Better get her majesty some new fingerprints.
USB stick found in West London contained Heathrow security data
Detailed security arrangements for London Heathrow airport, including the Queen’s precise route every time she passes through, were found on a USB stick left in a West London street, according to reports. The unencrypted USB stick was found lying under leaves on Ilbert Street, a leafy terrace near the famous Kensal Green …
COMMENTS
-
Monday 30th October 2017 13:04 GMT Anonymous Coward
How as this even possible?
Assuming that the "loser" of the USB drive was the one who complied it, HOW were they able to export sensitive data like this? I am of course taking the re-reported word of the Sunday Mirror, but lets go with that for the time being.
There should be at least two people joining the search for new employment, because there either weren't IT safeguards in place, or they didn't work, or the resulting alerts weren't acted on by management.
-
Monday 30th October 2017 13:09 GMT GruntyMcPugh
Re: How as this even possible?
"Assuming that the "loser" of the USB drive was the one who complied it"
Indeed, or that the USB stick wasn't discarded once it's content had been copied to a laptop by a 3rd party, who was perhaps paranoid the stick could be traced and didn't want it in their possession.
Just because the stick has been returned doesn't mean the security hole is plugged.
-
-
-
Monday 30th October 2017 17:40 GMT Commswonk
Re: How as this even possible?
The fact that a USB stick exists with open documents tells us plenty about that organisation.
Not sure that's either true or fair. It certainly tells us something about one person within the organisation, but finding that person might be easier said than done.
-
-
Monday 30th October 2017 14:49 GMT jmch
Re: How as this even possible?
"Just because the stick has been returned doesn't mean the security hole is plugged."
Completely true, but not only for this case. As per the quote below...
"...had the chance passerby been someone less kindly disposed towards the UK than the finder of the stick, the consequences could have been seriously bad."
... that seems to assume that not only has this particular incident not resulted in a breach, and completely ignores that this is one breach that is known, and potentially there could have been more where the finder of the stick was not so kindly disposed to the UK.
-
Monday 30th October 2017 19:29 GMT Anonymous Coward
Re: How as this even possible?
I met someone at a conference who had conducted a test in his organization. New IT rules had just been published and employees had to sign to say they had read them. This forbade using any external memory or device that had not been supplied or checked by the IT dept. He then placed on the ground outside the main entrance a USB stick with the company logo on it. It contained a small program (disguised as lists of salaries) that sent the IP address of the computer it was attached to*, to a test machine in IT.
He watched the stick to see who picked it up and to check it wasn't picked up by someone other than an employee. Suffice to say most people who picked it up stuck it straight into their work computers and were then summoned for a telling off. Only one person handed the stick into IT and said that they'd found it outside. This self same person then asked if there was a reward for finding it. Another took it home to see what was on it away from the workplace.
*Apparently he'd wanted to put something on there that also flashed the screen red with a message saying IT policy breach flashing in white. HR very sensibly had said no to this because of Epilepsy fears and to spare the miscreant public humiliation.
-
-
Monday 30th October 2017 13:26 GMT Whitter
Re: How as this even possible?
Compare and contrast:
"We ... are confident that Heathrow remains secure".
We have ... launched an internal investigation to understand how this happened”
Leaking security files obtained outwith the controlled distribution list is itself a security risk. Thus until you know how it happened and can verify you've plugged that hole, you cannot declare Heathrow safe.
-
-
Monday 30th October 2017 13:46 GMT CustardGannet
Re: leaves
A fairly high percentage of the UK is covered in leaf litter at the moment, so it's not really that surprising that the stick was found in a pile of them.
(Source : personal experience, from having spent much of yesterday tidying the garden.)
Paris, because she knows about having a tidy garden.
-
Monday 30th October 2017 13:53 GMT Stuart Halliday
Re: How as this even possible?
Absolutely. Doesn't matter how many procedures you make, people will settle down into the lowest state that they can get away with.
If these are IT professionals, they need serious discipline as they are aware of their responsibilities.
Other staff are or will exploit holes in your security and they wouldn't tell you about them.
