Slashdot Mirror
Data Breach Exposes RAF Staff To Blackmail
Yehuda writes "Wired reports, 'Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others.
The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories — information the military needed to determine their security risk.
The recordings were stored on three unencrypted hard drives that disappeared last year.'"
why didn't they just encrypt the disks? If it's supposed to be sensitive information, store it securely!
Note: I was 13 when I wrote most of this. Take with several grains of salt.
um, just because your boss knows something embarrassing, it doesn't mean your wife, family, whole world needs to know.
On the other hand, if your boss has special forces, it could work to your advantage...
Idiot: "Sir, you know that midget fetish I spoke about during the security interview?"
Chief Idiot: "Yes? I really quite enjoyed that bit. Quite naughty!"
Idiot: "Well, there are some chaps who think they can hold it over me, for a few quid, per week... not tell the missus, and all."
Chief Idiot: "Oh, well, that's not right, I'll send some SAS over there ASAP and they won't be a problem anymore."
Sounds like a convenient way to legally fire or reassign someone.
upon the advice of my lawyer, i have no sig at this time
"Ummm..."
These are the same idiots who are putting surveillance cameras everywhere, fingerprinting and taking DNA samples from musicians who are simply visiting the UK to play in a few clubs (then denying them entrance because the clubs hadn't paid a fee and agreed to report on them), and generally acting like fascists.
They're great at grabbing reams of private information they would have no right to if Britain were still a free society. Protecting it from unauthorized access? Not so much.
Goddamn wankers!
I've calculated my velocity with such exquisite precision that I have no idea where I am.
How sick would a person have to be to be incapable of disloyalty?
http://michaelsmith.id.au
It seems to me that many organisations would consider payroll, health and other HR info as private and hence restrict access to it on the network, but they wouldn't consider encrypting it with a passowrd - well at least nowhere where I have worked. ...
And perhaps military institutions consider attack plans, weapons secrets and such as worthy of protection but not an "inteview" that we did "ourselves", "inhouse".
We are learning more and more that this is a connected world - yes even your fridge will have an IP address and be on the net one day mark my words and EVERYTHING will need to be encrypted. Encryption grammar and other security verbiage will be second hand speak for moms and kids
"have you packed your lunch"
"Yes mom"
"And MD5 SSL'd your homework via the kerebos LDAP certificate server? You know what happened last time when Mr Jones found your SSH key unencoded on the SELinux partition - I don't want to go through that again"
"Arghh yes mom I have been over this 1000 times with you let it go - my friends and I were scanning photons of the prom dance when James accidentally Bluetoothed a letter from his brother in the army to Amy's communication jewellery which had a compaible 3DES encrytpion algorithm - now will you let it go!? Shees!"
"I'm just saying is all - I have to go and buy some groceries and when I scan my embedded subcutaneous barcode it better not say that I have been SQL Injected because of a bad CRC checksum - I won't be embarrassed like I was the last time"
http://projectleader.wordpress.com
Someone wanna explain to me how drug-using hooker-banging ex-cons are OFFICERS IN THE ROYAL AIR FORCE?
"extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories " - sounds like a viral marketing campaign for the RAF if you ask me - who knew that they had so much fun! I suppose the word 'raffish' had to come from somewhere.
A lot of the people hiring will have indulged in all these behaviours and wont condemn someone for them. Rather it will make them part of the club. Use of prostitutes in the armed forces? Goodness - that could never happen! With some groups, the person who never touched drugs, doesn't pick up prostitutes is the one that makes everyone else uncomfortable. In Bosnia, the private military firm DynCorp was actually buying girls as forced prostitutes (and I do mean girls - some were fifteen. And this were US soldiers). Related, its one of the reasons women face a 'glass ceiling' in some areas, such as the upper military, high finance, etc. It's because the wealthy / powerful men who are accustomed to doing as they please feel uncomfortable saying: "hey lets all do some lines and pick up some hookers" when someone from "the other side" is amongst them.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Annual reports from Whitehall departments show that the government has lost all data it ever held on anyone.
Losses have occurred through couriered unencrypted disks, misplaced memory sticks, lost laptops, briefcases left on trains and files falling down the side of the tea machine. "The real scandal is that a train was running for them to lose a case on," said a source whose name has been lost.
Treasury minister Jane Kennedy said the HM Revenue and Customs breaches did not necessarily result in data losses, or at least any that they have records of. HMRC said it takes data losses and security breaches "very seriously" and thoroughly investigates any breach that it does not lose track of.
Information Commissioner Richard Thomas has served enforcement notices on various departments for their data losses, but the departments in question could not find their office addresses to accept the notices. They noted, however, that Mr Thomas' call was very important to them, and that he had been placed in a queue.
Home Secretary Jacqui Smith reassured citizens that plans for an all-encompassing ID card linked to biometric passports and a universal medical record with the NHS would not change because of these losses. "We won't even be thinking about them."
http://rocknerd.co.uk
If yes to any of the above do you want these as officers?
If you threw out everyone who has ever done that one "immoral" thing, you'd have no one left. Everyone makes mistakes. Its even in the bible somewhere--a story about throwing stones (disclaimer: never read the bible). These are officers of a military. They are trained to kill people. Measure the morality of their actions against that fact and you'll find that indulging in something like and extramarital affair is minor by comparison. My only surprise is here is the lack of encryption.
Just callin' it like I see it.
Bad as it is, the amount pales into insignificance when compared to what we have given banks.
I bet there are a lot of bankers breathing sighs of relief that the focus of the public's ire has switched away from them.
Oh my god the UK recorded something and it leaked! Who could have ever imagined this possible outcome!?
I am the lawn!
"They're great at grabbing reams of private information they would have no right to if Britain were still a free society."
When were we ever a free society? When has any country been "free"? I suppose there's a philosophical discussion to be had here but I get the sense that
Interested to hear when you think the UK was a 'free' society. It would have to probably be after 1928 - universal suffrage, before then women under 28 couldn't vote so they weren't very free. Couldn't be 1939 - 1952 as we had identity cards then. Interested to hear your definition of 'free'.
cheers.
Because with information of sufficient importance the very fact we don't have an exhaustive audit trail would be worrying (someone may of gotten access). The fact that we don't even know where it is? That, is scary. Not only is the risk that this data still exists, meaning that either careers will be ruined or national security will be endangered. But additionally it is a further reminder of how incompetent government can be with obviously important data.
Although you may find the strength of feeling some people have regarding this breech to be unfounded, I expect I am not alone in finding your opinion that nothing bad will happen because "it rarely does" incredibly naive.
.
Keep it in your head. There is no such thing as absolute security, therefore there is no such thing as security. If you don't want to share something, don't share it with anybody.
.
blog me no blogs
I worked for a while in this area. If you want to get rid of a failing, and very expensive, defence project, the best way to do it is to have an 'accidental' security stuff up. That way you can ditch the failed program under the guise of 'national security' rather than incompetence, mismanagement, and the various other real reasons for project failures. This also means the project managers usually get off from being completely incompetent. Rather than have a failed project, they have a security breach, which is often investigated and forgotten about with a slap on the back and a guffaw (especially if the member is a part of the boys club).
It wouldn't surprise me if the stuff up was part of some Machiavellian back room defence politics. The old canard that civilians (especially on /.) state about choosing incompetence over conspiracy can be thrown out the window when it comes to national security and defence. Many of these individuals realize they have a system that can be exploited for their own personal gain if needed.