Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

UK PM's Aide Loses BlackBerry In Chinese Honeytrap

Posted by timothy on Sun Jul 20, 2008 03:22 AM
from the my-envy-exceeds-his-chagrin dept.
Security Communications
longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"
+ -
story

Related Stories

Submission: UK PM's Aide Loses BlackBerry in Chinese Honeytrap by longacre (1090157)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

UK PM's Aide Loses BlackBerry In Chinese Honeytrap 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Would he have reported the loss of his virginity?
     

    • Re:Had it been a slashdotter... (Score:4, Funny)

      by martin-boundary (547041) on Sunday July 20 2008, @04:10AM (#24260509)
      Ha! He actually tried, but the lameness filter prevented it...

    • If you can lose a blackberry... (Score:5, Funny)

      by AlienIntelligence (1184493) on Sunday July 20 2008, @04:14AM (#24260545)

      Ew, if you could lose a blackberry in that
      Chinese Honeypot, I wouldn't stick around.

      -AI

      • Ew, if you could lose a blackberry in that
        Chinese Honeypot, I wouldn't stick around.

        Use your Blackberry's light to find our way out?

        Hell, let's use your Blackberry's light to find my keys, and we'll drive our way out.

      • Re:If you can lose a blackberry... (Score:5, Informative)

        by Anonymous Coward on Sunday July 20 2008, @06:43AM (#24261079)

        There's no such thing as a BlackBerry without encryption. All data to and from a BlackBerry is TripleDES or AES encrypted, regardless if you're on a BES or using your carrier webmail.

        If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

        Plus, if someone enters the password wrong ten times, the device wipes itself

        The only security issue here is if the guy used a really easy password. And even that can be avoided because the admin can specify password complexity so users can't enter stuf like, '1234'

        • Re:If you can lose a blackberry... (Score:5, Interesting)

          by blincoln (592401) on Sunday July 20 2008, @10:13AM (#24262491) Journal

          If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

          Unless whoever stole the BlackBerry has put it inside a metal box, or taken it to a sub-basement, or done anything else to block it from receiving a signal.

          • Re:If you can lose a blackberry... (Score:5, Insightful)

            by fiddlesticks (457600) on Sunday July 20 2008, @08:20AM (#24261563) Homepage

            'are you saying that everything on a Blackberry's drive is encrypted and therefore unretrievable if the password is lost?'

            Yes, it is.

            Individuals might have a blackberry with no encryption, and a weak password.

            Anyone - like this guy - with a corporate blackberry will have an encrypted device and compulsory (annoying to the user - useful in this case) constant password checking and strong(ish) password policy enforcement.

              • Physical Access... (Score:5, Insightful)

                by Tmack (593755) on Sunday July 20 2008, @05:28PM (#24266305) Homepage Journal

                Not to mention...

                The remote nuke option.

                For me, once I report my pda lost, the boys in corp will send a command to wipe the contents of the phone and remove all settings. I believe this option also exists for blackberry.

                As well initiate the self destruct code on the small thermonuclear charge.

                As others stated, disabling its ability to receive said kill signal is not difficult. Past that, the other barriers to gaining the data on the device can probably be circumvented as well. 10 password fails wipes the device? They probably wont bother trying a single one on the device itself, if this is truly an organized attempt. Rather they would probably crack it open and copy the contents of its memory directly from the pins of the chips themselves, and then work from that copy. Remember, once physical access is obtained, you can bypass any software deterrences and most hardware ones as well.

                Tm

  • What they aren't telling us (Score:4, Funny)

    by davidwr (791652) on Sunday July 20 2008, @03:32AM (#24260361) Homepage Journal

    They aren't telling us that Scotland Yard did this deliberately just to see how the Chinese would react.

    What the Chinese aren't telling us is they knew this was a trap and reacted accordingly.

    What Scotland Yard also isn't telling us is that they knew the Chinese would see the trap and were counting on them to react accordingly.

    What the Chinese also aren't telling us ....

    oooh my head hurts.

  • Does PM Brown have any open positions? (Score:5, Funny)

    by johannesg (664142) on Sunday July 20 2008, @03:46AM (#24260413)

    I promise not to carry anything sensitive, and I'll distract the attractive Chinese women for him so his secrets will remain safe!

  • Honeytrap? Proof? (Score:5, Insightful)

    by 1u3hr (530656) on Sunday July 20 2008, @03:53AM (#24260437)
    The only facts given are the guy picked up a girl (or vice versa) at a disco, and the next morning his Blackberry was gone.

    "Honeytrap"? Bullshit. What leads anyone to think it was anymore than the guy lost in in a taxi, or if the girl did take it, she sold it on to a second hand phone dealer for a few dollars.

    I think if it was really a "vast Communist conspiracy" as the article implies, the agents would have copied the data from the phone and returned it later in the evening, leaving him none the wiser.

    Much more important to consider is if the guy used the phone while he was in Beijing, there is an excellent chance that every keystroke, including passwords, was captured en route.

    • Re:Honeytrap? Proof? (Score:5, Insightful)

      by mewsenews (251487) on Sunday July 20 2008, @04:11AM (#24260511) Homepage

      intelligence gathering doesn't have to be subtle to be effective.

      whether or not his phone ended up in the hands of a foreign service he was foolish to have it stolen so obviously.

      • Re:Honeytrap? Proof? (Score:5, Interesting)

        by LS (57954) on Sunday July 20 2008, @04:52AM (#24260665) Homepage

        you may be right, but as someone living in Beijing I can tell you that if you ever leave your bike or phone unguarded for one minute, there's a strong chance it will be gone the next time you look for it....

      • Re:Honeytrap? Proof? (Score:5, Insightful)

        by smallfries (601545) on Sunday July 20 2008, @05:59AM (#24260905) Homepage

        No. The parent hit the nail squarely on the end. If they had stolen his passwords and returned the device then they would have had access to his official email without him being any the wiser. Then they could have gathered intelligence on anything he had access to for the foreseeable future.

        Stealing the device would just make Downing Street close the account and issue him a fresh one. Intelligence gathering does have to be subtle to be effective.

    • Because it sells (Score:5, Insightful)

      by khchung (462899) on Sunday July 20 2008, @04:45AM (#24260647) Journal

      "News" have long ago lost any purpose of informing, assume it ever has that in the beginning. Nowadays, "news" is just baits used to catch your attention to advertisers, who are the real customer of any "news" organization, be it newspaper, TV or web site.

      Which headline do you think catches more attention (thus earn more profit)? "Some guy lost his Blackberry?" or "Chinese spys strikes again"?

    • Re:Honeytrap? Proof? (Score:4, Insightful)

      by owlnation (858981) on Sunday July 20 2008, @04:54AM (#24260669)

      The only facts given are the guy picked up a girl (or vice versa) at a disco, and the next morning his Blackberry was gone.

      Exactly. Occams Razor. In the UK, the New Labour Regime has a substantial history of losing important documents in large numbers. The Party and its employees are not generally known for their intelligence (as in brains, not spying). He's also British, thus at night he's most certainly drunk.

      Q.E.D. He lost the Blackberry. He then lied to make himself seem like a more glamorous victim.

      Most probably he's just a drunken, incompetent, liar. Like most everyone else in his Party.

  • Govt fault, not the aide (Score:5, Insightful)

    by nighty5 (615965) on Sunday July 20 2008, @04:04AM (#24260485)

    The fault has to lie with the government and not the aide.

    This comes down to just bad security governance, even my blackberry is encrypted and our BES servers enforce security down to the handset so that you can't install any unauthorised applications.

    These devices of course are prone to loss, and given the confidential information potentially held on these devices should be reason enough to enforce the appropriate security measures on the devices.

  • And the cover up (Score:4, Funny)

    by Anonymous Coward on Sunday July 20 2008, @04:06AM (#24260489)

    The woman was not really attractive, he was just desperate.

    Seriously, is the woman's attractiveness really pertinent to what happened, and was her attractiveness fact-checked? Or is "attractive Shanghai woman" a British idiom for "prostitute"?

  • Oh no! (Score:3, Funny)

    by dbIII (701233) on Sunday July 20 2008, @04:12AM (#24260527)

    a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room

    Brown trouser time!

    snake its way deep into Downing Street's email servers

    So the article is trouser snake meets honeypot - but it's a trap! Snap! Ow, Blackberries.

  • passwords? (Score:5, Insightful)

    by speedtux (1307149) on Sunday July 20 2008, @04:13AM (#24260531)

    likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers.

    So, in addition to stupid aides that fall for Chinese spy-whores, the British government is incapable of changing the passwords on its mail servers?

    • Re: (Score:3, Insightful)

      by jd (1658)
      The MPs who have their own websites might be able to change their own passwords, but the Civil Service? C'mon, these are the guys that use "Yes, Prime Minister" as training material.

    • Re:passwords? (Score:5, Insightful)

      by ColaMan (37550) on Sunday July 20 2008, @04:45AM (#24260649) Homepage Journal

      Let's see:

      You are a chinese honeytrap now in possession of an aide's blackberry. It is 1am. The aide has passed out drunk three steps inside the front door of his flat, and won't be in any fit capacity until about 8am, when he realises his blackberry is missing and goes looking for it. The IT boys cancel his password at 9am.

      That gives you 8 hours to:

      - Read all his recent email, for starters. If they're doing IMAP, then god knows how many personal IMAP folders there are to browse through on the server. Look for the good folders like "Foreign Policy". "Sent Items" and "Drafts" can also be fascinating.

      - Get his contact list, recent callers,etc, allowing you to analyse and see where this particular cog fits in the Government Machine. If he turns out to be a well-connected individual, it might pay in the future to keep an eye on him. If he's not well-connected, that's one more person you cross off the list.

      - Possibly fire off a few trojans to a few "inside" email accounts on that list, who might accept them from a known,"trusted" source. Doesn't hurt to try something like "Revision to yesterday's document -- URGENT".

      So you see, there's plenty of scope for mischief.

      • Re:passwords? (Score:5, Insightful)

        by h4rm0ny (722443) <{h4rm0ny} {at} {tarddell.net}> on Sunday July 20 2008, @04:52AM (#24260663) Journal

        The final logical step of course, would be to put it back where you found it before he wakes up. Now that would be far better "spying" than just nicking the thing. So maybe it was just stolen.

        Counter-arguments would be that if a woman was going to seduce a guy just to steal from him, you'd have seen more things go missing than just a blackberry. And even if the "spy" did want to take the blackberry, stealing other things as a cover would be better. This story is either incomplete or there is some inept work being done here.

  • They know what the aide looks like.

    ba-dump *tsssh*!

  • Let me get this straight. (Score:5, Funny)

    by dreamchaser (49529) on Sunday July 20 2008, @04:43AM (#24260641) Homepage Journal

    His Blackberry got shanghaied [wikipedia.org] in Shanghai?

  • He forgot to secure the client-side (Score:5, Funny)

    by arcade (16638) on Sunday July 20 2008, @05:06AM (#24260703) Homepage

    Tsktsk.

    He should get instructions on how to safely do Penetration Testing of the Chinese secret service. Clearly he forgot to secure the client side properly. Except for that, the article is a tad vague on whether the testing itself went smoothly and he found some holes.

    *Ahem*

    • Re:This seems to be a recurring problem. (Score:5, Insightful)

      by x_MeRLiN_x (935994) on Sunday July 20 2008, @03:35AM (#24260371) Homepage

      What makes you think the UK/US is any different?

    • Re:This seems to be a recurring problem. (Score:4, Insightful)

      by joocemann (1273720) on Sunday July 20 2008, @03:59AM (#24260465)

      The level of espionage out of China is pretty ridiculous. I wonder how long this goes on before the trade advantage of dealing with them is over weighed by their rampant spying.

      I don't know what country you are from, but I can almost be sure that your country is making the same efforts against other countries.

      • Re:This seems to be a recurring problem. (Score:5, Funny)

        by zach_d (782013) on Sunday July 20 2008, @04:06AM (#24260493)
        My country doesn't have the budget, frankly. I'm Canadian.

        • My country doesn't have the attractive women, frankly. I'm Canadian.

          There, fixed that for you.

        • Re:This seems to be a recurring problem. (Score:4, Insightful)

          by betterunixthanunix (980855) on Sunday July 20 2008, @08:16AM (#24261539)
          Actually, that's not quite correct. During the cold war, the US, UK, Canada, Australia, and New Zealand ran a massive signal intercepting operation against the USSR's satellites, and (presumably) against its cables also. Following the collapse of the USSR, rumors started circling about this operation being used against the businesses of other countries, and it was revealed (unofficially) that several high profile businesses were being aided by their respective governments in literally stealing plans from foreign businesses (the case that comes to mind was a German firm that developed a new jet engine, and "coincidentally" Boeing managed to develop a nearly identical jet engine in a fraction of the time). To be fair, other governments do this to (including the Germans), but the US/UK/Ca/Au/NZ is the most extensive, or was prior to China's operation.

          • (the case that comes to mind was a German firm that developed a new jet engine, and "coincidentally" Boeing managed to develop a nearly identical jet engine in a fraction of the time).

            Boeing doesn't develop jet engines, it never has - its an airframe manufacturer, every jet engined aircraft it has developed has used a third party engine. I can't for the life of me think what 'new jet engine' you could possibly be talking about either.

    • Members of the British Government will now be expecting an increased amount of spam and unsolicited phone salesmen calling to offer V1agra and other products.

      • Re:This seems to be a recurring problem. (Score:5, Funny)

        by MPAB (1074440) on Sunday July 20 2008, @05:31AM (#24260817)

        Members of the British Government will now be expecting an increased amount of spam and unsolicited phone salesmen calling to offer V1agra and other products.

        Will that be because of the data inside the phone or because of the chinese lady's detailed report?

      • Re:This seems to be a recurring problem. (Score:5, Insightful)

        by Opportunist (166417) on Sunday July 20 2008, @07:00AM (#24261143)

        Not good at it, or not caring?

        Our espionage agencies have to keep up the front of being the "good guy". We don't spy. We only have those spies to protect us from other spies, you know? Our secret agents are only good and shining examples, they don't steal information or conduct covert operations to kill someone, and if they do, we first of all make sure that whoever they want dead is so long slandered and labeled terrorist, communist or whatever the boogeyman of the day so people nod their heads and agree that this man is better dead.

        China has no such problems. The people there know that they better not question the actions of their government. Oh, you mean international prestige? Ok, hate me. I'm the one building your crap for cheap, want to do business without me? Can your economy survive without me? So whether you hate me or not, you will continue to do business with me, do I care what you think of me?

    • Re:How foolish (Score:5, Informative)

      by 4D6963 (933028) on Sunday July 20 2008, @03:44AM (#24260397)

      China is basically using Capitalism as their weapon by fixing the Yuen to the Dollar.

      2005 just called, they want their now-outdated [cnn.com] analysis back

        • The Euro to Yuan is not fixed: according to the data linked by you it seems to have gone up from cca 9,3 to cca 10.7 - by about 15 percent.
          Also the Dollar to Euro rate decreased by about 30 percent (and not 60).
          Now, those are just rough calculations and IANASoros - so correct me if i'm wrong.

    • Re:How foolish (Score:4, Interesting)

      by korean.ian (1264578) on Sunday July 20 2008, @04:08AM (#24260501)

      Only a fool would think that an attractive chinese women in chinese disco is going to go to bed the first night with a westerner.

      You've clearly never been to Asia. Rest assured you can see many examples of exactly this happening all over Asia.

      Now send in 007 to get that Blackberry!

      • Re:How foolish (Score:5, Funny)

        by slashmojo (818930) on Sunday July 20 2008, @06:45AM (#24261081)

        You've clearly never been to Asia. Rest assured you can see many examples of exactly this happening all over Asia

        And so begins the great stampede of slashdot readers heading for asia.. ;)

      • Re: (Score:3, Insightful)

        by dwater (72834)

        Every country does that, and yet some manage to still consider other countries friendly.

        Anyway, in the case of the usa, I severly doubt it would make any difference at all. The usa seems to be stuck in this anti-communism era, even though China has little to do with that any more. With the USSR gone, the usa has few left to demonise, so China is the obvious target.

        Still, not everyone on /. is from the usa, and yet these adsurd articles keep getting posted.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.