Thursday, June 29, 2006

Computers "returned"? What's that all about?

The "return" of the computers “stolen” from a Veteran's Administration analysts home does not mean at all that military personnel whose information was on these laptops can now rest easy.

There is no hard evidence that the data was not compromised, in spite of reassurances by the FBI. The computer(s) were returned under very suspicious circumstances. The data could have easily been viewed, copied, or downloaded. If I had breached secure data I'd try to "return" the system from which the data was taken and get everyone to relax and let their guard down. Brilliant!

Read the post below from 2 hours ago as I am writing these comments. From

"June 29, 2006. How can anyone be sure stolen VA laptop data wasn't taken?

There are dozens of ways that any computer's data can be taken without modifying a single forensic's bit on the original hard drive.

News sources today are announcing that the VA's stolen laptop (with millions of identity records) has been recovered ... [and] the VA and its forensic experts are claiming the data was not touched or extracted. I hope this is an oversimplification, because there are dozens of ways the data could have been read/copied and the data left untouched. How?

Here's two easy ways:

  • 1. Boot on any device except the hard drive (e.g. floppy disk, CD-ROM, DVD, USB device, etc.). Use an NTFS-compatible version of Linux (e.g. Knoppix, Backtrack, Nubuntu, etc.) and steal away.
  • 2. Ghost the hard drive and manipulate the copy

I can come up with a dozen ways in a few minutes.

Every computer security forensic person is required by their job to be able to access other people's hard drives and data without modifying a single original bit. So, while common thieves wouldn't know how, there's probably tens of thousands of computer professionals that do.

... the VA and the news sources are oversimplifying the case. A better opinion would have been, "We have found no evidence to indicate the data was not read or copied." not "After examining the evidence we are SURE the data was not copied or read."

Posted by Roger Grimes on June 29, 2006 01:45 PM"

(Note: This was edited slightly from original)

I consulted with one of the top security programs in the US and asked for her/his reaction to the Grimes comments. The response was simple: "I agree with the statement, it is very easy to "copy" a hard drive without changing it or letting anyone else know."

So now we must stay vigilant.

The danger to veterans also lies in the fact that in data losses or thefts the criminal activity or abuse normally takes place month or even years after a theft or breach.

The reason is that a person’s social security number, name, place and birth date has and almost unlimited shelf life.

These pieces of information are useable for more or less 90 years starting with the day of birth of the individual. If the victim was an infant that child's base line information will stay the same for 90 years more or less (the outer edges of life expectancy). A 40 year old veteran is at risk for the next 40 or 50 years. Critical data abuse is a long term problem.

What anyone in the armed forces whose vital information was on those computers needs to do is to monitor their financial information and do regular scans for signs that their name and identity is being used by unauthorized individuals.

It is not only unwise but also dangerous to "breathe easy" at this point. My advice for the brothers and sisters of the armed services is:

1. Keep vigilant.

2. Protect the perimeter.

3. Conduct personal IO- Intelligence Operations!

These are missions the military understands.

Semper Fi!


At 7:47 PM, Anonymous Anonymous said...

The FBI still confuses, (also Sen. Reid?) ID Theft with credit card fraud.

The FBI certainly will find it much cheaper from their end to say the data was not stolen.

With over 20 years in IT experience (I do not know everything about IT - no one does) I am certainly not as sure that no breach occurred.

I too agree with the other IT experts, but I will add that the number of techies that know the required methods has to be in the hundreds of thousands or even millions worldwide.

At 2:22 PM, Anonymous Anonymous said...

Okay, simply put, it is apparent no one who claims to have spoken to a computer forensics "specialist" specializes at all. The fact of the matter is, anytime a computer is remotely accessed, is subjugated by another machine and accessed that way, basically any time even one bit of information comes close to being touched, it is independently logged in the BIOS.
Why do you think they invented computer forensics? The people you must have spoken to are IT technicians who believe it is the same as computer forensics.
That's like calling your average McDonald's employee a master chef.


Post a Comment

Links to this post:

Create a Link

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft -