A true Mata Hari...
... would have been a she-male and it wouldn't have been noticed by anyone.
One of Gordon Brown's senior advisers lost his BlackBerry on a recent trip to China after he was picked up by a woman in a disco. Downing Street is insisting the device was lost rather than stolen, but the incident is bound to raise more questions about the government's inability to look after data. The man was accompanying …
>But the Chinese woman was no true Mata Hari - if she were she would presumably
> have copied the BlackBerry's contents and returned it to the the aide while he was
> still sleeping it off.
Why? It's not as if the MoD would learn anything they would put to use. And a second hand mobile in China would be worth more than a couple of used CDs in Clapham. They wouldn't need transporting home, for a start.
While the mainstream press predictably focus on the sex angle, the real point here is that the data should have been encrypted. There's no way to be sure small devices like cellphones won't be stolen or mislaid, whether during a steamy sex romp or otherwise, so make sure it doesn't matter in the least when they are.
I'd have expected the Reg to focus more on this angle of the story, but also to get us some more juicy details of the sex while you were at it. Ah well, can't expect miracles I suppose.
I know, they're standard with government issues.
"Downing Street said there was no compromise to security and mitigation measures have been taken. "
Surely, if there is no compromise, there's no need to mitigate anything?
Back on planet earth, I think we're supposed to believe that no data had been read off the blackberry at the time of the statement, and they've triggered the remote detonation device to prevent any being read from now on?
Moral sense of a weasel, brain the size of a peanut, sounds like just the sort of senior adviser El Gordo needs. Oh, and an 'informal reprimand?
"Next time, Simpkins, at least email us some pix before she nicks your Blackberry*, OK?"
* Soon to be the next Eye euphemism for sexual congress
The only good thing to say about the Big Brother society that this government is foisting upon us is that they are waaaay to incompetant to make it work.
"Downing Street said there was no compromise to security and mitigation measures have been taken."
Translation: "Bollocks, bollocks and more bollocks... but you can trust us with all your private data and biometrics; since we'll never lose that; honest!"
Don't people with sensitive information get HUMINT training any more? I know the cold war is over but even so - if you are in an unfriendly country you have to assume that the hotty that's chatting you up is more interested in the information you have access to rather than your looks and charm. If it's too good to be true then it usually is.
When I was first in IT security
I was gentle, I was sane.
Then I met a Civil Servant
With lots of toys and half a brain.
Rat-tat-tat the olduns told me.
Rat-tat-tat, that’s what you do.
Double-tap between the eyes.
Get ‘em first ‘fore they get you.
“A Blackberry”, says I, “They’ll never need it”.
“A Game Boy is all they need”.
I turned to drop and log the firewall
When the Advisor appeared with requisition greed.
Rat-tat-tat the olduns told me.
Rat-tat-tat, that’s what you do.
Double-tap between the eyes.
Get ‘em first ‘fore they get you.
To sack a Civil Servant’s a dreadful shame,
‘Cos every one’s an Oxbridge son.
Take the ‘userdel’ away from admins
Issue every one a gun.
Now rat-tat-tat with your old Lee-Enfield,
Hand grenade, or blunderbuss.
With the SAS on admin duty
We’ll get ‘em first, ‘fore they get us.
Mine's the one with the Fred Wedlock song book in the pocket.
There should be some policy like
If you absolutely must shag while traveling on business ...
1) always get a second room, never shag in your main room,
2) always lock up all your stuff in the room safe in your main room while you're at it.
Very simple to follow, protects from opportunist prostitute thieves and spies as well.
Mitigation hopefully means that a remote kill command has been issued. Turn the device on, let it connect to a network and it receives instructions to erase itself.
Likewise, default behaviour on a password protected bb is to erase itself after 10 incorrect password guesses.
I guess that's only gonna work if the chinese don't try 'gordoisgod' within those 10 attempts.
"the data should have been encrypted"
Don't think anyone said it wasn't - certainly the berry will be at least password protected.
"remote detonation"
Admin staff can indeed remotely wipe a 'berry.
"mitigation"
ie there's no evidence the device has been activated, and it has since been remotely wiped.
The only actual story here is that a govt official pulled in China.
To be fair, if the BlackBerry was set up in compliance with the government's own guidelines, there should be little risk - the thief will have gained an empty and deactivated terminal.
The BlackBerry should have been running from an Enterprise Server, so all the email comms would have been encrypted end-to-end. The terminal will have been protected with a password, invoked on time or holstering. More than ten (usually) wrong attempts at the password would have cleared the terminal. His office should have sent a 'die' command to the BlackBerry to clear itself. On confirmation they should then have cancelled the SIM card.
