backtop


Print 28 comment(s) - last by Xietsu.. on Feb 19 at 1:00 PM

What's worse? The fact that the FBI lost 11 laptops a month for two years, or the fact that it does not even know what was on them

Today the U.S. Department of Justice (DOJ) released a report on an audit that it had been conducting on the FBI for nearly the past six years (PDF). The investigation was started when members of the FBI were made aware that weapons and laptops containing sensitive and classified information had been lost or stolen. The investigation was initially started by the Office of the inspector General (OIG) over the control of weapons and laptop computers with several other government bodies such as the Drug Enforcement Administration (DEA) and the United States Marshal Service (USMS).

Initial data from early audits revealed that the FBI count not account for 317 laptops that were lost, missing or stolen over a 28 month period. Details in the report revealed that the FBI did not report the missing or stolen laptops to the DOJ and that the information on the computers was not entered into the National Crime Information Center (NCIC) database. The report also revealed that people aware of the missing laptops did not report the incidents in a timely manner and investigations were not launched in an attempt to find and retrieve the laptops.

Since 2001, the DOJ's second audit on the FBI reported that 160 laptops were unaccounted for during a 44 month period. This follow-up report concluded that the number of stolen laptops declined while cases for missing laptops increased.

Since the laptops were already gone, the FBI could not determine whether or not the laptops had critically sensitive information on them.

The FBI's security division had very limited information about the missing laptops.  During the 44 month follow up audit, only 8 of the 160 missing notebooks were reported correctly.  The FBI's security division later revealed that some of the laptops contained the following:
  • Software for creating identification badges
  • Information and software used to process surveillance digital imaging
  • Security plans for access control systems
  • Names, addresses and phone numbers of FBI personnel
  • Sensitive but unclassified data
The DOJ report also indicated that the missing laptops occurred over several different FBI divisions, including its counterterrorism division, cyber crime division and counter-intelligence division. According to the report:
We believe that the FBI was lax in adhering to its own policies of reporting the contents of lost or stolen laptop computers. The FBI has to be more diligent in ensuring that it responds appropriately and aggressively to each laptop loss.
While some of the missing laptops were eventually found, the majority of the laptops are still missing today, and there is little hope that they will show up again. In high-security organizations like the FBI, a large number of laptops still go missing or get stolen, which spells trouble for large companies that try to keep an eye on their assets.

In conclusion, the DOJ states:
The FBI failed to give sufficient priority to property management. Periodic inventories of accountable property were not conducted, departing employees did not always return all property that had been issued to them, and the destruction of outdated, damaged, or excessed laptop computers was not adequately documented. Additionally, while the FBI documented the disposal of laptop computers, it did not adequately document that all sensitive or classified information had been sanitized prior to their disposal.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Hahaha!
By Cunthor01 on 2/14/2007 6:32:49 AM , Rating: 5
We've lost Intelligence! I repeat... we have no Intelligence!




RE: Hahaha!
By Chase Tacos on 2/14/2007 8:14:07 AM , Rating: 1
LawlPwn3d.


RE: Hahaha!
By marvdmartian on 2/14/2007 9:11:59 AM , Rating: 2
Yeah......seems "military intelligence" isn't the only one that's an oxymoron, eh?


RE: Hahaha!
By Wagnbat on 2/14/2007 5:57:13 PM , Rating: 2
You'd think an agency specializing in investigations, would be able to investigate it's dissapearing laptops.


RE: Hahaha!
By frobizzle on 2/15/2007 2:03:32 PM , Rating: 3
NEWS FLASH
In order to save money, the FBI will now be purchasing and issuing OLC laptops to all field agents.


Encryption
By Hare on 2/14/2007 3:48:56 PM , Rating: 2
As long as the laptops have had strong encryption it doesn't matter if they were stolen. You can't do anything with the data if it's encrypted. I personally keep all my work etc files on an encrypted partition and if my laptop was stolen I wouldn't really worry about the data itself. It would take millions of years to crack the encryption with brute force.

I'm sure FBI has encryption on computers that could be stolen.




RE: Encryption
By JonB on 2/14/2007 4:03:12 PM , Rating: 2
Are you assuming a level of computer literacy for FBI members that is higher than an average worker in any other business? Encryption makes things harder. Maybe not a lot harder, but enough that they JUST WON'T BOTHER with it.

Perhaps the FBI agents on Numb3rs (a US prime time TV show) would be able to handle it, but you assume too much expertise.


RE: Encryption
By MrDiSante on 2/14/2007 6:46:56 PM , Rating: 2
On top of that you better hope that they don't use the standard WinXP/below encryption because that's quite easily crackable. Just download ~20 gigs of rainbow tables and voila. By what I hear Vista with TPM/USB key stored password hashes sounds like it's more secure, how it actually fares is something we won't know for a few more years.


RE: Encryption
By Hare on 2/15/2007 1:34:48 AM , Rating: 2
quote:
you assume too much expertise.
I don't know a single company that would require their employees to learn how to encrypt their laptops. I'm pretty sure FBI has IT-staff that makes sure peoples laptops are secure and working?

Encrypting stuff is not difficult at all and propably FBI implement it on a hardware level (doesn't really matter). Each time the user logs in with his/her password, fingerprint, keycard or whatever the information accessed is decrypted on the fly. The person using the computer doesn't even know the information is being encrypted/decrypted.

So. If a thief stoles the laptop he can't do anything with the information. Maybe format the damn thing and sell it on ebay. No information leaks, no worries... Unless the thief has a quantum computer, a lot of expertise and otherwise unlimited resources. Maybe than he "could" crack the encryption. (I don't believe the FBI would use a weak encryption).


