Better get her majesty some new fingerprints.
USB stick found in West London contained Heathrow security data
Detailed security arrangements for London Heathrow airport, including the Queen’s precise route every time she passes through, were found on a USB stick left in a West London street, according to reports. The unencrypted USB stick was found lying under leaves on Ilbert Street, a leafy terrace near the famous Kensal Green …
COMMENTS
-
Monday 30th October 2017 13:04 GMT Anonymous Coward
How as this even possible?
Assuming that the "loser" of the USB drive was the one who complied it, HOW were they able to export sensitive data like this? I am of course taking the re-reported word of the Sunday Mirror, but lets go with that for the time being.
There should be at least two people joining the search for new employment, because there either weren't IT safeguards in place, or they didn't work, or the resulting alerts weren't acted on by management.
-
Monday 30th October 2017 13:09 GMT GruntyMcPugh
Re: How as this even possible?
"Assuming that the "loser" of the USB drive was the one who complied it"
Indeed, or that the USB stick wasn't discarded once it's content had been copied to a laptop by a 3rd party, who was perhaps paranoid the stick could be traced and didn't want it in their possession.
Just because the stick has been returned doesn't mean the security hole is plugged.
-
-
-
Monday 30th October 2017 17:40 GMT Commswonk
Re: How as this even possible?
The fact that a USB stick exists with open documents tells us plenty about that organisation.
Not sure that's either true or fair. It certainly tells us something about one person within the organisation, but finding that person might be easier said than done.
-
-
Monday 30th October 2017 14:49 GMT jmch
Re: How as this even possible?
"Just because the stick has been returned doesn't mean the security hole is plugged."
Completely true, but not only for this case. As per the quote below...
"...had the chance passerby been someone less kindly disposed towards the UK than the finder of the stick, the consequences could have been seriously bad."
... that seems to assume that not only has this particular incident not resulted in a breach, and completely ignores that this is one breach that is known, and potentially there could have been more where the finder of the stick was not so kindly disposed to the UK.
-
Monday 30th October 2017 19:29 GMT Anonymous Coward
Re: How as this even possible?
I met someone at a conference who had conducted a test in his organization. New IT rules had just been published and employees had to sign to say they had read them. This forbade using any external memory or device that had not been supplied or checked by the IT dept. He then placed on the ground outside the main entrance a USB stick with the company logo on it. It contained a small program (disguised as lists of salaries) that sent the IP address of the computer it was attached to*, to a test machine in IT.
He watched the stick to see who picked it up and to check it wasn't picked up by someone other than an employee. Suffice to say most people who picked it up stuck it straight into their work computers and were then summoned for a telling off. Only one person handed the stick into IT and said that they'd found it outside. This self same person then asked if there was a reward for finding it. Another took it home to see what was on it away from the workplace.
*Apparently he'd wanted to put something on there that also flashed the screen red with a message saying IT policy breach flashing in white. HR very sensibly had said no to this because of Epilepsy fears and to spare the miscreant public humiliation.
-
-
Monday 30th October 2017 13:26 GMT Whitter
Re: How as this even possible?
Compare and contrast:
"We ... are confident that Heathrow remains secure".
We have ... launched an internal investigation to understand how this happened”
Leaking security files obtained outwith the controlled distribution list is itself a security risk. Thus until you know how it happened and can verify you've plugged that hole, you cannot declare Heathrow safe.
-
-
Monday 30th October 2017 13:46 GMT CustardGannet
Re: leaves
A fairly high percentage of the UK is covered in leaf litter at the moment, so it's not really that surprising that the stick was found in a pile of them.
(Source : personal experience, from having spent much of yesterday tidying the garden.)
Paris, because she knows about having a tidy garden.
-
Monday 30th October 2017 13:53 GMT Stuart Halliday
Re: How as this even possible?
Absolutely. Doesn't matter how many procedures you make, people will settle down into the lowest state that they can get away with.
If these are IT professionals, they need serious discipline as they are aware of their responsibilities.
Other staff are or will exploit holes in your security and they wouldn't tell you about them.
So, you absolutely must not allow them to do this exporting onto removable storage.
Sure, they'll complain. But with sensitive documents, you don't let them unless they're encrypted.
Any IT professional knows this, so there must be a very serious lack of care at this department and now that's public knowledge.
Not a good position to be in...
