Why is it not mandatory to encrypt sensitive documents. its not rocket science
A British secret agent for the Serious Organised Crime Agency left information on dozens of informers and agents on a bus while working with Colombian customs. Agent T had been moved from the SOCA station in Ecuador to Bogota, where she was to liaise with MI5, MI6, and the US Drug Enforcement Agency. She had downloaded "SOCA's …
What possible reason could she have to obtain all that information and put it on a memory stick?
Aside from fact that the system shouldn't allow it, even if it is encrypted, I think it should be investigated whether it really was an accident that it was 'lost'.
But if it turned out that the muppets at the top allowed such information to be downloaded and sold to the drug barons, my guess it wouldn't look too good for them.
"Although the incident happened in April 2006, Agent T has not been sacked and negotiations continue, according The Sunday Times."
Negotiations into what? And don't answer that, for IT would reveal far too much about everything.
And I imagine no one on El Reg is at all surprised by revelation, probably thinking it is just par for the course. After All, Sex, Drugs and Rock and Roll is always only going to be Perfectly Suited to the Perfectly Suitable and downloading crown jewels onto a memory stick is a bit daft and scatterbrained and frankly amateurish.
Please tell us that she is not Blonde?
"the agency was just being set up at the time"... . is simple irrelevant.
Anyone working with information they MUST HAVE KNOWN was a little bit secret, should be independantly able to figure out they should be careful.
Fired for gross misconduct (negligence).
However to follow the banking code in the UK, that would put you in line for a big bonus (loosing 100m).
What's wrong with using an encrypted memory stick - heck even PC World sell them, never mind something really fancy like an Ironkey.
Failing that, two words .... use TrueCrypt. It's free and she could have very easily encrypted the whole stick. Sheesh, even my 11 year old daughter (also quite scatterbrained, bless her) manages this okay.
Pretty clear case of negligence - maybe some jail time would be good as an example to the rest of her colleagues. Either that or having to apologise personally to the families of anyone killed as a result of her gross stupidity.
Where's the 'bring back public flogging' icon when you need it....
The keywords really say it all: amateurish; scatterbrain; etc...
.. and as history shows this does not at all appear to be an incident or feature isolated to the SOCA. No matter what people from other departments would want us to believe. The history of information security "hickups" in UK governmental departments overall speak for themselves. These people show an obvious lack of respect for their own professionalism and for those they ultimately are supposedly serving - us as taxpayers. It is what we who belong outside of that spectacularely self important governmentally financed group of people call ARROGANCE.
"She’s a lovely girl but a bit daft and scatterbrained"
Just the person you want covering your back when the drug cartels are out to get you.
Besides, I always thought the preferred way for spooks to carry sensitive information was to wrap it in a condom and insert it where the sun don’t shine. Even easier now that it’s on USB stick rather than a manila folder.
We trust the biggest secrets our country has to a section of bimbos who loses her handbag on a bus.
I'm more scared of my own government than any terrorist / pig flu / immigrant.
Sorry, Reg. Anonymous posts from now on, and I2P for all internet activity. It's not paranoia any more, it's simple self preservation.
Do you imagine that the cartel with their inroads into the telco network's details don't therefore also have the capacity to "undo" (read bruteforce) the amateur encryption on commercial USB devices? An AS/400 would provide surprisingly capable at such a mundane task.
No, this operative should have been unable to even put such sensitive information onto such a device. Isn't there a reason why, in the past, this would have been stored on off-line systems?
Grrrr. Still it keeps people in jobs mopping up their mistakes. Can I say fuckups?
Absolutely; they wouldn't screw you over by accident; no, sir, they'd betray their entire country and cause hundreds (if not many more) deaths on purpose...or have white male Oxbridge grads like Burgess, Blunt, Philby, McClean and Cairncross been forgotten. Of course, we should completely discount the contributions of, say, people like Violette Szabo or Odette Sansom who were neither male nor Oxbridge. Wanker.
Go back and read amfM's comment (he has a nice XXXlator these days) to see 0101 Pawn Chess's involvement - or to be nicer, her lack of it.
I am the only one sorely tempted to poke it with a stick like it were a patagonian giant slug suddenly conjured into my garden, to see if it is capable of locomotion, never mind ministerial responsibility?
How many more, Government employed dumbasses, losing potentially dangerous/fatal information will it take before steps are taken to stop it happening at all?
Set up a computer security agency that handles all security for every government agency or body. Set up all networks, new and old in the same way with the same, well thought out, security measures in place. Ensure all new setups comply with these strict controls before they are switched on and connected to the network. Make it a highly encrypted network with equally highly encrypted data. Audit ALL systems frequently to ensure nothing is amis, automate even so it can happen. Audit all personnel to the highest degree possible.
