Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Security

Military Investigates Sale of Sensitive Data 136

Posted by Zonk from the not-the-best-news dept.
smokeslikeapoet wrote to mention an article being run in the New York Times detailing the sale of sensitive data in Afghan markets. From the article: "The military acted after The Los Angeles Times and The Associated Press reported that computer memory drives smuggled out of the base were being sold in shops. Some drives bought by the reporters contained material marked secret as well as information about insurgency activities and names and personal details about American service members and Afghan agents working for the United States military." Fox News is reporting the sold storage units are being repurchased by the military as they can find them.
This discussion has been archived. No new comments can be posted.

Military Investigates Sale of Sensitive Data More

Military Investigates Sale of Sensitive Data

Comments Filter:

  • So, does anyone... (Score:1, Funny)

    by Anonymous Coward
    So, does anyone have a .torrent?

  • Windows WinPC (Score:2, Insightful)

    by iggymanz ( 596061 )
    I'm a little tired of Windows/WinPC's being used for sensitive government purposes, and in general treating all computers the same way a home PC is treated.

    • Re:Windows WinPC (Score:3, Insightful)

      by Doc Ruby ( 173196 )
      I'm tired of the dumbing down of government security, and dumbed down home PC security that is the benchmark.

      I'm also tired of TrollMods saying legitimate criticism is "Flamebait" whenever it criticizes the government, Microsoft, or some other monopoly.

  • Scary. (Score:3, Funny)

    by lisany ( 700361 ) <slashdot AT thedoh DOT com> on Friday April 14, 2006 @03:30PM (#15131977)

    How long have we heard about companies selling old computers with customer data? Or people selling computers on ebay chock full of porn? The inability to learn from others' mistakes is a worry. Then again, the US military is in Asia

    Clearly whoever is in charge never saw the Princess Bride and learned from Vizzini's wisdom

    You only think I guessed wrong! That's what's so funny! I switched glasses when your back was turned! Ha ha! You fool! You fell victim to one of the classic blunders! The most famous is never get involved in a land war in Asia, but only slightly less well-known is this: never go in against a Sicilian when death is on the line! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha

    Course...he died, soo...

  • Does the military know about encryption? (Score:5, Funny)

    by dmonahan ( 957638 ) on Friday April 14, 2006 @03:31PM (#15131982)
    Or couldn't they get an export license?

  • mis-information? (Score:5, Interesting)

    by JeanBaptiste ( 537955 ) on Friday April 14, 2006 @03:31PM (#15131984)
    While our military may sometimes seem incompetent, don't forget they are involved in informational warfare in many different ways you might never think of.

    I wouldn't be surprised in the least if some or all of this 'leaked' information has been crafted to make our enemies think we are doing things we are not.

    This is nothing new, look up operation mincemeat [about.com] for a very interesting story of a successful mis-information mission performed in WW2.
    • I love stuff like that. Plus, being a Neal Stephenson fanboy, it made me chuckle along those lines too. That guy is one of the few people who can make something that's already interesting even more interesting through entertainment.

    • Re:mis-information? (Score:5, Insightful)

      by s20451 ( 410424 ) on Friday April 14, 2006 @03:57PM (#15132193) Journal
      I agree that the military is capable of great things *sometimes*. But I have been in the military, and the military basically attracts the same caliber of employee as any other government department.

      What is more likely, that the military let classified data walk out the door due to incompetence, or due to some clever X-files style conspiracy? After you answer that question, replace "the military" with "the department of motor vehicles" and ask yourself again. The answer would usually be the same in both cases.
      • s/government department/any other large organization/

        Because people just don't scale.
      • What is more likely, that the military let classified data walk out the door due to incompetence, or due to some clever X-files style conspiracy? After you answer that question, replace "the military" with "the department of motor vehicles" and ask yourself again. The answer would usually be the same in both cases.

        Or so they want you to think! Mwuahahaha.

    • Re:mis-information? (Score:4, Interesting)

      by rchatterjee ( 211000 ) on Friday April 14, 2006 @03:59PM (#15132220) Homepage
      According to the original LA Times [latimes.com] article the reporters were able to find actual soldier's SSNs which they were able to verify by tracking down the home addresses and personal vehicles of the soldiers.