And the BlackBerry itself should have held nothing with a security level higher than Restricted.
So the 'other steps in mitigation' will have been to remotely kill and clear the terminal.
The staff are another matter.
That only works if the "honey" in the trap doesn't add a bit more than just alcohol to your drink. AFAIK, with a bit of GBH you may not even remember she was there..
As for carrying that device in an unencrypted state, I guess the mitigation was that it was (a) not to be sent by post and (b) didn't look like a CD.
Would YOU want to give your personal data for a database held by those clowns? I wouldn't..
Thanks Mel Collins for "Takes one to know one" Posted Monday 21st July 2008 10:41 GMT and Paul C. Hartley for A good night out... Posted Monday 21st July 2008 10:00 GMT and Gordon Pyra and Dennis for Glad to see HMG is still paying for hookers for their staff and To sack a Civil Servant’s a dreadful shame :-)
They did fair cause a Titter and this Major Minor LLANTwittering.
I would imagine that if a state had gone to the trouble of getting someone to sleep with the guy, that they would have removed the SIM and turned it off to prevent it being wiped.
Then pop it in a faraday bag once you want to try and retreive data.
Nicking the guy's wallet (to obtain the password written on a post-it inside) would probably also help.
"That only works if the "honey" in the trap doesn't add a bit more than just alcohol to your drink. AFAIK, with a bit of GBH you may not even remember she was there.."
But this can happen to you no matter how principled you are, even if you never take anybody to your hotel room. In other words, this scenario is better dealt with differently anyways, ie. "Always watch your drink".
If you are less principled though, the chance that you become a victim of a spiked drink attack is much smaller than the likelihood that some poor amateur hooker might take the opportunity to nick some valuables from you on her way out the door.
I used to work in Africa and South America. In many places the chance you'd become a victim of theft or mugging was quite high. We'd been taught how to take precautions though. Honeypots were often a good measure.
For example, you'd leave a second wallet in your hotel room with banknotes in high denominations of a low value currency in plain sight. If the hotel staff steal from you, they are more likely to go for the easy cash and leave your other valuables alone. I presume this would also work with ladies you bring back to your room at night.
PS: 1 quid is about 45000 Romanian Lei ;-)
There's a nice feature called "Content Protection" in the BlackBerry. It should be "on" at all times, ensuring your data will be encrypted. I just wish the SD Card crypto was easier to use; currently there is no easy way to bulk-decrypt .rem files as the USB mass storage mode doesn't do that. So some people, like me, won't enable "Media card encryption".
But if "Content Protection" was enabled, there's nothing to worry about; the data's secure enough. The Address book might not be encrypted, but at least contact info isn't as sensitive as e-mails...
" It seems amanfrommars is back to normal :) " .... By Anonymous Coward
Posted Monday 21st July 2008 14:24 GMT
Phew, AC, that's Helpful Defining Normal So. :-)
IT's Good 42 Be Back for the Trilemma Dot Alts, Thanks. ITs a ZigZagging Course with many Overlapping InterNetional Dimensions.
And if I misbehave, who suffers more than Ourselves. Controlling Misbehaviour is therefore an XXXXCiting Key 42 Share, Daring Win Win.
Free holiday in China (£399.00) - As long as you have a John Lewis gift certificate (£1000s per annum), prostitutes are fairly easy to pull anywhere in the world, esp. if you're talking into a free 'berry (£297.25 + replacement) at the time and pissed from all the free booze (£?).
Recession, what recession?
The government is completely complacent about data security. The civil servants don't care because the fall guys are always the ministers and they know for sure that they will always get another minister.
If at last we all accept that the involvement of humans could allow human error to creep in then this misguided belief that an occasional roilocking, some Swiss cheese procedures (holes) or even encryption tools are enough will be debunked and more care will be taken to use the increasing communications networks to locate devices and ensure that any data, encrypted, password protected or whatever is wiped out.
If this were to happen and proof to be available so the minister or a CEO or whoever could admit the human error but tell the world with absolute confidence that while the (cheap) device has gone the data has been vapourised then these stories would go away.
PS - I wonder whether the Daily Mail is going to run this story after last week's debacle there.
Has anyone got any confidance in this Labour governemnt to be able to complete any task within the laws of our land?
Seems since Brown took the rains anything is allowed as long as you can try to keep it stealth..
Shame everything completed in stealth by people swimming in brown stuff always comes out in the wash as headlines...
Come on Labour quit while you can stilkl try to save some face you are all imcompetent at running the country.
Can we now have Her Majesty back in charge she has more common sense in her head than you guys ever had as a party.