-
Tuesday 31st October 2017 13:49 GMT CrazyOldCatMan
Re: How as this even possible?
or the resulting alerts weren't acted on by management.
It was probably managment that lost it:
"PFY - I want you to put all this info on a USB stick for me"
"PFY - I can't read any of it because my Mac doesn't do Bitlocker! Don't encrypt it!"
"PFY - I don't care that it breaches all the policies. I need to read it at home. Do it or get sacked. Oh - and don't tell anyone or you'll get sacked"
-
-
Monday 30th October 2017 13:10 GMT Anonymous Coward
I think the Brits are more sensitive to associating, being able to touch something physically, with "owning" it and it "being safe".
Indications:
- Much later in adopting chrome-books in education than Canada and New Zealand.
- Greater tendency to use CDs and USB-sticks.
- Greater tendency to have powerstruggles against networked storage (and, ironically, also a greater tendency to store company data on private cloud-accounts).
Main surprise is that there are not many more of these discoveries.
-
Monday 30th October 2017 14:26 GMT Anonymous Coward
The UK is not exactly built to embrace cloud technologies like other more technically developed countries, our broadband infrastructure expensive at the good end and piss poor at best at the affordable end compared to most of the world (US and Australia aside). Maybe project loon could hover over the UK and get us in to the new age of fastness.
-
Monday 30th October 2017 17:23 GMT John Lilburne
Why would you give your data over to some cloudy thing. Doing so leaves you vulnerable to a having the cloudy thing shuttered at any time. Ask those that used Yahoo Photos, or a whole bunch of Google apps. Yeah use them as another form of backup but keep your data elsewhere and don't be dumb enough to expose yourself to the risks of being suckered into relying on some cloudy API
-
-
-
-
Monday 30th October 2017 19:50 GMT JimboSmith
Re: “Heathrow remains secure”
“Heathrow remains secure”
"England prevails"
"
Olympus,London has fallen."London Has Fallen
That was the second worst film I've ever seen
Olympus Has Fallen
was the first.
I started pointing out to my long suffering friend the things they had done in the film to make the assault on the White House easier etc. I was told to detail them later as she was trying to enjoy the film. When we came out of the cinema and I listed them off she said up until I'd pointed these things out she'd thought it was an okay film. She then agreed that the thing was a pile of crap.
"A bit like doing a movie about a bank heist. To make the writers and producers lives easier there being no alarm and the vault doors are made of wood and left open anyway etc."
-
Tuesday 31st October 2017 13:54 GMT CrazyOldCatMan
Re: “Heathrow remains secure”
I started pointing out to my long suffering friend the things they had done in the film to make the assault on the White House easier
I do something akin to that with my wife (in my case, it's pointing out all the anachronisms in supposedly historical films).
She won't now go to watch supposedly historical films with me..
-
-
-
-
Monday 30th October 2017 14:51 GMT Flocke Kroes
Library computers can be handy ...
... for examining suspicious USB sticks. Apparently the finder in today's story spoke to journalists. Either this is a very brave man or someone with appalling opsec. I would go with the traditional written statement made from words cut from a newspaper - probably quicker than putting together a disguise and sufficient false ID to get access to a library far from home. Right at the top of the list of things not to do is to use your own printer.
-
-
-
Monday 30th October 2017 15:27 GMT Mark 78
Re: Heads should roll at the library as well.
Why should heads roll at the library? The PCs are there for the public to use. The public have to have a way to save files. USB is the most convenient, so you can't disable it.
Instead most Libraries have systems in place using things like Deep Freeze to ensure that each machine is returned to it's default state after every user, which along which A/V software, tends to make Malware an extremely small risk on library PCs.
-
-
-
Monday 30th October 2017 19:43 GMT Cynic_999
Re: Malware spreading via USB stick
"
I wouldn't have known whether there was sensitive material on a stick like that, because I would not plug it into my PC.
"
Just use a live CD to boot into any of the Linux distros and examine the contents of the USB stick on that. You could use any OS that will not auto-run stuff on removable media to list the files, and boot into the live CD only if anything looks interesting.
-
-
Monday 30th October 2017 20:53 GMT Anonymous Coward
"Hmm, I've found this USB stick, lets just plug it into my computer and see what is on it"
What a great untraceable way to start the spread of malware. Just leave some infected USB sticks lying around and wait for them to be plugged in
That's why I always test strange USB drives on someone else's PC.
-