So, you absolutely must not allow them to do this exporting onto removable storage.
Sure, they'll complain. But with sensitive documents, you don't let them unless they're encrypted.
Any IT professional knows this, so there must be a very serious lack of care at this department and now that's public knowledge.
Not a good position to be in...
-
Tuesday 31st October 2017 13:49 GMT CrazyOldCatMan
Re: How as this even possible?
or the resulting alerts weren't acted on by management.
It was probably managment that lost it:
"PFY - I want you to put all this info on a USB stick for me"
"PFY - I can't read any of it because my Mac doesn't do Bitlocker! Don't encrypt it!"
"PFY - I don't care that it breaches all the policies. I need to read it at home. Do it or get sacked. Oh - and don't tell anyone or you'll get sacked"
-
-
Monday 30th October 2017 13:10 GMT Anonymous Coward
I think the Brits are more sensitive to associating, being able to touch something physically, with "owning" it and it "being safe".
Indications:
- Much later in adopting chrome-books in education than Canada and New Zealand.
- Greater tendency to use CDs and USB-sticks.
- Greater tendency to have powerstruggles against networked storage (and, ironically, also a greater tendency to store company data on private cloud-accounts).
Main surprise is that there are not many more of these discoveries.
-
Monday 30th October 2017 14:26 GMT Anonymous Coward
The UK is not exactly built to embrace cloud technologies like other more technically developed countries, our broadband infrastructure expensive at the good end and piss poor at best at the affordable end compared to most of the world (US and Australia aside). Maybe project loon could hover over the UK and get us in to the new age of fastness.
-
Monday 30th October 2017 17:23 GMT John Lilburne
Why would you give your data over to some cloudy thing. Doing so leaves you vulnerable to a having the cloudy thing shuttered at any time. Ask those that used Yahoo Photos, or a whole bunch of Google apps. Yeah use them as another form of backup but keep your data elsewhere and don't be dumb enough to expose yourself to the risks of being suckered into relying on some cloudy API
-
-
-
-
Monday 30th October 2017 19:50 GMT JimboSmith
Re: “Heathrow remains secure”
“Heathrow remains secure”
"England prevails"
"
Olympus,London has fallen."London Has Fallen
That was the second worst film I've ever seen
Olympus Has Fallen
was the first.
I started pointing out to my long suffering friend the things they had done in the film to make the assault on the White House easier etc. I was told to detail them later as she was trying to enjoy the film. When we came out of the cinema and I listed them off she said up until I'd pointed these things out she'd thought it was an okay film. She then agreed that the thing was a pile of crap.
"A bit like doing a movie about a bank heist. To make the writers and producers lives easier there being no alarm and the vault doors are made of wood and left open anyway etc."
-
Tuesday 31st October 2017 13:54 GMT CrazyOldCatMan
Re: “Heathrow remains secure”
I started pointing out to my long suffering friend the things they had done in the film to make the assault on the White House easier
I do something akin to that with my wife (in my case, it's pointing out all the anachronisms in supposedly historical films).
She won't now go to watch supposedly historical films with me..
-
-
-
-
Monday 30th October 2017 14:51 GMT Flocke Kroes
Library computers can be handy ...
... for examining suspicious USB sticks. Apparently the finder in today's story spoke to journalists. Either this is a very brave man or someone with appalling opsec. I would go with the traditional written statement made from words cut from a newspaper - probably quicker than putting together a disguise and sufficient false ID to get access to a library far from home. Right at the top of the list of things not to do is to use your own printer.
-
-
-
Monday 30th October 2017 15:27 GMT Mark 78
Re: Heads should roll at the library as well.
Why should heads roll at the library? The PCs are there for the public to use. The public have to have a way to save files. USB is the most convenient, so you can't disable it.
Instead most Libraries have systems in place using things like Deep Freeze to ensure that each machine is returned to it's default state after every user, which along which A/V software, tends to make Malware an extremely small risk on library PCs.
