Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK PM's Aide Loses BlackBerry In Chinese Honeytrap

Posted by timothy on from the my-envy-exceeds-his-chagrin dept.

longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"

16 of 260 comments (clear)

  1. Re:This seems to be a recurring problem. by x_MeRLiN_x · · Score: 5, Insightful

    What makes you think the UK/US is any different?

  2. Honeytrap? Proof? by 1u3hr · · Score: 5, Insightful
    The only facts given are the guy picked up a girl (or vice versa) at a disco, and the next morning his Blackberry was gone.

    "Honeytrap"? Bullshit. What leads anyone to think it was anymore than the guy lost in in a taxi, or if the girl did take it, she sold it on to a second hand phone dealer for a few dollars.

    I think if it was really a "vast Communist conspiracy" as the article implies, the agents would have copied the data from the phone and returned it later in the evening, leaving him none the wiser.

    Much more important to consider is if the guy used the phone while he was in Beijing, there is an excellent chance that every keystroke, including passwords, was captured en route.

    1. Re:Honeytrap? Proof? by smallfries · · Score: 5, Insightful

      No. The parent hit the nail squarely on the end. If they had stolen his passwords and returned the device then they would have had access to his official email without him being any the wiser. Then they could have gathered intelligence on anything he had access to for the foreseeable future.

      Stealing the device would just make Downing Street close the account and issue him a fresh one. Intelligence gathering does have to be subtle to be effective.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  3. Re:What they aren't telling us by JustOK · · Score: 5, Funny

    oooh my head hurts.

    which was part of the plan all along.

    --
    rewriting history since 2109
  4. Govt fault, not the aide by nighty5 · · Score: 5, Insightful

    The fault has to lie with the government and not the aide.

    This comes down to just bad security governance, even my blackberry is encrypted and our BES servers enforce security down to the handset so that you can't install any unauthorised applications.

    These devices of course are prone to loss, and given the confidential information potentially held on these devices should be reason enough to enforce the appropriate security measures on the devices.

  5. Re:This seems to be a recurring problem. by zach_d · · Score: 5, Funny

    My country doesn't have the budget, frankly. I'm Canadian.

  6. If you can lose a blackberry... by AlienIntelligence · · Score: 5, Funny

    Ew, if you could lose a blackberry in that
    Chinese Honeypot, I wouldn't stick around.

    -AI

    --
    For me, it is far better to grasp the Universe as it really is than to persist in delusion
    1. Re:If you can lose a blackberry... by Anonymous Coward · · Score: 5, Informative

      There's no such thing as a BlackBerry without encryption. All data to and from a BlackBerry is TripleDES or AES encrypted, regardless if you're on a BES or using your carrier webmail.

      If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

      Plus, if someone enters the password wrong ten times, the device wipes itself

      The only security issue here is if the guy used a really easy password. And even that can be avoided because the admin can specify password complexity so users can't enter stuf like, '1234'

  7. Here's how they knew it was a honeytrap operation: by Paul+Crowley · · Score: 5, Funny

    They know what the aide looks like.

    ba-dump *tsssh*!

    --
    Xenu loves you!
  8. Re:technology savvy should be a job requirement by Majik+Sheff · · Score: 5, Funny

    Of course. Then the aide will be so busy playing with his blackberry that he won't notice the attractive woman. Of course if he did notice her he'd still be too shy to talk to her.

    I like your plan; it's sound.

    --
    Women are like electronics: you don't know how damaged they are until you try to turn them on.
  9. Because it sells by khchung · · Score: 5, Insightful

    "News" have long ago lost any purpose of informing, assume it ever has that in the beginning. Nowadays, "news" is just baits used to catch your attention to advertisers, who are the real customer of any "news" organization, be it newspaper, TV or web site.

    Which headline do you think catches more attention (thus earn more profit)? "Some guy lost his Blackberry?" or "Chinese spys strikes again"?

    --
    Oliver.
  10. Re:passwords? by ColaMan · · Score: 5, Insightful

    Let's see:

    You are a chinese honeytrap now in possession of an aide's blackberry. It is 1am. The aide has passed out drunk three steps inside the front door of his flat, and won't be in any fit capacity until about 8am, when he realises his blackberry is missing and goes looking for it. The IT boys cancel his password at 9am.

    That gives you 8 hours to:

    - Read all his recent email, for starters. If they're doing IMAP, then god knows how many personal IMAP folders there are to browse through on the server. Look for the good folders like "Foreign Policy". "Sent Items" and "Drafts" can also be fascinating.

    - Get his contact list, recent callers,etc, allowing you to analyse and see where this particular cog fits in the Government Machine. If he turns out to be a well-connected individual, it might pay in the future to keep an eye on him. If he's not well-connected, that's one more person you cross off the list.

    - Possibly fire off a few trojans to a few "inside" email accounts on that list, who might accept them from a known,"trusted" source. Doesn't hurt to try something like "Revision to yesterday's document -- URGENT".

    So you see, there's plenty of scope for mischief.

    --

    You are in a twisty maze of processor lines, all alike.
    There is a lot of hype here.
  11. He forgot to secure the client-side by arcade · · Score: 5, Funny

    Tsktsk.

    He should get instructions on how to safely do Penetration Testing of the Chinese secret service. Clearly he forgot to secure the client side properly. Except for that, the article is a tad vague on whether the testing itself went smoothly and he found some holes.

    *Ahem*

    --
    "Rune Kristian Viken" - http://www.nwo.no - arca
  12. Re:This seems to be a recurring problem. by dotancohen · · Score: 5, Funny

    My country doesn't have the attractive women, frankly. I'm Canadian.

    There, fixed that for you.

    --
    It is dangerous to be right when the government is wrong.
  13. Re:This seems to be a recurring problem. by MPAB · · Score: 5, Funny

    Members of the British Government will now be expecting an increased amount of spam and unsolicited phone salesmen calling to offer V1agra and other products.

    Will that be because of the data inside the phone or because of the chinese lady's detailed report?

  14. Re:This seems to be a recurring problem. by Guido+von+Guido · · Score: 5, Informative

    My country doesn't have the attractive women, frankly. I'm Canadian.

    There, fixed that for you.

    I just moved to downtown Toronto. I can assure you that you're wrong. Although perhaps we're stockpiling them.