Swiss Spy Agency: Counter-Terrorism Secrets Stolen

← Back to Stories (view on slashdot.org)

Swiss Spy Agency: Counter-Terrorism Secrets Stolen

Posted by Soulskill on Tuesday December 4, 2012 @09:07AM from the hard-drives-can-still-grow-legs dept.

Rambo Tribble writes "The Swiss spy agency, NDB, reports a disaffected employee walked out with drives containing terabytes of data shared by counter-terrorism agencies in Switzerland, the U.S. and Britain. It is not yet known if he was able to pass on any information before he was apprehended. 'A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.'"

52 of 88 comments (clear)

Min score:

Reason:

Sort:

Advice by ipquickly · 2012-12-04 09:11 · Score: 5, Insightful

If his advice included encryption and proper employee screening, maybe he was right.
1. Re:Advice by sl4shd0rk · 2012-12-04 09:42 · Score: 2
  
  Eh.. possibly not that honorable.
  "the largest Swiss bank, UBS, expressed concern to authorities about a potentially suspicious attempt to set up a new numbered bank account, which then was traced to the NDB technician."
  
  --
  Join the Slashcott! Feb 10 thru Feb 17!
2. Re:Advice by Arancaytar · 2012-12-04 11:07 · Score: 4, Insightful
  
  Showing that the whole "secret Swiss bank account" thing only applies when you're not trying to hide it from the Swiss government. :P
3. Re:Advice by lloydchristmas759 · 2012-12-04 11:37 · Score: 5, Informative
  
  Actually, it has been a long time since banking secrecy in Switzerland does not hold when crime is involved. When any Swiss bank suspects funds originate from criminal activities (e.g. drug or weapon trafficking, etc), it has the legal obligation to report it to Swiss financial market authority. From there, an investigation will be open. More information here.
  
  However, tax evasion is not considered as a crime in Switzerland. This means that until recently, Swiss banks or the government would not disclose any information to foreign governments when only tax evasion was suspected. In the past few years though, international pressure on the Swiss government obliged it to ease the banking secrecy to the point where there is no secrecy anymore, except for permanent Swiss residents.
  
  --
  I'd give my right arm to be ambidextrous.
So? by Hatta · 2012-12-04 09:16 · Score: 4, Insightful

Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.

--
Give me Classic Slashdot or give me death!
1. Re:So? by Anonymous Coward · 2012-12-04 09:24 · Score: 2
  
  Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.
  Indeed. We should close all the counter-terrorism agencies until the threat is back up to the level where people demand we do something about it...
2. Re:So? by 1s44c · 2012-12-04 09:25 · Score: 1
  
  Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.
  Indeed. We should close all the counter-terrorism agencies until the threat is back up to the level where people demand we do something about it...
  Or simply stop taking showers.
3. Re:So? by Overzeetop · 2012-12-04 09:36 · Score: 4, Funny
  
  Or simply stop taking showers.
  Then the terrorists will have won.
  
  --
  Is it just my observation, or are there way too many stupid people in the world?
4. Re:So? by Hatta · 2012-12-04 09:40 · Score: 2
  
  You assume that counter terrorism actually does something to stop terrorism. There is no evidence for that assertion.
  
  --
  Give me Classic Slashdot or give me death!
5. Re:So? by Johann+Lau · 2012-12-04 09:58 · Score: 1
  
  until the threat is back up to the level where people demand we do something about it...
  What are you even talking about? About some kind of imaginary past I presume... but care to give details?
6. Re:So? by Mike+Buddha · 2012-12-04 10:03 · Score: 1
  
  Or simply stop taking showers.
  This is the most popular answer to the threat on Slashdot.
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
7. Re:So? by Anonymous Coward · 2012-12-04 10:05 · Score: 2, Funny
  
  At least you'll smell like one.
8. Re:So? by Hatta · 2012-12-04 10:24 · Score: 5, Insightful
  
  Evidence you can't see might as well not exist. Especially if the person you have to trust is the one asking for extraordinary powers.
  It's quite telling that there hasn't been a successful terrorist attack in the US since 9/11. That means that the government is 100% effective at counter terrorism. When was the last time the government was 100% effective at anything? Does that not raise red flags?
  Also, look at the alleged terrorists they have apprehended. Every one of them was given significant help by the government. I don't believe a single one of them would have been a credible threat without being egged on by the government. Yes, they might have had the motive, but when the government provides the means and the opportunity they're at least as guilty as the alleged terrorist.
  
