Wenye mpango wa kutupa lappie zenyu

Gurta

JF-Expert Member
Sep 17, 2010
2,235
530
Drive Encryption Software: How It Could Save A UK Captain's Career Over £18.87 Mistake

The failure to use full disk encryption like AlertBoot means the end of a fast-track career for a UK Army officer. Well, I'm assuming that latter part, but wouldn't you expect it when you've managed to have highly confidential information sold on UK's eBay for £18.87?
Laptop Contained Afghanistan Classified Military Files

An IT engineer who purchased a laptop off of eBay for £18.87, for "spares or repair," was reportedly stunned to find military intelligence files in the laptop's hard drive. The laptop computer was traced back to Robert Sugden, a Captain in the UK Army. His last role was as assistant Queen's Equerry--an equerry being a personal attendant--a position that leads to bigger, better things.
Unless, of course, you're the cause of a major data breach. Details on what the laptop contained (link at the bottom) can be found at thesunco.uk site. In short, it involved sensitive information regarding the UK's involvement with the Afghan military.
The Captain's career is quite over, it seems.
He Tried To Do the Right Thing

In Sugden's defense, he did try to do the right thing. It's quite obvious that he was giving data security some thought: he used a hammer on the laptop and has stated that "he thought the laptop's hard drive had been wiped." The hammer was a precautionary maneuver, apparently. He tossed the laptop into a garbage dump afterwards, which was salvaged by an entrepreneurial dumpster diver.
It's not reported, however, how the disk was wiped. Did Sugden just delete the data by clicking "empty bin?" Or did he actually use a data-wiping application like dban? If the former, that could explain how the information was retrieved, since deleting data doesn't actually delete data--it merely deletes the internal index for finding said data. Use a separate software program, and the actual data can still be retrieved since there's a high probability of it being untouched.
How to Destroy Data

Our Army Captain had three different options to securely dispose of the data: one, use a data-wiping application like the aforementioned dban. It's free, and it does a good job. (The only negative thing about it--and out of its scope, really--is that it's an end-of-life data solution. I'd like to remind readers that data breaches can occur before you're ready to toss the device, i.e., laptop theft.)
Two, make sure the hard drive is truly destroyed. Had Sugden taken out of the hard drive and hammered that to pieces, he wouldn't be in his current situation.
Last but not least, three, use a laptop disk data encryption solution. It beggars belief that this wasn't used, if it's a military-issued device, since the loss of the laptop at any point would have meant a breach of sensitive military information. (I'm lead to believe that the laptop was a personal one, which brings up a number of security-related questions such as, why was all this data on his personal computer?)
source:alertboot

 
0 Reactions
Reply
Back
Top Bottom