back to article Is it a bird? Is it a plane? No, it's a terrible leak of drone buyers' data

A popular drone dealership website left its entire transaction database exposed online with no encryption at all, revealing a host of purchases by thousands of police, military, government and private customers. The DronesForLess.co.uk site was left wide open by its operators, who failed to protect critical parts of its web …

  1. Anonymous Coward
    Anonymous Coward

    "* for less" security

    The never said what "for less" meant. If you're far cheaper than most competitors, money has to come from somewhere...

  2. Zog_but_not_the_first
    Trollface

    Still reeling...

    That "DronesForLess" is a thing.

    1. Prst. V.Jeltz Silver badge

      Re: Still reeling...

      I find it encouraging that the Police and Military are buying their drones from "drones4less" rather than ReassuringlyExpensiveDronesWhoCaresItsNotMyMoney.com

      1. MyffyW Silver badge

        Re: Still reeling...

        No ... I think they are still buying from EnormoCorp, just filling the gaps in coverage with some privateering efforts. God bless them, public money doesn't waste itself....

  3. GnuTzu
    Black Helicopters

    Possible Intelligence Value

    Keep this up, and we could start seeing purchases for black projects.

  4. K

    I almost brought my drone from them, but thankfully I couldn't be arsed to wait, so the same day i went to Argos and got fleeced for an extra £350.

    But now my wife can eat her words... there are benefits to my impulsive purchases and patience does not always pay off!

    1. Stevie

      But now my wife can eat her words.

      Why? Are you planning on telling her you nearly had your credit card displayed flanges-out for all to see, or is the "extra 350 quids" the bit you are proud of?

      'Cause both would run the risk of making you the target of some ballistic iron kitchenware in my neck o' the woods.

      It just occurred to me that one million people a week could avail themselves of an ASDA drone instead of the cheaper Canadian Haxxor Invitational product thanks to Brexit. I wonder if there's a form one can fill in to gain access to the dosh?

      1. werdsmith Silver badge

        Re: But now my wife can eat her words.

        I have one, unknown brand that I got for £13, directly from one of the giant Chinese sellers. Took 11 weeks to arrive and it's confounded me how good it is, is loaded with all the tricks, has a camera (OK only 720p), folds up like a Mavic and virtually flies itself.

        How can any of these companies compete with that?

      2. John Brown (no body) Silver badge

        Re: But now my wife can eat her words.

        "an ASDA drone instead of the cheaper Canadian Haxxor Invitational product thanks to Brexit."

        Is that same ASDA owned by Walmart and signed on the stores as "ASDA, part of the Walmart Family"?

        1. MyffyW Silver badge

          In my experience...

          I was very disappointed with a recent £15 drone purchase when I found that not only had it not shipped with AGM-114 Hellfire missiles, but the chances of my Lithium-Ion powered drone lifting said ordnance was non-existent.

          Full credit to Argos, they were very good at reimbursing me the money, although I did get an odd look from the deputy manager.

    2. Prst. V.Jeltz Silver badge
      Headmaster

      I almost brought my drone from them

      BOUGHT! dagnammit!

  5. Stevie

    Bah!

    So, by "north American" you meant "north-north American" and neglected to mention the fact that he ended every sentence with "eh?", leading me to expect another tale of perfidious yankee perfidy, when what I got was typical Canadian lacksadasical procrastinating around the bush.

    Why so protective of the Canadians Mr Corfield? Eh? Eh? Inquiring minds want to know! Tomorrow is OK. Or Monday, eh?

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      1- Not all Canadians compulsively say "Eh!" at the end of each sentence.

      2- If we believe the Whois info, it would be a Quebecer. They dont say "Hey" in French at each end of sentence, and even less in English.

      1. Stevie

        Re: Not all Canadians compulsively say "Eh!"

        yY'know, I said that when my wife opined the opposite while we were on a plane on our way to visit me mum and dad in Grande Prairie Alberta.

        For the next week EVERYONE who spoke added "eh" to the end of their sentences, including my mum and dad - and they were raised and lived for 60-odd years in the Midlands of the UK. There was no living with my wife after two days. By the end of the trip she was stuck in smugface mode.

        So maybe not *all* Canadians say "eh" but the ones who don't are either part of a statistically insignificant sample or are speaking French, in which case they probably say "hien".

        1. Jeffrey Nonken

          Re: Not all Canadians compulsively say "Eh!"

          I've known several Canadians, still know a few, and none of them end every sentence with "eh".

          Canada is a pretty big place. I'll bet if you look hard enough you can find more than one set of speech patterns. You just got unlucky.

          Next time try Saskatoon, you might have better luck. (No guarantees, though. I've never been there, I just have a couple online friends from the area.)

          1. Prst. V.Jeltz Silver badge

            Re: Not all Canadians compulsively say "Eh!"

            Shuddup you hosers

          2. Stevie

            Re: Next time try Saskatoon

            Nice try.

            Went to Saskatoon a few years ago for my niece’s wedding.

            “Eh” city.

            But she took me to The Berry Barn. Big saskatoon (small s) fan, me. I had saskatoon hot wings, saskatoon pie and saskatoon ice-cream, and saskatoon lemonade.

            She is the best niece in the whole world.

  6. Sanctimonious Prick
    Devil

    Who Is In Charge?