-
-
-
Monday 30th October 2017 19:43 GMT Cynic_999
Re: Malware spreading via USB stick
"
I wouldn't have known whether there was sensitive material on a stick like that, because I would not plug it into my PC.
"
Just use a live CD to boot into any of the Linux distros and examine the contents of the USB stick on that. You could use any OS that will not auto-run stuff on removable media to list the files, and boot into the live CD only if anything looks interesting.
-
-
Monday 30th October 2017 20:53 GMT Anonymous Coward
"Hmm, I've found this USB stick, lets just plug it into my computer and see what is on it"
What a great untraceable way to start the spread of malware. Just leave some infected USB sticks lying around and wait for them to be plugged in
That's why I always test strange USB drives on someone else's PC.
-
-
Monday 30th October 2017 13:27 GMT Doctor Syntax
First question they need to settle:
Was this an item lost by someone who should have known better or did the finder stumble on someone's dead-letter drop?
And secondly, if it was the latter, was it smuggled out of an office by someone with access, authorised or otherwise, or was it assembled by someone who hacked into a system or systems that contained it?
-
Monday 30th October 2017 14:37 GMT Prst. V.Jeltz
sounds a bit far fetched to be honest.
I'm not buying this at all . Heathrow Airport? The Queens 'route' ?
"the man found a treasure trove of what appeared to be security-related documents, including routes and timings of security patrols, types of ID needed to access restricted areas, maps of CCTV cameras and otherwise hidden access shafts onto the Heathrow Express railway line that runs under the airport."
Reads like a spy novel. Possibly all that stuff was made up put there to cause panic , or waste police time , or something. fake news . spread terror . Anarchy!! etc.
-
-
Monday 30th October 2017 16:38 GMT Yet Another Anonymous coward
Re: sounds a bit far fetched to be honest.
The Queens 'route' ?
Wouldn't she take the Piccadilly line to Green Park> She could then pick up a Horse to back door of Buck Palace. Alternately she could sell the Crown jewels and get a Heathrow Express ticket.
Now that Uber is out of the picture
-
-
-
-
Monday 30th October 2017 13:38 GMT Anonymous Coward
.. or is it deception?
It could be that this was an attempt to seed some misleading data and see where it would lead. If it's not real, activities and reports would be easy to trace.
It's a bit like seeding fake page URLs in a Skype message so you can spot where Microsoft is monitoring your conversation from by the IP addresses in your 404 log (used to be Microsoft US, then MS Ireland for Europe, nowadays it's usually a local Azure cloud).
-
-
Monday 30th October 2017 16:47 GMT FuzzyWuzzys
As good Samaritan I've picked up abandoned SD cards, USB sticks and I've found mobile phones, I attempt to get them back to their owners and in order to do that I have to look at what's on them for clues as to the owner.
Suppose this USB stick had the whole year's worth of some students notes and they were going frantic about losing them? You find them and hand them back and make someone's day a bit better.
-
-
Monday 30th October 2017 14:32 GMT Anonymous Coward
Re: he took the stick straight to the Sunday Mirror.
Well, that's what he said anyway ????
There are so many things about this story ... where to start ?
1) I am presuming that underlying security protocols are designed to identify the source of leaked documents ? I am of course working from the fact that when I was tasked with implementing document sharing my board insisted that each copy was traceable. (Achieved by imprinting a watermark on each download of a document).
2) Encryption, naturally.
3) All contents and related information must now be considered compromised, and should be immediately revised and reissued.
4) ... Oh I can't be arsed.
Now I'm guessing that (3) isn't happening, which makes me wonder about the provenance of the "leak" in the first place.
Let's put it this way ... through channels that I shouldn't have access to, I can tell El Reggers that no foreign power - not even the Nork Nutters - has expressed any interest in acquiring this data whatsoever (maybe they already had it ?).
So this "story" is a put up job, as my Mum would have said.
-
Monday 30th October 2017 14:25 GMT theN8
No mention of how recent the files are (last modified dates etc.), though there is mention of a superceded ISMS grading convention, and the fact that the contents were in the single-digit GBs - so for all we know, this USB stick could be a few years old and the real-world risk very minimal (if any) - of course, it could also be bang up to date and a major disaster - we just don't know at this point.
