Slashdot Mirror
MI6 Terror Photos, Data Accidentally Sold On Ebay
Barence writes "In what's turning out to be a bad week for security in the UK, confidential MI6 documents, fingerprints and photos relating to suspected Al-Qaeda terrorists have been found in the memory of the second-hand Nikon Coolpix camera, which was bought on eBay for only £17. The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC. Remember, this is the same MI6 which plans to recruit new members via Facebook, a userbase not exactly famous for its dedication to privacy, security and discretion. The news comes on the back of yesterday's embarrassment over a local council whose VPN device ended up on eBay with confidential login details left on it."
The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC.
This is why you never talk to the police.
Give me Classic Slashdot or give me death!
George Smiley would whip out a light-saber and... oh, wrong Alec Guiness film. Sorry.
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
Just how many people buy hard drives just to mine them for data?
1. Buy the drives on Ebay
2. Scan drives for valuable data.
3. Sell cleaned drives on Ebay and sell data to the highest bidder.
4. Profit.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I think an intelligence service selling a camera with highly sensitive classified data on it is just a little more serious than some local council leaving the password to their VPN on a router.
I would expect small local agencies to either not have or ignore proper data scrubbing policies prior to selling old equipment, but national intelligence agencies? That's a whole different kettle of fish.
IIRC most banks destroy their hard drives before throwing them away. Why are government agencies selling used devices in the first place instead of destroying them? For friggin £17? WTH
The UK government has approved a 700 billion megabyte bailout to stop the Data Crunch causing the End of the Internet.
Rather than just giving the data to those who have it already, the government is distributing everyone's information free. "We feel that there is strong bipartisan support for a bottom-up data distribution initiative, such that everyone everywhere can share in the data generated and held by government," said a spokesman whose name was lost.
Reports that Neo-Nazi organisations are asking for "lost" data disks with the name and address of every immigrant in the country are as yet unconfirmed.
http://rocknerd.co.uk
But then again, in the US they would have tasered him for no reason.
If someone says he and his monkey have nothing to hide, they almost certainly do.
I think the individual would have been better off (as in, not having his home raided and property taken) to have just given the data to wikileaks.
In response to MI6's ineptitude, the authorities have attacked the innocent person attempting to help them.
Remember kids, talking to police is not usually in your best interest. Be polite and complicit within your rights, but don't volunteer information.
Many Slashdotters might be readjusting their tinfoil hats upon hearing this news, but to me it just says that the governments of Western nations are not engaged in some great conspiracy to do outrageous action $X. They are, however, staggeringly incompetent and that if any individual or business had treated similar information with such shocking indifference they would have been sent to jail.
I mean, could you imagine the charges that would be laid upon some civilian if she had a laptop with confidential (unencrypted, unprotected) information about the War of Terror onboard... which was leaked in a such a manner as this? Collusion with the enemy, no-fly lists... the works. Probably easier to just ship 'em straight to Cuba.
Check out my sci-fi book "Lacuna" at http://goo.gl/MVxX8
Facebook, a userbase not exactly famous for its dedication to privacy, security and discretion.
When did it become acceptable to dare criticize facebook on slashdot? Considering how many front page articles were devoted to facebook games, I thought it was the new golden child around here.
Granted, here we are criticizing the users of facebook, and not facebook itself. Still I am surprised to not see a large outcry from those who sing the praises of the great facebook.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Mohammed Achmed Kalil Bond.
The police actually replaced his £1,000 computer after the seized it as evidence? Apparently Bush's foreign relations need to do better work. Here in the States he would have been shipped off to Gitmo, never mind the seized computer.
... is that Mi6 is using a freaking Nikon Coolpix camera, and due to government procurement systems, probably paid $1000 for it...
What's next, we see James Bond with a Hello Kitty umbrella?
-Styopa
ever goes unpunished.
If someone comes to you, DO NOT attack them! Be nice, assist in getting any secret data purged, and sign a confidentiality agreement, and give the guy a nominal reward.
Raiding the house of someone who does the right thing is a pretty strong incentive to never help out again, and a strong incentive for others to do so as well. It also feeds the radical opponents' propaganda machine with fresh fodder and lets them become the "persecuted good guys".
So don't do it. Know who your friends are, and don't mess with them. Or they may stop being your friend.
Western societies and governments have enough enemies already, and there is no need to create any more.
17 September 2008 The Insolvency Service. Laptop containing personal details of 385 former directors of insolvent companies has been stolen. Greater Manchester Police are investigating the burglary, which happened on 28 August. The Insolvency Service said 385 ex-company directors had been affected and also about 150 people with a connection to the firms. Information on the company directors included name, address, date of birth and occupation. No bank account details were held. In relation to the creditors, complainants and employees, the data included name, address, and bank account details in a small number of cases.
16 September 2008.
NHS memory stick found in street. An NHS trust has apologised after a computer memory stick, containing the confidential files of 200 patients, was found in a street. It stored a summary of medical histories and patients' national insurance numbers and addresses.
Monday, 15 September 2008 18:19 UK.
Police admit to lost data blunder. A police force has undertaken an urgent hunt for a computer memory stick after admitting it has been lost by an officer on duty. A police force has undertaken an urgent hunt for a computer memory stick after admitting it has been lost by an officer on duty.
Monday, 15 September 2008 18:12 UK. Trust loses 18,000 staff records. Discs containing personal information on almost 18,000 NHS staff have gone missing from a north London hospital. Discs containing personal information on almost 18,000 NHS staff have gone missing from a north London hospital.
10 September 2008 11:34 UK
Up to 15,000 patients' data taken
Computer back-up tapes containing personal information on up to 15,396 patients at a surgery have been stolen. "There are 15,396 patients registered at the surgery and potentially information on all of them could be on the tapes.
27 August 2008 12:38 UK,
Health board lost patients' data
A health board has tightened its security measures after the loss of two memory sticks containing patient data.
27 August 2008 12:05 UK Taxpayers' details found on eBay. A Leicestershire council is investigating a report that a computer containing taxpayers' personal details was sold on auction website eBay. Bank account numbers and sort codes of people in the Charnwood Borough Council area were reportedly found after the equipment was sold for £6.99. Information including bank account numbers, telephone numbers, mothers' maiden names and signatures of customers of American Express, NatWest and the Royal Bank of Scotland (RBS) were reportedly found on the computer.
Thursday, 21 August 2008 22:56 UK
Company loses data on criminals
A contractor working for the Home Office has lost a computer memory stick containing personal details about tens of thousands of criminals. The lost data includes details about 10,000 prolific offenders as well as information on all 84,000 prisoners in England and Wales.
9 August 2008 13:06 UK
BBC sorry after TV data is stolen
The BBC has apologised after a memory stick containing the personal details of hundreds of children who had applied to take part in a TV show was stolen. Deverell also informed parents they could call a free helpline if they had concerns about the lost data - which included names, addresses, dates of birth and phone numbers.
29 July 2008 09:42 UK
Missing laptop data not 'at risk'
A laptop computer from the Citizens Advice Bureau in Coleraine has gone missing. The details of about 7,000 people were on the computer of an outreach worker from the voluntary group which was mislaid in transit.
Wednesday, 23 July 2008 14:17 UK
Surgery patients' data is stolen
Information on more than 3,500 patients at a surgery in Greater Manchester has been stolen, health bosses have said.
22 July 2008 20:56 UK
'Spying' requests exceed 500,000
More than 500,000 official "spying" requests for private communications data such as telephone records were made last year, a report says. Police, security services and other p
> The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC.
So basically he got punished for doing the right thing. I bet that will make other people want to tell the police too *NOT*.
Police = morons.
After my initial bafflement at the very notion MI6 was choosing Facebook to run recruitment ads, I see in the 2nd FA they also run recruit ads via radio and newspaper. I suppose I shouldn't be shocked, considering that even if they are more open than they have been historically along these lines, doesn't mean that the process of hiring is less stringent, or that they take undue risks during the hiring procedures. We know MI6 is there, so why not cast a wider net and get more potential hires?
Reply to That ||
Next time, send the data anonymously to Wikileaks.
I hope they intend to replace it
TFA: "The police have reportedly replaced the seized equipment, at a cost of £1,000."
Slashdot Burying Stories About Slashdot Media Owned
The police not only failed to have him shipped off to Guantanamo Bay, they actually replaced his £1,000 computer that they had seized it as evidence?
I hope posters would occasionally RTFA or one of the 15 (out of 39) posts on this page that mention that they did replace it.
Disappointment all round.
simon
That's how you make friends and teach people to trust you. A guy wants to help out and you punish him, instead of treating him like the friend of law enforcement that he wants to be.
Assorted stuff I do sometimes: Lemuria.org
I strongly suspect that the computer was used to look at the photos, which means it downloaded them, which means that it had classified information on it, so of course they seized it.
I hope he had an offsite backup.
1) "Accidentily" sell electronics with classified documents on eBay.
2) ???
3) Seize buyer's possessions.
4) Profit!
Although I guess they could just skip step 2 and go straight to 3.
CAPTCHA: laundry (I'm sure there's a joke in there somewhere..)
http://en.wikipedia.org/wiki/Carry_On_films
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
The average citizen does not really understand the importance of IT security and privacy. Therefore these topics are not adequately represented in politics, industry and administration. Therefore those responsible (or who should take responsibility) are - on average - at low risk to be punished for such blunders. We need better rational, critical thinking in the country. This is not something you pick up some day; the foundation must be laid in your education. Even if we improve the educational system right now, it will still take time. So the amazing string of blunders in the UK is not so unbelievable: It will get worse before it gets better.
how about nuking the memory card in the microwave, pitching it in the trash, and buying a new one?
