MI6 Camera -- Including Secrets -- Sold on eBay

I wish I'd known:

A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK's MI6 organization.

Allegedly sold by one of the clandestine organization's agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service's computer network, containing a "Top Secret" marking.

He turned the camera in to the police.

Posted on October 1, 2008 at 1:59 PM • 44 Comments

Comments

bobOctober 1, 2008 3:14 PM

I wonder if this was an AQ mole inside MI6 using eBay as a transfer system and it went wrong? It makes at least as much sense as using chat channels in WoW.

Concerned CitizenOctober 1, 2008 4:02 PM

I am not sure that the police response can be commended.

First they treat it as a joke. Then they raid his home and seize his computer. I can understand that that might need to image his hard drive to investigate the origin of the camera and to determine if he had copied the sensitive data, but that could be done at his home, with his permission and without removing or seizing the computer. What kind of treatment is that for a citizen who has come forward and is trying to to do his patriotic duty?

If ever I were in this situation, this heavy handed response might make me think twice before going to the police and perhaps more likely to turn to the media.

Shame.

I hope that the police officers who treated this as a joke will be reprimanded.

MikeOctober 1, 2008 4:06 PM

Something about this story just doesn't add up - the list of stuff that was on there sounds like a shopping list of things people would expect to see in a leak from MI6. Login credentials stored on a camera? This story just doesn't make sense.

Pat CahalanOctober 1, 2008 4:13 PM

You know, it's basically impossible to determine if someone has made a copy of this sort of data unless you have your hands on every computer they possibly could have used to make a copy. Which means, in practice, that it's impossible to determine if the guy has made a copy of the data.

Seizing his computer and raiding his house is probably not the best way to get his cooperation.

HumHoOctober 1, 2008 4:25 PM

@bob:
I wonder if this was an AQ mole inside MI6 using eBay as a transfer system...

----

What is an AQ mole??

JJOctober 1, 2008 4:30 PM

In fact it is very likely M5 or M6 or whatevers use eBay as some sort of a transfer system.

But if you are trying to identify, locate and bust them, good luck...

SotoOctober 1, 2008 4:31 PM

This is similar to the premise of the Cohen brother's "Burn After Reading". Life imitating art?

mcbOctober 1, 2008 4:57 PM

Thanks to Neal Stephensen's _Cryptonomicon_ whenever I hear about the plans for Desert Storm left in an unsecure laptop in a cab, a damaged P3 landing in China instead of ditching, or a Coolpix full of "secrets" sold on eBay I wonder if Detachment 2702 isn't out there planting additional information to give the bell curve the proper shape...

BetaOctober 1, 2008 5:17 PM

@Concerned Citizen

"What kind of treatment is that for a citizen who has come forward and is trying to to do his patriotic duty?"

Apalling, stupid and counter-productive, but historically common.

"If ever I were in this situation, this heavy handed response might make me think twice before going to the police and perhaps more likely to turn to the media."

Taking something marked "Top Secret" to the media is NOT a good way to stay out of trouble. But you're right, if this is the way the authorities treat those who try to help them, then the next person in this position is likely to say "I saw that it had some boring pictures of a cluttered desk, so I deleted them." Heavy-handed officials generally never realize how much they damage real security this way.

NickOctober 1, 2008 6:11 PM

@HumHo

What is an AQ mole? I'll give you three guesses as to what organization the acronym AQ could possibly refer to.

Anonymous CowardOctober 1, 2008 6:34 PM

Shouldn't he have given the camera to cryptome instead? What's the morally right thing to do in such a case?

KTCOctober 1, 2008 6:37 PM

@Adrian, Concerned Citizen, Pat Cahalan, Beta

They (MI6? Police?) replaced his computer at a cost of £1000. They know he *has* copied the data onto his computer. It was reported he only discovered what was on the camara after he downloaded all the pics (including his newly taken holidays ones) onto his camara. Presumingly they don't want to let him keep the computer in case he run some file recovery tools to retrieve any deleted files. But I thought running file shedder a large number of times would had been enough...

The officer taking the report initially could well have taken it as a joke, but presumingly he or she had taken it seriously enough to have open the file leading to Special Branch going round to his house.

Beta, yes, handing it to other people and not reporting it to the police when you know what is on it is an offence under the Official Secret Act.

spy vs spyOctober 1, 2008 6:44 PM

Whom ever previously used the camera moved data files from his computer onto the camera's memory chip as a file transfer. Nothing difficult to understand here.

How about scanning the chip for previously deleted files/photos and any other reformat attempts?

HumHoOctober 1, 2008 11:17 PM

Nick:
What is an AQ mole? I'll give you three guesses...

---
An AQ mole is someone from...
1. Adventure Quest?
2. Antarctica?
3. al-Qaeda?

John CampbellOctober 1, 2008 11:33 PM

Ummm... I'm too lazy to go look again... but wasn't this kind of situation mentioned in the Security Maxims just a couple of days ago? In more than one context?

Nomen PublicusOctober 2, 2008 12:36 AM

Although this is just another trivial example of secure data leakage... it is yet another trivial example of secure data leakage.

Those of you outside the UK will probably be unaware of the number and extent of data leakage from UK government organisations over just the past 12 months. It appears that no data, no matter how sensitive, is safe from government incompetence.

We view the proposed government ID card scheme with vast concern.

ConcernedOctober 2, 2008 2:37 AM

"They (MI6? Police?) replaced his computer at a cost of £1000."

Did they also replace all his personal data, digital downloads, software tied to his particular computer, etc.?

mozOctober 2, 2008 4:01 AM

Err assuming this is actual valuable, up to date, military intelligence as reported then what do you expect the police to do? Leave a copy lying around? Trust him to safe erase the data himself? This data is specifically the kind of thing that people kill for and probably already had. That the police have already spent £1000 replacing his equipment is almost unheard of. Mostly they say something like "Evidence in a crime; maybe you'll get it back after a year. If we feel nice.". I looked at the articles and can't even see that he's complaining about this himself. I'm sure morally he should be compensated more; even rewarded, but this doesn't come out anywhere noticeable on the scale of police stupidity.

TimOctober 2, 2008 4:48 AM

So in future, if you want to do 'the right thing', don't tell the police directly. Burn a copy of the data to a CD, and mail it to the police.

Actually, you're probably best off just keeping quiet. They might find you through the eBay records.

John ScholesOctober 2, 2008 5:07 AM

@Mike

I agree that this story sounds odd. But then the Register just copied it from the Sun. I don't think the Sun is either reliable or precise on security matters.

The online version includes a ridiculous "Slideshow" - "Click on the slideshow below to see some of the items on the memory". The 4 images are a random fingerprint, a random terrorist with RPG, a random stack of "terrorist" files, and a random (rather old) desktop PC. In other words, they are certainly not images from the camera memory.

That makes me distrust all the Sun's details.

PaeniteoOctober 2, 2008 5:14 AM

I remember that on an earlier blog post, some commenter wondered why people tend to hand these things to the newspapers instead of going to the police.

Here's your answer...

MarkOctober 2, 2008 5:19 AM

@Paeniteo
I remember that on an earlier blog post, some commenter wondered why people tend to hand these things to the newspapers instead of going to the police.

Or if you must hand such things over to the police then do so in a public place and make sure the press turn up before the police do.

KTCOctober 2, 2008 5:20 AM

@Tim

No no no, you want to be seem to "do the right thing" _and_ keep the data. Burn a disc with the data / photocopy those files they like lying around trains, keep those copies safe, before handing over the original. ;-D

The Other MarkOctober 2, 2008 7:25 AM

Not apologizing for the authorities, but I think they pretty much had to confiscate the machine. They don't know whether it's infected with malware, rootkitted, etc., and allowing it to continue to operate in this guy's home, connected to a commercial ISP, would be a huge liability. I'm glad they at least compensated him.

Of course, you could pretty well argue that they had already let the cat pretty far out of the bag... I mean, how many other memory cards have this kind of data on them, and how many have also been stuck into digital cameras, picture frames, etc. (which also have a nasty habit of containing malware).

ZaphodOctober 2, 2008 7:25 AM

What strikes me as odd is the fact that the images where not discovered until after a holiday until the downloading of the memory card to a PC.

At the very least one would expect to see the images when reviewing on the back of the camera, after having taken a shot. Or indeed, upon receiving the camera/card testing they operate correctly.

For me, the first thing I do with a memory card is to scan it for deleted images of a, ahem, amorous nature. But that's just me.........

Z.

bobOctober 2, 2008 7:36 AM

@Barry Leiba: Although you didnt ask me, it caused me to think about it and I suspect that if it happened to me I would:
-delete the images and run a "sterilize free space" utility
-remove my hard drive and swap it with one of the 20 older ones I have laying around.
-Take MY hard drive to work and hide it in a pile of hard drives (a la "Raiders of the lost Ark")
-Download the images to that "new" (probably smaller) drive.
-"Touch" a bunch of files so the drive looked continuously used.
-THEN tell the cops I had their info and cooperate fully (without mentioning the above steps).

That way I have protected national security and done my duty without depending on the incompetents who lost it in the first place to not @#$! me over in their rush to hide their embarrassment and blame it on SOMEBODY, ANYBODY RIGHT NOW NOW NOW!!

HawkeOctober 2, 2008 8:38 AM

Proper Procedure in such circumstances.

Contact an attorney and have him turn it over to the police.

ripOctober 2, 2008 8:42 AM

So MI6 has someone loading data on small flash cards. Un encrypted. Is this so he can take the data home, perhaps sell it, perhaps it had already been sold a year before the guy forgot which flash card it was on. Should have marked the card burn before reading.

GeorgeOctober 2, 2008 10:56 AM

Because someone did something wrong, the Authorities have an obligation to punish someone for it so they can close the case and not look incompetent. Since the only person they can definitively trace the leak to is the person who turned it in, the obvious response was to raid his house, seize the computer, and declare success.

MagooOctober 2, 2008 12:00 PM

@Z~
Many digital cameras are very picky regarding the folder and filetype which will display for in-camera playback.

csrsterOctober 3, 2008 7:08 AM

bob- very good points. Even if he does nothing there's still a reasonable chance that MI6 will find out where their missing camera is and come knocking. Of course the innocent have nothing to fear. But those of us not born in a State of Grace would be better off covering our arses.

Michael G.R.October 5, 2008 12:20 AM

"Something about this story just doesn't add up - the list of stuff that was on there sounds like a shopping list of things people would expect to see in a leak from MI6. Login credentials stored on a camera? This story just doesn't make sense."

You are grossly underestimating the incompetence of government agencies.

Thankfully, those who would do indiscriminate harm to us are also often incompetent.

MartinOctober 15, 2008 9:20 AM

I'm surprised at the unquestioning acceptance of this ‘news story’ it doesn’t scan and has many hallmarks of a Hoax.

It lacks detail or who or where so is difficult or impossible to verify. The details included are actually wrong. MI6 are the Secret Intelligence Service and operate outside of the UK; MI5 have the mandate for domestic counter terrorism; and each vigorously guards their turf from the other. How was a member of the public able to identify the terrorist by name from the photo. The published example image appears at the top of search engine results when searching the net.

Occams Razor suggest this is more likely to be a Hoax than a convoluted events described.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..