[ISN] Home Office laptop and disc 'bought on eBay'

From: InfoSec News (alerts@private)
Date: Fri Feb 29 2008 - 01:21:07 PST


http://news.zdnet.co.uk/security/0,1000000189,39352977,00.htm

By David Meyer  
ZDNet.co.uk
28 Feb 2008

The Home Office is investigating the apparent sale of one of its 
laptops, along with an encrypted data disc, on eBay.

The laptop had been bought on the auction site then taken to an IT 
company near Manchester for repairs. The technicians at the repair 
centre, at Leapfrog Computers in Westhoughton, subsequently found an 
encrypted Home Office disc underneath the keyboard.

Leapfrog sales manager Jonathan Parry told ZDNet.co.uk on Thursday that 
the person who had bought the laptop had brought it into the shop on 
Monday because "it wasn't working properly".

"Underneath the keyboard in the laptop was a CD labelled 'Home Office: 
Private and Confidential'," Parry said. "We tested it and it was fully 
encrypted, and so was the laptop. We contacted [the police] and they 
seized the equipment."

Parry pointed out that, as optical disc drives are sealed units, "the 
only way that disc can get there is by taking the laptop keyboard off 
and putting the disc in there". He added that the presence of a CD 
underneath the keyboard was probably linked to the laptop not working.

We understand that encrypted IT equipment has been handed to Greater 
Manchester Police," a Home Office spokesperson said on Thursday. "Both 
the laptop and the disc were encrypted, thus safeguarding any 
information that might be stored on them. Investigations are now 
underway. It would be inappropriate to comment further while they are 
ongoing."

Security companies were quick to issue statements on the discovery. "The 
good news with this latest data breach is that the data was encrypted," 
said Lumension Security vice president Alan Bentley on Thursday. 
"However, encryption alone is not infallible computer hackers are 
determined individuals with the potential to crack one layer of 
security. We certainly shouldn't be relying on one line of protection 
when it comes to our national security."

"With the statistics showing that nearly 500 government devices have 
gone missing since 2001, it was only a matter of time before a 
confidential disc inadvertently ended up on eBay," said Brian Spector, 
the general manager for content protection at Workshare. "Luckily, the 
public sector finally seems to be learning from repeated mistakes, as 
the laptop and disc were encrypted. Unfortunately accidents like this 
are not going to stop happening so we can only hope that other 
government departments follow the Home Office's lead and adopt full disc 
encryption."

Governmental departments have suffered a spate of laptop thefts in 
recent years, recently leading to a Whitehall-wide ban on the the 
movement of unencrypted data.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Feb 29 2008 - 01:53:22 PST