MI6 Terror Photos, Data Accidentally Sold On Ebay

← Back to Stories (view on slashdot.org)

MI6 Terror Photos, Data Accidentally Sold On Ebay

Posted by timothy on Tuesday September 30, 2008 @02:29AM from the that's-ar15-for-ordinary-citizens dept.

Barence writes "In what's turning out to be a bad week for security in the UK, confidential MI6 documents, fingerprints and photos relating to suspected Al-Qaeda terrorists have been found in the memory of the second-hand Nikon Coolpix camera, which was bought on eBay for only £17. The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC. Remember, this is the same MI6 which plans to recruit new members via Facebook, a userbase not exactly famous for its dedication to privacy, security and discretion. The news comes on the back of yesterday's embarrassment over a local council whose VPN device ended up on eBay with confidential login details left on it."

44 of 317 comments (clear)

Min score:

Reason:

Sort:

Fuck the police by Hatta · 2008-09-30 02:31 · Score: 5, Insightful

The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC.
This is why you never talk to the police.

--
Give me Classic Slashdot or give me death!
1. Re:Fuck the police by AKAImBatman · 2008-09-30 02:34 · Score: 2, Insightful
  
  According to TFA, the police replaced the camera equipment they swiped. I didn't see any mention in the article of them taking his computer. Only replacing "$1000 worth of camera equipment".
  
  --
  Javascript + Nintendo DSi = DSiCade
2. Re:Fuck the police by JustKidding · 2008-09-30 02:36 · Score: 4, Insightful
  
  I still have a hard time believing the people who decide such things are really that stupid. What message does that send to the next finder of classified information or material? "just post it on Flickr via anonymous proxy?" They could have just asked for the camera, and offered a replacement for it, and a new computer with a copy of their data.
3. Re:Fuck the police by bestinshow · 2008-09-30 02:40 · Score: 5, Insightful
  
  1) They took his computer.
  2) They replaced the equipment, at a cost of a grand. Whether or not this was a like-for-like replacement or better is unanswered.
  Whether or not he got his personal data back is another question, as anyone knows it is the time invested in generating your own data that is the real value in your PC. I hope he had a backup.
  Knowing the British police I expect he'll be arrested for some non-related data on the hard drive like some MP3s.
4. Re:Fuck the police by Anonymous Coward · 2008-09-30 02:43 · Score: 2, Insightful
  
  If I find myself in possession of classified information in this way, I _want_ the agency to confiscate and replace and as publicly as possible, thanks. I don't want anyone thinking I still have this information.
5. Re:Fuck the police by ShieldW0lf · 2008-09-30 02:43 · Score: 4, Insightful
  
  Sounds like a good place to work. Clearly, they're full of incompetents, leaving lots of room to slack off and still shine brighter than everyone else. Course, after a few years of doing so, you train yourself to be as useless as the rest of em, but then you can just suck up a government cheque and pass the buck until it's time to retire.
  
  --
  -1 Uncomfortable Truth
6. Re:Fuck the police by Anonymous Coward · 2008-09-30 02:43 · Score: 1, Insightful
  
  Also, why in the *heck* would they do it that way if they EVER wanted people to "do the right thing" and turn things like this over to them???
  It's stupid. Honest and innocent people shouldn't be afraid to talk to the police, but incidents like this will cause such people to avoid helping law enforcement in the future.
7. Re:Fuck the police by Xiroth · 2008-09-30 02:55 · Score: 4, Insightful
  
  Uh, if they needed to minimise the risk of a copy of the files being left behind, what exactly should the police have done? If I reported something like this to the police, the next thing I'd do is open the doors and put on a pot of tea for the special ops chaps who'd likely be calling by momentarily. Just because they came by and siezed the relevent equipment doesn't mean they treated him like a criminal - they simply did the best they could in a bad situation, and were probably rather apologetic to him and his family. They could well have returned the computer within 48 hours - we really don't have enough information to be passing judgement about this.
8. Re:Fuck the police by Mister+Whirly · 2008-09-30 03:05 · Score: 2, Insightful
  
  That's what over-the-network backup and offsite storage are for.
  
