MI6 and a Lost Memory Stick

Oops:

The United Kingdom's MI6 agency acknowledged this week that in 2006 it had to scrap a multi-million-dollar undercover drug operation after an agent left a memory stick filled with top-secret data on a transit coach.

The general problem. The general solution.

Posted on May 7, 2009 at 1:27 PM • 29 Comments

Comments

PackagedBlueMay 7, 2009 2:16 PM

Someday people will learn. We all need good IT, or everything is lost.

Those with more to lose should not corrupt IT.

Seems simple to me.

kangarooMay 7, 2009 2:24 PM

Nah, it's not about "good" IT. It's about not being an incompetent buffoon. These folks are supposed to be professional intelligence officers, yet they don't seem to know their jobs.

This isn't a small, technical error. It's a stupid, stupid action that doesn't require a PhD in cryptography to recognize.

Very simple.

RichMay 7, 2009 3:06 PM

Quite a few former MI6 officers ended up running hairdressing salons in Moscow. It's just a club for the upper classes.

Clive RobinsonMay 7, 2009 3:35 PM

Ahh talking about "the service", or as people in other untrusted (and usually despised) departments call them "6" because it makes them think they are part of the club. And oh dear a big mistake is made in just a single paragraph.

First of "agents" are not "officers" they do not work for the service but a "case officer" and are usually not trained by the service even in basic field craft except when absolutly required.

And as they are not in the service and have no knowledge of how the service deals with such things it is also expected that they have no c-mat or other knowledge of safe handeling and destruction etc.

So somebody is throwing a blinder around or is compleatly unknowledgable.

kangarooMay 7, 2009 5:18 PM

So Clive, MI-6 has people on staff that are completely ignorant of the service, since any knowledge is "need to know"? They've basically have secretaries on staff that are hired for typing skills?

Then it's much worse of a problem -- it's absolutely imbecilic to do such a thing. It's begging for, guaranteeing, trouble to have folks running around blind.

vedaalMay 7, 2009 5:40 PM

a great, free and open source whole disk encryption program, is truecrypt

which also allows for a keyfile in place of , or in addition to, a passphrase,
to encrypt the entire hard-drive

have heard of some measures that will wipe the drive if the passphrase attemps are exceeded,
(Blackberry has such a feature)
but am not sure how reliable they are

does anyone here know ?

tia

vedaal

SchlepperMay 7, 2009 5:59 PM

Ironkey is way to expensive. Truecrypt can provide enough security for much less.

godelMay 7, 2009 6:19 PM

The summary left out the best part. She didn't just lose the usb key, she lost it IN BOGATA COLUMBIA.

Initially I thought she'd left it on the London Underground or similar. The key contained details of undercover agents and informers -- potential death sentences.

Watching Them, Watching UsMay 7, 2009 6:58 PM

The "MI6" headlines are all wrong, and are being falsely repeated by some mainstream and online media.

If you read text of the original report in The Sunday Times of 26th April 2009:

Bumbling agent lost ‘crown jewels’ of drugs war
http://www.timesonline.co.uk/tol/news/politics/...


they mention that Agent T worked for the Serious Organised Crime Agency (SOCA)
http://www.soc.gov.uk

who are *not* at all the same as the Secret Intelligence Service (MI6)
http://sis.gov.uk

It is rather like confusing the US Drugs Enforcement Agency (DEA) or the Federal Bureau of Investigations (FBI) with the Central Intelligence Agency (CIA).

The incident seems to have happened in April 2006, over 3 years ago, at the airport in Bogota, Colombia.

Clive RobinsonMay 7, 2009 7:48 PM

@ kangaroo,

"So Clive, MI-6 has people on staff that are completely ignorant of the service, since any knowledge is "need to know"? They've basically have secretaries on staff that are hired for typing skills?"

Yes and Yes go read the online job adverts for MI-5 and MI-6.

Also please read both the articles carefully!!!

She was not never was or now probably never will be a member of the inteligence services proper (MIs) in the United Kingdom.

She was possibly and still might be a police officer or flat foot (you need them for walking the beat and opening doors).

Not only was she working for the "flat foots" but she wasa ham fisted on at best.

How she was selected based on her colleagues coments amazes me (it's something positive vetting is supposed to pull up, but flat foots are usually negativly vetted at best).

