BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: sawaba <sawaba () forced attrition org>
Date: Sat, 10 Feb 2007 00:15:09 -0500 (EST)
Wow, I've done my share of forensic investigations, and for the FBI to make this kind of claim is more than a little embarrassing. I remember reading the story when it originally came out, rolling my eyes, and moving on. Now that I take a closer look, it seems even more ridiculous, in part thanks to their official press release: http://www.fbi.gov/pressrel/pressrel06/laptop071306.htm Maybe I just haven't thought "deeply" enough about it, or the FBI has some special "tamper detection" device that they've kept secret. Otherwise, there is no middle ground. Either there was evidence that the drive was accessed after being stolen, or you just DON'T KNOW. There is no "highly confident" it was not compromised when it was gone for days, weeks or months. It is simply too easy to copy a drive or investigate it while mounted read-only. Now, if they said that they believed it wasn't accessed based solely based on investigative facts, it might have been plausible. But they didn't. They asked IBM for some magic pixie dust, sprinkled it on the laptop, and decided to say that the forensic examination helped give confidence that nothing was accessed. I could go on and on, but this lays it out pretty well: http://blog.zonelabs.com/blog/2006/06/forensics_looki.html --Sawaba P.S. - His "Worst Case Scenario" is quite likely if the criminals had any clue and knew how to use Google. The materials needed would have cost them nothing (or next to nothing if they bought latex gloves). On Thu, 8 Feb 2007, lyger wrote:
http://attrition.org/dataloss/forensics.html Wed Feb 07 21:55:51 EDT 2007 Jericho and Lyger In May of 2006, the United States Department of Veterans Affairs publicly disclosed the fact that "Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst who improperly took the material home", prompting a mass concern that the information, if in the wrong hands, could have led to multiple cases of identity theft. At the very least, the fear that even a government entity could have let such sensitive data fall into the wrong hands led many to wonder about the data security of less protected sources. The additional fact that the breach wasn't disclosed for almost three weeks after the theft did little to initially ease those fears. Weeks later, the stolen laptop and hard drive were recovered from the back of a truck at a black market sale and sent to the United States Federal Bureau of Investigation for analysis. At the end of June 2006, the FBI issued a declaration that "the personal data on the hardware was not accessed by thieves" to which VA Secretary R. James Nicholson stated "This is a reason to be optimistic. It's a very positive note in this entire tragic event." The question that needs to be asked, however, is how could they be absolutely sure that the data wasn't accessed? Simply because the FBI said so? [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 562 incidents over 7 years.
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 566 incidents over 7 years.
Current thread:
- (article) "We recovered the laptop!" ... so what? lyger (Feb 07)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 09)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 11)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 09)