×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Server with Top-Secret Data Stolen

Zonk posted more than 6 years ago | from the don't-walk-around-with-that-stuff dept.

Security 142

An anonymous reader writes "Usually missing information stories are fairly low key; the loss of a few thousand student records is cause for concern for those involved, but hardly national security. This one is slightly different. The company Forensic Telecommunications Services has announced that a server containing 'thousands of top-secret mobile phone records and evidence from undercover terrorism and organized crime investigations' has been stolen. From the article: 'The company — whose clients include Scotland Yard and the Crown Prosecution Service — has assured the public that the server is security protected, and the breach will not compromise ongoing police operations. The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

142 comments

Just FYI... (4, Informative)

daveschroeder (516195) | more than 6 years ago | (#20224011)

...Forensic Telecommunications Services [forensicts.co.uk] is a UK company, not a US company, so please keep that in mind when crafting your comments.

(And yes, this is fairly plainly obvious to anyone who takes a moment to look.)

Re:Just FYI... (4, Funny)

Control Group (105494) | more than 6 years ago | (#20224097)

But the British government has been in bed with the US government for years, which means they pretty much do whatever the US tells them to, which means they're pretty much just a US colony, which means that this loss is obviously attributable to FBI negligence, which is clearly linked to the PATRIOT Act, which means that it's the sole responsibility of the current administration - and we all know how Karl Rove likes to publicize secret information; this loss is obviously why he's resigning - which means that George W. Bush wants criminals to go free, so he can further consolidate his power and declare himself interim president for life!!!

CAN'T YOU SEE, MAN? IT'S THE END OF FREEDOM!

Re:Just FYI... (0, Redundant)

Dunbal (464142) | more than 6 years ago | (#20224171)

Do you think it's a coincidence that this news breaks just after Rove's resignation? I don't think so!!!

New conspiracy in 5 minutes.

Re:Just FYI... (1)

bryan1945 (301828) | more than 6 years ago | (#20224983)

You missed FEMA, Hurricane Katrina, and the Red Sox winning the World Series. And maybe crab people, but they could just be communists.

Re:Just FYI... (1)

cHiphead (17854) | more than 6 years ago | (#20226373)

And you missed the White Sox winning the World Series the very next year.

I've been telling you mofos the End is Near, but everyone just laughs it off!

Cheers.

Re:Just FYI... (1)

megaditto (982598) | more than 6 years ago | (#20225325)

Since it's legal in UK to spy on US citizens, and since it's legal in US to spy on UK citizens, one has to assume that MI5/6 is giving NSA a nice happy reacharound...
Do you think one of those phones that tapped was Barak Osama's?

Re:Just FYI... (0)

Anonymous Coward | more than 6 years ago | (#20225849)

mmmmmmmmmm, reacharound. :-)

Okay, here's what we've got (2, Funny)

spun (1352) | more than 6 years ago | (#20225433)

The Rand Corporation, in conjunction with the saucer people, under the supervision of the reverse vampires, are forcing George W. Bush to go to bed early in a fiendish plot to eliminate the meal of dinner.

We're through the looking glass, people

Re:Just FYI... (1)

AHumbleOpinion (546848) | more than 6 years ago | (#20225957)

the British government has been in bed with the US government for years, which means they pretty much do whatever the US tells them to

BS. It is a two way street, you are just being myopic in your historical context. We aided the British in the Falklands for example. No US interests were threatened since the British would have won with or without our help. All we did was further alienate ourselves from Central and South America. Then there were the European wars of the last century. Certainly it wouldn't really matter if the Kaiser had defeated Britain from an American perspective, we could have done business with him. The lunatic that followed him twenty years later would have been too dangerous, but we may have been able to arm Britain and Russia and avoid direct involvement. However such courses were not followed because the United States has a predisposition to help Britain when she needs it.

Who's next? (0)

Anonymous Coward | more than 6 years ago | (#20224395)

Ten to one [slashdot.org], we hear next week that some large repository of Student papers is vulnerable too.

Re:Just FYI... (0)

Anonymous Coward | more than 6 years ago | (#20225529)

I didn't realize that the UK was into outsourcing sensitive government functions to the private sector... sounded American enough to me.

