In order to participate in the GunBroker Member forums, you must be logged in with your GunBroker.com account. Click the sign-in button at the top right of the forums page to get connected.

VA Laptop Recovered

HAIRYHAIRY Member Posts: 23,606
edited July 2006 in General Discussion
Data on 26.5 million veterans and their spouses was not accessed.

Grant Gross, IDG News Service
Friday, June 30, 2006

Authorities have recovered a laptop and hard drive containing personal information on 26.5 million U.S. military veterans and their spouses, and determined that the data was not accessed, the U.S. Department of Veterans Affairs announced Thursday.

The U.S. Federal Bureau of Investigation told the VA Thursday morning that the personal data on the hardware was not accessed by thieves, VA Secretary R. James Nicholson told the House of Representatives Veterans Affairs Committee. The FBI conducted forensic testing on the two devices, he said. (COMMENT BY HAIRY: C'mon, since when does copying a disk leave a trace?)

The laptop and hard drive were stolen from a VA analyst's home in early May.

"This is a reason to be optimistic," Nicholson said earlier. "It's a very positive note in this entire tragic event."

The stolen hardware contained unencrypted data with names, Social Security numbers, dates of birth, and some limited health information on military veterans.

As Nicholson announced the recovery, Representative Bob Filner interrupted him. "Mr. Secretary, does this leave you off the hook?" he said.

The VA continues to have major data security problems, Filner (D-California) said during the hearing. While Nicholson has called the analyst who took the data home "grossly negligent," VA officials who failed to notify Nicholson of the breach for nearly two weeks haven't been held responsible, Filner said.

The committee has learned that the analyst had permission to take the hardware and data home, contradicting earlier statements from Nicholson, Filner added.

The recovery "doesn't change the fact that your intentions seem to be to blame all of this on one guy," Filner said. "He informed the cops in 52 minutes. Your guys didn't inform you for several days. Who was grossly negligent?"

Committee Chairman Steve Buyer (R-Indiana) reiterated concerns that the VA has been repeatedly warned of lax security practices going back to 1997. The VA's decentralized structure, with three divisions largely controlling their own IT systems, makes it "practically impossible" to secure the VA's systems, Buyer said.

Security experts have told the committee fast action and timely communication to victims are needed to recover from data breaches, Buyer said. "The word 'quick' does not seem to characterize anything about the VA's response to this threat over the years," he added.

Nicholson told the committee the data theft was a wake-up call for the agency. "This has brought to the light of day some real deficiencies in our department," he said.

Since the data theft, the agency has drafted a policy requiring encryption of sensitive data, and the agency is looking at contracts with data breach analysis firms that can track whether data has been compromised, Nicholson said. The agency is also looking into its policy on security clearances, and it began a reorganization of its IT structure late last year, he said.

"I have taken many proactive steps," he said.

Comments

  • PC800PC800 Member Posts: 1,650 ✭✭✭✭✭
    edited November -1
    It is impossible for the FBI to tell if the data had been copied. I am a computer engineer and I could do it in 5 minutes and noone could ever tell. The FBI is just trying to make people feel good. Oh, BTW, I am one of those veterans whose data was probably on it:(
  • The TinmanThe Tinman Member Posts: 928 ✭✭✭✭
    edited November -1
    The laptop was password protected, and also a log file is created or modified every time someone logs onto it. Looking at the log file will tell when the last time someone logged in under the username that had the list. I'm guessing that the FBI looked at the log file and saw that no one had logged on since it was stolen.
    Of course, the perps could have edited the log file, but it's been my experience that criminals are pretty unintelligent.
  • n/an/a Member Posts: 168,427
    edited November -1
    TINMAN: Criminals are smart, after all look how many of them have a FREE HOUSE to live in..
  • PC800PC800 Member Posts: 1,650 ✭✭✭✭✭
    edited November -1
    The password is easy to get around and you would not have to log onto it to copy it. You just download a certain free software from the internet, boot the laptop a certain way, copy the files onto a USB thumbdrive, turn the laptop off, and there is no trace. My specialties are information assurance and computer forensics and some other stuff.
    Check out:
    http://www.eccouncil.org/CEH.htm
  • HighballHighball Member Posts: 15,755
    edited November -1
    The Tinman posted;

    quote:, but it's been my experience that criminals are pretty unintelligent.
    Makes it look REALLY bad for you'all voting them back in election after election...hmmmm ????
  • Da-TankDa-Tank Member Posts: 4,074
    edited November -1
    Some how at the start of this whole scam I heard it was a disc. not a computer.
  • jhimcojhimco Member Posts: 2,075 ✭✭✭✭✭
    edited November -1
    I got sent one of those letters from the VA. They had the IRS send it to me. I will still be keeping an eye on my credit regardless of this news. How are they sure that the data was not copied or corrupted? Hopefully they fired the person that brought this data home to be "stolen".[:(!]
  • Red223Red223 Member Posts: 7,946
    edited November -1
    I can get onto any computer that is password protected for log on.

    You can use a floppy disc with DOS to boot up and access the entire drive. But it's easier to take out the hardrive and plug it into a desktop computer.

    Whalla E: Drive....look at all these files......

    No FBI agent could ever tell the data was compromised as the boot log would never be created...because the hardrive OS never ran/booted up.
Sign In or Register to comment.