      Granted the rest of the info could be false, but that would mean they're deliberately leaking troops' personal info which could be putting their families at home in some real danger.
    • Some of the thumbdrives reportedly (by MSNBC, which bought some in the nearby market) contain images of bodies tortured to death in Afghanistan by Americans.

      Even if those images are faked, for some kind of attempt to discredit MSNBC (and other) reporting of American torture, the major effect will be to promote America's reputation for torture, murder, insecurity... and disinformation.
    • While our military may sometimes seem incompetent, don't forget they are involved in informational warfare in many different ways you might never think of.

      What does incompetence mean?
    • Your comment, although thoughtful, would only make sense if the DOD - unfortunately under Donald "the Duck" Rumsfeld's control, didn't act completely unaware of WWII operations [although such misinformation campaigns have been used quite successfully during the past 4 decades - note the "Star Wars" program].

    • I keep hearing that 'military intelligence' is an oxymoron (it's become a meme [wikipedia.org]). It's probably useful to keep that notion going, because, well, everyone *just knows* that everyone in the military is a complete moron and can't do anything right.

    • AKA "The Man Who Never Was [wikipedia.org]". I read the book about 30 years ago and the story is now common knowledge amongst WW2 history fans.

  • Win-win solution. (Score:5, Funny)

    by xxxJonBoyxxx ( 565205 ) on Friday April 14, 2006 @03:34PM (#15132016)
    Here's a win-win solution: Send the old hard drives and other media to our units in Iraq. They can duct-tape them to their Humvees and use them as armor.

    The bene's:
    1) If the Iraqis steal the media, it'll be useless: the electricity in Iraq is never on long enough to scan a drive.
    2) If you leave the media taped to a Humvee long enough you'll be guaranteed to achieve true data destruction.

    • I'd imagine the main cause of death from a roadside bomb is not the 'blast' itself but rather the shrapnel produced.

      If a piece of shrapnel traveling at such speeds hit a hard drive, I'd imagine the result would be even more shrapnel from the HD+case shattering.

      Armoring a vehicle or a person is a little more complicated than just slapping some extra pieces of metal onto it.

      I'm hoping you were shooting for funny and not insightful, the mods don't seem to get it anyways.
      • Actually, ablative armor is used to great success in certain situations. It's armor that is designed to be shredded away, in the process absorbing and dissipating impact energy. Think about it; if you had a hard drive on the outside of a vehicle, it would at the very least absorb a bunch of energy. Most of the energy released would likely continue going in the same direction as the original projectile, but it would be spread over a larger area, and some of it would be released in other directions. Spreading
    • Given that the hard drives would likely have Windows on them, due to the numerous security holes I'd say it'd be at best no different than them not being there at all.

  • See also the BBC report (Score:3, Informative)

    by smithberry ( 714364 ) on Friday April 14, 2006 @03:35PM (#15132021) Homepage Journal
    The BBC news site reported this a couple of days ago:

    http://news.bbc.co.uk/1/hi/world/south_asia/490505 2.stm [bbc.co.uk]

    I'm sure I read somewhere that the military are supposed to just melt old storage devices to be sure of getting rid of the data, but now I can't find that report anywhere. Theory and practice often differ I guess.
    • _Slashdot_ reported this news a couple days ago.

      Zonk's... what can I say... a bit slow.

    • There are many approved destruction methods. Depending on the use of the media, there are some methods that are not permitted, and others that are directly required.

      I've never heard of melting, but I have heard of grinding to a fine powder, incineration, and demagnetizing.
    • The most used data destruction device by government agencies: sledgehammer.

      Had a contract recycling computers for the state gov't and if any hard drives exist, I am required to smash them with a hammer though I've done 35+ passes with a secure erase and have found it to be very effective but SLOW comparatively..heh.

      Either way, this definitely happens a LOT. Most people aren't security minded and will toss almost anything thinking that a simple "format c:" will do the trick...or that the person who buys

    • I'm sure I read somewhere that the military are supposed to just melt old storage devices to be sure of getting rid of the data, but now I can't find that report anywhere. Theory and practice often differ I guess.

      But from what I gather this was not material that was improperly disposed of, but people taking live working drives and USB sticks with information off base and selling them.

      All of the destruction on old data storage devices doesn't matter when people are stealing the live stuff.

      Sort of like you

  • Second time (Score:2, Informative)

    by k-sound ( 718684 )
    This is the second time [slashdot.org] this happens in a few weeks time, the US military should really start to take better care for it's secrets.