Re:Just FYI... (1)

thaig (415462) | more than 6 years ago | (#20226037)

The UK govt is probably more of an outsourcer than the US govt. e.g. the RAF outsources the maintenance of all it's combat aircraft: they buy X hours of operational availability. Even the Skynet 5 Military comms satellites are outsourced.

Re:Just FYI... (0)

Anonymous Coward | more than 6 years ago | (#20225725)

Are we supposed to give them a free pass because they're from the UK?

hahah (2, Funny)

liquidpele (663430) | more than 6 years ago | (#20224019)

I can see it now...

*ring*
Hello, is this my contact? Do you have the money?
...
*recording* This is an important announcement, you are paying too much for car insurance!

Top secret public records? (5, Insightful)

mmarlett (520340) | more than 6 years ago | (#20224047)

Which is it: Top secret phone records or information that has already been released in court cases? It doesn't seem like the two are the same.

Re:Top secret public records? (4, Insightful)

yog (19073) | more than 6 years ago | (#20224861)

I don't get it. What happened to locks, keys, and trusted employees? It seems like companies and government organizations are constantly leaving sensitive materials in cars or in unsecured locations where they can be stolen by opportunistic thieves. After thousands of years of civilization, and with all the fancy technology at our disposal today, have we learned nothing about how to keep important materials out of mischievous hands?

A server with sensitive information should not be on the public internet, and it should not be on the premises of a subcontractor! It should be safe behind locked doors with access only by a select few, and protected by strong encryption too. I just don't get it; it's kind of depressing.

Re:Top secret public records? (3, Interesting)

dmpyron (1069290) | more than 6 years ago | (#20225451)

I've handled TS and above at a number of contractors over the years. That said, "What happened to locks, keys, and trusted employees?". And how do you get a server out of the building? Stuff in down your pants? I've never worked anywhere where areas with classified information weren't surrounded by cameras. And access control. And lots of other means of tracking the comings and goings. There's more to this story than has been made public.

The lady doth protest too much, methinks. Something is rotten in the state of Denmark.

Either there really wasn't much to worry about or they are secretly passing rectangular pieces of firehardened clay out their anuses. And these guys are called a "security" firm!

Commodization (0)

Anonymous Coward | more than 6 years ago | (#20226159)

have we learned nothing about how to keep important materials out of mischievous hands?


Perhaps it's the commoditization of data? It used to be that anything written down was important. Then only certain paper from certain individuals. Now, with 1 TB hard drives, how easy is it to tell what's sensistive and what isn't?

You have a 60+ GB drive in a laptop, a speadsheet with all the sensitive SSNs and such is maybe a couple of megs. All the rest of it is no big deal.

Perhaps instead of putting stuff on the internal drive, the sensitive information is put on external drives with stickers reading "If this goes missing you will lose your job and be charged with a felony." Maybe that will motivate people to pay attention to what is important (and safely ignore what is not).

Re:Top secret public records? (1)

Frosty Piss (770223) | more than 6 years ago | (#20224947)

The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams

Mybe they meant "proprietary" instead of "Top Secret". Clearly it isn't "Top Secret".

Re:Top secret public records? (1)

c_woolley (905087) | more than 6 years ago | (#20226319)

Actually, "Top Secret" just means something that is very important to keep private. So, in this case it was Top Secret. I just isn't Government-type Top Secret. I was thinking the same thing as you though.

Here is my handy-dandy link to a definition of Top Secret:
http://www.google.com/search?hl=en&defl=en&q=defin e:Top+Secret&sa=X&oi=glossary_definition&ct=title [google.com]

As you can see, it also means they could have stolen a valuable movie staring Val Kilmer...

I could sure trust them (5, Insightful)

faloi (738831) | more than 6 years ago | (#20224053)

Except that their physical security is apparently so poor that I can't imagine their data security is much better.

"All the data is protected, as long as the thieves don't look at the password sticker hidden inside the case."

Re:I could sure trust them (1)

Sunrise2600 (1142529) | more than 6 years ago | (#20224189)

I love how whenever there is a data breach they have to say, don't worry it wasn't important data anyway.

Re:I could sure trust them (1)

ydra2 (821713) | more than 6 years ago | (#20224925)

We're just lucky it was only "Top Secret" data. It could have been "Super Duper Ultra Top Secret" data. Then it would be a security compromise instead of just a security glitch.