  --
  Give me Classic Slashdot or give me death!
9. Re:So? by DNS-and-BIND · 2012-12-04 13:15 · Score: 1
  
  Sorry? What do we call Major Hassan, then? Oh, right...bog-standard workplace violence. I mean, the fact he was shouting "Allah Ackbar" is irrelevant.
  On July 4th, 2002, a man shot up the El Al counter at LAX. There are more. 100% effective my ass.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
10. Re:So? by Larryish · 2012-12-04 17:24 · Score: 1
  
  Also I have this anti-terrorism rock for sale on eBay.
  Carry it in your pocket and Abdul totally won't bomb you.
11. Re:So? by tehcyder · 2012-12-05 00:45 · Score: 1
  
  You assume that counter terrorism actually does something to stop terrorism. There is no evidence for that assertion.
  Here in the UK there have been several court cases involving bomb plots foiled by the security services. I suppose you would say that these are all just made up?
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Now the Swiss must scramble to counter... by CCarrot · 2012-12-04 09:16 · Score: 1

...this guy's counter counter terrorism ploy?
Nice!

--
"I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
So, Swiss Army Spy? by DanielRavenNest · 2012-12-04 09:17 · Score: 1

The title says it all.
hmmm. I can just imagine the advice... by swschrad · 2012-12-04 09:22 · Score: 1

"Really, guys, hide it in plain sight so nobody thinks it's important. Get hot new stuff, tweet it out. Ever hear of a public Wiki?"
the big question is, do they have a capital punishment law for treason over there? or does the Swiss Army just take turns batting you around all day?

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
1. Re:hmmm. I can just imagine the advice... by bug1 · 2012-12-04 09:31 · Score: 1
  
  do they have a capital punishment law for treason over there?
  
  No, they have to send them to the USA for that.
2. Re:hmmm. I can just imagine the advice... by godel_56 · 2012-12-04 09:55 · Score: 1
  
  do they have a capital punishment law for treason over there?
  
  No, they have to send them to the USA for that.
  Or arrange for the Israelis to have them assassinated.
3. Re:hmmm. I can just imagine the advice... by K.+S.+Kyosuke · 2012-12-04 10:13 · Score: 1
  
  the big question is, do they have a capital punishment law for treason over there?
  I believe they do it by pouring molten chocolate down your throat.
  
  --
  Ezekiel 23:20
4. Re:hmmm. I can just imagine the advice... by Terrin2k · 2012-12-04 10:36 · Score: 1
  
  Or Death by Toblerone.
5. Re:hmmm. I can just imagine the advice... by funwithBSD · 2012-12-04 11:02 · Score: 1
  
  Or outsource to China, who is a world leader in executions.
  
  --
  Never answer an anonymous letter. - Yogi Berra
Should he get a medal or go to jail? by ipquickly · 2012-12-04 09:23 · Score: 3

If he did this to prove that the security measures are so lax that lives are in danger - then he very honorably sacrificed his career.
If he made a backup copy, then he should go to jail.
1. Re:Should he get a medal or go to jail? by timeOday · 2012-12-04 10:18 · Score: 4, Informative
  
  His actions prove nothing except that a trusted senior individual with administrative rights and physical access to the system could, in fact, divulge sensitive information. That's not scandalous. In fact it is for all practical purposes unavoidable. OK, fault them for not inspecting everybody's bags on the way out of work every single day (ignoring the cost and alienation factor)... even then he could STILL have done it with a microSD under his tongue. At some point it comes down to trusting individuals.
2. Re:Should he get a medal or go to jail? by Anonymous Coward · 2012-12-04 10:56 · Score: 1
  
  he was trying to sell data. And stopped by the bank clerk who found it fishy that he wanted a numberd account...
  so, jail it is.
3. Re:Should he get a medal or go to jail? by nazsco · 2012-12-04 13:17 · Score: 1
  
  > If he made a backup copy, then he should go to jail.
  nice try, RIAA.
4. Re:Should he get a medal or go to jail? by nazsco · 2012-12-04 13:19 · Score: 1
  
  wrong. his action prove only that trusted senior individual with administrative rights and physical access to the system can fall in disgrace with his peers and have any intangible charge brought as his downfall.
Terrorists or "Terrorists"? by crazyjj · 2012-12-04 09:24 · Score: 2

Something tells me that most of this stolen info consists of data gathered on "terrorists" like movie pirates, government critics, and information leakers.

