Intelligence: Thanks For The Memory

Archives

May 16, 2009: Spies love computers. Many secrets are stored on computers, and these secrets prove far harder to guard than their owners imagine. Even if owners prevent hackers from grabbing secrets, there are other opportunities, once the computer is replaced by a more powerful model. While everyone in the secrets business knows that you have to erase hard drives that are taken out of service, it isn't always done. This is more often the case with defense contractors, than with military or government operations, who often physically destroy the retired hard drive. Contractors, however, usually have a policy of erasing (in theory), surplus hard drives, then selling them off.

Recently, security researchers bought 300 used hard drives as auctions (of used officer equipment), on eBay and at computer flea markets. One of those hard drives contained all manner of classified information on the American THAAD (Theatre High-Altitude Area Defence) missile system. This included information on employees and even blueprints for contractor facilities.

An even bigger problem are USB memory sticks, which are often lost, and found by anyone who happens by. Counter-intelligence officials, whose job it is to prevent secrets from being stolen, are not happy with memory sticks, which have basically replaced 3.5 inch floppy disk and rewritable CDs as the favored way of carrying around computer information.

These devices are small, and easily misplaced, or stolen. In Afghanistan, and to a lesser extent Iraq, cleaning and maintenance staff, have a an annoying tendency to steal whatever they can get away with. For security reasons, many of the cleaning personnel in Iraq are imported non-Iraqis. These people are less likely to steal, not just because they have a harder time fencing the stuff, but because they can lose a good job, and be shipped home, if they get caught. In Afghanistan, hiring locals is less of a security risk, and there it has been discovered that memory sticks are very popular items to steal. Some of these devices are as small as a finger, and easy to conceal. Out on the street, some of them can bring five or ten bucks to the thief. That's real money in Afghanistan, where a good monthly salary is a hundred dollars.

The memory sticks generally hold 1-8 gigabytes (billion bytes) of data. These items plug into most PCs and laptops, and instantly become another hard drive (as far as the computer is concerned.) Troops like them because they can quickly put all the data they need for a mission on a memory stick. The memory sticks are cheap, often under twenty dollars each. The troops leave a lot of them lying about, and many of these get swept up by the friendly Afghan cleaning guys. When the purloined memory sticks show up in the market place, their contents, sometimes including classified data, are usually erased, to make way for the new users stuff. But, for a counter-intelligence officer, the vulnerability is obvious. The nightmare scenario is a journalist getting possession of one of these stolen memory sticks. The resulting story would feature as many damaging secrets as possible.

 But it gets worse. As it turns out, these "Memory Sticks" fit nicely on the dog tag chain. Troops keep their email from home, digital pictures and all manner of stuff on these small devices. Some officers have tied to forbid the practice, as you are not supposed to take such documents with you into a combat zone (lest you be captured and the data prove useful to the enemy.) But the troops still carry the memory sticks around with them.

For official use, the military is beginning to issue encrypted (and more expensive) memory sticks. But there's still the growing risk of classified data getting on to an unencrypted device. Every new technology brings with it new risks, and this is a perfect example. But there are also opportunities, as the terrorists also like to schlep data around on memory sticks. It takes time to find the useful secrets, though, as you first have to plow through all the porn and MP3 files.

The army finally ordered that no memory sticks be used in military networks. No so much to prevent secrets from getting out, but to stop hacker software from getting in. Hackers have developed programs that secretly copy themselves to memory sticks, and then into any computer they are plugged into. That was the final straw, but it still does not prevent someone from not erasing, or destroying, a hard drive that was taken out of service.

 

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close