UK PM's Aide Loses BlackBerry In Chinese Honeytrap 260
longacre writes "The Times of London is today reporting a January incident in which a top aide to Prime Minister Gordon Brown discovered his BlackBerry missing from his hotel room after spending the night with an attractive woman who approached him in a Shanghai disco. Seems this was a run-of-the-mill BlackBerry without any encryption, only a simple password lock. The greatest fear is that, even if the device did not contain any sensitive messages at the time, there was likely enough information on board for a hostile intelligence service to snake its way deep into Downing Street's email servers. The aide was 'informally reprimanded.'"
This seems to be a recurring problem. (Score:1, Interesting)
certs connection? (Score:2, Interesting)
I was just posting in the article about ways of making certs work, and I see this.
Am I the only one who sees a connection between this and the problems we have getting certificates to actually mean what they are supposed to mean?
Actually, I see several connections.
Re:How foolish (Score:4, Interesting)
Only a fool would think that an attractive chinese women in chinese disco is going to go to bed the first night with a westerner.
You've clearly never been to Asia. Rest assured you can see many examples of exactly this happening all over Asia.
Now send in 007 to get that Blackberry!
Re:Honeytrap? Proof? (Score:5, Interesting)
you may be right, but as someone living in Beijing I can tell you that if you ever leave your bike or phone unguarded for one minute, there's a strong chance it will be gone the next time you look for it....
Re:Govt fault, not the aide (Score:3, Interesting)
Exactly my thought.
I was doing IT security for a financial institution for a while. One of the first things I put my foot down about was the treatment of notebooks (it was the time before Blackberry). The doctrine was that every notebook had to treat its user as an "enemy" until the user identified himself. I spent a good deal of my time trying to hack those notebooks, and every success meant a change in protocol, in two cases it meant a complete change in hardware.
Security was paramount. I wonder why our governments consider security a secondary concern.
Re:If you can lose a blackberry... (Score:5, Interesting)
If he's on a BES the problem is non-existent, the Admin can remotely wipe the BlackBerry with a single command.
Unless whoever stole the BlackBerry has put it inside a metal box, or taken it to a sub-basement, or done anything else to block it from receiving a signal.
The UK is a security joke (Score:3, Interesting)
It's no surprise that this has happened to a high ranking UK official. The state of security in the United Kingdom is absolutely pathetic nowadays, and the country deserves to be laughed at. Before we go on, yes, I'm British.
Barely a week seems to go by without a story of confidential government (or secret service) files being left on a train, on a laptop on a train, or what not. Think I'm joking? Google for "uk lost files train" [google.co.uk] to see a plethora of stories.
For more, try a search for UK lost data [google.co.uk]. This includes November 2007's leak of 25 million people's bank details [wikipedia.org], national insurance numbers (like an SSN in the US), name, birthday and address. How about December 2007's story of the DVA losing the details [bbc.co.uk] of 6000 drivers?
The British government is a fucking shambles when it comes to anything relating to IT (what about the £20bn wasted on an NHS computer system [telegraph.co.uk] that barely works - with a reported 110 "major incidents" in 2006) or the secure management of data.
In the UK, any data stored by the government (which includes most of your personal information) is extremely unsafe and should be assumed to be public knowledge.
Re:This seems to be a recurring problem. (Score:3, Interesting)
Re:If you can lose a blackberry... (Score:3, Interesting)
For me, once I report my pda lost, the boys in corp will send a command to wipe the contents of the phone and remove all settings. I believe this option also exists for blackberry.
Won't do any good if whoever grabs the pda/blackberry immediately puts it in a shielded bag and thereafter any work on it is done in a shielded room (Faraday cage). If it's an organized intelligence operation doing this, you can bet that that's exactly what they'll do.
Better would be to add a deadman switch in the pda, which self-destructs if not periodically reset by a signal from home. The danger there is if the signal is lost for mundane reasons.
Re:If you can lose a blackberry... (Score:3, Interesting)
I'll admit straight up to never having touched a Blackberry except with my pint glass, to move it along the bar and make room for something else. I didn't need to read the manual to do that. But I doubt that this statement can possibly be correct without some additional specifications.
As-written, it would appear that an Admin, presumably somewhere in the world, can wipe a Blackberry by (typing?) a single command, without requiring any communication between the Admin and the Blackberry.
Err, right. I'm watching an episode of Gerry & Sylvia Anderson's "UFO" series ; they didn't postulate that technology. Neither did Gene 'Star Trek' Rodenberry in his universe - Uhuru has enough work to do twiddling knobs on the radio set (both neglect time-of-flight from Earth to Moon though).
If I were a barely competent electronic espionage planner, I'd have used some of my copious budget to buy a number of the systems under attack (since they're available at a low cost ; many people have died, painfully, paying the higher prices of obtaining more restricted systems). I'd have RTFM'd and found out about these capabilities, then I'd have found out (by experiment, backed-up by radio experience) how to block such electronic hara kiri instructions. And probably any other communication between the device and the rest of the world. A good start may simply have been two metallised-plastic crisp packets and an elastic band. Or, in the context of the "honey trap", perhaps a couple of wrapper for "female condom" - see the video at http://www.youtube.com/watch?v=mnyC_v0-DQ4 [youtube.com] to see the sort of size of these things. Close enough? /. discussion?) pop the Blackberry into your improvised-by-design radio quiet room and disappear to the facility where it can have it's electronic braincell picked at leisure.
So your thief distracts the mark's attention, then while he's sleeping (need to slip something into his drink? Why not paint your nips with a mild skin-absorbed narcotic? Or is that too kinky for a
Not the hardest mission outline to come up with. Maybe it'll need something a bit sturdier, like getting something ordered on Room Service by the thief, which arrives wrapped in aluminium foil to keep it warm.
I suppose that you could set these Blackberry things up so that they wipe their braincells each time they go out of contact with base. Yeah, that'll please the customer at the limits of connectivity. Otherwise, simply blocking reception of any signal by the unit before the mark realises that their braincell is missing, would be sufficient to prevent the device being wiped administratively. After which, it's down to conventional hardware hacking and cryptography.