Daniel Nolte at betweenthenumers.net notes that Fabrice Tourre of Goldma Sachs may become famous for "the worst handling of computer security ever" (you know, besides being famous for being the fabulous Fab). After reading the story, and in light of the many different data breaches I've come across, I doubt he will retain such a distinction, although he'll definitely make my top ten list of bone-headed computer users. If only the Fabulous One had used disk encryption software like AlertBoot to protect access to his computer....
According to Nolte, the New York Times published a story on Tourre, a French national who's been working with Goldman Sachs since 2001. He currently holds the distinction of being the only person to be sued by the SEC for his involvement in the housing market bubble (and bust) of 2007. Obviously, such an eminent figure will attract reporters' attention. In the NYT article, the reporters detail how they managed to get their hands on correspondence between the SEC and Tourre (or rather, his lawyers): These legal replies, which are not public, were provided to The New York Times by Nancy Cohen, an artist and filmmaker in New York also known as Nancy Koan, who says she found the materials in a laptop she had been given by a friend in 2006. The friend told her he had happened upon the laptop discarded in a garbage area in a downtown apartment building. E-mail messages for Mr. Tourre continued streaming into the device, but Ms. Cohen said she had ignored them until she heard Mr. Tourre’s name in news reports about the S.E.C. case. She then provided the material to The Times. Mr. Tourre’s lawyer did not respond to an inquiry for comment. [NYT, my emphasis] Ooh la la! Sacre bleu! What a boneheaded thing to do! Honestly, what could the guy possibly have been thinking, just throwing away a laptop computer without wiping it first? Heck, with the correspondence he was getting, it's quite obvious that he should have had encryption software installed on the thing (the way he tossed it, I'm assuming it wasn't a work computer. These are generally returned to the firm). Instead, we have: No password-prompt on the laptop. Not that it really matters. Data security-wise, it's not an ideal choice for keeping people out of your laptop's contents; however, in this particular instance, I'm guessing Ms. Cohen wouldn't have gone as far as slaving the drive to another computer. Seeing how she just needed a computer, my guess is that she would have formatted the thing away and started all over when faced with the rudimentary obstacle. No password change to his email account in years. An assumption on my part (as well Nolte's), but it stands to reason that if Ms. Cohen, who's had this laptop since 2006 and has been receiving Tourre's ever since, Tourre hasn't changed his password in the last 5 years. On the other hand, why would he? Nothing got "stolen," so he wasn't thinking of "there's a danger out there." Despite all the things that Tourre did wrong, it might actually turn out to be a good thing for him. This is what businessinsider.com has to say about the situation: Felix Salmon at Reuters wonders if the New York Times hacked the emails. We wonder how the law firm fighting for Tourre, Allen & Overy, scored a huge article in the New York Times that's all about Tourre's innocence and Jonathan Egol's (his superior) guilt. At the end of the article, Tourre comes out looking like a mere cog in the machine, the law firm looks like they'll win his case, and it's all because the New York Times was given a laptop by a woman [Cohen] with two names. [my emphasis] After reading the NYT article myself, I'd have to agree with businessinsider.com. Granted, the only thing that's going to change is public opinion -- after all, the actual participants know what's going on; they're corresponding with each other -- which technically shouldn't have an effect on the proceedings. However, it's bound to affect things. What can I say? Sometimes, not using disk encryption to protect sensitive information and letting some random person read your emails pays off. But, the odds of that happening are as remote as finding that you're the only person being sued by the SEC for a global catastrophe. In other words, almost never.
According to Nolte, the New York Times published a story on Tourre, a French national who's been working with Goldman Sachs since 2001. He currently holds the distinction of being the only person to be sued by the SEC for his involvement in the housing market bubble (and bust) of 2007. Obviously, such an eminent figure will attract reporters' attention.
In the NYT article, the reporters detail how they managed to get their hands on correspondence between the SEC and Tourre (or rather, his lawyers):
These legal replies, which are not public, were provided to The New York Times by Nancy Cohen, an artist and filmmaker in New York also known as Nancy Koan, who says she found the materials in a laptop she had been given by a friend in 2006. The friend told her he had happened upon the laptop discarded in a garbage area in a downtown apartment building. E-mail messages for Mr. Tourre continued streaming into the device, but Ms. Cohen said she had ignored them until she heard Mr. Tourre’s name in news reports about the S.E.C. case. She then provided the material to The Times. Mr. Tourre’s lawyer did not respond to an inquiry for comment. [NYT, my emphasis]
These legal replies, which are not public, were provided to The New York Times by Nancy Cohen, an artist and filmmaker in New York also known as Nancy Koan, who says she found the materials in a laptop she had been given by a friend in 2006.
The friend told her he had happened upon the laptop discarded in a garbage area in a downtown apartment building. E-mail messages for Mr. Tourre continued streaming into the device, but Ms. Cohen said she had ignored them until she heard Mr. Tourre’s name in news reports about the S.E.C. case. She then provided the material to The Times. Mr. Tourre’s lawyer did not respond to an inquiry for comment. [NYT, my emphasis]
Ooh la la! Sacre bleu! What a boneheaded thing to do!
Honestly, what could the guy possibly have been thinking, just throwing away a laptop computer without wiping it first? Heck, with the correspondence he was getting, it's quite obvious that he should have had encryption software installed on the thing (the way he tossed it, I'm assuming it wasn't a work computer. These are generally returned to the firm).
Instead, we have:
Despite all the things that Tourre did wrong, it might actually turn out to be a good thing for him. This is what businessinsider.com has to say about the situation:
Felix Salmon at Reuters wonders if the New York Times hacked the emails. We wonder how the law firm fighting for Tourre, Allen & Overy, scored a huge article in the New York Times that's all about Tourre's innocence and Jonathan Egol's (his superior) guilt. At the end of the article, Tourre comes out looking like a mere cog in the machine, the law firm looks like they'll win his case, and it's all because the New York Times was given a laptop by a woman [Cohen] with two names. [my emphasis]
After reading the NYT article myself, I'd have to agree with businessinsider.com. Granted, the only thing that's going to change is public opinion -- after all, the actual participants know what's going on; they're corresponding with each other -- which technically shouldn't have an effect on the proceedings. However, it's bound to affect things.
What can I say? Sometimes, not using disk encryption to protect sensitive information and letting some random person read your emails pays off. But, the odds of that happening are as remote as finding that you're the only person being sued by the SEC for a global catastrophe. In other words, almost never.
Related Articles and Sites:http://betweenthenumbers.net/2011/06/the-worst-example-of-executive-data-security-ever/http://www.businessinsider.com/how-the-new-york-times-got-access-to-goldman-sachs-emails-from-a-woman-named-nancy-cohen-or-nancy-koan-2011-6