backtop

Print E-mail del.icio.us 28 comment(s) - last by Xietsu.. on Feb 19 at 1:00 PM
What's worse? The fact that the FBI lost 11 laptops a month for two years, or the fact that it does not even know what was on them

Today the U.S. Department of Justice (DOJ) released a report on an audit that it had been conducting on the FBI for nearly the past six years (PDF). The investigation was started when members of the FBI were made aware that weapons and laptops containing sensitive and classified information had been lost or stolen. The investigation was initially started by the Office of the inspector General (OIG) over the control of weapons and laptop computers with several other government bodies such as the Drug Enforcement Administration (DEA) and the United States Marshal Service (USMS).

Initial data from early audits revealed that the FBI count not account for 317 laptops that were lost, missing or stolen over a 28 month period. Details in the report revealed that the FBI did not report the missing or stolen laptops to the DOJ and that the information on the computers was not entered into the National Crime Information Center (NCIC) database. The report also revealed that people aware of the missing laptops did not report the incidents in a timely manner and investigations were not launched in an attempt to find and retrieve the laptops.

Since 2001, the DOJ's second audit on the FBI reported that 160 laptops were unaccounted for during a 44 month period. This follow-up report concluded that the number of stolen laptops declined while cases for missing laptops increased.

Since the laptops were already gone, the FBI could not determine whether or not the laptops had critically sensitive information on them.

The FBI's security division had very limited information about the missing laptops.  During the 44 month follow up audit, only 8 of the 160 missing notebooks were reported correctly.  The FBI's security division later revealed that some of the laptops contained the following:
  • Software for creating identification badges
  • Information and software used to process surveillance digital imaging
  • Security plans for access control systems
  • Names, addresses and phone numbers of FBI personnel
  • Sensitive but unclassified data
The DOJ report also indicated that the missing laptops occurred over several different FBI divisions, including its counterterrorism division, cyber crime division and counter-intelligence division. According to the report:
We believe that the FBI was lax in adhering to its own policies of reporting the contents of lost or stolen laptop computers. The FBI has to be more diligent in ensuring that it responds appropriately and aggressively to each laptop loss.
While some of the missing laptops were eventually found, the majority of the laptops are still missing today, and there is little hope that they will show up again. In high-security organizations like the FBI, a large number of laptops still go missing or get stolen, which spells trouble for large companies that try to keep an eye on their assets.

In conclusion, the DOJ states:
The FBI failed to give sufficient priority to property management. Periodic inventories of accountable property were not conducted, departing employees did not always return all property that had been issued to them, and the destruction of outdated, damaged, or excessed laptop computers was not adequately documented. Additionally, while the FBI documented the disposal of laptop computers, it did not adequately document that all sensitive or classified information had been sanitized prior to their disposal.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Hahaha!
By Cunthor01 on 2/14/2007 6:32:49 AM , Rating: 5
We've lost Intelligence! I repeat... we have no Intelligence!




RE: Hahaha!
By Chase Tacos on 2/14/2007 8:14:07 AM , Rating: 1
LawlPwn3d.


RE: Hahaha!
By marvdmartian on 2/14/2007 9:11:59 AM , Rating: 2
Yeah......seems "military intelligence" isn't the only one that's an oxymoron, eh?


RE: Hahaha!
By Wagnbat on 2/14/2007 5:57:13 PM , Rating: 2
You'd think an agency specializing in investigations, would be able to investigate it's dissapearing laptops.


RE: Hahaha!
By frobizzle on 2/15/2007 2:03:32 PM , Rating: 3
NEWS FLASH
In order to save money, the FBI will now be purchasing and issuing OLC laptops to all field agents.


Encryption
By Hare on 2/14/2007 3:48:56 PM , Rating: 2
As long as the laptops have had strong encryption it doesn't matter if they were stolen. You can't do anything with the data if it's encrypted. I personally keep all my work etc files on an encrypted partition and if my laptop was stolen I wouldn't really worry about the data itself. It would take millions of years to crack the encryption with brute force.

I'm sure FBI has encryption on computers that could be stolen.




RE: Encryption
By JonB on 2/14/2007 4:03:12 PM , Rating: 2
Are you assuming a level of computer literacy for FBI members that is higher than an average worker in any other business? Encryption makes things harder. Maybe not a lot harder, but enough that they JUST WON'T BOTHER with it.

Perhaps the FBI agents on Numb3rs (a US prime time TV show) would be able to handle it, but you assume too much expertise.


RE: Encryption
By MrDiSante on 2/14/2007 6:46:56 PM , Rating: 2
On top of that you better hope that they don't use the standard WinXP/below encryption because that's quite easily crackable. Just download ~20 gigs of rainbow tables and voila. By what I hear Vista with TPM/USB key stored password hashes sounds like it's more secure, how it actually fares is something we won't know for a few more years.


RE: Encryption
By Hare on 2/15/2007 1:34:48 AM , Rating: 2
quote:
you assume too much expertise.
I don't know a single company that would require their employees to learn how to encrypt their laptops. I'm pretty sure FBI has IT-staff that makes sure peoples laptops are secure and working?

Encrypting stuff is not difficult at all and propably FBI implement it on a hardware level (doesn't really matter). Each time the user logs in with his/her password, fingerprint, keycard or whatever the information accessed is decrypted on the fly. The person using the computer doesn't even know the information is being encrypted/decrypted.

So. If a thief stoles the laptop he can't do anything with the information. Maybe format the damn thing and sell it on ebay. No information leaks, no worries... Unless the thief has a quantum computer, a lot of expertise and otherwise unlimited resources. Maybe than he "could" crack the encryption. (I don't believe the FBI would use a weak encryption).


