Feds Lose Laptop Containing Sensitive Data

Status
Not open for further replies.

elk2370bruce

Member
Joined
Dec 19, 2002
Messages
2,052
Location
East Brunswick, NJ
Feds seem far too lax with protecting their laptops. This foul-up seems to show up more and more frequently in the news. What has happened to personal accountability and common sense?
 

AZScanner

Member
Joined
Dec 19, 2002
Messages
3,352
Location
Somewhere in this room. Right now, you're very col
elk2370bruce said:
Feds seem far too lax with protecting their laptops. This foul-up seems to show up more and more frequently in the news. What has happened to personal accountability and common sense?
Whatever happened to encryption?

My work laptop has PGP Desktop disk encryption - you have to put in the right password before it will even boot. If you put in the wrong password, it's unable to read the disk, resulting in a nice paperweight for the thief's trouble. It's completely seamless too, other than having to put in a password to fire up the laptop, you never even know it's there. Even if someone pulled the drive out of the computer and plugged it into another one, you can't read whats on the disk without my password.

It's a shame that the feds can't seem to figure out how to use this simple off-the-shelf product.

-AZ
 

iMONITOR

Member
Premium Subscriber
Joined
Sep 20, 2006
Messages
7,060
Location
MACOMB, MI.
Having worked in corporate IT for many years, it was standard procedure to keep sensitive data on protected servers, with the servers in protected environments, using laptops/desktops more like smart terminals to access that data. In many cases you could store screen prints of individual records when necessary, but never an entire database (if the data was sensitive/competitive).

If sensitive data needs to be stored on a local hard drive, why aren't they using strong encryption? It's very inexpensive, and effective. You would even think they'd have some type of self-destruct mechanism if the wrong password was entered more than a few times.
 

AZScanner

Member
Joined
Dec 19, 2002
Messages
3,352
Location
Somewhere in this room. Right now, you're very col
GreatLakes said:
Having worked in corporate IT for many years, it was standard procedure to keep sensitive data on protected servers....
Having put in a few years in corporate IT myself, you should also know that most non-it users think there are little gnomes and hamsters in there that make the thing work, and that they have limitless harddrives, bottomless email inboxes and infinite amounts of memory allowing them to have no less than 63 instances of Internet Explorer, Excel, Outlook and Word all running at once. And then... AND THEN... they ***** about how slow their PC is! AAAAARGH!!!! These same users also look at the words "Standard Procedure" and for some unknown reason their brains will inevitably append "Doesn't Apply to Me" to them. This is especially true of management types who, if given the opportunity, will someday spill an ENTIRE 32 ounce cup of coffee into their laptop and actually have to think about this question: "Should I call the helpdesk or just let it dry and see what happens?" Hmmmmm... a puzzler to be sure.

Now... having also spent some time working in government contract related IT work, I can also tell you that the 32 ounce cup of coffee wielding VP of Human Resources is 1000% more PC literate than any non IT government worker. As such, I think we have little to worry about... the "stolen laptop" is probably safe and sound in the office refrigerator, where it was placed and promptly forgotten about, after someone thoughtfully pondered if would run faster at a cooler temperature - and decided to see.

Thank you, thank you... I'll be here all week. :D
-AZ
 

ScanDaBands

Completely Banned for the Greater Good
Banned
Joined
Jan 21, 2005
Messages
0
Location
State Line
ah they shouldn't worry at all some crackhead traded it for a "rock" ............dumb butt that got it from them is most likely so numb he (or she) hasn't got a clue...............they probably think NIH means Need Instant Hit..........:lol:
 

jhooten

Member
Joined
Mar 6, 2004
Messages
1,381
Location
Paige, Republic of Texas
AZScanner said:
Whatever happened to encryption?

It's a shame that the feds can't seem to figure out how to use this simple off-the-shelf product.

-AZ
Different product same result. Different agencies have different policies. I have to have authorization from the Facility CEO to take my notebook of the grounds just because it has the syskey for the TRS on it.

BTW, If I should let it get away from me the range of disipline is reprimand to removal(that means You're Fired). I damn near chain the thing to my wrist if it leaves the grounds.
 

LEH

Member
Premium Subscriber
Joined
Jan 23, 2003
Messages
1,416
Location
Yorktown, Virginia
The fact is that sensitive information was stored on a laptop and the laptop was in a situation

1. Where it could be stolen
2. And the data contained on it was not properly protected.

This from the same government that will not allow web meeting software to be used on government systems. Is becoming more and more restrictive on who can access their .gov and .mil sites. Has spent untold millions to secure thier internal computer systems with Computer Access Card (CAC) technolgy. Will not allow 'uninspected' drives (thumb drives or protable USB drives) to be attached to a govenment computer.

Uncle is again having a difficult time determining which cheeks it is supposed to sit on and which it is supposed to talk out of.

As a retired Veteran and former security custodian, I am getting tired of this. I was miffed (and concerned) when the VA lost a computer with my (and several other thousand) social security numbers on it. I was aghast when a SENIOR official took a laptop to his private residence that contained classified information, it was stolen and nothing done to the official (I would not have retired had it been me, I'd still be in jail).

Policy and accountablity don't apply. It is time we set some examples.
 

RC54730

Member
Joined
Feb 25, 2008
Messages
3
LEH said:
The fact is that sensitive information was stored on a laptop and the laptop was in a situation

1. Where it could be stolen
2. And the data contained on it was not properly protected.

This from the same government that will not allow web meeting software to be used on government systems. Is becoming more and more restrictive on who can access their .gov and .mil sites. Has spent untold millions to secure thier internal computer systems with Computer Access Card (CAC) technolgy. Will not allow 'uninspected' drives (thumb drives or protable USB drives) to be attached to a govenment computer.

Uncle is again having a difficult time determining which cheeks it is supposed to sit on and which it is supposed to talk out of.

As a retired Veteran and former security custodian, I am getting tired of this. I was miffed (and concerned) when the VA lost a computer with my (and several other thousand) social security numbers on it. I was aghast when a SENIOR official took a laptop to his private residence that contained classified information, it was stolen and nothing done to the official (I would not have retired had it been me, I'd still be in jail).

Policy and accountablity don't apply. It is time we set some examples.
LOL. Yep - you've got it exactly right. You'd have to be insane to work in the intelligence or defense business these days; senators leak TS to the press all the time, yet you have to worry about whether or not you left a folder out of a safe when you went home last night.
 
Status
Not open for further replies.
Top