  --
  "But this one goes to 11!"
9. Re:Fuck the police by hedwards · 2008-09-30 03:11 · Score: 2, Insightful
  
  If it didn't before, I'm sure it does now. I mean they do have to justify seizing the computer after all. The fact that the person reported it to the police before there were any suspicions clearly can't indicated honesty.
10. Re:Fuck the police by Richard+W.M.+Jones · 2008-09-30 03:18 · Score: 5, Insightful
  
  This is why you never talk to the police.
  Sadly you may be right, although for all the wrong reasons. In civilised parts of the world we recognise that society exists because of cooperation, and that includes cooperation with the police.
  Unfortunately in cases like these, the police are undermining that cooperation. As another example, it's rumoured that if you report child porn on the internet to the relevant authorities in the UK, you should expect a visit from the coppers and all your computer equipment to be taken away. Which is why I wouldn't report this, even though child abuse is a terrible thing and it should be reported.
  Now, if I found "terror photos" (whatever they are) on a second hand laptop or camera, I won't be reporting that either. Just scrubbing any info off the device and get on with my life.
  Rich.
  
  --
  libguestfs - tools for accessing and modifying virtual machine disk images
11. Re:Fuck the police by ubercam · 2008-09-30 03:25 · Score: 2, Insightful
  
  Yeah, and what happens if one of these named terrorists has a buddy who works for the BBC, or better yet, works there himself?
  One would think that a terrorist cell coming across detailed intel on their daily movements and stuff would be like gold to them. They would then know exactly what the gov't knows about them, and what they don't know. At the same time, they know how the gov't tracks them and all kinds of other details that might help them evade surveillance efforts on their group.
  Think of how many people at the BBC actually get to look at that stuff, make copies, sell it to other news outlets, etc? I'm sure it would go around the office a few times.
12. Re:Fuck the police by Not_Wiggins · 2008-09-30 03:31 · Score: 4, Insightful
  
  Whether or not he got his personal data back is another question, as anyone knows it is the time invested in generating your own data that is the real value in your PC. I hope he had a backup.
  
  Actually, in a case like this, having a backup isn't going to help. Likely, the police would want to grab that, too. 8/
  
  --
  Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
13. Re:Fuck the police by harrkev · 2008-09-30 03:40 · Score: 5, Insightful
  
  You clearly know nothing about how the government deals with classified data. Classified data is considered kind of like a virus, not the computer kind, but the biological kind. If the classified data was in a memory card in the camera, the camera itself is contaminated. If the camera was plugged into a computer, then the computer itself is contaminated. Anything electronic device that the computer touched is then considered to be contaminated. Even if you "KNOW" that it is not possible for your mouse to story encrypted data, your mouse is still assumed to be contaminated. This type of "blanket" policy that makes no exceptions is actually pretty smart, as it is the exceptions that will come back and bite you in the butt.
  This is the way that the US government does things in real life (and presumably the UK does the same thing). When developing systems that handle classified data, you have to maintain strict "red/black" separation, and the only interface allowed between red and black are things like *APPROVED* encryption units.
  Things are actually a little more complicated than this, but this is the general idea.
  
  --
  "-1 Troll" is the apparently the same as "-1 I disagree with you."
14. Re:Fuck the police by Anonymous Coward · 2008-09-30 03:46 · Score: 1, Insightful
  
  The problem with Government jobs is that it's hard to fire people. So if they have some dipshit they can't fire, they promote him out of that department. Presto! Problem solved.
15. Re:Fuck the police by electrictroy · 2008-09-30 03:57 · Score: 3, Insightful
  
  >>>they swooped on his home and seized his camera and PC.
  How nice. You try to be an honest citizen, and they steal your stuff. I wouldn't be surprised if they next decide to charge him for "trafficing" in playboy photos, illegal music, and/or downloaded movies.
  