More likely. (1)

AltGrendel (175092) | more than 6 years ago | (#20224447)

They simply forgot to activate the alarm system when they went home.

Never attribute to malice what can be explained by stupidity.

Re:I could sure trust them (1)

Greyfox (87712) | more than 6 years ago | (#20224717)

They probably mean "password-protected". We all know how easy THAT is to get around. These guys don't sound clueful enough to actually encrypt their data (Though if any of them are reading this and want to correct me, please go ahead...)

Re:I could sure trust them (1)

Xiaran (836924) | more than 6 years ago | (#20225381)

Im not one of those guys but I did used to work in the disk encryption industry in the UK. I wrote(well me and three other programmers) a product that encrypted windows disks and CE based PDAs. One thing to remember is that companies in the UK are subject to the data protection act. That means they are required by law to protect peoples information. That said it isnt that unusal to find companies that have quite caught up or gotten around to encrpyting their sensitive data... but all the companies Ive worked for in the UK(financial services) has had whole disk encryption on office PCs and servers.

Wrong Terminology (4, Insightful)

stewbacca (1033764) | more than 6 years ago | (#20224105)

"Top Secret" is a term reserved for government classification schemes (in the US) and is clearly outlined by US laws. Using "Top Secret" for a business is just sensationalism. This business lost sensitive data, not "Top Secret" data.

Re:Wrong Terminology (2, Interesting)

daveschroeder (516195) | more than 6 years ago | (#20224193)

Actually, that's incorrect.

Many nations have equivalent parallel classification schemes, including using the terminology "top secret". Long-standing agreements between various nations allow sharing of information in the same categories.

See here [archive.org] and here [wikipedia.org] for details.

If FTS is a contractor on terrorism investigations, it could very well be handling "top secret" data. The article refers to it as "top secret", but you're correct: it's not clear if "top secret" is merely being inappropriately applied here, or whether the information really could be technically "top secret".

It is (PowerPoint) quite routine [fas.org] for contractors to handle classified information in the US and UK.

Re:Wrong Terminology (5, Informative)

stewbacca (1033764) | more than 6 years ago | (#20224373)

I was a contractor that handled real Top Secret data and that term is reserved for government classified data only. Contractor's own stuff is neither Top Secret, nor protected under the provisions provided to government Top Secret data. My point is that there are too many stories from JoeBlow, Inc. that report "Top Secret" information being stolen just to sensationalize the story. To working professionals in the Intel field, the notion that Top Secret data was stolen is a national security crisis, only to read in the story that some stupid company lost some data with private information in it.

True, that many countries share classification terminology. England, Canada, U.S. and Australia, for example, have all worked to synchronize their terms and laws. But the common thread is that these are all covered by government classification guidelines, not the private sector.

I suppose the info in the story could be "Top Secret" in the true sense of the word, but if this company was a contractor handling real Top Secret (ie, government classified) data, it would be a much bigger story than something buried in slashdot ;-)

Re:Wrong Terminology (2, Informative)

jrumney (197329) | more than 6 years ago | (#20224601)

it would be a much bigger story than something buried in slashdot ;-)

It was front page news in several UK papers over the weekend.

Re:Wrong Terminology (1)

stewbacca (1033764) | more than 6 years ago | (#20224743)

A week ago I would have known (I just moved back to the States from the UK) ;-) Stupid narrow world-view of the US!

Re:Wrong Terminology (1)

MaximvsG (611212) | more than 6 years ago | (#20224795)

Yeah, I agree with most of that. Companies can classify their data anyhow they want, including using "secret," "top secret," etc.. But it's not the same as Government classified data. *Unless* they were authorized to store Government classified data, then this would in-fact be a huge breach of security and unlikely we'll be reading about it on slashdot.

Re:Wrong Terminology (1)

Frosty Piss (770223) | more than 6 years ago | (#20224987)

Contractor's own stuff is neither Top Secret, nor protected under the provisions provided to government Top Secret data.

In the USA at least, contractors handle actual honest-to-god the real deal "Top Secret" all the time. In fact, most of our government's "Top Secret" programs are run exclusivly by contractors.