Now go read the original "From Russia with Love" james bond book it will tell you a lot about how the service was run shortly after WWII and has a very good description of a top of the line cipher system of the time. Ian Fleming was both a journolist and Intelegence officer prior to writting the James Bond books. So for that matter was Sefton Black and many other well known writers playwrites and journolists.

It is of such open and wide knowledge that I am surprised two journolists have got the service angle wrong. "Officers" work for the service there are very few of them in the field for very obvious reasons.

Agents are usually people who have been turned or have in other ways betrayed the trust of a forign power or organisation, and obviously are not to be trusted at all hence no training etc.

Associates are ordinary UK or other people that have been simply recruited (often unknown to them) to act as eyes and ears for the service.

There are also what are fictionaly and fancifully called proxies, freelancers and deniable assets. These people are not paid (in the conventional sense) but are very highly rewarded. They are used on a job by job basis to "go fetch" information out of safes and filing cabinates and other on-site work. They do not work for anybody other than themselves.

These irregulars are without constraint and usually very highly trained (but by whom is an open question in many cases). Often considerably more so than field and case officers who are strictly limited in what they can do by their diplomatic status.

By and large MI-6 is not a bunch of field officers running around doing those fictionaly named "black bag jobs" and "wet work" and the like.

They are primarly investagative journolists in function with diplomatic status when and if they go abroad (which is rare).

You may have heard the half truth joke about what the NSA will do if it gets control of the CIA which is outsource them to CNN and Reuters cliping service. It's only a half joke because CNN is usally pumping out raw intel from on the spot better and faster than most countries Intel services could hope to achive on the very best of days (simply because they have no Intel security issues to worry about).

For good and proper reaons MI-6 or the service is not allowed to do Intel work on subjects or organisations within the UK, the same with other countries Intel services such as the NSA etc (which is why the BRUSA agremment came into being).

Historically "home"/"on shore" Intel work used to be MI-5's job prior to the politicos passing bits over to the "special branch" and Met Police at New Scotland Yard and the buildings just around the corner).

Getting back to The Service, it does not usually move it's own data around that falls to the likes of the Diplomatic Wireless service (have a look at this blogs page about Aspidistra or google "Pownden and Hanslope Park"), it's associated millitry units and Forign and Commenwealth Office diplomatic couriers who are usually ex armed forces personnel with full diplomatic status.

Also check out the relationship between the DWS and BBC overseas stations technical staff they where trained by F&CO and DWS staff (as they used to carry piccolo diplomatic wirless traffic on the main line transmitters when not on BBC Overseas Service broadcasts).

Getting back to the happless flat foot, she was not MI6 she was not carrying MI6 intel she was working for SOCA (serious organised crime which is activly being replaced) which are just (brighter than??) average flat foots. She was carrying SOCAs data which might have included input from both MI5 and MI6 by way of the "cabinat office".

There is as noted a real issue with both MI-5 and MI-6 in that they have their own "home" and "away" pitches and are not allowed to walk on each others grass. When you have Organised or Serious Crime these days it is usually trans border and almost "virtual" in heirachy. This gives problems for the intel services which is one of the reasons "special branch" and it's successors like SOCA have been responsible for running such shows with the MI's in the back seat.

The real problem which is just starting to hit public awarness is the major and incompatable difference between the Police and Intel Services.

The Police are rightfully and properly an organ of the legislature along with courts etc, they are sworn to uphold the law withoout fear or favour. Importantly they have to have the trust of the country which unfortunatly G20 just played an own goal via the Met TSG.

Intel services are organs of the exeutive have few restrictions except those in their articals of administration their primary purpose was to gather information for the executive via whatever means are apropriate they where not law keepers in any way shape or form infact the opposit frequently.

This split personality style running of Intel is apparently the secure way to go...

mooMay 7, 2009 8:37 PM

I wonder if the cartels paid somebody (or coerced somebody) to cause that lossage. If the usb key made it into their hands it would be quite a coup for them.

imarsoramaMay 8, 2009 12:44 AM

We should not ignore the possibility of this incident being intentional. There could have been a number of reasons to want this operation closed down, even in a such abrupt way. Not knowing the trade-offs (bad publicity vs. costs vs. whatever) we are only to judge the public side of the story.

