", that is supposedly pegged to a number of moneys. Only problem is, there is no formula that has been given and more importantly, none that can be found. The yuan against the dollar has gone up just a bit, even though the dollar has plummeted against ALL other western moneies AND the chinese accumulate loads of dollars. IOW, it is still fixed. The only difference is that China has pulled a scam for fools like you.
Dollar to yuan
Dollar to Euro.
Euro to Yuan.
The Yuan has gone up 20% over 5 years against the dollar, while the euro has gone up more than 60%. By the same token, the euro to yuan is roughly fixed. Do the same for other western monies and you find the same result. Basically, if China were to allow a true floating money, it would more than double. Even now, the EU is considering this a problem. They are currently asking China to keep their earlier promises to open their borders as well as allow the yuan to float. So far, China is resisting. The good news is that EU is about to do something about this (unlike America).
I dunno about you, but I'd trade my blackberry for a hot backstabbing chinese girl. Seems alright to me. If she was his wife, he'd have lost everything except for 40 dollars a week in lunch money. And then it would really get bad.
His Blackberry got shanghaied in Shanghai?
Spy-whores? Stupid? You should get out more.
Quack, quack.
"News" have long ago lost any purpose of informing, assume it ever has that in the beginning. Nowadays, "news" is just baits used to catch your attention to advertisers, who are the real customer of any "news" organization, be it newspaper, TV or web site.
Which headline do you think catches more attention (thus earn more profit)? "Some guy lost his Blackberry?" or "Chinese spys strikes again"?
Oliver.
All over Asia, yes. Korean and Japanese women, yes. But Chinese women? Still slow to go.
It's not 'The Times of London'. It's 'The Times'. It happens to based in London, but it's not 'of London'. Here in the UK we have very few papers carrying national/international news that aren't national in and of themselves.
Tsktsk.
He should get instructions on how to safely do Penetration Testing of the Chinese secret service. Clearly he forgot to secure the client side properly. Except for that, the article is a tad vague on whether the testing itself went smoothly and he found some holes.
*Ahem*
"Rune Kristian Viken" - http://www.nwo.no - arca
More xenophobic rubbish from the /. crowd.
What will it take for you guys to realise that China is not your enemy?
Max.
That is something a greenhorn soldier would do and not all of them.
Aren't Blackberries what CIA gives these days to their recruits?
I grow tired from hearing all the smear about China in the press lately, suggesting a sting operation either means the reporter has watched to many Bond movies lately, or the source wants to create an athmosphere of danger and excitement around the whole thing to make up for the dull life he/she lives.
I call your bluff!
> Only a fool would think that an attractive chinese women in chinese disco > is going to go to bed the first night with a westerner. They do, but they all say "give me 200 dorrar, suckyfucky love you long time!"
Now send in 007 to get that Blackberry!
007 with chinese woman? Already been done. Bring yet another race from the PC vault.
The Euro to Yuan is not fixed: according to the data linked by you it seems to have gone up from cca 9,3 to cca 10.7 - by about 15 percent.
Also the Dollar to Euro rate decreased by about 30 percent (and not 60).
Now, those are just rough calculations and IANASoros - so correct me if i'm wrong.
Sig. under reconstruction.
Finally, news for nerds, stuff that matters.
My guess was that the aide's name was Sebastian and after the recent bi-election there was call for a celebration! *clap hands* Champaign!
.
You've clearly never been to Asia. Rest assured you can see many examples of exactly this happening all over Asia
And so begins the great stampede of slashdot readers heading for asia.. ;)
Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock.
This is the best IT security the UK PM's office can manage? They have staff in a foreign countries and let them walk around with sensitive information on a low security device? Come on. It wasn't the aides fault if their InfoSec policy is that weak. And it doesn't matter how he lost his Blackberry. Would have been just as easy to arrange a minor accident and have the emergency responders lift it off him during the confusion. Hey, if the Chinese deliberately stole it, at least he got laid for his trouble.
Besides, I have a hard time believing RIMs security hasn't been compromised. Terrorists the world over figured out all they have to do is get a Blackberry to defeat the mighty NSA. Does anyone really buy that? You'd think an organization with the resources of the Chinese government could do better.
The PM's office has, or should have, copies of all his messages. They should know what the Chinese know. And knowing that they can't find a way to monitor those potential exploits? Who the hell is running their network security? Usually that level of incompetence is limited to the Bush administration. Do the Brits have an Arabian Horse association? Is that person running their network security?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I only see it now that you meant that 60 percent the other way around (Euro to Dollar).
It's still roughly 40 percent increase instead of 60 percent.
And the Yuan has gone up roughly 22.5 percent (not 20).
That last number combined with the 15 percent increase of Euro to Yuan is in line with the 40 percent increase of Euro to Dollar (1.15*1.225 ~ 1.4). So those data still contradict your point.
Again I'm no forex expert and didn't bother looking past the data you cited.
Sig. under reconstruction.
Foreign governments will hire hot chicks to do you just for a Blackberry? If I was a target, I'd get myself of whole box of fake Blackberries and go around pretending to use them at discos. At least until my agency sprung for counter-espionage fake Blackberries that *looked* like they had encrypted state secrets on them, but were really just surveillance devices so they could GPS exactly where they wound up, and eaves-drop on their decryption techniques.
Unfortunately, no government cares enough about what's on my PDA to hire hotties to boost it, and even if they did, you couldn't pay me enough to go freakin' disco.
Prostitutes do still phones and cash. WHat makes them think that it was an agent?
Certainly it would give them a selfrespect and a feeling of selfimportance.
But what really happened is that a hooker has got a blackberry stolen from a drunkard.
"Only a fool would think that an attractive chinese women in chinese disco is not going to go to bed the first night with a westerner.
I am very small, utmostly microscopic.
Now maybe if they put an end to their government endorsed human rights violations, abandoned their quasifascist style of government, stopped putting western cooperations out of business over the backs of their own workers, stopped their hate campaigns and anti-western, anti-Japanese and anti-Korean propaganda, respected Taiwan's sovereignty, stopped poisoning our children, stopped being chauvinistic pricks and made a start at actually being nice chaps,* we'd be talking. But until then, I prefer China as my enemy because the alternative is even worse.
*Non-exhaustive list in no particular order.
"The aide was 'informally reprimanded.'"
Translation: "Dammit, Nigel, keep it in your bloody shorts next time!"
... the KGB or better yet, the NKVD would have shamed Gitmo...
Hmmmm i miss the old times, when it was just KGB agents trying to steal our secrets and CIA stealing KGB secrets... now we have to deal with this whole crap of different entities.
"Doing what i can, with what i have." ~ Burt Gummer
Honestly, this is normal in asia. A guy meets a girl, they have some fun, and in the morning, something extra is lost. A phone like that can be sold and feed her family for months. Do you really think there's any consideration about the content? It's just business for there girls in poor parts of asia, not political. And if the chinese really wanted to copy content from a phone like that, the situation would be more like theft, or an accident or an arrest. Not just a night out with a girl
So basically, what you're saying is that the yuan is fixed to other currencies, but that no matter how you cut the data it's not consistent with that claim, i.e. "no formula can be found"? In other words facts don't back your claim that the currency is fixed.. Are you sure that logic was calling for *me*?
Also, there's no flaw with my logic, there's no logic, only one undeniable fact that the yuan hasn't been fixed to the dollar since 2005. And the data you pointed to confirms it. So basically your post was just a case of "let me puke all the knowledge I have on this topic even if it isn't directly relevant to the post I'm replying to", right?
You just got troll'd!
This graph (EURCNY/USDCNY/USDEUR all in one) is much easier to read. But I'm not sure what you're point is. You're saying that the USD is falling against the yuan and keeping not badly inline with the euro. If we assume that the euro is a reasonable baseline then it makes it look like the yuan ... well, it's not floating but it is doing a very nice smoothing of it. (Looks much neater than the behavior of the USD or the euro doesn't it? Because quality-control's exactly what China's known for.)
Look out!
Following the logic they shold be the agents of foreign intellegence services running amok stelaing notebooks and mobile phones with data in London. But it is absurd.
They are stolen by trivial criminals for profit.
Maybe they should all be made to watch Alias.
Against the British Pound, it is going all over the place - http://finance.yahoo.com/currency/convert?from=GBP&to=CNY&amt=1&t=5y and back pretty much where it was 5 years ago.
There are so many ridiculous things here.
1. A government would use a blackberry enterprise server (BES).
2. The BES platform and devices has been audited from end-to-end by the UK government's spies (GCHQ). They know what they are doing and how to manage blackberries securely.
3. With a BES, you can control every little detail on the blackberry. The UK government has standards for this.
4. With a BES, you can:
- force the blackberries to use strong encryption to store & transmit encrypted email
- force the blackberries to use strong encryption on the removable media card
- force the blackberries to use a strong password to lock the device
- force the blackberries to lock after a configurable period of inactivity
- force the blackberries to lock after a configurable period regardless of activity
- force the blackberries to use two-factor authentication such as an RSA key fob or smartcard
- disable bluetooth and other functions
- prevent data transfer by USB
- lock the blackberry remotely
- wipe the blackberry remotely
- if it has GPS, trace the location of the blackberry
It's a bit hard to believe that my 50-person company has a better blackberry policy than the UK government. But that's nuLabour for you.
Honeytrap, my ass. If this had been an intel op on the part of a competent apparatus (and the ChiCom are quite competent, thank you very much), the unit would have been lifted, the content store replicated, and the unit replaced before the honourable Mr Dickbrain ever missed it.
Simply stealing the unit is pretty much worthless, as within minutes of the device's disappearance being noted, any sensitive data it may have contained would have been rendered invalid. Sensitive data loses a lot of its worth if the other side knows you lifted it; all it takes is a spin of a dial, the tap of a few buttons, and the swipe of a pen to turn most of it into useless history.
The real story here is just what the devil has MI5 been doing in regards to getting just the most basic counter-intel training pounded into the heads of silly little gits like these? On Holiday, boys?