Re:Wrong Terminology (2, Insightful)

stewbacca (1033764) | more than 6 years ago | (#20225061)

True, all of what you said (except contractors are not the majority of classified handlers, especially in compartmentalized intel). I was a contractor and I handled classified all day long. My point is that companies are TOLD by government classification guidelines what is "Top Secret" and don't just make up their own classifications because they work with government classified data. Even if contractors CREATE the data, the company doesn't classify the content they created, the government does. I've said too much. The blacksuits are here. Nice knowing you all!

Re:Wrong Terminology (1)

cyphercell (843398) | more than 6 years ago | (#20225037)

So, you don't think the Crown Prosecution Service or Scotland Yard would have "Top Secret" data? Seriously, the information stolen was evidence and phone numbers, how likely do you think it is that the phone numbers coincided with the evidence? Sorry, but I think the use of "Top Secret" is completely applicable in this case.

Re:Wrong Terminology (1)

stewbacca (1033764) | more than 6 years ago | (#20225191)

I can only speak for UK law a little bit, having only worked there for a short while, but I do believe that the UK has clear government classification guidelines that are pretty tightly integrated with US classification law. A phone number is not worthy of "Top Secret" classification. Especially since a phone number alone does not reveal means or methods, nor does the compromise of a list of phone numbers cause "grave damage" to national security, which is the basic tenet of "Top Secret" classification under US Law.

Now I suppose I should actually read TFA, since my initial post has inspired an entirely off topic sub-conversation ;-)

Re:Wrong Terminology (1)

daveschroeder (516195) | more than 6 years ago | (#20225161)

I'm aware of how classified data works, and when and how the terms are used. You said that the term top secret "reserved for government classification schemes (in the US) and is clearly outlined by US laws". If you were simply speaking from a US-centric standpoint, and not to mean that the term wasn't used elsewhere, my apologies; my point was that the term "top secret" is used by several other nations, including the UK. Your statement about how this was codified in the US was confusing since the company in question was a UK company.

And I do agree that sometimes the term "top secret" is misused for sensationalism, or incorrectly applied. But it's also wrong to say that data generated by a contractor cannot be top secret in the legal and statutory sense of the term. It absolutely can be. In this case, I agree that it's not clear if the data that is related to, e.g., terrorism investigations is actually "top secret" or just sensitive.

Re:Wrong Terminology (1)

stewbacca (1033764) | more than 6 years ago | (#20225311)

But it's also wrong to say that data generated by a contractor cannot be top secret in the legal and statutory sense of the term.
I apologize for not being clear, but this is not what I meant. Contractors create Top Secret material all the time; it just isn't their call to say if it is Top Secret or not. They create data, then the US classification authority applies a classification. This goes for government employees as well. An individual working an intelligence mission as a government employee doesn't classify documents, even if they created the document. The classification authorities assign classifications to all information created, not the operators creating the information.

Of course the article is not about a US contractor, so that only adds to the confusing posts I've made. Thanks for hearing me out ;-)

Re:Wrong Terminology (0)

Anonymous Coward | more than 6 years ago | (#20224301)

do you understand that there are many countries apart from US of A in this world?
for your *american* information, this story probably has very little to do with the US of A. RTFA.

Re:Wrong Terminology (1)

fotbr (855184) | more than 6 years ago | (#20224325)

Are you sure of that? Companies like Lockheed Martin, Boeing, General Electric, General Dynamics, etc all handle government secrets (and top secrets) as part of their defense contracts -- usually as parts of products they're building, but more and more intelligence analysis is being contracted out as well. I'd be surprised if British defense contractors didn't do much the same.

Re:Wrong Terminology (4, Informative)

stewbacca (1033764) | more than 6 years ago | (#20224461)

Contractors working with US classified documents are bound to the same rules and regulation as government employees when handling classified data. My point is that companies can't just make up their own classification of something being "Top Secret". Boeing doesn't have the right to make something they created "Top Secret" just because Boeing thinks it is Top Secret. Only the government classification authority can designate a classification of: Unclassified, Confidential, Secret, or Top Secret. Anything else would be internal corporate policy, but any naming convention Boeing comes up with on their own is NOT provided the same protections under US Law that real government classifications are. (I may sound like a broken record, but I used to teach this stuff to government employees).