    Also,
    DUPE!

  • Umm.... (Score:5, Funny)

    by KarateExplosions ( 959215 ) on Friday April 14, 2006 @03:43PM (#15132093)
    Fox News is reporting the sold storage units are being repurchased by the military as they can find them.


    Fuck that repurchasing shit. TAKE IT. You're the goddamned United States military.
    • Comment removed based on user account deletion
      • They're not winning our hearts and minds by stealing sensitive military thumb drives and selling them at the bazaar next door.

        We'll just call it a wash.
        • Why so quick to say Afghans stole it? How do you know Joe Dropout didn't try pawning them for some heroin?

          • So maybe the merchant didn't steal the drives, maybe he just trade drugs for them. Or bought them off of drug dealers.

            In that case, let me get out my wallet.
            • My post didn't say anything about paying for it. I was just saying you're implying that Afghans came in and stole it (hard to do on a military base).

              I agree with the other poster, a harsh military action will only make things worse. Get the government to mandate their return or something.
          • Why so quick to say Afghans stole it? How do you know Joe Dropout didn't try pawning them for some heroin?

            First, if by "dropout" you refer to some civilian employee of a contractor providing base services, then yes, perhaps. If you're referring to members of the military, then you need to start getting your information about the military from somewhere other than old Vietnam war movies. This ain't yer pappy's military no more, full of convicts and no-loads. "Dropouts" are considered Tier 3 enlistment mate

            • Army reaching breaking point, experts warn [mercurynews.com]

              The Army fell short about 6,700 recruits in fiscal year 2005, its biggest shortfall since 1979, its worst year ever. In response, the Army has begun to accept more high school dropouts and Category IV recruits - those who make the lowest acceptable scores on the military's entrance exam.

              This is quite troubling. The report notes that the army now appears to be meeting its recruiting goals by admitting high school dropouts. Secretary of Defense Donald Rumsfeld, the w

              • Aside from the behind-the-scenes type stuff, military technology is designed to be simple to use. I hate to make the comparison (Especially with the story about the Japanese investigating computer games) but using some of the more complicated weapons systems is now as easy as playing a computer game. For instance, piloting a helicopter might be hard, but both the apache and the comanche prototype (that was supposedly cancelled - not sure whether to believe that or not, but helis are somewhat deprecated sin

            • Ok, I'll bite. How cheap is the Heroin in Afghanistan?

              (Don't know why you bolded it. They'd probably have to go off-base to get some, right? That stuff doesn't get trafficked in that easily to a US military base, I'd assume.)
            • This ain't yer pappy's military no more, full of convicts and no-loads.

              Has it changed so much since the Gulf War, as recounted in Jarhead [salon.com]? And though I realise it's fiction, the makers of Buffalo Soldiers [imdb.com] did clainm that it was all based on true events.

    • exactly.
      I wasn't under the impression that you had to buy back the stuff that was stolen from you.

      Unless, of course your bicycle ends up at a pawn shop.
      • I wasn't under the impression that you had to buy back the stuff that was stolen from you.

        In this case it is probably just quicker. Not to mention, on the off chance that the selling entity has NOT YET viewed-copied-distributed-and sold the information, the military might get its information back with minimal dissemination.

    • Re:Umm.... (Score:4, Insightful)

      by Daniel_Staal ( 609844 ) <DStaal@usa.net> on Friday April 14, 2006 @03:51PM (#15132159)
      But if they do that, the dealers will start hiding from them, and then they'll have to work harder to find the drives in the first place. They may even end up having to use force, and the dealers might decide to use force back. You could end up in a situation where a US soldier is killed trying to retrieve a thumbdrive.

      This way is better and cheaper for everybody.
    • This is the problem with priorities in the bush administration. They can find ways to lose billions in Iraq, but can't seem to lose a few million to the people in Afghanistan. I'll bet you, that for a few thousand, they can find some local tech to physically lock up the stuff at night.

    • I think we the people should take all harddrives away from the military until they can prove they understand things like security.

      We have had too many security breaches lately. Its time we start expecting more accountability.

  • Encryption? (Score:4, Insightful)

    by rewinn ( 647614 ) on Friday April 14, 2006 @03:56PM (#15132183) Homepage
    Pardon my innocence, but shouldn't our professional military encrypt its storage devices?
    • That's what I was thinking! Seems the IT department of the Army doesn't have the budget to keep users up to date with stuff like encryption. Of course alot of what I see is that most technician are not that sharp having only been mostly Windows admins themselves. Even the older technician I run into only know Windows and kind of remember a few DOS commands.