-
Monday 30th October 2017 14:32 GMT Paul Mitchell
Don't forget the PHB
Unforunately it's quite possible to have good "no pluggable media" policies implemented directly on top of old working practices and/or equipment. Thus making the job difficult, if not impossible.
Cue the "manager" who orders his minions to just "get it done" because he/she doesn't want to look bad, but doesn't care enough to actually do anything about it....
PS Where's a PHB icon when you need one?
-
Monday 30th October 2017 15:01 GMT FIA
Maybe....
One presumes that whoever did this will shortly be joining the person who found the USB stick on a job hunt.
I wonder if he's still looking? I suspect the 'good deed' came with some kind of 'reward'.... that's how it works when you altruistically hand something in to a Sunday paper rather than the Police, right?
-
Monday 30th October 2017 16:00 GMT Anonymous Coward
already happened
"As for the wider implications, they barely need spelling out: had the chance passerby been someone less kindly disposed towards the UK than the finder of the stick, the consequences could have been seriously bad."
According to another theory, this has in fact already happened
/Douglas Addams
-
Monday 30th October 2017 18:06 GMT Jamie Jones
But when they are, how would we know?
As for the wider implications, they barely need spelling out: had the chance passerby been someone less kindly disposed towards the UK than the finder of the stick, the consequences could have been seriously bad. ®
But what about the other 3 carelessly abandoned USB sticks that were found by people less kindly disposed towards the UK, which are now being examined by "baddies" without our knowledge?
-
Monday 30th October 2017 18:31 GMT Anonymous Coward
Not so sure it was an accident...
The material described sounds too broad ranging to be accidentally stored on the same device. For example: the people who need to know about CCTV are not really the people who need to know about HMQ's route through the airport, nor do they need to know about the extra shafts in the rail line.
So either: the loss is from one of the very small number of people who oversee security at Heathrow and are senior enough to have need-to-know access on all of it, or, the contents of the USB stick were assembled by someone who was deliberately compiling material. In short, espionage.
Furthermore, dropping it in a park a few minutes from a train station, a major highway and various other escape routes looks like a planned event.
I smell spying and a (failed) dead letter drop.
-
Tuesday 31st October 2017 01:38 GMT Chairman of the Bored
Please wake me up and tell me...
...that the documents on the stick are watermarked. Please? Just one unique jsteg?
Once upon a time we had a bad spy problem on this side of the pond. Ames. Got a lot of people killed. Early in his career he left a briefcase of classified material on a train. His management covered up for him rather than hang the bastard ... makes you think a bit about this usb stick, doesn't it?
-
Tuesday 31st October 2017 12:17 GMT sloshnmosh
Malware on USB sticks
"What a great untraceable way to start the spread of malware. Just leave some infected USB sticks lying around and wait for them to be plugged in"
This was (is) a problem with Windows PC's of the past (XP).
"Autorun" function was turned on by default allowing executable code to run on USB install.
Microsoft finally did something about how Windows handles autorun in Vista+.
The infamous Stuxnet worm was said to have spread through the use of a U3 enabled flash drive.
I have a nice collection of U3 enabled Sandisk flash drives that contain a hidden partition with an ISO of various password sniffers and the like which execute on install of an XP machine and sends the results through email.
The newest version of this is the Bad USB where the flashdrive acts as a HID keyboard and can execute code on Windows Vista on up.
-
Wednesday 1st November 2017 11:49 GMT Anonymous Coward
Maybe this is an attack against the Sunday Mirror...
Let's face it. 80%+ of breaches use social engineering, and the whole story just sounds too "nice". Maybe, just maybe, the leafy street is also home to someone quite important, who might have picked it up, seen what was on it, and then taken it into work raising hell about the non-existent breach while causing one themselves. I worry about the bit in the story about Heathrow Security examining the files. Let's hope THEY used a sandpit. I doubt the Mirror did, so that will make interesting reading in a couple of months...