Re:Wrong Terminology (0)

Anonymous Coward | more than 6 years ago | (#20224701)

Only the government classification authority can designate a classification of: Unclassified, Confidential, Secret, or Top Secret. Anything else would be internal corporate policy, but any naming convention Boeing comes up with on their own is NOT provided the same protections under US Law that real government classifications are.

And? Last I checked, wiretaps were typically performed by the government, and subject to the designations the government puts on them. It's not only entirely possible but highly likely that the government had declared that their terrorism wiretap recordings were classified at some level.

Re:Wrong Terminology (1)

IBBoard (1128019) | more than 6 years ago | (#20224735)

Maybe the UK works differently (or maybe it's because of transfer of classification based on content) but I work at a List X company [wikipedia.org] and people within the company get to determine whether documents are Restricted or whatever (we use UC, R, S and TS in the UK - there is Confidential, but it's generally replaced with S). They can also extracted parts of a report and release them at a lower classification (since I spend most of my day working on an Unclass machine).

I'm assuming there must be some controls somewhere to stop incorrect downgrading etc, and it probably won't apply to business data (which gets marked "[company name] proprietary") but that's how it seems to work from my year here so far.

Re:Wrong Terminology (1)

IBBoard (1128019) | more than 6 years ago | (#20224779)

Just a related thing I thought of as I posted: Government and Government Associates hate companies who insist on "Private and Confidential" in documents and are unwilling to change to "Private and in confidence". One of the many joys of having Confidential as an important security keyword and having email monitors that check for sensitive keywords to stop accidental release!

Re:Wrong Terminology (1)

stewbacca (1033764) | more than 6 years ago | (#20224931)

"Company name proprietary" is appropriate. What my gripe is, (in the US, at least) is that companies mark business data as "Top Secret", which is strictly reserved and regulated by US law, when the company just means "company proprietary" or "company sensitive" data. It is just an irritating sense of inflated self-importance that gets under my skin, is all.

Re:Wrong Terminology (1)

networkBoy (774728) | more than 6 years ago | (#20225195)

Not entirely.
We have five levels of "classification":
[company name] top secret
[company name] restricted secret
[company name] secret
[company name] confidential
[company name] public

While I agree that this is not the same as US Gov Top Secret, it leverages people's basic understanding of what those words mean and their impressions as to equality to the government. Just as the US would not want Top Secret notes passed to Iran, we would not want [company name] Top Secret passed to our competitors though we may share with a "friendly" company.

I fully understand how this gets under your skin, as I've been (accidentally) involved with USAF Top Secret materials and it is a whole 'nother sport (never mind ballpark) than company classified data.
-nB

Classification Designations (1)

Jtheletter (686279) | more than 6 years ago | (#20225315)

Only the government classification authority can designate a classification of: Unclassified, Confidential, Secret, or Top Secret.
Someone really ought to tell that to Dick Cheney.

This post is Treat As Top Secret. ;)

Re:Wrong Terminology (1)

fotbr (855184) | more than 6 years ago | (#20225555)

And that is exactly my point. It may be real TS stuff -- just because a private company lost it doesn't mean its not TS.

Re:Wrong Terminology (0)

Anonymous Coward | more than 6 years ago | (#20224551)

Speaking as someone who has worked for DOD as a contractor-- if they are in the employ (not saying they are) of the government, that terminology is correct.

a different slant on Wrong Terminology.... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#20224653)

Other threads are quite correct to say that UK/US/Can etc have similar classifications, and that contractors routinely handle these (though note the lack of a US "Restricted")

When I started my career at a UK C+C Headquarters, we still had some old documents with the original UK top classification on, which was "MOST SECRET". They changed this during WW2 because the Yanks might read this as 'Almost Secret'.

All these classifications used to refer to Military Intelligence-type data. But come the end of the Cold War, the spooks grabbed any work they could to justify their budgets. Lots of this work was in non-military areas - even terrorism was originally non-military, but now lots of 'civilian' work has fallen to them. So I would not be surprised to find data on gangs, or porn barons classified as 'TOP SECRET'. Heck, I bet that Thames House South holds some papers on the current protest at Heathrow with TOP SECRET all over them.

Detailed Cell Phone Bill (2, Funny)

sjaguar (763407) | more than 6 years ago | (#20224119)

Do this mean that I will finally be able to see a detailed listing of my wife's calls? :)

Re:Detailed Cell Phone Bill (2, Funny)

tehcyder (746570) | more than 6 years ago | (#20224427)

Do this mean that I will finally be able to see a detailed listing of my wife's calls? :)
It's OK, I recorded them all from my end.

