It’s often recommend that people take precautions when they go out to party, whether it’s physical (don’t drink and drive; be aware of your surroundings), sexual (you don’t want to catch anything), or other. The “other” category is a general catch all: don’t mess with guys that look like they belong to the mob, for example. I mean, that can never turn out okay, unless you’re starring in a John Woo movie. What I didn’t realize is that the same category could end up including “make sure you’re using data encryption like AlertBoot.” Yes, to a party. And by party I don’t mean the Let’s Rock event by Apple where such a statement might be perfectly valid.
Nope, I’m talking about an honest-to-God bump and grind and sweat venue where beer is sold at ridiculous prices. Why? Because a memory stick containing details related to military training exercises was recovered from the floor of a Westcountry nightclub in the UK. That’s right, someone took a USB drive with sensitive information to the dance floor. It this were the early ‘80s, we’d be talking about the equivalent of a guy showing up at a disco with his pocket protector in place…possibly with a slide rule.
I don’t know what’s more scandalous: that the information on the USB disk did not use full disk encryption or that a nerd—otherwise, why bring the data files?—was allowed into a nightclub. The problem with advances in technology is that it’s making nerds out of us all, in a way. Carrying around a hard drive twenty years ago was probably grounds for a bunch of jocks to come down hard on you. Today, it makes you cool…but only if it comes with a fruity logo.
Thankfully, the person who found the digital device turned it over to the Ministry of Defence once they saw what type of information was stored on the memory stick. This is very disappointing from the point of data security—not the fact that there are honest people out there, but the fact that there was no adequate data protection being used on the USB disk. The UK military has already implemented regulations to protect data. For example, all portable computers must be secured with laptop encryption software. One would reason that the same regulations would be extended to external hard disk drives and other portable digital devices.
And yet, here we have a situation where someone who found the memory stick was able to access it without a hitch. Regular auditing may help, but it looks like perhaps the military should start looking into USB port controls so that similar incidents don’t happen.
Related Articles:
http://www.thisiswesternmorningnews.co.uk/news/military-data-floor-nightclub/article-314713-detail/article.html
http://news.bbc.co.uk/2/hi/uk_news/england/cornwall/7605923.stm