  --
  The government is not your daddy. Its purpose is not to raid middle-class neighbors' wallets and give it to you.
16. Re:Fuck the police by ultranova · 2008-09-30 04:04 · Score: 5, Insightful
  
  Anything electronic device that the computer touched is then considered to be contaminated.
  
  Well, since the computer was likely connected to the Internet, we're having a pandemic by now.
  
  --
  Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
17. Re:Fuck the police by NotBornYesterday · 2008-09-30 04:06 · Score: 4, Insightful
  
  Excellent info. However, just to be a wiseass, let me just say how glad I am that there is no worldwide series of interconnected electronic devices that might indirectly connect his home computer to mine or yours.
  
  --
  I prefer rogues to imbeciles because they sometimes take a rest.
18. Re:Fuck the police by dgatwood · 2008-09-30 04:25 · Score: 3, Insightful
  
  This type of "blanket" policy that makes no exceptions is actually pretty smart, as it is the exceptions that will come back and bite you in the butt.
  No, a smart policy would prevent precisely what they are trying to prevent. A smart policy would say that any device that is capable of permanent retention of data, once contaminated, cannot be resold. That means hard drives, flash cards, and any camera that contains flash memory if such photos were ever stored in the built-in flash memory at any time.
  Preventing resale of devices that cannot retain data is idiotic. It only makes sense under the assumption that the people working for your IT department are too inept to know the difference.
  There will always be problems of people screwing up and selling things that they shouldn't, but at least by setting sane policies, you reduce the risk of such things being sold due to people desperate for a bigger department budget by reducing the list of things that can't be sold but don't really matter.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
19. Re:Fuck the police by mmalove · 2008-09-30 05:00 · Score: 2, Insightful
  
  My guess is that if you look deep down into the policy the US government has around classified information, you probably aren't legally allowed to sell media that at some point came into contact with classified information.
  Trouble is, much like gun control, not everyone listens. Much like death, information sharing is irreversable, with exception to the latter often closes the former. Three can keep a secret if two of them are dead, and all that.
  I think in a lot of ways the saying is true - information wants to be free. If the government has a particular piece of knowledge they don't want shared, maybe it's time to start reconsidering what information we develop and gather in the first place. The best way to prevent rogue countries from developing a nuclear bomb would have been to never invent it. The best way to keep them from stealing one would be to not own one. Yet, we still spend billions each year, learning about newer more effective ways to kill people, ultimately dooming ourselves to one day facing enemies with the same deadly and devasting arsenal.
  
  --
  You can get 15 minutes of fame, but you can go down in history for infamy.
20. Re:Fuck the police by sjames · 2008-09-30 06:03 · Score: 2, Insightful
  
  Uh, if they needed to minimise the risk of a copy of the files being left behind, what exactly should the police have done?
  A very polite MI6 operative should have shown up with a damned nice computer ( MUCH better than the existing one) and personally transfer the citizen's legitimate data and apps to the new machine. Then leave with the old one. He should have had an immunity document with him clearly outlining that nothing he might see in the data transfer would ever be used as evidence nor would he ever tell anyone about any of it. Just to be thorough, they should have talked to his employer to get him the day off (with full pay) so he could watch all of this take place and verify that nothing was missing.
  That may seem excessive, but the alternative is the current situation. Anyone who has read about any of this and then finds themselves in a similar situation will be sorely tempted to just erase the memory card (perhaps) and keep quiet about it (almost certainly).
  In comparison, the scenario I laid out is dirt cheap to implement and could only improve the government's relationship with the people.
  It's very simple really. Do they want a Citizen finding such data to say to himself "JACKPOT! I'll just turn this in to the authorities!" or "delete delete delete. Now shut up!" or worse, "I'd better give this to a reporter anonymously and let him turn it in"
21. Re:Fuck the police by earlymon · 2008-09-30 06:10 · Score: 2, Insightful
  
  If only it were that easy. Remember - in the land of blind men, a one-eyed man is king; in the land of idiots and fools, a wise man is put to death.
  So it is at government agencies - I know.
  