Re:Detailed Cell Phone Bill (0)

Anonymous Coward | more than 6 years ago | (#20224587)

Get her the iPhone and then you will get all the useless data information [slashdot.org] that you can imagine :P

Re:Detailed Cell Phone Bill (1)

JCSoRocks (1142053) | more than 6 years ago | (#20225031)

No, it's probably got the same level of "useful detail" as the 300 page long iPhone bills.

Private company????? (3, Insightful)

Anonymous Coward | more than 6 years ago | (#20224123)

Shouldn't someone explain wtf does top secret policial information in the hands of a corporation? Such information should be gathered, kept and custodied by police.

Re:Private company????? (0)

Anonymous Coward | more than 6 years ago | (#20224245)

It's not top secret, dumbfuck. It's already disclosed in courts, and Top Secret is a military designation, not a police designation. Top Secret information is required to be kept in certified vaults, with certified access control mechanisms that limit physical access to people with the requisite clearance. In other words, you're a fucktard; it's not top secret information.

Re:Private company????? (1)

pthor1231 (885423) | more than 6 years ago | (#20224419)

Just because information has a certain classification doesn't mean anyone other than "police" is going to have it. In the US, and I would imagine a fairly similar situation in the UK, quite often contractors will have access to various levels of classified information for their particular project. Chances are though this is not technically "Top Secret" classified information, and just some sensationalist media, as a few other posters have noted.

Re:Private company????? (1)

Fallon (33975) | more than 6 years ago | (#20224479)

Top Secret data is in the hands of lots of military contractors. If you handle TS data you have to comply with lots of REALLY overkill security measures. Secret classified data must be kept on SIPR net, which is a huge worldwide network massively encrypted and not connected to the Internet. TS is even more secure.

Re:Private company????? (1)

Don_dumb (927108) | more than 6 years ago | (#20226323)

The police outsource forensics. The MOD and most areas of government outsource loads of sensitive jobs (or jobs that handle sensitive data) thanks to the joys of privatisation.

This was a Physical Break in (3, Informative)

varmittang (849469) | more than 6 years ago | (#20224125)

"FTS can confirm that the company was recently the victim of a break-in at one of our premises in Kent. As a result, some IT equipment including a server was stolen."

Very important info for all those who want to start a flame war about what OS it was running and why it was connected to the Internet.

Re:This was a Physical Break in (1)

tehcyder (746570) | more than 6 years ago | (#20224363)

Very important info for all those who want to start a flame war about what OS it was running and why it was connected to the Internet.
Spoilsport, now there's only going to be a handful of comments.

Re:This was a Physical Break in (1)

p0tat03 (985078) | more than 6 years ago | (#20225673)

I suppose the better question now is... how do you sneak out of a secured building with a server? Stuff it down your pants? Or did they merely open the case and swipe the drive, in which case it's certainly do-able?

Re:This was a Physical Break in (0)

Anonymous Coward | more than 6 years ago | (#20226175)

The same way they got into the "secured" building?

What happened to the airport mainframe? (0)

Anonymous Coward | more than 6 years ago | (#20224127)

Well since this article is somewhat disappointing, I find a previous article detailing an airport data server which was stolen far more serious. I know it was covered here on slashdot back in 02' or 03' but was unable to find it.

It's already been hacked by now (0)

Anonymous Coward | more than 6 years ago | (#20224163)

Either this unit has been misplaced or it is actually stolen. The question is how? Was it locked in a Telco closet? If so, then somebody forgot to lock it. That was probably the last technician that last did maintenance on it. Ouch! If it's an actual PC based phone system then it's already been rooted which is extremely easy when you have access to the local machine. Some still run Win2000,Warp OS/2, and Linux. I guess the only value that server has to offer is in selling the phone numbers off to the highest bidder. The server parts will just become some kids PC. Any thoughts?

ORLY? (4, Insightful)

slobarnuts (666254) | more than 6 years ago | (#20224175)

In any case, the immediate disclosure and swift action taken by the FTS following the breach is yet another positive indication that organisations are beginning to take data protection seriously."