RE: Encryption
By Boz214 on 2/15/2007 4:56:47 PM , Rating: 2
". If a thief stoles (sic) the laptop he can't do anything with the information. Maybe format the damn thing and sell it on ebay. No information leaks, no worries... Unless the thief has a quantum computer, a lot of expertise and otherwise unlimited resources. Maybe than he "could" crack the encryption. (I don't believe the FBI would use a weak encryption)."

Well, that's assuming the "victim" of the theft doesn't log the thief onto the laptop.
Lookup Richard Hanssen and PROMIS if you don't get my point...


RE: Encryption
By senbassador on 2/14/2007 5:51:12 PM , Rating: 2
what JonB said.

Thats also assuming that none of the keys don't accidentally get copied and stored somewheres and also that none of the decrypted data in RAM doesn't get written to an unencrypted swap file.


RE: Encryption
By yangyoning on 2/16/2007 9:47:38 PM , Rating: 1
No offense, but those things were purchased with part of 'tax' money. Even as secure as it was, they should waste the money shouldn't they?


Pffff... lost....
By glenn8 on 2/14/2007 11:15:19 AM , Rating: 5
Just like the time my brother's friend "lost" his expensive and comfortable office chair and it somehow ended up in my house in front of my computer.




RE: Pffff... lost....
By sdsdv10 on 2/14/2007 7:39:18 PM , Rating: 2
I wanted to mod you up, but the comment was already at 5.
Like Spinal Tap, this one should go to 11...


Software for creating identification badges
By Hakuryu on 2/15/2007 12:17:58 PM , Rating: 3
... stored on a laptop? Doesn't this seem like the last place you would ever put this type of software on? I would think only 1-2 computers in an entire FBI building would have this capability, and especially not laptops.

Federal Bureau of Incompetence?





By Xietsu on 2/19/2007 1:00:42 PM , Rating: 2
The condition of the agencies associated with one of the world's "Super Powers", the majority of us hailing from such, can not be seen as a figment reminiscient than little more than some piddly, exterior facade of a display. With less than enough morose, this is actually not the case -- it is an organization with every-day incorporation toward those who pursue abberation against American foundation. Should this stand to be some aggrandized iteration of the media, retraction would be suited; however, irrespective of that, such mentations are to, assuredly, hold.

How a government (let alone the U.S. of course) is possessing of an aptitude expressing such a degree of form is seriously dumbfounding. A most noted contemplation in this regard would definitely be the accuracy and level to which the origin of this article can be found to garner acuity in gathering -- how sure can they really be these computers had equipment to process FBI IDs? Was it not said earlier in the article that they weren't even knowing of the laptops' contents?

The aforementioned would obviously require obligation before moving to handle such a scenario properly. For one, the actual situation in relation to the portables security doesn't seem to be known to us, and on top of that, any action taken by administrators also remains in such a bound. Logically, there are many things that ought be done from a standpoint with the conception that this is "the status quo" as presented. Let's just hope some of these paths have been taken.


well
By sprockkets on 2/14/2007 10:59:35 AM , Rating: 2
when you have an unlimited amount of money to waste, and it is not your money, why care?




RE: well
By Xenoid on 2/15/2007 3:57:15 PM , Rating: 2
Very true. It's not like any elected US government is going to slash military, cia, dea, or fbi funding. nasa on the other hand is clearly the anti-christ.


Why not install a recovery system?
By bravacentauri83 on 2/14/2007 1:16:25 PM , Rating: 2
Install something like Lo-Jack to the laptops.




By Mitch101 on 2/14/2007 5:48:16 PM , Rating: 2
I recall reading someone had a security program on thier laptop and when the device was stolen and plugged into the internet it reported back to a location which allowed them to track the stolen device down.

Now why cant the FBI have that put into hardware where it reports back to a specific location? If its every stolen and put into the wild it will trace back to a central location and then the FBI can trace the IP location back to someone who stole it or someone who bought it from the guy who stole it.

Either way I hope for what the FBI probably spends for a laptop that they would at least have a clue? But then they cant find a osama bin laden on a camel in the middle east either. Goes to show you there are stupid people in every profession.


How...
By PWNettle on 2/14/2007 12:27:11 PM , Rating: 2
...exactly does one "lose" their laptop? I could see it happening on exceptionally rare occasions if you're a complete idiot, but not hundreds of times. I suspect some of these FBI folks have taken their laptops home for personal use and have claimed to have "lost" them.

Kinda sad for an agency that is largely based around accounting to not be able to keep track of their own inventory.




RE: How...
By Samus on 2/14/2007 12:47:01 PM , Rating: 1
step 1) format c:
step 2) remove FBI stickers and badges
step 3) make her open the box...err, declair it stolen and you have a new personal laptop!


No more laptops
By nutxo on 2/14/2007 1:21:58 PM , Rating: 2
Its become fairly obvious that laptops are a huge security risk. I think it's time for these people to go back to desktops.




Money makers
By verndewd on 2/14/2007 6:27:25 PM , Rating: 2
Thats what these laptops are.How many organized crime factions are privy to government documents now?This thing needs to go postal and heads need to roll.

I would look into finances of everyone who lost a laptop,and monitor their activities,while digging up where they were at the time of loss.All employees who lost a laptop would be suspended with pay until facts were recovered.And Gps would be a mandatory fixture on all currently held laptops.

This reeks of payoffs from organized crime.




"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki