Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heathrow Airport Security Files Found on USB Stick In The Street (bbc.co.uk)

Posted by EditorDavid on from the removable-storage-media dept.

"The BBC is reporting a security probe after security data about Heathrow was discovered on a USB found on the street," writes long-time Slashdot readers Martin S. From the article: The Sunday Mirror reported that the USB stick had 76 folders with maps, videos and documents, including details of measures used to protect the Queen. A man found it in west London and handed it into the paper, it said. Heathrow said all of its security plans had been reviewed and it was "confident" the airport was secure. "We have also launched an internal investigation to understand how this happened and are taking steps to prevent a similar occurrence in future," it said.
The Mirror reports that the USB stick was not encrypted and did not require a password, according to an article shared by Slashdot reader rastos1. Insiders "admitted it sparked a 'very, very urgent' probe, and that it posed 'a risk to national security'."

20 of 116 comments (clear)

  1. If you are the CTO ... by BoRegardless · · Score: 4, Insightful

    Security only applies to everyone else.

    1. Re: If you are the CTO ... by dougdonovan · · Score: 4, Funny

      obviously an hourly wage security person is missing their usb.

  2. Can't be by nospam007 · · Score: 3, Funny

    In the UK, USB sticks with sensitive or secret info always have to be forgotten in an underground car, it's the law.

    1. Re:Can't be by rtb61 · · Score: 2

      This sounds a little more suss though. Why load those particular files onto a USB stick to remove from the office. Internal and external secured networks, no need for sneaker net https://en.wikipedia.org/wiki/... this is not a decade or more ago, absolutely no need to carry them any where, well, only one need. That need being, selling it, everything contracted is contracted to the highest bidder, so as for national security issues. Highest bidder for that information, in the entire chain of handling of that data, according to typical corporate practices is entitled to that data. It might not have been totally nefarious, just moderately nefarious (setting up hard wired hack points, new sources of data, security holes that can be readily breached etc). The only reason to lose it on a subway, it would have been secured on their person, was fear and panic disposal, this depending upon any traceable data on the device, device clean, than dropped in panic, device full of identifying stuff, than just a clumsy idiot (in probability terms).

      --
      Chaos - everything, everywhere, everywhen
  3. The North Koreans stole it! by Alain+Williams · · Score: 2

    I believe that it is them who we currently blame for all things like this.

    1. Re: The North Koreans stole it! by Reverend+Green · · Score: 2

      Obviously it was the French. It's always the French.

    2. Re: The North Koreans stole it! by Hal_Porter · · Score: 2

      If it is accurate, then it reflects poorly on Trump. If it is not accurate, then it reflects poorly on Clinton.

      My point being that the NYT/WashPo/CNN etc all talked about Russian collusion when they thought Trump was guilty of it, despite having no evidence of a crime. Then it came out that Clinton's campaign had illegally paid for the Steele dossier from Russia - the illegality comes from paying a law firm to pay FusionGPS which eventually paid him. The FEC requires campaign expenditure over $200 to be itemised. I predict the Democrat supporting media will simply stop talking about Russia at this point.

      And I'd say if you're interested in truth, don't trust any of these news sources. They'll report things they know to be untrue, or at least have no evidence for if they think that report will help their party. And they'll not report things for which there is evidence if they think reporting those things will hurt their party. In fact the NYT freely admitted it was giving up old fashioned notions of impartiality and checking things were true before the election

      https://www.nytimes.com/2016/0...

      I.e. what news they report is solely determined by whether they think it will move things in their direction politically, not whether they actually think the report is true or not.

      And incidentally engineers and 'nerds' are hardly immune to this sort of intellectual dishonesty and sloppiness as any arguments over the merits of hardware or software will tell you. Fanboys exist in both politics and engineering.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  4. No Excuse! by Murdoch5 · · Score: 3, Informative

    Why wasn't the USB key in question a high security, hardware encrypted device? There is no reason to not have a military FIPS-140-2, AES encrypted USB key that can self wipe and self destruct, with full location tracking and remote kill switch.

    There is no excuse for files of this importance to be left on a "normal" key. Who ever provided the key and who ever takes care of the systems the files were copied off of, should face criminal charges.

    1. Re:No Excuse! by GuB-42 · · Score: 2

      Snowden used encryption in a way that would be considered paranoid for normal people.
      What kind of whistleblower/traitor/hero/terrorist would know enough to get access to secret documents but be dumb enough to lose an unencrypted USB key in the street. I can imagine using an unencrypted key for stealing data when there is no other choice but definitely not keeping it that way.

      An employee screwing up makes a lot more sense to me.

    2. Re:No Excuse! by GuB-42 · · Score: 2

      Though I prefer the major fuck up hypothesis, who said the data is real and not deliberate misinformation.

      Also I think that all the James Bond style security is overkill. This is definitely confidential information but not top secret. Well implemented AES is more than sufficient. In fact a fancy USB stick will raise a lot more attention. Not a good thing.

    3. Re: No Excuse! by Zero__Kelvin · · Score: 5, Insightful

      Everyone who uses encryption uses it in a way that would be considered paranoid by normal people. Normal people don't understand encryption and have no idea they even use it when they do (e.g. https)

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    4. Re:No Excuse! by Antique+Geekmeister · · Score: 2

      I've certainly seen high level bureaucratic and security staff take data home on private media. I've even seen them insist that security costs more than it gains, and refuse to protect the backup media, or deliberately make personal copies of critical data because getting past the encryptions and security at work is too much effort.

  5. Maybe it was accidentally dropped... by Anonymous Coward · · Score: 2, Funny

    by the new airport cyber security expert, that used to work at Equifax up until a few months ago.

  6. Who plugs in USB drives found in the street? by h33t+l4x0r · · Score: 4, Insightful

    I'd sooner chew gum found in the street.

    1. Re:Who plugs in USB drives found in the street? by Opportunist · · Score: 5, Interesting

      I do. It's my job.

      Then again, I plug it into systems that exist for that sole reason...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Who plugs in USB drives found in the street? by datavirtue · · Score: 2

      This incident has made those loose flash drives all the more tempting. No one can resist examining a random flash drive. It is like finding a wallet. You have to open it and rifle through the whole thing.

      --
      I object to power without constructive purpose. --Spock
    3. Re:Who plugs in USB drives found in the street? by coofercat · · Score: 3, Funny

      The digital 'glory hole' ;-)

  7. My mom always told me... by tofleplof · · Score: 2

    not to plug usb-sticks-found-in-the-street into my computer.

  8. Only an idiot plugs in a found USB by Martin+S. · · Score: 3, Interesting

    My original submission included making the point that only an idiot plugs in a found USB but this has been removed in the edit and my scepticism has been lost.

    The reported fact that this was found on the street amongst fallen leaves is highly unlikely and suspicious. It does provide plausible deniability for the journalist over their source, but my money is this will be revealed to be a hoax.

    The newspaper that published this story, offers to pay for stories. My belief is that there is a very good chance this will be revealed to be entirely a hoax. A assembly of public source data to get a reward/story bounty from the newspaper.

    It is possible, but unlikely this could be a honey trap for the journalist, or anybody with the USB including attack code intended to compromise their PC/Network. This is how STUX worked.

  9. hmmm.. by SuperDre · · Score: 2

    And why did the finder give it to a paper and not to the police (which is what he should have done). I wonder how much money he got from the paper...