UK PM's Aide Loses BlackBerry In Chinese Honeytrap

longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"

Re:How foolish

[4D6963]

China is basically using Capitalism as their weapon by fixing the Yuen to the Dollar.

2005 just called, they want their now-outdated [cnn.com] analysis back

Re:How foolish

[Anonymous Coward]

Logic called. They said that you need a lesson. The yuan is in a "basket", that is supposedly pegged to a number of moneys. Only problem is, there is no formula that has been given and more importantly, none that can be found. The yuan against the dollar has gone up just a bit, even though the dollar has plummeted against ALL other western moneies AND the chinese accumulate loads of dollars. IOW, it is still fixed. The only difference is that China has pulled a scam for fools like you.
Dollar to yuan [yahoo.com]
Dollar to Euro. [yahoo.com]
Euro to Yuan. [yahoo.com]
The Yuan has gone up 20% over 5 years against the dollar, while the euro has gone up more than 60%. By the same token, the euro to yuan is roughly fixed. Do the same for other western monies and you find the same result. Basically, if China were to allow a true floating money, it would more than double. Even now, the EU is considering this a problem. They are currently asking China to keep their earlier promises to open their borders as well as allow the yuan to float. So far, China is resisting. The good news is that EU is about to do something about this (unlike America).

Re:certs connection?

[Anonymous Coward]

I was just posting in the article about ways of making certs work, and I see this.

Am I the only one who sees a connection between this and the problems we have getting certificates to actually mean what they are supposed to mean?

Actually, I see several connections.

Actually, I am not certain if I'm answering to you or going offtopic but from what I understood from your post...

No, not really. I have worked in the ministry of foreign affairs in a country that started using PKI to encrypt communications to all embassies around the world. The public and private keys (the chip cards on which they were) were delivered in diplomatic mail to the people around the world. When they had gotten them, the pin codes required to use them would be delivered in separate mail.

No way for both certificates to get lost. The only possible way for that would be if the people would write the pin codes down and keep them with them alongside their cards.

This is prevented by normal psychology. While low ranked officials might do that, anyone who is high enough in ranks to actually have access to something very important and secret (noting that anything actually classified as "secret" or above isn't accessible by internet, at all) will be so full of himself and think of himself as so important that he will follow all security precautions very closely. "Everyone must be after the data I have access to!"

Your data seem to contradict yourself

[The_Hun]

The Euro to Yuan is not fixed: according to the data linked by you it seems to have gone up from cca 9,3 to cca 10.7 - by about 15 percent.
Also the Dollar to Euro rate decreased by about 30 percent (and not 60).
Now, those are just rough calculations and IANASoros - so correct me if i'm wrong.

Re:If you can lose a blackberry...

[Anonymous Coward]

There's no such thing as a BlackBerry without encryption. All data to and from a BlackBerry is TripleDES or AES encrypted, regardless if you're on a BES or using your carrier webmail.

If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.

Plus, if someone enters the password wrong ten times, the device wipes itself

The only security issue here is if the guy used a really easy password. And even that can be avoided because the admin can specify password complexity so users can't enter stuf like, '1234'

Re:This seems to be a recurring problem.

[Guido von Guido]

My country doesn't have the attractive women, frankly. I'm Canadian.

There, fixed that for you.

I just moved to downtown Toronto. I can assure you that you're wrong. Although perhaps we're stockpiling them.

Re:passwords?

[Anonymous Coward]

You don't know much about blackberries. A government wouldn't use IMAP.

There are so many ridiculous things here.

1. A government would use a blackberry enterprise server (BES).
2. The BES platform and devices has been audited from end-to-end [blackberry.com] [blackberry.com] by the UK government's spies (GCHQ). They know what they are doing and how to manage blackberries securely.
3. With a BES, you can control every little detail on the blackberry. The UK government has standards for this.
4. With a BES, you can:
- force the blackberries to use strong encryption to store & transmit encrypted email
- force the blackberries to use strong encryption on the removable media card
- force the blackberries to use a strong password to lock the device
- force the blackberries to lock after a configurable period of inactivity
- force the blackberries to lock after a configurable period regardless of activity
- force the blackberries to use two-factor authentication such as an RSA key fob or smartcard
- disable bluetooth and other functions
- prevent data transfer by USB
- lock the blackberry remotely
- wipe the blackberry remotely
- if it has GPS, trace the location of the blackberry

It's a bit hard to believe that my 50-person company has a better blackberry policy than the UK government. But that's nuLabour for you.

Re:This seems to be a recurring problem.

[Richard_at_work]

(the case that comes to mind was a German firm that developed a new jet engine, and "coincidentally" Boeing managed to develop a nearly identical jet engine in a fraction of the time).

Boeing doesn't develop jet engines, it never has - its an airframe manufacturer, every jet engined aircraft it has developed has used a third party engine. I can't for the life of me think what 'new jet engine' you could possibly be talking about either.

Re:This seems to be a recurring problem.

[dryeo]

As a Canadian citizen (I have the papers to prove it) our Queen is Her Majesty, Elizabeth II, the Queen of Canada.
As a British subject (I have the papers to prove it) our Queen is Her Majesty, Elizabeth II, the Queen of England.
She also happens to be the Queen of quite a few other places as well.