I would have taken that information and anonymously contacted the people, to whom the information was related and given/sold it to them. But you have to be either very stupid or very smart about doing such a thing.
You can't handle the truth.
Informative?
Heads out of the sand moderators. This is "satire".
If this were really happening, what would you think?
But did they ensure his data was not lost? After all the valuable items were on his PC not the PC itself.
This is a story about the value of data being more important than the value of the hardware. MI6 didn't get that.
If this were really happening, what would you think?
This ranks right up there with taking the briefcase of drug money you found in the middle of the street to the police thinking you are gonna get any of it.
He got a Nikon Coolpix camera for £17? Holy crap. What a great deal.
Why should they seize his stuff? He was the honest guy who came to tell them. It's almost as if they'd prefer that people who somehow get confidential documents would not step forward! Those police are stupid.
McCain/Palin '08. Now THAT's hope and change!
Some of you may come across 3rd party data when acquiring used hardware. When coming into possession of this data it is of HIGHEST IMPORTANCE that you do not report this to any public authority without first disseminating this information online in a manner that insures the highest publicity. When contacted about this material, if ever, be sure to claim that you had no idea as to the sensitivity of said data and make claim that since the data had no copyright or confidentiality notice and had been sold to you "as is" you have right of ownership over said media.
To do otherwise invites you to be treated like a criminal with the expected benefits of lengthy trials and possible imprisonment or fines.
I know it's not fashionable to read the article (whoa, a full 25 short lines!), but try to do so. Especially this line: "The police have reportedly replaced the seized equipment, at a cost of £1,000." In other words the police did what they had to, that is, get the computer to make sure that no sensitive images or documents are left on the machine (e.g., in temporary files). And in the meantime they gave the guy a replacement computer. Granted, his personal files are on the original computer, but given the police's behavior so far I'd hazard a guess that he will get back the original hard drive in the not too distant future. --Laci
1) Sell camera on ebay
2) Wait for buyer to report MI6 photos
3) Steal Camera back
4) PROFIT!!!
5) Go to 1
F----- AWFUL WOULD NOT GET CONFISCATED AGAIN
apparently slashdots filter does not understand this joke very much. Dont use so many caps, its like yelling duh dont use so many junk characters
Seriously, I found a tube full of extremely detailed blueprints for a nuclear weapon storage facility propped against the banister in the hall outside my office. Original blueprints, not copies.
I had a serving military officer of my acquaintance anonymously drop them off with US Military Intelligence for me.
You don't want to get any of that stuff on you, if you know what I mean.
Doubt it. Unless they can prove that he hasn't stashed a copy of the TS pictures steganographically inside some of his own photo's why would they give any of his data back? Or maybe they could just give back all files that are smaller in size than the smallest picture.
:)
Oh and "someone with experience in dealing with sensitive materials"? Heh..you realise you're commenting on a story about an intelligence agency that has managed to let a camera with sensitive information on it get into at least one set of wrong hands...
A recruitment ad I saw in one of the free London papers the other day had the basic rate of a "Security Officer" at MI6 as £19k. Is it any wonder they're pilfering/fencing company equipment to make ends meet..
They did give the guy one thousand pounds (approx $1600) to replace the PC and camera - market rates for high end consumer machine are currently 650 pounds.
The reason they wont copy the data is simple security - you cannot be sure that you've completely cleaned any confidential infomation out of a system as you do not know what lies in encrypted system files and so on. Given that they've already screwed up on security once, you would not expect them to take chances at this point.
MI6 do get that - but they also get that there is no way to give that data back and be absolutely sure that nothing confidential is left behind accidentally. Chances are the hard drive wont even be looked at, but destroyed in a furnace or something instead.
It's the job of an intelligence agency, especially a Military Intelligence agency, to be paranoid.
1000GBP is _nothing_.
The police screwed up, how much does their mistake cost? How much would it cost if people started selling the photos and data instead of turning it in (and having their stuff confiscated)?
If the police intend to not make it a habit of screwing up like that, then they should pay say 30000 pounds to compensate people for having their stuff taken (and having their personal data/items that are vetted "safe" returned).
One might think a bounty like that would encourage cameras and data to be lost by the police personnel.
Yes it would! And that is a GOOD thing - you want to identify as soon as possible personnel who would keep losing cameras like that, so that you can treat them differently from other personnel.
If your secret data starts leaking out due to a 30k bounty, it means your systems are FAR from secure enough.
I've gotten computers from a bank that was getting rid of a few hundred after an acquisition.
