Forgot your password?
typodupeerror
Security Communications

UK PM's Aide Loses BlackBerry In Chinese Honeytrap 260

Posted by timothy
from the my-envy-exceeds-his-chagrin dept.
longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"
This discussion has been archived. No new comments can be posted.

UK PM's Aide Loses BlackBerry In Chinese Honeytrap

Comments Filter:
  • by nacturation (646836) * <nacturation AT gmail DOT com> on Sunday July 20, 2008 @03:25AM (#24260319) Journal

    Would he have reported the loss of his virginity?
     

    • by martin-boundary (547041) on Sunday July 20, 2008 @04:10AM (#24260509)
      Ha! He actually tried, but the lameness filter prevented it...
    • by AlienIntelligence (1184493) on Sunday July 20, 2008 @04:14AM (#24260545)

      Ew, if you could lose a blackberry in that
      Chinese Honeypot, I wouldn't stick around.

      -AI

      • Re: (Score:3, Funny)

        by bobdotorg (598873)

        Ew, if you could lose a blackberry in that
        Chinese Honeypot, I wouldn't stick around.

        Use your Blackberry's light to find our way out?

        Hell, let's use your Blackberry's light to find my keys, and we'll drive our way out.

      • by Anonymous Coward on Sunday July 20, 2008 @06:43AM (#24261079)

        There's no such thing as a BlackBerry without encryption. All data to and from a BlackBerry is TripleDES or AES encrypted, regardless if you're on a BES or using your carrier webmail.

        If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

        Plus, if someone enters the password wrong ten times, the device wipes itself

        The only security issue here is if the guy used a really easy password. And even that can be avoided because the admin can specify password complexity so users can't enter stuf like, '1234'

        • by blincoln (592401) on Sunday July 20, 2008 @10:13AM (#24262491) Homepage Journal

          If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

          Unless whoever stole the BlackBerry has put it inside a metal box, or taken it to a sub-basement, or done anything else to block it from receiving a signal.

        • Re: (Score:3, Interesting)

          by RockDoctor (15477)

          If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

          I'll admit straight up to never having touched a Blackberry except with my pint glass, to move it along the bar and make room for something else. I didn't need to read the manual to do that. But I doubt that this statement can possibly be correct without some additional specifications.
          As-written, it would appear that an Admin, presumably somewhere in the world, can wipe a Blackberry by (typing?) a

    • by AndGodSed (968378)

      Hey Mr Bond...

      Is that a Blackberry in your pocket or are you excited to see me?

    • Re: (Score:3, Funny)

      by dotancohen (1015143)

      Would he have reported the loss of his virginity?

      No, the Chinese media would have misreported it and made it into a sex scandal.

      "Gordon Brown aide loses blackberry"
      will be translated in Engrish as
      "Gordon blown, has aids, loses cherry".

  • by davidwr (791652) on Sunday July 20, 2008 @03:32AM (#24260361) Homepage Journal

    They aren't telling us that Scotland Yard did this deliberately just to see how the Chinese would react.

    What the Chinese aren't telling us is they knew this was a trap and reacted accordingly.

    What Scotland Yard also isn't telling us is that they knew the Chinese would see the trap and were counting on them to react accordingly.

    What the Chinese also aren't telling us ....

    oooh my head hurts.

  • certs connection? (Score:2, Interesting)

    by reiisi (1211052)

    I was just posting in the article about ways of making certs work, and I see this.

    Am I the only one who sees a connection between this and the problems we have getting certificates to actually mean what they are supposed to mean?

    Actually, I see several connections.

  • by johannesg (664142) on Sunday July 20, 2008 @03:46AM (#24260413)

    I promise not to carry anything sensitive, and I'll distract the attractive Chinese women for him so his secrets will remain safe!

  • Honeytrap? Proof? (Score:5, Insightful)

    by 1u3hr (530656) on Sunday July 20, 2008 @03:53AM (#24260437)
    The only facts given are the guy picked up a girl (or vice versa) at a disco, and the next morning his Blackberry was gone.

    "Honeytrap"? Bullshit. What leads anyone to think it was anymore than the guy lost in in a taxi, or if the girl did take it, she sold it on to a second hand phone dealer for a few dollars.

    I think if it was really a "vast Communist conspiracy" as the article implies, the agents would have copied the data from the phone and returned it later in the evening, leaving him none the wiser.

    Much more important to consider is if the guy used the phone while he was in Beijing, there is an excellent chance that every keystroke, including passwords, was captured en route.

    • by mewsenews (251487) on Sunday July 20, 2008 @04:11AM (#24260511) Homepage

      intelligence gathering doesn't have to be subtle to be effective.

      whether or not his phone ended up in the hands of a foreign service he was foolish to have it stolen so obviously.

      • Re:Honeytrap? Proof? (Score:5, Interesting)

        by LS (57954) on Sunday July 20, 2008 @04:52AM (#24260665) Homepage

        you may be right, but as someone living in Beijing I can tell you that if you ever leave your bike or phone unguarded for one minute, there's a strong chance it will be gone the next time you look for it....

        • by mewsenews (251487)

          i just meant to say that as an aide to the PM he may not have been able to keep his penis out of the hands of the chinese but he could've been a bit more careful with government property.

          he was only informally reprimanded so we're not discussing whether he should get his job back.

      • by smallfries (601545) on Sunday July 20, 2008 @05:59AM (#24260905) Homepage

        No. The parent hit the nail squarely on the end. If they had stolen his passwords and returned the device then they would have had access to his official email without him being any the wiser. Then they could have gathered intelligence on anything he had access to for the foreseeable future.

        Stealing the device would just make Downing Street close the account and issue him a fresh one. Intelligence gathering does have to be subtle to be effective.

    • Because it sells (Score:5, Insightful)

      by khchung (462899) on Sunday July 20, 2008 @04:45AM (#24260647) Journal

      "News" have long ago lost any purpose of informing, assume it ever has that in the beginning. Nowadays, "news" is just baits used to catch your attention to advertisers, who are the real customer of any "news" organization, be it newspaper, TV or web site.

      Which headline do you think catches more attention (thus earn more profit)? "Some guy lost his Blackberry?" or "Chinese spys strikes again"?

      • Re: (Score:3, Insightful)

        by mjwx (966435)

        Which headline do you think catches more attention (thus earn more profit)? "Some guy lost his Blackberry?" or "Chinese spys strikes again"?

        If you can read between the lines, the spy story is to cover up for the fact that someone found out that the aide's phone was stolen by a Chinese prostitute he bought back to his room. This is more about arse-covering than scare scaremongering, they are just trying to distract people from the fact that this guy was stupid enough to leave his phone lying about whilst h

    • by owlnation (858981) on Sunday July 20, 2008 @04:54AM (#24260669)

      The only facts given are the guy picked up a girl (or vice versa) at a disco, and the next morning his Blackberry was gone.

      Exactly. Occams Razor. In the UK, the New Labour Regime has a substantial history of losing important documents in large numbers. The Party and its employees are not generally known for their intelligence (as in brains, not spying). He's also British, thus at night he's most certainly drunk.

      Q.E.D. He lost the Blackberry. He then lied to make himself seem like a more glamorous victim.

      Most probably he's just a drunken, incompetent, liar. Like most everyone else in his Party.

      • Re: (Score:3, Insightful)

        by MythMoth (73648)

        Whereas the Tories will no doubt be a shining beacon of moral rectitude when they finally claw their way back into power?

        What a load of crap; I detest this partisan bollocks. Politicians of all colours are for the most part honest with a lot of dissembling forced upon them by the spin that the media will put upon any straight and honest answers that they give.

        There are bad apples (just as an example a Tory cabinet minister [wikipedia.org] went to prison for perjuring himself in a libel action) but this "oh the government i

  • by nighty5 (615965) on Sunday July 20, 2008 @04:04AM (#24260485)

    The fault has to lie with the government and not the aide.

    This comes down to just bad security governance, even my blackberry is encrypted and our BES servers enforce security down to the handset so that you can't install any unauthorised applications.

    These devices of course are prone to loss, and given the confidential information potentially held on these devices should be reason enough to enforce the appropriate security measures on the devices.

    • Re: (Score:3, Interesting)

      by Opportunist (166417)

      Exactly my thought.

      I was doing IT security for a financial institution for a while. One of the first things I put my foot down about was the treatment of notebooks (it was the time before Blackberry). The doctrine was that every notebook had to treat its user as an "enemy" until the user identified himself. I spent a good deal of my time trying to hack those notebooks, and every success meant a change in protocol, in two cases it meant a complete change in hardware.

      Security was paramount. I wonder why our g

  • by Anonymous Coward on Sunday July 20, 2008 @04:06AM (#24260489)

    The woman was not really attractive, he was just desperate.

    Seriously, is the woman's attractiveness really pertinent to what happened, and was her attractiveness fact-checked? Or is "attractive Shanghai woman" a British idiom for "prostitute"?

    • Re: (Score:3, Funny)

      by pallmall1 (882819)

      The woman was not really attractive, he was just desperate.

      Maybe she came into the club as a 2, and he drank her up to an 8.

    • by gatkinso (15975)

      Yes, her attractiveness is pertinent, along with her bra size. Also, if she shaved it clean.

      And, you are gay.

      Carry on.

  • Oh no! (Score:3, Funny)

    by dbIII (701233) on Sunday July 20, 2008 @04:12AM (#24260527)

    a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room

    Brown trouser time!

    snake its way deep into Downing Street's email servers

    So the article is trouser snake meets honeypot - but it's a trap! Snap! Ow, Blackberries.

    • by owlnation (858981)

      Brown trouser time!

      Well, it makes a change from Brown Shirt time. Something Gordon is trying to develop at the expense of the freedom of the UK.

  • passwords? (Score:5, Insightful)

    by speedtux (1307149) on Sunday July 20, 2008 @04:13AM (#24260531)

    likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers.

    So, in addition to stupid aides that fall for Chinese spy-whores, the British government is incapable of changing the passwords on its mail servers?

    • Re: (Score:3, Insightful)

      by jd (1658)
      The MPs who have their own websites might be able to change their own passwords, but the Civil Service? C'mon, these are the guys that use "Yes, Prime Minister" as training material.
    • by msimm (580077)
      Spy-whores? Stupid? You should get out more.
    • Re:passwords? (Score:5, Insightful)

      by ColaMan (37550) on Sunday July 20, 2008 @04:45AM (#24260649) Homepage Journal

      Let's see:

      You are a chinese honeytrap now in possession of an aide's blackberry. It is 1am. The aide has passed out drunk three steps inside the front door of his flat, and won't be in any fit capacity until about 8am, when he realises his blackberry is missing and goes looking for it. The IT boys cancel his password at 9am.

      That gives you 8 hours to:

      - Read all his recent email, for starters. If they're doing IMAP, then god knows how many personal IMAP folders there are to browse through on the server. Look for the good folders like "Foreign Policy". "Sent Items" and "Drafts" can also be fascinating.

      - Get his contact list, recent callers,etc, allowing you to analyse and see where this particular cog fits in the Government Machine. If he turns out to be a well-connected individual, it might pay in the future to keep an eye on him. If he's not well-connected, that's one more person you cross off the list.

      - Possibly fire off a few trojans to a few "inside" email accounts on that list, who might accept them from a known,"trusted" source. Doesn't hurt to try something like "Revision to yesterday's document -- URGENT".

      So you see, there's plenty of scope for mischief.

      • Re:passwords? (Score:5, Insightful)

        by h4rm0ny (722443) on Sunday July 20, 2008 @04:52AM (#24260663) Journal

        The final logical step of course, would be to put it back where you found it before he wakes up. Now that would be far better "spying" than just nicking the thing. So maybe it was just stolen.

        Counter-arguments would be that if a woman was going to seduce a guy just to steal from him, you'd have seen more things go missing than just a blackberry. And even if the "spy" did want to take the blackberry, stealing other things as a cover would be better. This story is either incomplete or there is some inept work being done here.
        • You know what's scary about your argument? How many Blackberries were really used for spying and nobody noticed?

          What if this was an incomplete espionage ploy? Where they routinely steal the BBs, investigate their contents and return them, but this time she couldn't return it in time, maybe because she was robbed herself, or got hit by a car, or some other reason why she couldn't get back in time to cover it up?

      • by speedtux (1307149)

        So you see, there's plenty of scope for mischief.

        If that happens, people can easily tell from the log files. Based on what the British government actually said, none of that seems to have happened, which means that it comes down to changing the password.

        In fact, I doubt that any of what you say was actually likely. Blackberries generally aren't used as direct IMAP clients and probably don't even have the IMAP password stored.

        Most likely, the only exposure of this was likely recent E-mails and some contact

  • They know what the aide looks like.

    ba-dump *tsssh*!

  • ...... the 'woman' picked up ended up being a dude in drag and that aide ended up losing more than his blackberry that night. *Always* remember the package check guys!
  • by dreamchaser (49529) on Sunday July 20, 2008 @04:43AM (#24260641) Homepage Journal

    His Blackberry got shanghaied [wikipedia.org] in Shanghai?

  • by arcade (16638) on Sunday July 20, 2008 @05:06AM (#24260703) Homepage

    Tsktsk.

    He should get instructions on how to safely do Penetration Testing of the Chinese secret service. Clearly he forgot to secure the client side properly. Except for that, the article is a tad vague on whether the testing itself went smoothly and he found some holes.

    *Ahem*

    • Re: (Score:3, Funny)

      by arcade (16638)

      Thinking a little bit more about it, I also hope he remembered to use a proper firewall/virus scanner to prevent malware infections. The article also forgets to mention whether he has signed a non-compete agreement when it comes to Penetration Testing - in case he might lose his current contract, for a one night consulting-job.

  • That is something a greenhorn soldier would do and not all of them.
  • Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock.

    This is the best IT security the UK PM's office can manage? They have staff in a foreign countries and let them walk around with sensitive information on a low security device? Come on. It wasn't the aides fault if their InfoSec policy is that weak. And it doesn't matter how he lost his Blackberry. Would have been just as easy to arrange a minor accident and have the emergency responders lift it off him d

  • Foreign governments will hire hot chicks to do you just for a Blackberry? If I was a target, I'd get myself of whole box of fake Blackberries and go around pretending to use them at discos. At least until my agency sprung for counter-espionage fake Blackberries that *looked* like they had encrypted state secrets on them, but were really just surveillance devices so they could GPS exactly where they wound up, and eaves-drop on their decryption techniques.

    Unfortunately, no government cares enough about what's

  • The phone was stolen by a prostitute, not an agent. It happens 100+ times per any given night in any large city.

    Prostitutes do still phones and cash. WHat makes them think that it was an agent?

    Certainly it would give them a selfrespect and a feeling of selfimportance.

    But what really happened is that a hooker has got a blackberry stolen from a drunkard.

  • Subject (Score:3, Funny)

    by Legion303 (97901) on Sunday July 20, 2008 @07:15AM (#24261225) Homepage

    "The aide was 'informally reprimanded.'"

    Translation: "Dammit, Nigel, keep it in your bloody shorts next time!"

  • ... the KGB or better yet, the NKVD would have shamed Gitmo...
    Hmmmm i miss the old times, when it was just KGB agents trying to steal our secrets and CIA stealing KGB secrets... now we have to deal with this whole crap of different entities.

  • by Peter Cooper (660482) on Sunday July 20, 2008 @12:49PM (#24264013) Homepage Journal

    It's no surprise that this has happened to a high ranking UK official. The state of security in the United Kingdom is absolutely pathetic nowadays, and the country deserves to be laughed at. Before we go on, yes, I'm British.

    Barely a week seems to go by without a story of confidential government (or secret service) files being left on a train, on a laptop on a train, or what not. Think I'm joking? Google for "uk lost files train" [google.co.uk] to see a plethora of stories.

    For more, try a search for UK lost data [google.co.uk]. This includes November 2007's leak of 25 million people's bank details [wikipedia.org], national insurance numbers (like an SSN in the US), name, birthday and address. How about December 2007's story of the DVA losing the details [bbc.co.uk] of 6000 drivers?

    The British government is a fucking shambles when it comes to anything relating to IT (what about the £20bn wasted on an NHS computer system [telegraph.co.uk] that barely works - with a reported 110 "major incidents" in 2006) or the secure management of data.

    In the UK, any data stored by the government (which includes most of your personal information) is extremely unsafe and should be assumed to be public knowledge.

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie

Working...