SEC Workers Fail to Encrypt Computers with Sensitive Information
November 9, 2012 9:12 AM
comment(s) - last by
Sources say workers involved are being disciplined
With the myriad
high-profile hacks and attacks on government and corporate computer systems around the world
, it's easy to believe that the U.S. federal government and its many arms would do all they can to keep its networks secure. However, that is not always the case.
reports that workers at the U.S. Securities and Exchange Commission failed to encrypt some of their computers that contained highly sensitive information from stock exchanges. The failure to encrypt the information left data vulnerable to cyber attacks according to people familiar with the situation.
The computers left unencrypted reportedly belonged to a small number of employees in an office within the SEC Trading and Markets Division. That particular division is tasked with ensuring that various stock exchanges follow guidelines to protect the markets for potential cyber threats and system problems.
That makes it incredibly ironic that the employees tasked with ensuring systems are protected from cyber threats would leave their own computers unprotected.
Some of the staffers are known to have taken the unprotected computers to a
Black Hat convention
where computer hackers gather. There is no clear indication of why the staffers would have taken unencrypted and unprotected computers into the hackers den.
The SEC insists that no data was breached from the insecure computer systems. However, the SEC was forced to spend around $200,000 to hire a third-party firm to conduct a thorough analysis to come to that conclusion.
This article is over a month old, voting and posting comments is disabled
11/9/2012 1:55:24 PM
I agree. At the very least it should have been the local IT department's rule (although it should really have been a directive from the head person at the SEC) that all the computers in their care have encrypted HDD prior to use, which again points at the IT department for not having such a rule. I'm sure they wouldn't forget to load their favourite antivirus software, so how come they thought it was ok to not have an encrypted HDD? The only logical answer is because they have lots of HDD that aren't encrypted, which is stupid because PCs are often sold when they are deemed "out of date", and people have often resurrected data from "erased" HDDs in the past. If every computer did have an encrypted HDD, and one "escaped the net" and was sold without having the HDD securely erased ... Do I have to ask? Do they have a policy regarding this?
As an aside, I do wonder what indications the new computers would have given if they did or didn't have encrypted drives to their new owners. When I bought this computer it booted up to Windows 7 in just seconds (I removed it and loaded a Linux distribution), so how is a new owner supposed to know the HDD wasn't encrypted?
Is it possible for the LAN to be set up so that there is an immediate indication given that a computer doesn't have an encrypted HDD, e.g. no one can login on it?
I think these employees are just being made scapegoats for the failure of a whole department of "yes men".
"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Amid Recent Cyberattacks, Senate Poised to Revive Cybersecurity Bill
November 1, 2012, 2:37 PM
Apple to Break Its Vow of Silence on Security Issues at Black Hat
July 25, 2012, 7:37 AM
IBM Workers Strike Over Terms of Deal That Will Have Them Working for Lenovo
March 6, 2014, 9:29 AM
Google Picking Up Artificial Intelligence Company "DeepMind" for $400 Million
January 27, 2014, 9:25 AM
Quick Note: Qualcomm Grabs up Palm, IPAQ, and Bitfone Patent Portfolio from HP
January 24, 2014, 9:18 AM
Verizon Buys Intel Media OnCue Cloud TV assets
January 21, 2014, 10:26 AM
Google's First Asian Data Centers Now Operational
December 11, 2013, 8:50 AM
IBM to Offer Watson Supercomputer as Cloud Development Platform
November 14, 2013, 12:00 PM
Most Popular Articles
Bitcoin King Pt. II: Mt. Gox's Dictator Karpelès Proves Tragically Flawed
March 7, 2014, 1:12 PM
Hack Reveals Fallen Bitcoin CEO's Posh Tokyo Penthouse
March 10, 2014, 4:28 PM
Tesla Motors Calls New Jersey Out on New Rule Against Its Direct Sales Model
March 11, 2014, 12:01 PM
NASA Considering SpaceX "Red Dragon" for Returning Mars Samples to Earth
March 10, 2014, 2:43 PM
India Could Rock Google With Its Biggest Antitrust Fine Yet -- $5B USD
March 10, 2014, 8:12 PM
Latest Blog Posts
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information