RE: Encryption
By Boz214 on 2/15/2007 4:56:47 PM , Rating: 2
". If a thief stoles (sic) the laptop he can't do anything with the information. Maybe format the damn thing and sell it on ebay. No information leaks, no worries... Unless the thief has a quantum computer, a lot of expertise and otherwise unlimited resources. Maybe than he "could" crack the encryption. (I don't believe the FBI would use a weak encryption)."

Well, that's assuming the "victim" of the theft doesn't log the thief onto the laptop.
Lookup Richard Hanssen and PROMIS if you don't get my point...


RE: Encryption
By senbassador on 2/14/2007 5:51:12 PM , Rating: 2
what JonB said.

Thats also assuming that none of the keys don't accidentally get copied and stored somewheres and also that none of the decrypted data in RAM doesn't get written to an unencrypted swap file.


RE: Encryption
By yangyoning on 2/16/2007 9:47:38 PM , Rating: 1
No offense, but those things were purchased with part of 'tax' money. Even as secure as it was, they should waste the money shouldn't they?


nt
By HibyPrime on 2/14/2007 8:30:36 AM , Rating: 2
It's obvious that an organization as large as the FBI would lose things farily often, even as often as they are loosing them in this investigation. What smells fishy, though, is that they do not know, or do know, but denies, that there is any critically sensitive data on these.

When someone looses a laptop in an organization like the FBI, the first thing you do is panic, then you look for it for a week, and if you can't find it, you would then tell your superior - he decides wether or not it get's properly documented. If he doesn't properly document it, WHY does that have anything at all to do with wether or not the person who owned it had put any sensitive information on it?

Assuming two things, 1. the laptop had sensitive data and 2. these are legitimately lost laptops, the person owning them would have been fired nearly immediately and there would have been a big deal, possibly with press reports, that something like this had been lost. If #2 is not true, then we would see exactly what we see now, press reports after the fact with no specific data. If #1 is not true, but #2 is, then we would probably not even see a report like this, because nobody gives a shit if you lost your laptop used exclusively for microsoft word.

Now, I would call this corruption, but I don't think it is.. The FBI would have to be retarted (maybe they are? lol) to use their laptops to transfer/sell/spy/whatever. I would think they would simply walk into a best buy/futureshop and pick up one of the cheapest ones there, paid out someones pocket, to be repaid through a bonus.

ALSO, since they were under investigation, any shady ops would have to be seriously covered up..

Now, to get to the point of all of this, what does this article mean? What is it suggesting really happened? It's not like daily tech to publish/write anything that is just straight fact, it usually has a message somewhere..




RE: nt
By Crazyeyeskillah on 2/14/2007 10:11:01 AM , Rating: 2
There is no F****ng way that anyone i have EVER known who was issued a company laptop 'lost' or 'misplaced' it. And if any of them had, they would know if there was 'sensitive' information on it. This leads to the obvious conclusion that all of the reported missing laptops were in fact stolen with highly volatile information on them. GG DOJ


RE: nt
By Master Kenobi (blog) on 2/14/2007 1:24:34 PM , Rating: 2
Obviously none of you work in a classified environment.

Any computer with classified information is in a restricted area. No cell phones, No laptops, No iPod, etc.... You can sit down and use one of the desktops in the area, but thats it. And all the USB/Firewire/etc... ports are all generally hot glued shut.

Laptops typically wouldnt have the classified information on them.


RE: nt
By CascadingDarkness on 2/14/2007 1:56:41 PM , Rating: 2
It does happen. I work in IT for a large insurance company. We do have a couple thousand sales people in the field with laptops, and it does happen on occasion. On top of all the security built into these laptops you wouldn't believe the flurry of activity when one gets reported stolen/lost to lock everything down anyone might be able to access.

I find it unbelievable how little notice is taken to a lost FBI laptop.


Pffff... lost....
By glenn8 on 2/14/2007 11:15:19 AM , Rating: 5
Just like the time my brother's friend "lost" his expensive and comfortable office chair and it somehow ended up in my house in front of my computer.




RE: Pffff... lost....
By sdsdv10 on 2/14/2007 7:39:18 PM , Rating: 2
I wanted to mod you up, but the comment was already at 5.
Like Spinal Tap, this one should go to 11...


Software for creating identification badges
By Hakuryu on 2/15/2007 12:17:58 PM , Rating: 3
... stored on a laptop? Doesn't this seem like the last place you would ever put this type of software on? I would think only 1-2 computers in an entire FBI building would have this capability, and especially not laptops.

Federal Bureau of Incompetence?





By Xietsu on 2/19/2007 1:00:42 PM , Rating: 2
The condition of the agencies associated with one of the world's "Super Powers", the majority of us hailing from such, can not be seen as a figment reminiscient than little more than some piddly, exterior facade of a display. With less than enough morose, this is actually not the case -- it is an organization with every-day incorporation toward those who pursue abberation against American foundation. Should this stand to be some aggrandized iteration of the media, retraction would be suited; however, irrespective of that, such mentations are to, assuredly, hold.

How a government (let alone the U.S. of course) is possessing of an aptitude expressing such a degree of form is seriously dumbfounding. A most noted contemplation in this regard would definitely be the accuracy and level to which the origin of this article can be found to garner acuity in gathering -- how sure can they really be these computers had equipment to process FBI IDs? Was it not said earlier in the article that they weren't even knowing of the laptops' contents?

The aforementioned would obviously require obligation before moving to handle such a scenario properly. For one, the actual situation in relation to the portables security doesn't seem to be known to us, and on top of that, any action taken by administrators also remains in such a bound. Logically, there are many things that ought be done from a standpoint with the conception that this is "the status quo" as presented. Let's just hope some of these paths have been taken.


well
By sprockkets on 2/14/2007 10:59:35 AM , Rating: 2
when you have an unlimited amount of money to waste, and it is not your money, why care?