Sunday, March 15, 2009

Security, or lack thereof

In another case of security being an illusion, a man from New Zealand bought a used MP3 player in a thrift store while visiting the United States.

Stored on the device, instead of songs, were pieces of information - solider names (not so bad), soldier cell phone numbers (a little worse), soldier social security numbers (bad), lists of equipment that had been shipped to Iraq and Afghanistan (really bad), and information about military missions being run in those countries (outrageously bad).

Now, not all of this information was up to date (most dated in 2005 or so, and this story broke in 2008), but still - this is a case of someone who was honest and came forward. It scares me to think of what happens when this falls in to the hands of someone a little less ethical. I also have this feeling that, for every one case that is made public, there are hundreds more that are not reported. Think about it - even if you have the most hacker proof firewalls in the world, all it takes is one employee to do something like this, and people could die.

Link to article

1 comment:

David J. Csuha, CPP, CFE said...

Same old story, and it doesn't seem to get any better. After Alberto Lopez e-mailed me an article about the blueprints for Marine One being found through Limewire, I repeated my Limewire document search experiment. Some gems found this time:

* The usual password, account #, etc. lists
* US Army memos from Fort Lewis including a key control memo, AWOL notice, and a recommendation letter
* Pics of soldiers w/ their names, units, etc.
* Completed 2008 Tax Returns
* Experian and Trans Union credit check reports
* Resume, biography, and pics of a local model/ actress

The Infowar machines run by China, Russia, NK, and Israel to name a few must be having a field day with us.