>:P
Regards;
even if the yuan were fixed to the USD the far more likely reason would be the chinese government wants to maintiain business relations with US companies, if the dollar losing value menat it suddenly cost 3x as much to manufacture in china, plus rising shipping costs many companies would relocate either back to the US or down to mexico where shipping is cheaper.
Snowden and Manning are heroes.
Or it was an aide who worked handled IT for the PM.
... no honey!
Chinese women in Shanghai? I beg to differ. Shanghai has been an international city for a long time (compared to many of the major cities in Asia), the people are used to seeing foreigners, and in some parts of Shanghai (Pudong mostly) it almost seems as if you're in a Western city (a very bizarre and not quite right Western city, but still...). Anyhow, my point is that there are plenty of attractive women in China who will get into bed with a foreigner, especially at a "discotheque".
Pffft, they'd have to deal with too many people in the meatspace. Japan, China (Shanghainese), Korea...they love to be outside, pursuing the glorious goal of consuming, and being seen doing so.
... after all, she was asked to "get aides" for the homeland.
Bah-dum-cha.
Anybody want a peanut?
As the aide returns to the UK and several months pass, he forgets all about the incident. One day, from his original Blackberry, Honeypot sends an e-mail.
From: Honeypot@blackberry.gov.co.uk
To: PMsAide@blackberry.
Dear Mr. .....
It seems that in our last encounter, you said that "Wearing one doesn't feel right".
I can tell you it will cause you indigestion and heartburn in the next sentence.
Its a girl!!!!!
I hope to see you soon. Bring some gifts for the kid.
Love Honeypot
PS - Show up or your paying child support.
NO!!!!!!!
It's no surprise that this has happened to a high ranking UK official. The state of security in the United Kingdom is absolutely pathetic nowadays, and the country deserves to be laughed at. Before we go on, yes, I'm British.
Barely a week seems to go by without a story of confidential government (or secret service) files being left on a train, on a laptop on a train, or what not. Think I'm joking? Google for "uk lost files train" to see a plethora of stories.
For more, try a search for UK lost data. This includes November 2007's leak of 25 million people's bank details, national insurance numbers (like an SSN in the US), name, birthday and address. How about December 2007's story of the DVA losing the details of 6000 drivers?
The British government is a fucking shambles when it comes to anything relating to IT (what about the £20bn wasted on an NHS computer system that barely works - with a reported 110 "major incidents" in 2006) or the secure management of data.
In the UK, any data stored by the government (which includes most of your personal information) is extremely unsafe and should be assumed to be public knowledge.
Anyone besides me surprised that British officialdom now apparently prefers females?
Go ahead, mod me down, then google spies + Burgess, McLean & British.
BTW, WTF: /. runs scripts from doubleclick?
Now all aides to the UK PM have another movie added to the required-viewing list.
Outside's fine too, long as we can find a place where we can have a couple of minutes of privacy.
Not to mention...
The remote nuke option.
For me, once I report my pda lost, the boys in corp will send a command to wipe the contents of the phone and remove all settings. I believe this option also exists for blackberry.
As well initiate the self destruct code on the small thermonuclear charge.
As others stated, disabling its ability to receive said kill signal is not difficult. Past that, the other barriers to gaining the data on the device can probably be circumvented as well. 10 password fails wipes the device? They probably wont bother trying a single one on the device itself, if this is truly an organized attempt. Rather they would probably crack it open and copy the contents of its memory directly from the pins of the chips themselves, and then work from that copy. Remember, once physical access is obtained, you can bypass any software deterrences and most hardware ones as well.
Tm
Support TBI Research: http://www.raisinhope.org
It's going to be pretty funny if 10 Downing Street get a call from the hotel saying they've got the Blackberry in their Lost and Found.
In my time in Shanghai, I went to a bunch of clubs. I heard stories that girls might dance with you to pick your pocket. It could just be that she liked his phone. I never saw any of that though and I only met nice girls. One time I accidentally wound up in a brothel, but that was by mistake. If you want to find a girl that's not going to rob you or make you pay for services, it seems like a good rule of thumb is that normal girls go to clubs with another friend, and in general, it seemed like you'd see pairs of girls walking around holding hands, at least on campus. I don't have a lot of empirical data to test my hypothesis for significance, but it seems like if she doesn't have a pair, it's wise to be a bit cautious. Her pair will probably make it harder to score, but if you are with friends too, you can just party all night together and go to dim sum when the sun come up.
Only a fool would think that an attractive chinese women in chinese disco is going to go to bed the first night with a westerner.
It's amazing what having a few dollars will do to improve a woman's attitude towards your perceived attractiveness.
well it happened to me, more than once, but then I didn't have anything worth stealing either *confused*
Don't worry, the password was stored in-line with UK government recommendations - written on a Post-It stuck to the back of the Blackberry.
007, Q is going to be upset about this one!
Be as you would have the world become.
Maybe a thief is just a thief.
Hey, give the guy a break: he did get laid. That's better than most geeks on /. get. Now there will be a rush of geeks to China clutching their blackberrys.