  • Why "repurchase" the drives? (Score:5, Insightful)

    by FellowConspirator ( 882908 ) on Friday April 14, 2006 @03:59PM (#15132218)
    What point is there to repurchasing the drives? Once the information is out, it's out. Anyone that would be interested isn't interested in the drives, they are interested in the data -- data that's easily copied and transmitted in a couple of minutes. All you are doing is paying people to get back a USB key, the data on which they've already sold someone else.

    Heck, let them keep the drive as a keepsake. If the information is misinformation, maybe it will propagate farther. If it's real information, the damage is already done, there's really no point in rewarding for it.

    • The point is:

      1) Finding out what data has been comprimised.
      2) Determining how it was comprimised.
    • How many people in Afghanistan have easy access to a computer? Was this near a fairly large city, or out in bumfuck nowhere? If the latter I'm guessing they're hoping to re-acquire them before the owners have a chance to get to a computer. If they're near a city where there's electricity and computers, well then they're kinda screwed.

    • What point is there to repurchasing the drives? Once the information is out, it's out. Anyone that would be interested isn't interested in the drives, they are interested in the data -- data that's easily copied and transmitted in a couple of minutes. All you are doing is paying people to get back a USB key, the data on which they've already sold someone else.

      I was thinking the same, but then it came to me. The target of the theft was probably NOT the information, but the drive itself (to make an extra buck

  • Poor IT Security Governance... (Score:5, Interesting)

    by Anonymous Coward on Friday April 14, 2006 @04:05PM (#15132260)
    Storing unencrypeted sensitive data on a PC is bad enough, on a Laptop it's even worse - but who the hell is allowing the US Military to store classified data on REMOVABLE MEDIA? I work in Information Security for a Fortune 5 company, and we have banned the use of all removable media for just this reason, it has a tendency to travel. Is the US Military so obtuse as to believe that their people will never misplace on of these devices, much less walk off with them?
    • Actually is usually required to be on some sort of removable media. It is much easier to lock up a hard drive than an entire PC.

      • In what shop were you in? Where I've been (granted, TS:SCI rather than just Classified, as this probably was) there were pieces superglued in the USB ports and speaker outputs so you knew you were not to take any sensitive information off this PC. None of the machines had CD burners or anything else.

        Yes, hard drives are typically removable. From all accounts, however, these are flash drives, which should have never been allowed to touch a machine with sensitive information to begin with.

        • The amount of work to protect the data goes way up the higher the information is classified. The Secret level does not require as much as TS. The rules are also different for the government (and the military). I work for a contractor before and I have been told the rules for contractors are more stringent than the government and military.
    • "I work in Information Security for a Fortune 5 company" Do you work out of a tent with no AC? Do you get to work in a car or on a camel?

      Think about the field conditions in Afganistan. Any given area may not have electricity, let alone internet hook-ups or a limitless supply of CD-Rs. If you have to get 700 MB of data from one place to another continuously, this is probably the most effective way of doing it.
    • "Secret" isn't really all that big of a deal. Everyone and their grandma has access to secret information.
    • So, what's your policy on sensitive physical documents? What makes electronic media any different than physical documents?


    • The NSA has a publicly available set of documents on securing and hardening various popular commercial computer operating systems. (hardening WIndows NT, hardening Mac OS X, etc.)

      The Windows 2000 document specifically instructs security engineers on disabling USB storage drivers.

      Sure, if someone can gain physical access, and attach an external drive with a bootable OS, it's owned. But casual insertion of a USB thumb drive on a secured system won't work if it's been properly secured.
    • I work in Information Security for a Fortune 5 company, and we have banned the use of all removable media for just this reason, it has a tendency to travel.

      So now nobody copies your data, but nobody wants to either, because you've driven away all the talented workers?

  • What? They're repurchasing them? (Score:4, Insightful)

    by Keyslapper ( 852034 ) on Friday April 14, 2006 @04:19PM (#15132369)
    Fox News is reporting the sold storage units are being repurchased by the military as they can find them

    Why the hell are they repurchasing their own porperty?

    Isn't that going to turn theft of military equipment and information into a whole economy?