They've got a 'vault' at their IT shack where computers were stacked for processing. Every computer is accounted for by serial number and attached asset tag (usually a metal foil tag with internal number on it) and the drives are scrubbed by overwriting every byte on them multiple times. The process takes about an hour and a half per computer, but they wipe and process about half a dozen at a time. The tech doing the wiping verifies and signs each form for each box, and attaches the old asset tag to the form for later verification, and then puts them in a pile on the other side of the room. From there my comrade and I were allowed to load them in to our cars.
FWIW, those old boxes are great for loading up with Ubuntu and selling for cheap to low income families. Everyone wins. The bank gets rid of computers they no longer want/need, a family gets a $100 computer, and we got a buck or two in our pockets for being the middle men. The economies of scale are beautiful.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
It isn't the same equipment. They have no liability or relation to MI6, and are obviously chasing the matter for private and career reasons. They indirectly declared imminent domain on his property, and all you retards look at this as a gold-mine argument that you are happy they bought his property as though voluntarily by the compulsion of "good deal for me, bad for them." a report is made by the policing authority (the people so asserting their statements as fact) and given to those officers (police officers) as claim or defence towards an existing matter. There is nothing that warrants the behaviour of those alleged "police officers" to commit such. I have a picture of Adolf Hitler, are they in the market for pictures too? Police have no liability to help anyone, and enjoy overtime pay while they work for their corporation (CITY OF *** POLICE DEPARTMENT incorporation).
People like you have calibrated your sickness to be normal, while asserting that anything contrary is abnormal. Keep drinking your fluoridated water, it's good for you.
A Regent University Professor hosts a lecture on precisely why you should never talk to the police.
[End Of Line]
Sucks. Finally moving our website away from them was the best decision we ever made. Sticking it out for so long was the worst decision. The relative competence of the new hosting provider was stunning.
The camera has a card format function.
boldly going forward, 'cause we can't find reverse
This story is useless without PICTURES!
Digital information is like memories. Once you have seen something, you will never be able to prove that you don't still remember it - or that you didn't keep a copy somewhere. Conversely, if you make a copy, encrypt it and take a few simple precautions to hide it, no one will ever be able to prove that you did. Therefore, whether you make a copy has no consequences whatsoever, unless you decide you need it or tell someone.
So, by simple case analysis, keeping a copy is always better than not keeping a copy. Therefore, if you ever come across information which someone else would really like to keep secret, you should hide a copy and make an off-site secret backup of all your data before you tell anyone. This guy didn't lose his data because the police were bad, but because he was not as paranoid as a fully rational person would be.
(Posted anonymously for what should be obvious reasons.)
You must be new here! I've always wanted to say that :-P
I like my coffee the way I like my women - roasted and ground up into little tiny pieces.
Can I ask you if the same method applies to flash memory (i.e., a camera)?
"That being said"? You've got to be kidding. You've written a bunch of gibberish. For example, remove the parenthetical remarks from your first sentence, and it becomes: "In order for computer forensics you must format the drive at least 7 times." That is nonsense. It does not make any sense. Maybe you are missing a few words? Did you spend too much time putting things in parentheses (irrelevant things, nonsensical things) instead of writing a sentence with meaning?
"Additionally, my computer science professor told him that in his organization they must delete everything 32 times". Who is this "him" that your computer science professor was talking to? What organization? You have written meaningless nonsense. If you're at university, how about you enrol in some creative writing classes? Or just standard English classes would have to help. Any class where they can give you some hints on how to write intelligible paragraphs. You really need help.
But hey, Slashdot. You'll probably get modded +1 insightful for drooling on your keyboard, and I'll get modded -1 flamebait for pointing out what rubbish you wrote.
it's rumoured that if you report child porn on the internet to the relevant authorities in the UK, you should expect a visit from the coppers and all your computer equipment to be taken away
This is not the case - I've reported child porn to the relevant authorities in the UK and no-one bothered me.
This bears many hallmarks of urban myth/ counter knowledge. No real details, assumptions as facts, facts that a wrong.
No details of Who, where, when.
How did he know they where terrorists?
MI6 are spys and officially don't exist.
MI5 investigate terrorism.
Why would MI6 sell a camera on ebay?
I'll bet my karma that this turns out to be an urban myth and received counter knowledge in a year.
I have a hard time believing the anybody can really be so stupid to believe this sham is true.
One of photos published by the Sun which is supposed to have come off the camera is exactly the same as the first photo that shows up when searching google images for the Abdul al-Hadi al-Iraqi.
I'm actually amazed at the article, mainly because a second hand item from eBay actually worked!
An even smarter policy would put a critical eye on what SHOULD be classified and what should NOT or NO LONGER be classified. There is a COST to maintain classification: monetary and in terms of trust. If the public perceives the executive branch to maintain classification just to be safe, or even worse: to cover up misdeeds, the cost can be immense. The reflex to classify everything remotely connected is BAD policy, just like doctors ordering unnecesary test is BAD policy.