  --
  Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
22. Re:Fuck the police by floydian · 2008-09-30 06:39 · Score: 3, Insightful
  
  Exactly. Few people realize that the basic problem with government is that you can't fire the coasters. OK, it's not impossible, but it's such an uphill challenge that pretty soon you get tired and decide to move on to a job where what you do actually accomplishes something.
  Talented and hardworking folks don't usually last long in gov gigs, they become increasingly frustrated at the generalized apathy and incompetence. Even though the pay might be good and the work easy, if you give at least a bit of a shit, you'll soon decide to move on to a place that's intellectually challenging before the pervasive rust starts to creep in.
  Granted, you can't generalize, and I'm sure not all gov agencies are like that. But after working in government for some years, I would feel safe betting on the fact that most government agencies (in any part of the world) attract and harbour the kind of people who just want to get through their day without exerting unduly pressure on themselves and having the near-certainty of a never-ending paycheck.
  Sad, really.
23. Re:Fuck the police by ukyoCE · 2008-09-30 07:39 · Score: 2, Insightful
  
  C'mon, the guy came to the police voluntarily to give them back their camera and confidential pictures. They should have sent an IT guy to his house to sit *with* the guy at his computer, delete all of the pictures (if they weren't already), verify they're deleted, check any media nearby (that would be confiscated in an overreaction), and run a wiping utility to fully wipe the pictures from the hard drive.
  Would have taken an hour and not scared citizens away from cooperating with the police to avoid losing all their own personal computers and data to be stored forever at police HQ and rifled through by complete strangers.
  This guy went to the police voluntarily, any common sense dictates that he would also cooperate with an on-site technician to verify the files are deleted and wiped. If the guy is hiding a copy somewhere, it's still hidden whether or not they confiscate all of stuff and go through his private data.
24. Re:Fuck the police by zobier · 2008-09-30 14:19 · Score: 2, Insightful
  
  That's a good argument for off-site backups, or if you want to get creative, something like encrypted Usenet posts.
  
  --
  Me lost me cookie at the disco.
Same thing? Really? by eln · 2008-09-30 02:35 · Score: 4, Insightful

I think an intelligence service selling a camera with highly sensitive classified data on it is just a little more serious than some local council leaving the password to their VPN on a router.
I would expect small local agencies to either not have or ignore proper data scrubbing policies prior to selling old equipment, but national intelligence agencies? That's a whole different kettle of fish.
1. Re:Same thing? Really? by _Sprocket_ · 2008-09-30 03:16 · Score: 4, Insightful
  
  I would expect small local agencies to either not have or ignore proper data scrubbing policies prior to selling old equipment, but national intelligence agencies? That's a whole different kettle of fish.
  It is curious. It would be a safe bet that proper procedures exist to handle equipment like this. Obviously they weren't followed.
  I would even hazard to guess that not only were safe disposal procedures not followed, but a whole slew of other procedures covering proper equipment were also ignored. It wouldn't surprise me that this was a personal device used on-the-job due to convenience or necessity despite regulations against such use.
  Of course, that's just a wild guess. It could also be as mundane as lost / stolen equipment. Or mis-managed inventory that ended up in some government surplus lot. The scenarios are endless.
  It also highlights a personal pet peve of mine; policies are not protection. Too often they are given the air of risk mitigation when they are simply documents. Sure - they're good things to have around. You can't expect people to do things right if you can't tell them the right way of doing things. But so much infosec within the belly of such bureaucratic beasts seems to focus on merely generating and checking those policies. There is too little effort in actually implementing them - or improving the environment to limit actual risk.
  If this was, in fact, personal gear I would hazard to guess simply making it easier to get official government kit (with all the tracking and control such kit gets) would have eliminated this eventual leak.
Note to self... by Anita+Coney · 2008-09-30 02:38 · Score: 4, Insightful

The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC.
... never do the police a favor in the UK.
But then again, in the US they would have tasered him for no reason.

--
If someone says he and his monkey have nothing to hide, they almost certainly do.
1. Re:Note to self... by Bender0x7D1 · 2008-09-30 03:15 · Score: 2, Insightful
  
  The sad thing is - I think this is insightful instead of funny.
  