Really? Because the fact that this happened in the first place seems to indicate otherwise. This just sounds like Damage control.

wow (1)

ArcadeX (866171) | more than 6 years ago | (#20224267)

Somebody drops the ball when a backup tape goes missing. Laptop gets stolen isn't that much of a stretch, but a server? You would think something like this would blow away any confidence people have in this company... Company I work for wipes all computers / servers that get shipped, and the image is pushed over a secure network, hard drive encryption or not, and we don't even have much in the way of confidential information.

Re:wow (1)

Detritus (11846) | more than 6 years ago | (#20224933)

How many companies have real physical security? By that I mean trained security officers with guns, on duty 24/7/365. Most companies are vulnerable to theft, even of large items like servers. once everyone leaves for the day or weekend.

Re:wow (1)

Anonymous Brave Guy (457657) | more than 6 years ago | (#20225011)

How many companies have real physical security? By that I mean trained security officers with guns, on duty 24/7/365.

Well, I'm guessing the answer to that specific question in the UK is basically none, given that in general civilians having firearms is illegal and all...

However, I would imagine that businesses working in certain sensitive industries are used to working with the police, and employ a combination of defensive measures and some rapid call-out arrangement to protect themselves. Given that we don't see banks being robbed all the time, it appears that full-time, gun-carrying staff (are scary black outfits and funky earpieces mandatory as well?) are not a prerequisite for "real physical security".

Protected how? (3, Funny)

hcdejong (561314) | more than 6 years ago | (#20224271)

1. Cryptonomicon-style, with a big coil embedded in the door frame of the room where the server was stored (question is, would that even work, without using an MRI as the coil)
2. with a brick of thermite on a proximity detonator inserted into the case
3. boring ol' cryptography

Re:Protected how? (1)

Fallon (33975) | more than 6 years ago | (#20224391)

We actually have a case of thermite grenades sitting in our TCF (where all our communications gear & servers sit). Of course there's also the thousand odd soldiers with M16s around that you have to get through first. Sitting in downtown Kabul Afghanistan and needing all that physical security does make me a bit nervous at times though.

Re:Protected how? (1)

Svartalf (2997) | more than 6 years ago | (#20224889)

Nothing like the flash demil process on computer gear. And yeah, I'd be a bit uneasy about needing that level of security, but with where that comm gear (and you) is at, I wouldn't have it any other way really.

Re:Protected how? (1)

bryan1945 (301828) | more than 6 years ago | (#20225039)

"1. Cryptonomicon-style"

I so just jumped to "Necronomicon-style" when I read that. Chin-sucking whirlpool books would probably be rather effective ("Army of Darkness" for you heathens that don't understand that).

Re:Protected how? (2, Interesting)

Cheesey (70139) | more than 6 years ago | (#20225385)

1. Cryptonomicon-style, with a big coil embedded in the door frame of the room where the server was stored (question is, would that even work, without using an MRI as the coil)

I don't think that would work, even in 1999 when Neal Stephenson wrote the book. Some data would be recoverable: disks are very hard to completely destroy. Encrypted filesystems are the right way to do it, with the key only kept in memory.

I don't know why Stephenson's characters didn't think of that idea, since they worked for a PGP-style data security company. Nor do I understand why the adversaries used Van Eck phreaking to spy on Randy's laptop rather than just install a hardware keylogger, or why an EMP can destroy a CPU but not a hard disk controller. But hey, at least the ending was better than The Diamond Age.

Re:Protected how? (1)

ubrgeek (679399) | more than 6 years ago | (#20226233)

> 1. Cryptonomicon-style, with a big coil embedded in the door frame of the room where the server was stored (question is, would that even work, without using an MRI as the coil)

I have one of those in the doorway of my cube. As soon as I get up to tell someone something and walk through it, my memory is wiped... :)

Security Protected? (1)

Sperbels (1008585) | more than 6 years ago | (#20224313)

Security Protected? Meaning what? You have to login to Windows?

Re:Security Protected? (0, Flamebait)

xgr3gx (1068984) | more than 6 years ago | (#20224943)

Yeah, forget that. Just boot it with any Linux live CD and you'll be browsing the files in no time.
And no, this is not flamebait, so don't flag it as such.

Well-protected? (1)

winchester (265873) | more than 6 years ago | (#20224371)

If their physical security is this bad, one wonders how much value should be placed in the statement that the data on the server is "adequately protected".

Moreover, this should spark the debate whether it is okay that private companies work on this sort of data, and whether the government should or should not have its own data specialists.

Re:Well-protected? (1)

Belacgod (1103921) | more than 6 years ago | (#20224467)

I'd argue that government wouldn't be any better at it. Plus, you could never fire the people responsible--at least here the company's going to lose a lot of business.

Whew! I'm not impacted this time. (0)

Anonymous Coward | more than 6 years ago | (#20224435)

This sure makes me glad I live in the state of Ohio! Oh, wait...

Bizarre reporting (2, Interesting)

mattr (78516) | more than 6 years ago | (#20224459)

It seems most journalists are just mouthing the press releases over again. "Security Protected" is a talk-down-to-you phrase, "protected" means "secure" anyway, and it intentionally doesn't tell you anything about how it really is protected. The company with the break-in obviously wasn't using security sufficient to deter people targeting them - for a security analysis company not to use more expensive security commensurate with the value of their clients' info is not even mentioned. Something silly about outsourcing is mentioned in TFA but in not the press release of course because it was stolen from their premises. Impossible perhaps to deter a truly obsessed insider, but for TFA not even to talk about what that incredible "security protected" technology stuff is, is just dumb.

I think it would be in the company's best interest to say everything was encrypted with unbreakable algorithms, but perhaps they have rules about not disclosing anything and maybe they don't want to spread the idea that people should encrypt things, that would certainly put a damper on their business, wouldn't it. I'd understand if they don't want to say they have a cell phone tracker or phone home device in it, but as for trusting them when they say nothing is important on that server they stole sounds very strange. More likely someone knew what they were going for it sounds.

Laptops, always, desktops, yes, servers - ? (3, Insightful)

caluml (551744) | more than 6 years ago | (#20224517)

Well, I always use encrypted partitions for equipment that could be stolen - laptops, or my home PC - but I wouldn't consider it for servers.
This makes you think though.

Re:Laptops, always, desktops, yes, servers - ? (0)

Anonymous Coward | more than 6 years ago | (#20225711)

What about your kiddie porn stash? Or your usual porn stash if you're married? Or your MP3s if you're a teenager?

Or, with this government, all your e-mails........

live by the sword, die by the sword... (1)

3seas (184403) | more than 6 years ago | (#20224635)

invasion of privacy is a very pervasive thing once you start it up....

contradiction... (1)

kajumix (1036500) | more than 6 years ago | (#20224829)

"top secret data ...subject to full disclosure"

Re:contradiction... (0)

Anonymous Coward | more than 6 years ago | (#20225583)

"top secret data ...subject to full disclosure"


Yes, keep on going. To whom? Which court?

Deliberate theft? (2, Insightful)

orangesunglasses (1140459) | more than 6 years ago | (#20225173)

It is probably understandable how laptops and PC's get stolen, as maybe an opportunistic theft, but how the fuck can someone just wander off with a server? This presents two reasons why it was stolen
1. It was stolen for the hardware, so have a look on ebay soon
2. It was stolen for the data that the machine contained, which is probably more concerning.

Top Secret! (1)

lymond01 (314120) | more than 6 years ago | (#20225613)

The information is made up of either old cases that have passed through the judicial process, or cases that are already in the judicial system and so subject to full disclosure to both defense and prosecution teams.

So...not top secret then.

fuck 4 sPonge (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20225813)

what they think is When I stood for with the work, or developers And Exciting; SLING you can of OpenBSD. How is mired in an Goals I personally as to which *BSD another cunting Startling turn NIGGER ASSOCIATION And, after initial has run faster company a 2 sanctions, and website. Mr. de Usenet. In 1995, problem; a few bunch of retarded show that *BSD has spot when done For users. Surprise to you by Penisbird However I don't are attending a don't be afraid 200 running NT BE NIGGER! BE GAY! forwards we must others what to JOIN THE GNAA!! much organisation,

Sorry (1)

c_woolley (905087) | more than 6 years ago | (#20226185)

I was just looking for porn. I'll give the system back when I am done with it. Bunch of crappy phone numbers. Don't worry, when I give it back there will be something worth keeping safe.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...