Forgot your password?
typodupeerror
Security

Swiss Spy Agency: Counter-Terrorism Secrets Stolen 88

Posted by Soulskill
from the hard-drives-can-still-grow-legs dept.
Rambo Tribble writes "The Swiss spy agency, NDB, reports a disaffected employee walked out with drives containing terabytes of data shared by counter-terrorism agencies in Switzerland, the U.S. and Britain. It is not yet known if he was able to pass on any information before he was apprehended. 'A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.'"
This discussion has been archived. No new comments can be posted.

Swiss Spy Agency: Counter-Terrorism Secrets Stolen

Comments Filter:
  • Advice (Score:5, Insightful)

    by ipquickly (1562169) on Tuesday December 04, 2012 @05:11PM (#42184445) Homepage

    If his advice included encryption and proper employee screening, maybe he was right.

    • by sl4shd0rk (755837)

      Eh.. possibly not that honorable.

      "the largest Swiss bank, UBS, expressed concern to authorities about a potentially suspicious attempt to set up a new numbered bank account, which then was traced to the NDB technician."

      • Re:Advice (Score:5, Insightful)

        by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Tuesday December 04, 2012 @07:07PM (#42185965) Homepage

        Showing that the whole "secret Swiss bank account" thing only applies when you're not trying to hide it from the Swiss government. :P

        • Re:Advice (Score:5, Informative)

          by lloydchristmas759 (1105487) on Tuesday December 04, 2012 @07:37PM (#42186237)
          Actually, it has been a long time since banking secrecy in Switzerland does not hold when crime is involved. When any Swiss bank suspects funds originate from criminal activities (e.g. drug or weapon trafficking, etc), it has the legal obligation to report it to Swiss financial market authority. From there, an investigation will be open. More information here [finma.ch].

          However, tax evasion is not considered as a crime in Switzerland. This means that until recently, Swiss banks or the government would not disclose any information to foreign governments when only tax evasion was suspected. In the past few years though, international pressure on the Swiss government obliged it to ease the banking secrecy to the point where there is no secrecy anymore, except for permanent Swiss residents.
  • So? (Score:5, Insightful)

    by Hatta (162192) on Tuesday December 04, 2012 @05:16PM (#42184509) Journal

    Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.

    • by Anonymous Coward

      Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.

      Indeed. We should close all the counter-terrorism agencies until the threat is back up to the level where people demand we do something about it...

      • by 1s44c (552956)

        Somehow, I'm not terribly worried. Terrorism is a lesser threat to any of us than slipping in the shower is.

        Indeed. We should close all the counter-terrorism agencies until the threat is back up to the level where people demand we do something about it...

        Or simply stop taking showers.

      • by Hatta (162192)

        You assume that counter terrorism actually does something to stop terrorism. There is no evidence for that assertion.

        • by Sentrion (964745)

          And why does Switzerland care so much? Are they a target of terror? No drug lord, dictator, or terrorist would gain from attacking the nation-host of his own numbered (ergo anonymous) bank account. Not to mention that the Swiss make the world's best firearms.

          Now, if Switzerland had a history of colonizing Africa or the America's, if they routinely invaded (oil-rich) sovereign nations, if they backed warlords to overthrow democratically elected leaders, if they rounded up civilians and locked them up in c

        • by tehcyder (746570)

          You assume that counter terrorism actually does something to stop terrorism. There is no evidence for that assertion.

          Here in the UK there have been several court cases involving bomb plots foiled by the security services. I suppose you would say that these are all just made up?

      • until the threat is back up to the level where people demand we do something about it...

        What are you even talking about? About some kind of imaginary past I presume... but care to give details?

  • ...this guy's counter counter terrorism ploy?

    Nice!

  • The title says it all.

  • "Really, guys, hide it in plain sight so nobody thinks it's important. Get hot new stuff, tweet it out. Ever hear of a public Wiki?"

    the big question is, do they have a capital punishment law for treason over there? or does the Swiss Army just take turns batting you around all day?

    • by bug1 (96678)

      do they have a capital punishment law for treason over there?

      No, they have to send them to the USA for that.

      • by godel_56 (1287256)

        do they have a capital punishment law for treason over there?

        No, they have to send them to the USA for that.

        Or arrange for the Israelis to have them assassinated.

    • the big question is, do they have a capital punishment law for treason over there?

      I believe they do it by pouring molten chocolate down your throat.

  • by ipquickly (1562169) on Tuesday December 04, 2012 @05:23PM (#42184609) Homepage

    If he did this to prove that the security measures are so lax that lives are in danger - then he very honorably sacrificed his career.
    If he made a backup copy, then he should go to jail.

    • by timeOday (582209) on Tuesday December 04, 2012 @06:18PM (#42185433)
      His actions prove nothing except that a trusted senior individual with administrative rights and physical access to the system could, in fact, divulge sensitive information. That's not scandalous. In fact it is for all practical purposes unavoidable. OK, fault them for not inspecting everybody's bags on the way out of work every single day (ignoring the cost and alienation factor)... even then he could STILL have done it with a microSD under his tongue. At some point it comes down to trusting individuals.
      • by nazsco (695026)

        wrong. his action prove only that trusted senior individual with administrative rights and physical access to the system can fall in disgrace with his peers and have any intangible charge brought as his downfall.

    • by Anonymous Coward

      he was trying to sell data. And stopped by the bank clerk who found it fishy that he wanted a numberd account...

      so, jail it is.

    • by nazsco (695026)

      > If he made a backup copy, then he should go to jail.

      nice try, RIAA.

  • by crazyjj (2598719) * on Tuesday December 04, 2012 @05:24PM (#42184629)

    Something tells me that most of this stolen info consists of data gathered on "terrorists" like movie pirates, government critics, and information leakers.

    • by 1s44c (552956)

      Something tells me that most of this stolen info consists of data gathered on "terrorists" like movie pirates, government critics, and information leakers.

      Everyone is a potential terrorist, this will likely be information on everyone collected from every government database they have access to.

      It would be interesting to see what kinds of data spooks collect.

  • from TFA:

    "The source said that under the NDB's present structure, its human resources staff - responsible for, among other things, ensuring the reliability and trustworthiness of the agency's personnel - is lumped together organizationally with the agency's information technology division. This potentially made it difficult or confusing for the subdivision's personnel to investigate themselves"

    you'd think they'd have taken this into consideration in the first place. Rookie mistake?
  • If he was able to get Terabytes of data out with impunity and walk out with it in a back pack than he was right that things weren't being done right. If they had been working with best practices he never would have been able to pull the data out.

    Read the article, sounds like the only reason the data didn't go to the highest bidder is he hadn't sold it yet. They said he was disgruntled, perhaps he was willing to sacrifice his career to make a point about things not being done right?

    He'll get (and should get)

    • Any of the presidents numerous body guards could assassinate him at any time, does that mean things aren't being done right?
  • 1: "The suspect in the spy data theft worked for the NDB, or Federal Intelligence Service, which is part of Switzerland's Defense Ministry, for about eight years."
    2: "He was described by a source close to the investigation as a "very talented" technician and senior enough to have "administrator rights," giving him unrestricted access to most or all of the NDB's networks, including those holding vast caches of secret data."

    A: "for about eight years" --> "unrestricted access to most or all of [...] vast ca

  • This event dates from late September. As far as I know he was caught, before he could sell anything.

    But, the Swiss Secret Service was lucky: The guy was caught because his bank became suspicious when he wanted to set up bank accounts to receive the future price for the loot.

    The guy essentially walked out of the place with disk drives full of data. As he was the IT maintenance guy, he could pull this off without anybody getting suspicious. If your IT guy replaces 'broken' disk drives, everything is ok, oth

    • by AHuxley (892839)
      Switzerland had a walk in who (gave/sold?) the Soviets the bunker locations and moblization timetables. He was caught.
      Switzerland is very small at the planning level of its structure. Very few make it up the chain of command with the correct trust and the huge number of days training needed vs having a day job.
      They can profile the family structure and training of their top people over many years but "IT maintenance guy" are what treated as just "technician" staff? vs the quality of life that the officer
  • So... (Score:3, Funny)

    by JestersGrind (2549938) on Tuesday December 04, 2012 @05:56PM (#42185107)
    The Swiss security is similar to their cheese?
  • by Yakasha (42321) on Tuesday December 04, 2012 @06:00PM (#42185183) Homepage
    Most companies require a second signature on checks with a high enough dollar amount, so why not a similar system for servers?

    Simply list secured directories/files and secured output devices (printers, usb, etc). If you try to move/copy/edit anything from a secured directory or to a secured device, your command gets put in a queue and waits for a second user to ok it.
    Is there anything like this available already?

    • by c++0xFF (1758032)

      My college set up something like that for password resets. Two computing center student employees could type in their own passwords and the username of another student to reset that student's password. If I remember right, it didn't work on faculty accounts and in a few other situations.

  • "The suspect [had] unrestricted access to most or all of the NDB's networks, including those holding vast caches of secret data".

    Did no-one in this self-described Federal Intelligence Service notice him downloading terrabytes of data?
  • in 5... 4... 3... 2...
  • 'A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.'"

    Okay poindexter, what exactly was the issue? Some non-technical middle manager didn't understand the overarching brilliance of your recommended filesystem? Afraid the key length is too short? Too much Linux? Not enough Linux? Welcome to the real world, where your temper tantrum effects no change for anyone else but you. Hope your issue wasn't genuinely important, you'll have a hard time making your case from prison. /facepalm.

  • Swiss counter-terrorism includes probably a list of tax agents of foreign countries (such as the USA, most EU countries, and other countries looking for black money of their citizens).

  • You IT guys seem so sensitive! Makes this old Marine Corps Vetaren want to puke! First, debrief the traitor. Who knows maybe his advice on operating the data systems may yield something. Then, throw his a$$ into solitary in a super max prison for 10 to 15 years and see if it cures his disgruntled-ness!!!
  • This is old news, geez. Here's a quick summary of the facts:

    - The Swiss intelligence agency had pathetic security. This guy was an IT guy with far too much direct access to data. Second, there was no policy in place restricting (and checking) what employees could carry in and out of the building. So he duplicated the contents of numerous entire disks, and walk out the door carrying the copies.

    - The guy was an idiot. He copied terabytes of data, figuring to get rich quick. But he had no idea how to sell the

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...