  --
  Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Talking to the Police is a bad Idea by SendBot · 2008-09-30 02:39 · Score: 4, Insightful

I think the individual would have been better off (as in, not having his home raided and property taken) to have just given the data to wikileaks.
In response to MI6's ineptitude, the authorities have attacked the innocent person attempting to help them.
Remember kids, talking to police is not usually in your best interest. Be polite and complicit within your rights, but don't volunteer information.
1. Re:Talking to the Police is a bad Idea by srjh · 2008-09-30 02:46 · Score: 3, Insightful
  
  Presumably MI6 would be able to track down the camera, and hence the buyer, from the photos (then again, they were inept enough to release the camera to begin with, but I digress).
  Acting purely in self-interest, if this happened to me, I'd chuckle to myself quietly about the idiocy of government, delete the files and forget about the whole thing. In fact, if this is what any reasonable person would do while acting in their own interests, one has to wonder how under-reported the problem is.
2. Re:Talking to the Police is a bad Idea by Just+Some+Guy · 2008-09-30 02:52 · Score: 4, Insightful
  
  I think the individual would have been better off (as in, not having his home raided and property taken) to have just given the data to wikileaks.
  "Hey, our national security data turned up on Wikileaks! I wonder how it got there. Oh look, a serial number in the EXIF data. What'd we do with that camera anyway?"
  Basically, the poor guy was screwed. He reported the problem and suffered for it. If he didn't report it at all, an audit at MI6 might have turned up the problem and they would have confiscated everything he owned capable of storing the data, possibly including himself.
  If he'd followed your harebrained advice, he would probably be dead. Seriously, what part of "taunt the TLA" seems like a good idea to you?
  I feel badly for him. My sig is normally meant to be humorous.
  
  --
  Dewey, what part of this looks like authorities should be involved?
3. Re:Talking to the Police is a bad Idea by IndustrialComplex · 2008-09-30 03:40 · Score: 2, Insightful
  
  It really sucks for all involved.
  These agencies do NOT want to accidentally leak information. This guy did NOT want to find this information on his camera. There is no need to 'punish' these organizations for the leaks. Trust me, they don't like it as much as you do, and they will investigate and correct why that happened. Publishing the data is perhaps the worst thing that anyone could possibly choose to do. It compromises the intelligence gathering, and puts people at risk. It is unfortunate that they had to confiscate his computer, but at least they did work to replace it, and hopefully the data on it can be scrubbed and sent back to him.
  Just imagine this situation:
  Photos are published on Wikileaks.
  Suspect A: Hey, that guy on wiki leaks looks like you.
  Suspect B: Holy crap, that is me. But, the only person with me at the time was Bob...
  Three weeks later, Bob's head is found along the side of some rural highway, and suspect A, and B have vanished.
  Publishing that information would be a VERY bad idea.
  Like I said, the situation sucks, but so does having a tree limb fall on your car. Sure, you have insurance, but you would rather not have to use it.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
4. Re:Talking to the Police is a bad Idea by rnelsonee · 2008-09-30 03:45 · Score: 2, Insightful
  
  I would have just given the data to MI6. Maybe it's because I'm overly supportive of the intelligence community as a whole due to the nature of my work, but I would think that intelligence officials should be the ones handling this data and would not feel weird about just calling them. This doesn't fall under under police duties, and unless the police have classifications, they shouldn't be handling the data. Obviously, it's 'out there' and the eBay buyer shouldn't be looking at it, but he obviously couldn't help it, and at this point you want to contain the information as much as possible.
  Contacting MI6 directly will get the data contained faster, with much better "customer service" than the police. MI6 screwed up, they will want to contain their mistake, and they should certainly recognize that by reporting this leak, you are helpful, not some criminal.
5. Re:Talking to the Police is a bad Idea by Anonymous Coward · 2008-09-30 04:03 · Score: 1, Insightful
  
  I don't know if I'd necessarily point to this as ineptitude. As someone who deals with sensitive information, I can tell you that agencies like this rely on trust to some degree. In many (not all) situations (depending on the level of classification), if a person wanted to get data to the outside world, it's trivially easy.
  
  And as much as it sucks personally, if you care about the security of your country, reporting the situation is the best plan. It's important to know how the data got out. If it was a malicious leak and you keep quiet, then the leak will likely continue. Your photos and personal data will remain in your possession, but if you think that leaks can't ultimately result in people getting killed, then you need to think again.
Re:So I just have to wonder. by kestasjk · 2008-09-30 02:44 · Score: 4, Insightful

Slashdot articles may give the impression that every piece of 2nd hand electronics contains nuclear silo passcodes or celebrity porno tapes but I don't think that's actually the case

--
// MD_Update(&m,buf,j);
No Good Deed... by maz2331 · 2008-09-30 02:51 · Score: 5, Insightful

ever goes unpunished.
If someone comes to you, DO NOT attack them! Be nice, assist in getting any secret data purged, and sign a confidentiality agreement, and give the guy a nominal reward.
Raiding the house of someone who does the right thing is a pretty strong incentive to never help out again, and a strong incentive for others to do so as well. It also feeds the radical opponents' propaganda machine with fresh fodder and lets them become the "persecuted good guys".
So don't do it. Know who your friends are, and don't mess with them. Or they may stop being your friend.
Western societies and governments have enough enemies already, and there is no need to create any more.
Police = morons by JustNiz · 2008-09-30 02:54 · Score: 3, Insightful

> The buyer immediately went to the police, who initially treated it as a joke; when they realised he was serious, they swooped on his home and seized his camera and PC.
So basically he got punished for doing the right thing. I bet that will make other people want to tell the police too *NOT*.
Police = morons.
Facebook? by jDeepbeep · 2008-09-30 02:54 · Score: 1, Insightful

After my initial bafflement at the very notion MI6 was choosing Facebook to run recruitment ads, I see in the 2nd FA they also run recruit ads via radio and newspaper. I suppose I shouldn't be shocked, considering that even if they are more open than they have been historically along these lines, doesn't mean that the process of hiring is less stringent, or that they take undue risks during the hiring procedures. We know MI6 is there, so why not cast a wider net and get more potential hires?

--
Reply to That ||
What is this world coming to? by PhasmatisApparatus · 2008-09-30 02:58 · Score: 2, Insightful

The police not only failed to have him shipped off to Guantanamo Bay, they actually replaced his £1,000 computer that they had seized it as evidence?
kill the messenger by Tom · 2008-09-30 03:03 · Score: 3, Insightful

That's how you make friends and teach people to trust you. A guy wants to help out and you punish him, instead of treating him like the friend of law enforcement that he wants to be.

--
Assorted stuff I do sometimes: Lemuria.org
1. Re:kill the messenger by ramirez · 2008-09-30 04:52 · Score: 2, Insightful
  
  I think that having the computer confiscated, and also having it publicly known that it was confiscated is in the best interests of the guy who received the camera. If it became known that the camera was seized, but it was possible that the computer wasn't, then it would make sense for any intelligence agency who wants to know what was in that camera to break into the guys house and take it. I don't know about you, but I definitely don't want spies from foreign countries breaking into my house, and potentially endangering me and my family, because my computer might have information valuable to them.
Re:His computer was classified by dgatwood · 2008-09-30 04:16 · Score: 5, Insightful

Yup. What did we learn, boys and girls? (Okay, I know I'm being optimistic on that last part.) If you find yourself with evidence related to a terrorism investigation because an inept government official sold it on eBay, don't go to the police. Send it to the media. Anonymously.

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Re:His computer was classified by Jabbrwokk · 2008-09-30 05:44 · Score: 5, Insightful

Damn straight. People should not be punished for being honest.
Government agencies, however, should be publicly punished for being incompetent.
I imagine that if the man had given the camera to the media, the police could have swooped down on the news outlet and confiscated their computers, but then they would be in a much bigger fight with the Fifth Estate rather than some poor schlub who can't fight back.
Here's hoping the free press continues to stay free.