If data needs to travel from one person to another, encrypt it and do it over the encrypted network and not via unencrypted and portable data transfer mediums. Or even better remove the ability to remove data from the network via portable devices on all, but a few, tightly controled machines. ONLY allow data to travel this way if there is no safer way of doing it, no matter who the person is that wants the data. NO ONE needs to take names and addresses home of people that can be killed if they are lost.
If any person with restricted data loses said data, sack them and the person/s that allowed them access to the data, with no appeals process, as a warning to everyone else in the same position. I'm reluctant to say 'imprison', cos I'm not a complete bastard, but it's a thought.......
And most importantly, stop employing retards. If you have to employ a retard, to meet diversity quotas, then dont give them anything important that they could lose. Let them play with the train set, in the backroom, instead.
And that's all I have to say about that.
> "She’s a lovely girl but a bit daft and scatterbrained — the sort of person you could imagine forgetting her handbag on a bus.”
Assuming her claims are legitimate (it's not the first time that someone who's been turned would appear as a "lovely" person who's just a bit daft) then why (the f---) was she entrusted with that level of information on an overseas station? Why was she even cleared that high? And why did procedure allow all that sensitive information to be put in one, small, easily-lost device without encryption, being transported by the same person who downloaded it and without independent checks of data safety? Even the method of carriage (in a handbag that could be stolen at any time) is utterly ridiculous. How was that permitted AT ALL?
There should be MANY job losses over this and perhaps worse.
Even I could make a simple to use GUI for truecrypt that a moron could use to set up an encrypted container on any drive.
There is no reason for USB sticks issued by the SS not to have a copy of portable truecrypt on them.
It's so damn simple even that bimbo could do it.
5 clicks of the mouse VS Killing 10 agents.
Whats easier to live with?
I'll get my coat, I hate this country of idiots.
And drive her into the arms of you know who? And they'd treat her right and possibly even let her go back him to do a bit of moling for them.
The only people they sack are whistle-blowers and turncoats like Craig Murray, former ambassador to Uzbekistan, who start kicking up shit about human rights violations and the like. They pose no danger at all. Murray isn't likely to go running to the Uzbeki dictator with valuable information to sell, after all.
(Paris cos she's always losing things :-)
James Adams would have remembered his backpack! Even Bruce Norris (the eternal screwup) or Bethany would not have been that dumb!
(And yes, it is sad a 40yr old IT professional reads teen spy fiction but wotyergunnado?)
This story really has everything, doesn't it? Even using big bad evil IBM hardware to help collate and eliminate enemies. But what I really wanted to comment on was the above line. Sure, any agents listed may have been moved to safety, but what about suspects (a subset of whom are merely that, since they undoubtedly have not been arrested and charged with any crime) and informants? I'll bet pence to pounds that no effort will have been made to inform these people of the risks they have ended up being exposed to because of these Keystone Kops.
Welcome to Due Process 2.0. Please expect some level of bugs until at least Service Pack 3.
There was a story on here not long ago about some geek with no mates - sorry, I mean a Scandinavian IT worker who was careless enough to lose a finger (although I imagine he noticed, unlike the heroine of this story). He replaced the divergent digit with a false finger comtaining a USM memory stick.
I think this should be made mandatory for anyone working for the government who uses my data. Lop off a finger, replace it with a USB stick and graft it back on. Let's see you leave your finger on a train/coach/bus/tram/tube/prostitute's dressing table then, you hopeless bunch of overpaid snooping government fucktards.
It would be trivial to split the data over more than one device, transported seperately, so that no single courier could betray, or lose, the data.
Of course, the more ruthless Human Resources policies of drugs cartels probably give them a better guarantee that the security policies are followed.
The "war on drugs" is lost. All it's doing is creating an artificial monopoly for the drugs cartels and an ever-increasing volume of drugs-fuelled theft (both at the taxpayers' expense), while keeping the street price of drugs high, to the ultimate benefit of the cartels alone. Time for plan B.
Legalize posession of hard drugs, and give them away to anyone who registers as an addict until he decides he wants to cure himself, or dies. Maintain (preferably considerably increase) the penalties for supplying drugs outside the legal framework, to provide some degree of protection against addiction for silly teens. Doing this would put organised crime out of business. Why engage in the risky criminal business of pushing drugs illegally, when your newly created addicts would turn to the state for free supplies of their substance as soon as they needed to? It wouldn't cost the taxpayer much, because the substances themselves are cheap, and there would be a huge saving of policing and insurance costs.
I can't say I like this much, but it's better than plan A, and nothing else seems to offer any solution.
1) Being as described, how come she was anywhere outside the GCHQ building? As pointed out, other heads should roll. We don't want lovely people on these operations, just grim-mouthed anal-retentives :-)
2) Though I generally believe in open government, this loss should not have been published - if the baddies didn't get the stick straight off, they know about it now and have probably laid hands on it by fair means or foul.
What this twat did was nothing short of utterly moronic. Not sure about recommendations of TrueCrypt use - doesn't it require more than bog-standard privileges on windows in order to mount a volume? However there is this USB stick (a touch pricey but the tax-payer's paying / saved cash in long run etc) called IronKey which is hardware encrypted and sealed to prevent chip inspection. Google it, it would seem like a good idea for these civil service muppets.
Even scatterbrained ditzy girls protect their handbags
She must have passed tests, interviews and selections to be in a position of responsibility
Imagine you have access to £100m worth of data, imagine you're offererd £10m to copy it for someone else (these people may even have threatened to kill you and your loved ones unless you deliver), imagine by acting a bit scatterbrained you'd be able to get through the "loss" of this data, after all if you copied the data and just gave it to them, people would know it was deliberate, "losing" all data that the logs said you accessed gives you plausable deniability.
This post has been deleted by its author
I have a USB key which is a True Crypt volume... its not exactly rocket science and I wouldn't dream of storing any secret information on there (even if I had access to some!)
Why wasn't her USB key encrypted to look like an empty key to anyone who found it? Hopefully if her purse was found the money taken and the key and bag discarded. Quite serious mistake really.
Actually, nowadays spooks rarely ever, as in say never, make mistakes. So it is more than likely an elaborately simple plant which netted the Service, £100m. Well done, chaps/ladies, a piece of space cake. That's Peanuts though compared to the Fortunes available for Shaking down in the Money Markets and Banking Sector, for they are Rotten to the Core with Dodgy Funds.
This post has been deleted by its author
'The government plans to spend £2bn for ISPs to intercept details of their customers' emails, VoIP calls, instant messaging and social networking.'
But details of your online chats with leathergoddesses.com will never be left on the back of a bus. Cos you can trust the govt to make sure your private data is secure.
First thing - this bint was on ops, so why the fuck was she carrying around data that was so obviously sensitive. Jesus H Christ on a bike. You can bet these people (the cartels) will have their own counter intel teams and would in all likelyhood be aware of any "liason" officers coming into play. There is just no need to carry data like this around and as a matter of course data like that should nnot be removed from HMG networks\bulidings without being given authorisation\guidance from someone senior who has at least some understanding of intelleigence matters.
But this is the problem; she was probably a fast streamer Civil Servant, doing a short placement, which was obviously fay beyond her intellectual capability. These people don't fuck about; you make a mistake in that game and the consequences are serious and can end up with people getting killed.
The Civil Service seems to think that getting a good degree qualifies you to handle this level of pressure and make snap judgements. How she got through being DV'd without it coming to light that she was educated but devoid of common sense is laughable.
If there is any justice she will be busted down to a lowly AA and sent to some backwater policy divison.
"She had downloaded "SOCA's crown jewels", including details of operations, code names and addresses of informers, onto a memory stick which she had in her handbag"
"The stick contained five years of intelligence on the cocaine trade, as well as details of informants and agents"
Who in their right mind keeps 'secrets' on a network accessible system. Who in their right mind copies this to a USB stick? It's the first thing they teach you at secret agent school
Central and South American drug suppliers seemed to have 2 favoured methods of dealing with informers. The old school favoured the machete. The young turks (or Cubans IIRC) favoured the shock + awe approach with a chain saw.
This lot made the practices of the Provisional IRA look like the Red Cross.
If this is a disinformation exercise to lull people into thinking SOCA staff are a bunch of planks its working. I would point out that it would also make anyone considering turning informer for the UK to think twice before doing so, as they appear to be a bunch of planks.
Mine will be the one with a DVD rip of Glenn Fry's "Smugglers Blues." It's over 25 years old. It could have been written last week.
The article didn't mention whether the data was encrypted. The point is when you're dealing with information that could spell life or death to operatives, it doesn't matter - you have to assume that encryption can and will be broken eventually, especially if there's any chance that the loss was not an accident.
If handling information were treated the same as handling a gun, perhaps this would not have happened. If it were that way, then an individual would be required to undergo extensive practical instruction and testing for every information device they were expected to use in their job, with practical qualification testing and annual re-tests. It would work thus: If the individual doesn't pass the qualification test, or they fail a re-test, then they do not get to handle the information out in the field. Failed the test on encrypting and concealing that memory card? Well, you're suspended from any activity requiring same until you pass the practical.
We used to have a saying: "Fucksticks and bangsticks don't mix." That is, don't hand a weapon to someone you don't trust to handle safely.
Perhaps it's about time handling information was treated like handling weapons.
"If there is any justice she will be busted down to a lowly AA and sent to some backwater policy division"
As it happens I've known a few AA's in a policy division. None of them would be so dumb to leave that sort of information in such a readily accessible form.
It impressive that this bright young thing was smart enough to bag what appears to be *all* of the agencies most cherished info, but not smart enough to realise that taking an unencrypted memory stick to Columbia was a *really* bad idea.
I'm picturing a POETS day departure, a weekend of the milk of amnesia and a cunning plan to catch up on her background reading on the flight or at the hotel.
But perhaps I am being unfair. She is, I'm sure, very very sorry.
Seriously. Kooky English agent bumbles through top secret espionage against evil foreign drug cartels. She's a scatterbrained and useless, but always seems to get away with it cos she such a "lovely girl".
Throw in a roguish, smouldering Latin-American male informer (he's bad, but won over by the love of our heroine) and you have yourself a smash hit. But, oh no! Her scatterbrainness means his identity is revealed on the USB stick! Can she reach him before the drug-cartel's hit men?
Car chases and explosions out in the mean streets of Columbia for the boys, romantic comedy with the irrepressibly agent for the girls. It's the perfect date-flick.
I'd call it "MI5 USB LOL <3"
Several US based bloggers claim that CIA operations are funded largely by drug money, and the CIA has a vested interest in the War on Drugs being as much a failure as the War on Terror(ism). Thus, it is understandable that an alleged 'bimbo' be given charge of the 'secrets'. Note that all the agents were safely moved. The only harm done is that the so-called War on Drugs goes back to square one. while drugs continue to flow, mostly into the United States, without further interference.
Why do they call them "intelligence" agents when they so obviously lack any? I guess she was trained personally by Bob Quick in the latest techniques for revealing covert operations. As a taxpayer, I resent the way it has been brushed under the carpet and she has retained her job. Total incompetence. What do Governement employees have to do to get the sack these days?
Anonymous, but then, they'll let you know who I am anyway!
... I'm not convinced. As is so often the case, there's more to this story. Doesn't anyone else think it's a little convenient that SOCA - an agency with serious identity problems (not to mention purpose problems) - just happened to have a handy bubblehead right there to dump all the blame on?
Maybe they understood that all they needed to do was make her sound dozy enough and the tabloid-reading, every-opinion-straight-from-the-Sun community would be delighted to have the chance to leap in making misogynistic jokes about blondes... And not one of them - well, hardly any - take even a moment to think that maybe things aren't as simple as they seem.
I mean, what information have we actually got here? A shadowy 'Agent T', a secretive organisation, a 'former colleague'... No-one and nothing actually named, of course: so really, the story tells us nothing.
Maybe I'm just gullible, but something makes me wonder what actually happened here. And that same thing makes me suspect that the immediate knee-jerk reaction demonstrated here is simply the reaction someone somewhere wanted.
Or maybe our intelligence services - working as they do for the gods alone know who - really are just as stupid and inept as people are so quick to declare them.
How come this dim brained, useless, stupid female who is a menace to the law / security services , hasn't been booted out.
It seems a female can get away with being a brainless , useless incompetent.
If a man did anything like this he would have charged under the Official Secrets Act.
The females bleat about wanting equality. If they get it they will be worse off than now.
Paris as she is obviously quite bright compared to the above offender .
You're not the only one to harbour conspiracy theories. I'm sure most, if not all, Reg readers have let their minds wander. Frankly, I thought the comments on this story were pleasantly restrained in sticking to the story as presented - quite unusual for Reg readers.
> "Or maybe our intelligence services - working as they do for the gods alone know who ..."
In Western countries, they work only as directed by the elected Government of their respective country. There has never been any doubt about that. On the rare occasions that any individuals get other ideas, we refer to those individuals as "traitors", e.g. Burgess, Philby and MacLean.
Hollywood doesn't always portray it that way, though.
"In Western countries, they work only as directed by the elected Government of their respective country."
Oh, good. If I knew who THEY were working for, I might feel a little better about it...
And @ elderlybloke:
"It seems a female can get away with being a brainless , useless incompetent. If a man did anything like this he would have charged under the Official Secrets Act. The females bleat about wanting equality. If they get it they will be worse off than now."
No, you clicked the wrong link, sir. Google ''Have Your Say' and click on 'Mindless Sexist Dimwits'. I'm sure others of your kind will be delighted to listen to you hold forth on the failings of females for as long as you like - and it'll keep you from stubbing your toe on the 21st century. Off you go now.