    There doesn't appear to be anyone in charge anywhere in the world who is going to do anything about any of this. And it'll just keep on happening.

    Breaches of this nature should be a death blow to the whole business/corporation/government that held personal data on individuals and one way or another made it/had it accessed without authorisation.

    Next we'll hear is all BIG_BANK Australia customers have had all their personal information accessed and used without their authorisation!

    Some seriously big penalties need to be handed out (so I can earn more per hour) to encourage tighter security (yeah, right).

    1. sanmigueelbeer

      Re: Who Is In Charge?

      Breaches of this nature should be a death blow to the whole business/corporation/government

      Human nature dictates that us humans have poor memory. In 2 months time, everyone will forget this ever happened. "This thing will blow over", they would say. And it's true.

  7. Anonymous Coward
    Anonymous Coward

    That sounds like a wonderful honey trap - the Russian Government sets up a front for a piece of hardware and offers it at prices attractive to those beholden to low bidders like governments and military, and collects all kinds of data.

    1. Anonymous Coward
      Anonymous Coward

      Been there, bought that

      "the [foreign] Government sets up a front for a piece of hardware and offers it at prices attractive to those beholden to low bidders like governments and military, and collects all kinds of data."

      In recent years and with different sets of bogeymen involved, the scenario you describe is surely what's been referred to as the "Huawei syndrome", no? Allegedly, but some lobbyists and their governments seemed to claim it was A Thing.

      Long before that, other governments with allegedly very different politics may have been doing similar things too with rather less publicity, at least until the word started to leak out about their activitues.

      1. Anonymous Coward
        Anonymous Coward

        Re: Been there, bought that

        Russians! Now selling us gear!

        Behind JavaScript-monkey-based enterprise system open to all and sundry.

        Is there NOTHING they won't think of?

        We treat the security of our information very seriously. We have asked the company involved to remove any public record of this data and to let all those affected know.

        With Her Majesty's Quantum Mechanics, you can reach back into the past and collapse it into a non-leaked state before the leak can be observed. We call it "Assange's Cat".

  8. Doctor Syntax Silver badge

    Given that list of purchasers is there a chance of starting extradition procedures with charges under the Official Secrets Act?

  9. Frenchie Lad

    Govt Procurement Rules

    So much for UK government procurement rules. Sites / companies should be vetted before allowing cops & spies to leave any details.

    This article fails to highlight this other side of the story which IMHO is even more important as it probably have would prevented this harvesting of govt information.

    1. M7S

      Re: Govt Procurement Rules @ Frenchie lad

      So, are you saying that there should be some kind of marker on cop/spy emails/orders along the lines of "I am a spy, I do not exist. I was never here." so that any webstore knows to treat this data in some special way or voluntarily reject the transaction if the store is not fully vetted (and which no unfriendly country would in any way think useful when setting up a false honeypot/website, Oh no) or just that the rest of us peons don't deserve protection of our information?

      1. SkippyBing

        Re: Govt Procurement Rules @ Frenchie lad

        'So, are you saying that there should be some kind of marker on cop/spy emails/orders along the lines of "I am a spy, I do not exist. I was never here." so that any webstore knows to treat this data in some special way or voluntarily reject the transaction if the store is not fully vetted

        No, what should happen is that you can't spend government money at a non-approved store, i.e. the accounts department won't allow you to. It's a PITA when you're trying to get something simple without filling out a lot of paperwork, but it does avoid this sort of shitstorm.

        1. Prst. V.Jeltz Silver badge

          Re: Govt Procurement Rules @ Frenchie lad

          but it does avoid this sort of shitstorm.

          well , not if your fancy pants extortionately priced "approved" store also spills its guts all over the place ....

        2. Anonymous Coward
          Anonymous Coward

          Re: Govt Procurement Rules @ Frenchie lad

          Which is OK as long as your purchases are limited to paperclips and bulk catering teabags. The minute you want to buy something specialised, or new, or state of the art, or for comparison/testing purposes you need some flexibility. If you don't have that flexibility expect to be royally bent over by the 640$ toilet seat salesman or the £100 to change a light bulb PFI contractors.

  10. Pascal Monett Silver badge

    "let all those affected know"

    I'm sure the spammers will be taking care of that.

  11. John Smith 19 Gold badge
    FAIL

    Less "Drones4Less" than "CreditCardDetails4Less" then

    eh?

    Since this clearly sounds a lot cheaper than doing a deal on some darknet souk of dubious provenance.

  12. Winkypop Silver badge
    Devil

    Damn it!

    I'd better check my latest purchase from "NuclearSubsForLess"

    1. Anonymous Coward
      Anonymous Coward

      Re: Damn it!

      I bought a 3 ton vehicle scissor lift from "Value garage equipment" seems fine so far ... touch wood

    2. MyffyW Silver badge

      Re: Damn it!

      I once allowed a neighbour to park his nuclear submarine in my naval facilities and before I knew it he'd annexed my peninsula.

      [to be played mournfully on a Bandura whilst eating garlic stuffed chicken]

      1. This post has been deleted by its author

      2. .stu

        Re: Damn it!

        Please tell me this is not an euphemism! :(

        1. tmg745

          Re: Damn it!

          Yes, I was thinking along the lines of seamen in naval bases too!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like