--
What political party do you join when you don't like Bible-thumpers *or* hippies?
1. Re:Terrorists or "Terrorists"? by 1s44c · 2012-12-04 09:32 · Score: 1
  
  Something tells me that most of this stolen info consists of data gathered on "terrorists" like movie pirates, government critics, and information leakers.
  Everyone is a potential terrorist, this will likely be information on everyone collected from every government database they have access to.
  It would be interesting to see what kinds of data spooks collect.
Structural problem in the new agency by patella.whack · 2012-12-04 09:24 · Score: 1

from TFA:

"The source said that under the NDB's present structure, its human resources staff - responsible for, among other things, ensuring the reliability and trustworthiness of the agency's personnel - is lumped together organizationally with the agency's information technology division. This potentially made it difficult or confusing for the subdivision's personnel to investigate themselves"

you'd think they'd have taken this into consideration in the first place. Rookie mistake?
Re:his advice on operating the data systems by Jeremiah+Cornelius · 2012-12-04 09:29 · Score: 3, Funny

OH NOES!
Now the TERR'ISTS gonna have all our GROPING secrets for PAT DOWNS! :-)

--
"Flyin' in just a sweet place,
Never been known to fail..."
He was right to at least some degree by onyxruby · 2012-12-04 09:39 · Score: 1

If he was able to get Terabytes of data out with impunity and walk out with it in a back pack than he was right that things weren't being done right. If they had been working with best practices he never would have been able to pull the data out.
Read the article, sounds like the only reason the data didn't go to the highest bidder is he hadn't sold it yet. They said he was disgruntled, perhaps he was willing to sacrifice his career to make a point about things not being done right?
He'll get (and should get) time in prison for this and he's a fool for having done it. Lesson to learn from this for those new in their career and who see problems and find management unwilling to do anything about them. Document them in an email at some point to make sure you can't be blamed for ignoring an issue. Once you've done that drop it and let it go, because it isn't worth your career or prison time to prove your right. Let it go, let it go.
1. Re:He was right to at least some degree by TapeCutter · 2012-12-04 10:34 · Score: 1
  
  Any of the presidents numerous body guards could assassinate him at any time, does that mean things aren't being done right?
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Q: What in 1 shouldn't lead to 2? by zx2c4 · 2012-12-04 09:45 · Score: 1

1: "The suspect in the spy data theft worked for the NDB, or Federal Intelligence Service, which is part of Switzerland's Defense Ministry, for about eight years."
2: "He was described by a source close to the investigation as a "very talented" technician and senior enough to have "administrator rights," giving him unrestricted access to most or all of the NDB's networks, including those holding vast caches of secret data."
A: "for about eight years" --> "unrestricted access to most or all of [...] vast caches of secret data"
Eight years? That's it? Really?

--
ZX2C4
Secret service was lucky by markus_baertschi · 2012-12-04 09:56 · Score: 1

This event dates from late September. As far as I know he was caught, before he could sell anything.
But, the Swiss Secret Service was lucky: The guy was caught because his bank became suspicious when he wanted to set up bank accounts to receive the future price for the loot.
The guy essentially walked out of the place with disk drives full of data. As he was the IT maintenance guy, he could pull this off without anybody getting suspicious. If your IT guy replaces 'broken' disk drives, everything is ok, other employees thought. As Switzerland is small, that department was small too, so there was a lack of resources.
Markus
1. Re:Secret service was lucky by AHuxley · 2012-12-04 11:45 · Score: 1
  
  Switzerland had a walk in who (gave/sold?) the Soviets the bunker locations and moblization timetables. He was caught.
  Switzerland is very small at the planning level of its structure. Very few make it up the chain of command with the correct trust and the huge number of days training needed vs having a day job.
  They can profile the family structure and training of their top people over many years but "IT maintenance guy" are what treated as just "technician" staff? vs the quality of life that the officer class enjoy?
  The other fun aspect is the amount of training top Swiss officers did with the top US war colleges :) Got to wonder how much 'gossip' they bring back home and write up for internal Swiss use :)
  
  --
  Domestic spying is now "Benign Information Gathering"
So... by JestersGrind · 2012-12-04 09:56 · Score: 3, Funny

The Swiss security is similar to their cheese?
1. Re:So... by markus_baertschi · 2012-12-04 10:24 · Score: 1
  
  I'm afraid to admit that it looks very much like it
checks need 2 signatures, why not mv/cp/etc? by Yakasha · 2012-12-04 10:00 · Score: 2

Most companies require a second signature on checks with a high enough dollar amount, so why not a similar system for servers?
Simply list secured directories/files and secured output devices (printers, usb, etc). If you try to move/copy/edit anything from a secured directory or to a secured device, your command gets put in a queue and waits for a second user to ok it.
Is there anything like this available already?
1. Re:checks need 2 signatures, why not mv/cp/etc? by c++0xFF · 2012-12-04 11:52 · Score: 1
  
  My college set up something like that for password resets. Two computing center student employees could type in their own passwords and the username of another student to reset that student's password. If I remember right, it didn't work on faculty accounts and in a few other situations.
2. Re:checks need 2 signatures, why not mv/cp/etc? by nazsco · 2012-12-04 13:25 · Score: 1
  
  the point of requiring two signatures/keys/whatever IS to be ridiculously cumbersome
Secret Data Network? by dgharmon · 2012-12-04 10:40 · Score: 1

"The suspect [had] unrestricted access to most or all of the NDB's networks, including those holding vast caches of secret data".

Did no-one in this self-described Federal Intelligence Service notice him downloading terrabytes of data?

--
AccountKiller
1. Re:Secret Data Network? by funwithBSD · 2012-12-04 11:04 · Score: 2
  
  No one was watching the watchers.
  
  --
  Never answer an anonymous letter. - Yogi Berra
Wikileaks scores a huge leak... by idontgno · 2012-12-04 11:07 · Score: 1

in 5... 4... 3... 2...

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
Hell hath no fury like a passive agressive IT guy. by conspirator23 · 2012-12-04 11:16 · Score: 1

'A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.'"
Okay poindexter, what exactly was the issue? Some non-technical middle manager didn't understand the overarching brilliance of your recommended filesystem? Afraid the key length is too short? Too much Linux? Not enough Linux? Welcome to the real world, where your temper tantrum effects no change for anyone else but you. Hope your issue wasn't genuinely important, you'll have a hard time making your case from prison. /facepalm.
Swiss counter-terrorism definition by AtomicJake · 2012-12-04 11:47 · Score: 1

Swiss counter-terrorism includes probably a list of tax agents of foreign countries (such as the USA, most EU countries, and other countries looking for black money of their citizens).
Sensitive IT Guys by CHIT2ME · 2012-12-04 12:13 · Score: 1

You IT guys seem so sensitive! Makes this old Marine Corps Vetaren want to puke! First, debrief the traitor. Who knows maybe his advice on operating the data systems may yield something. Then, throw his a$$ into solitary in a super max prison for 10 to 15 years and see if it cures his disgruntled-ness!!!

--
My karma is bad. Don't get too close!!!
Old news by bradley13 · 2012-12-04 21:17 · Score: 1

This is old news, geez. Here's a quick summary of the facts:
- The Swiss intelligence agency had pathetic security. This guy was an IT guy with far too much direct access to data. Second, there was no policy in place restricting (and checking) what employees could carry in and out of the building. So he duplicated the contents of numerous entire disks, and walk out the door carrying the copies.
- The guy was an idiot. He copied terabytes of data, figuring to get rich quick. But he had no idea how to sell the stuff, so he apparently walked into some random foreign embassy and asked if they wanted to buy the stuff. The embassy apparently quietly informed the Swiss government, and the guy was arrested.
- Because of the way it went down, apparently there is little doubt that he never managed to sell anything. I.e., no data was compromised. This being entirely due to dumb luck, or rather, to the stupidity of the criminal.

--
Enjoy life! This is not a dress rehearsal.
Re:Die Hard by Julz · 2012-12-05 09:10 · Score: 1

I was thinking more James Bond Skyfall myself.

--
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
Re:Hell hath no fury like a passive agressive IT g by nthcolumnist · 2012-12-05 11:46 · Score: 1

affects a coy smile