Computers "returned"? What's that all about?
The "return" of the computers “stolen” from a Veteran's Administration analysts home does not mean at all that military personnel whose information was on these laptops can now rest easy.
There is no hard evidence that the data was not compromised, in spite of reassurances by the FBI. The computer(s) were returned under very suspicious circumstances. The data could have easily been viewed, copied, or downloaded. If I had breached secure data I'd try to "return" the system from which the data was taken and get everyone to relax and let their guard down. Brilliant!
Read the post below from 2 hours ago as I am writing these comments. From InfoWorld.com:
"June 29, 2006. How can anyone be sure stolen VA laptop data wasn't taken?
There are dozens of ways that any computer's data can be taken without modifying a single forensic's bit on the original hard drive.
News sources today are announcing that the VA's stolen laptop (with millions of identity records) has been recovered ... [and] the VA and its forensic experts are claiming the data was not touched or extracted. I hope this is an oversimplification, because there are dozens of ways the data could have been read/copied and the data left untouched. How?
Here's two easy ways:
- 1. Boot on any device except the hard drive (e.g. floppy disk, CD-ROM, DVD, USB device, etc.). Use an NTFS-compatible version of Linux (e.g. Knoppix, Backtrack, Nubuntu, etc.) and steal away.
- 2. Ghost the hard drive and manipulate the copy
Posted by Roger Grimes on June 29, 2006 01:45 PM"
I can come up with a dozen ways in a few minutes.
Every computer security forensic person is required by their job to be able to access other people's hard drives and data without modifying a single original bit. So, while common thieves wouldn't know how, there's probably tens of thousands of computer professionals that do.
... the VA and the news sources are oversimplifying the case. A better opinion would have been, "We have found no evidence to indicate the data was not read or copied." not "After examining the evidence we are SURE the data was not copied or read."
(Note: This was edited slightly from original)
I consulted with one of the top security programs in the US and asked for her/his reaction to the Grimes comments. The response was simple: "I agree with the statement, it is very easy to "copy" a hard drive without changing it or letting anyone else know."
So now we must stay vigilant.
The danger to veterans also lies in the fact that in data losses or thefts the criminal activity or abuse normally takes place month or even years after a theft or breach.
The reason is that a person’s social security number, name, place and birth date has and almost unlimited shelf life.
These pieces of information are useable for more or less 90 years starting with the day of birth of the individual. If the victim was an infant that child's base line information will stay the same for 90 years more or less (the outer edges of life expectancy). A 40 year old veteran is at risk for the next 40 or 50 years. Critical data abuse is a long term problem.
What anyone in the armed forces whose vital information was on those computers needs to do is to monitor their financial information and do regular scans for signs that their name and identity is being used by unauthorized individuals.
It is not only unwise but also dangerous to "breathe easy" at this point. My advice for the brothers and sisters of the armed services is:
1. Keep vigilant.
2. Protect the perimeter.
3. Conduct personal IO- Intelligence Operations!
These are missions the military understands.