Yes, I know that you should "never attribute to malice that which can be attributed to stupidity", but the echo of hope never left my heart :)

Mike LambrellisMay 8, 2009 1:19 AM

Clive,

Thanks for your amazing post. You are usually a treat to read but this was great. Unfortunately, you've taken a little of the gloss off one my favourite TV shows - Spooks.

nickMay 8, 2009 8:26 AM

I am sincerely surprised Bruce uses PGP instead of TrueCrypt. You would think a crypto guy would appreciate that TC is open source.

Unless you need the centralized management capabilities of PGP, TC is superior in every way.

havvokMay 8, 2009 9:23 AM

@nick
"Unless you need the centralized management capabilities of PGP, TC is superior in every way."

For varying definitions of superior... TrueCrypt is not recognized by many regulatory bodies, and lacks the market exposure of PGP. There is no doubt in my mind that in addition to being talented in crypto, Bruce is a shrewed business person.

Sometimes the best tool for the job is not the most universally accepted tool for the job.

nickMay 8, 2009 10:48 AM

Havvok, which regulatory bodies are you referring to? I am aware of no regulations which require disk encryption only from some specific list of vendors. Regulations may specify disk encryption use one of a number of crypto algorithms, but TC supports every widely-accepted crypto algorithm.

Clive RobinsonMay 8, 2009 4:12 PM

@ James Bund,

When I was wearing the green and blue on top, I came across the trail of an unhappy individual,

It appears he was born shortly after a delightful young lady in a rather fetching white bikini went for a stroll out of the sea at the invitation of Cubby Brockley (hope I spelt his name right).

Well the unhappy man's family name was Bond and they named him James, and he had a certainy degree of ribbing which is why he called himself jimmy.

Unfortunatly he ended up working with the Royal Signals who's symbol is Mercury (messenger of the gods) effectionatly known as "jimmy" by "blue on top" personnel.

Now when you wear the green you get a service number for pay and other adminastrative functions such as seniority, to go with your name. And when on such things as muster and pay parades etc your surname is called out and you are supposed to shout back your last three (digits).

Well the reason the man was unhappy was that one of the persons at the part of the MOD responsible for issuing service numbers obviously either had a sense of humour or was deeply malicious or both (and I'm guessing based on experiance there was no humour in the individual)

So there was jimmy standing in his place on the parade ground on his first pay muster with a squadron or regiment when you got,

PaySargent : Bond
Jimmy : 007
Unknown voice : My name is bond basildon bond
All squadies : giggeling / laughter
PaySargent : BOND!!! SEE ME after parade...

Suffice it to say he only realy cheered up when he joined a small scruffy outfit of oddball nut jobs known less than effectionatly as the "aw god squad". They where allowed to be "sacks of shi'tight tied loosly in the middle" because they where very very very good at what they did and could get results in seamingly impossible situations as a regular activity they would be there set up and be gone to their next little job before the special forces arrived, and it was upon such well greased ground work the likes of the Satarday and Sunday club could go got their medals...

Earl KillianMay 9, 2009 8:53 PM

In your solution article you mention being forced to enter your passphrase. As a technical advisor, shouldn't you urge them to have two passphrases to enter: One would boot a minimal system, and the other your real system. Disks are big enough that the minimal system wouldn't be a burden.

SYSINT01May 10, 2009 2:51 PM

Is this why MI6 is looking for a new scientific head? And I would have thought that covert ops would require the most basic of communications to be completely encrypted. How sad and disappointing.

-ac-May 11, 2009 11:39 AM

@Earl Killian "shouldn't you urge them to have two passphrases to enter: One would boot a minimal system, and the other your real system."
I like the way you're thinking.

Clive RobinsonMay 11, 2009 12:43 PM

@ SYSINT01

"And I would have thought that covert ops would require the most basic of communications to be completely encrypted."

Err no most files and coms would be psuedo clear. Where crypto is required for broadcast type comes it would tend to be one time pad.

The reason the equipment to encrypt/decrypt is a dead (literaly) give away as to what you are, and then a rubber hose does the rest to elicit the information.

However info in your possesion in clear text it covered by a pre-aranged story has a degree of deniability etc.

The joy of these things is that sometimes the obvious is the opposit of the way it should be. The hard part is knowing "the what the when and the why" and from that "the how" of it. And diverse experiance in the field counts more than technology 99 time out of a hundred...

EverymanMay 15, 2009 9:07 AM

This is not a technology problem, it's a people and process problem.

Clive RobinsonMay 15, 2009 11:02 AM

@ Everyman,

It usually has been since man could put his thoughts onto "paper".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..