Swiss spy agency warns U.S., Britain about huge data leak

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.reuters.com/article/2012/12/04/us-usa-switzerland-datatheft-idUSBRE8B30ID20121204

(Reuters) - Secret information on counter-terrorism shared by foreign
governments may have been compromised by a massive data theft by a
senior IT technician for the NDB, Switzerland's intelligence service,
European national security sources said.

Intelligence agencies in the United States and Britain are among those
who were warned by Swiss authorities that their data could have been
put in jeopardy, said one of the sources, who asked for anonymity when
discussing sensitive information.

Swiss authorities arrested the technician suspected in the data theft
last summer amid signs he was acting suspiciously. He later was
released from prison while a criminal investigation by the office of
Switzerland's Federal Attorney General continues, according to two
sources familiar with the case.

The suspect's name was not made public. Swiss authorities believe he
intended to sell the stolen data to foreign officials or commercial
buyers.

A European security source said investigators now believe the suspect
became disgruntled because he felt he was being ignored and his advice
on operating the data systems was not being taken seriously.

Swiss news reports and the sources close to the investigation said
that investigators believe the technician downloaded terrabytes,
running into hundreds of thousands or even millions of printed pages,
of classified material from the Swiss intelligence service's servers
onto portable hard drives. He then carried them out of government
buildings in a backpack.

One of the sources familiar with the investigation said that
intelligence services like the U.S. Central Intelligence Agency and
Britain's Secret Intelligence Service, also known as MI6, routinely
shared data on counter-terrorism and other issues with the NDB. Swiss
authorities informed U.S. and British agencies that such data could
have been compromised, the source said.

News of the theft of intelligence data surfaced with Switzerland's
reputation for secrecy and discretion in government and financial
affairs already under assault.

Swiss authorities have been investigating, and in some cases have
charged, whistleblowers and some European government officials for
using criminal methods to acquire confidential financial data about
suspected tax evaders from Switzerland's traditionally secretive
banks.

The suspect in the spy data theft worked for the NDB, or Federal
Intelligence Service, which is part of Switzerland's Defense Ministry,
for about eight years.

He was described by a source close to the investigation as a "very
talented" technician and senior enough to have "administrator rights,"
giving him unrestricted access to most or all of the NDB's networks,
including those holding vast caches of secret data.

Swiss investigators seized portable storage devices containing the
stolen data after they arrested the suspect, according to the sources.
At this point, they said, Swiss authorities believe that the suspect
was arrested and the stolen data was impounded before he had an
opportunity to sell it.

However, one source said that Swiss investigators could not be
positive the suspect did not sell or pass on any of the information
before his arrest, which is why Swiss authorities felt obliged to
notify foreign intelligence partners their information may have been
compromised.

Representatives of U.S. and British intelligence agencies had no
immediate response to detailed queries about the case submitted by
Reuters, although one U.S. official said he was unaware of the case.

SECURITY PROCEDURES QUESTIONED

Swiss Attorney General Michael Lauber and a senior prosecutor, Carolo
Bulletti, announced in September that they were investigating the data
theft and its alleged perpetrator. A spokeswoman for the attorney
general said she was prohibited by law from disclosing the suspect's
identity.

A spokesman for the NDB said he could not comment on the investigation.

At their September press conference, Swiss officials indicated that
they believed the suspect intended to sell the data he stole to
foreign countries. They did not talk about the possible compromise of
information shared with the NDB by U.S. and British intelligence.

A European source familiar with the case said it raised serious
questions about security procedures and structures at the NDB, a
relatively new agency which combined the functions of predecessor
agencies that separately conducted foreign and domestic intelligence
activities for the Swiss government.

The source said that under the NDB's present structure, its human
resources staff - responsible for, among other things, ensuring the
reliability and trustworthiness of the agency's personnel - is lumped
together organizationally with the agency's information technology
division. This potentially made it difficult or confusing for the
subdivision's personnel to investigate themselves, the source said.

According to the source, investigators now believe that in the months
before his arrest, the data theft suspect displayed warning signs that
should have been spotted by his bosses or by security officials.

The source said that the suspect became so disgruntled earlier this
year that he stopped showing up for work.

However, according to Swiss news reports, the NDB did not realize that
something was amiss until the largest Swiss bank, UBS, expressed
concern to authorities about a potentially suspicious attempt to set
up a new numbered bank account, which then was traced to the NDB
technician.

A Swiss parliamentary committee is now conducting its own
investigation into the data theft and is expected to report next
spring. Investigators are known to be concerned that the NDB lacks
investigative powers, such as to search premises or conduct wiretaps,
which are widely used by counter-intelligence investigators in other
countries.

(Reporting by Mark Hosenball; Editing by Mark Heinrich)
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.