    Don't get me wrong, I don't think we should be there in the first place (IMHO, what little real benefit either the US or Iraq could ever hope to gain is nowhere near worth the lives of all those that have died), but if some bastard swipes my laptop, and I find out where it is, the last damn thing I'm going to do is buy it back. I don't care if the guy holding it is the one who stole it or not, he's not getting a nickle for something that's mine.
    • Why the hell are they repurchasing their own porperty?

      Isn't that going to turn theft of military equipment and information into a whole economy?

      Well, if they can get to them fast enough, they might be able to prevent secrets from getting out. Offering a reward to get them back makes a certain amount of sense in that context. If the value of the secrets outweighs the cost in money and risk...

      Perhaps they are counting on increased vigilance and revised procedures to keep more drives from getting lifted.

    • >Don't get me wrong, I don't think we should be there in the first place (IMHO, what little real benefit either the US or Iraq could ever hope to gain is nowhere near worth the lives of all those that have died), but if some bastard swipes my laptop, and I find out where it is, the last damn thing I'm going to do is buy it back. I don't care if the guy holding it is the one who stole it or not, he's not getting a nickle for something that's mine.

      Of course, we're talking about Afghanistan, not Iraq, here

  • It's Ok, really. (Score:3, Funny)

    by TiggertheMad ( 556308 ) on Friday April 14, 2006 @04:31PM (#15132453) Journal
    From TFA:

    ..Some drives bought by the reporters contained material marked secret..

    Hey, this is ok, as President Jr. decided to declassify the data and sell the drives to make a few bucks for a whitehouse kegger.

    Badum-BUM! Hey, I'll be here all week...
  • No seriously. I heard this word used yesterday in the news and I know what a hard drive is, and a jump drive, I know what memory (RAM) is, but I don't know what a "computer memory drives" is. Is it just a way of saying hard drive?

  • it's not the first time. (Score:5, Interesting)

    by jerky42 ( 264624 ) on Friday April 14, 2006 @04:46PM (#15132556)
    Back a few years ago, I was wandering around a flea market in a 3rd world country. This country had a US base in it that was destroyed by a natural disaster some years before. As I wandered past a stall with some ancient electronics in it, I happened to notice a new-looking KY-58 radio sitting there.
    For those that don't know, a KY-58 is a secure voice radio that is still in use today in some USAF aircraft. It cost about $50,000 new.
    Amazed by this, I asked the guy if it worked. He said "Sure, I just had it hooked up." I said, "how much?" He said, "100 US$". I said "Show me, and I'll buy it." He tried valiantly to hook it up, but the custom power plug, and the fact that it ran on 28v DC and 400 Hz AC defeated him, so I gave him $50 for it, and flew back home, and turned it in to the Air Force Office of Special Investigations. They said "Thanks", and I never got my $50 back.

  • So... (Score:1, Funny)

    by Anonymous Coward
    ...which oxymoron is responsible for this? Military Intelligence or Military Security?

  • Read Between the Lines Here (Score:3, Insightful)

    by popo ( 107611 ) on Friday April 14, 2006 @05:00PM (#15132643) Homepage
    What I find amazing about this is that these drives weren't smuggled for intelligence purposes. If they had been, they'd be in some room full of other gathered/stolen data files somewhere in Fallujah. ...But these drives are for sale in stores. This speaks volumes about the motivation of the thieves. ...and its more evidence that what we're really fighting is a symptom of poverty.

  • here is Google's link to the same article [google.com] in 292 newspapers that do not require a subscription.

  • Of the time when a journalist accidentally purchased al-Qaeda hard drives on the black market.

    If you haven't read the story [theatlantic.com] yet, read it. It's absolutely fascinating to look and see what's on the enemy's mind.

    • The American position obliged Muslims to force the Americans out of the arena first to enable them to focus on their Jewish enemy. Why are the Americans fighting a battle on behalf of the Jews? Why do they sacrifice their sons and interests for them?

      Someone who doesn't understand giving aid to one's allies (For whatever reasons, I don't think any of us believe they're altruistic but anyway) is someone who just can't be reasoned with or expected to act in a logical manner. Gotta wonder what was on the

  • If ever there was a need for a Kabul portal of Craigslist, this is it.

    Can you imagine the Rants and Raves section??

Slashdot Top Deals

"I may kid around about drugs, but really, I take them seriously." - Doctor Graper

Close