digg

Facebook Connect Join Digg About

Stolen laptop with veterans' data recovered

today.reuters.com A stolen laptop computer containing sensitive information on more than 26 million U.S. military veterans has been recovered and a preliminary review indicated no data was taken...

Who dugg this? Made popular Jun 30, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

42 Comments

show profanity settings
expand all
  • inactive, on 10/12/2007, -0/+6Yeah, this non-sense about no data being copied off of the disk is complete *****. They really have no way of knowing.
  • Khlept0, on 10/12/2007, -1/+6It does, the people are too stupid to realize they're posting the same thing.
  • geminitojanus, on 10/12/2007, -0/+5Throw in Linux LiveCD, boot, dd disk, shutdown machine, put it somewhere to be found by authorities (pawn shop).

    Make off with the heist of the century.
  • goldcityguy, on 10/12/2007, -1/+6Reminds me of the old corporate joke about the canoe race between the Americans and the Japanese. (Two 5 man teams racing to the finish. The Japanese have 4 rowers and 1 manager while the Americans have 1 rower and 4 managers. After analyzing that the production of the 1 rower was below par they fired the rower.) When a good worker makes a mistake or has an accident he/she learns an expensive lesson and knows how to avoid the same mistake again. Kinda like that AOL operator that Ferrari talked to. Workers do what they're told and pay the price for policy. I gotta stop commenting this is entirely too long.
  • rauz, on 10/12/2007, -1/+5No data taken. How about copied? Oh right, they're the same ;)
  • MartinB3, on 10/12/2007, -1/+5I think of duplicates as an indicator of how important the story is to people. If someone gets multiple major digg posts, then it's just more interesting to readers than other articles, and even MORE people will be exposed to it. And I'm okay with that... why all these people flip out "OMG DUPE DUPE DUPE" is beyond me. News is almost always in duplicate.
  • alecks, on 10/12/2007, -0/+4They do know that in the digital world, when you take data, you are in fact, still leaving the old copy behind....

    i want to know how they think no data was taken
  • geminus, on 10/12/2007, -1/+4Sorry, I call ***** flag on this. It just seems too coincidental that they 'happened' to find the stolen laptop. It's a spin to mask the fact that someone screwed up to begin with.
  • officecamel, on 10/12/2007, -1/+4I agree...sorry to spam this site. It used to search for similar subjects based on your description and URL. It apparently is only doing URL checks now.

    I am going to undigg, and bury this post.
  • Mabu, on 10/12/2007, -0/+3I completely agree. Anyone with any amount of experience would copy the hard drive. Whoever turned it in obviously knew what it was, so their first order of business was probably to copy the data before turning it in.

    It's another testamonial to the now non-existent state of investigative journalism that the media lets them make this ridiculous claim that they can assure people the data on the laptop was never compromised.
  • Mabu, on 10/12/2007, -0/+3Also tell him that he should in no way, feel secure that the data on the laptop is not being sold on the black market at this very minute. The authorities are lying through their teeth (or their ignorance) to claim that the information on the laptop was not compromised. There's no way they would know for sure so it's a further insult to veterans that they're being lied to again.
  • theoallardyce, on 10/12/2007, -2/+4Remember Americans, you have no rights in this matter, if they want to loose your personal data, sell it, dump it on the side of the road or stick it ona scrolling dot matrix display in the middle of a stadium "John Smith buys Viagra" there's not a whole lot you can do. Get a data protection act.
  • officecamel, on 10/12/2007, -1/+3It will be interesting to see how the VA tightens up their information security after this whole incident.
  • R_Cubed, on 10/12/2007, -0/+2"And drives keep access times, to image the drive you're still accessing the drive."

    Use a write blocker...

    http://www.digitalintelligence.com/forensicwriteblockers.php
  • hiscity, on 10/12/2007, -0/+2A quick "user level" check of the "file modified date" may be all that was used to keep the administration from spending 10s of millions of dollars for credit monitoring for vets. Should a more stringent level of proof be used? Perhaps. I'd rather see a change in the credit system to tighten background checks on who can get credit. The simple fact is that biometric data should be used, such as fingerprinting, and not just some easily compromised privacy data.

    Forget the root of the problem, find the seed.

  • securitymonkey, on 10/12/2007, -0/+2http://blogs.ittoolbox.com/security/investigator/archives/va-laptop-giac-other-mail-10246

    1) They employed a solution like Pointsec Disk Encryption on the laptop. In other words, the entire drive was encrypted using an excellent encryption system and the keys/passphrases weren't compromised. Hopefully, the passphrases weren't taped to the bottom of the laptop.

    2) The hard drive wasn't in the laptop when it was stolen. Hey, who knows? It could have happened! LOL

    3) The data resided in a file that was encrypted using strong encryption with a 20 character (or more) passphrase, and the passphrase wasn't compromised.

    4) The laptop never disappeared. It was safe all along, and these stories are being made up to cover someone's arse.
  • Rykin, on 10/12/2007, -1/+3My girlfriend's mom actually works for Verizon, so I'm a bit informed on this topic. You know what really sucks? The man who lost the laptop got FIRED for doing so because he has violated company policy by having the laptop at home. HOWEVER, he had several written documents from his employers stating that he was allowed to have the laptop with him at home, so now he has to fight for his job.
  • boshaus, on 10/12/2007, -2/+4Yes, truecrypt rocks, but because you said steve gibson you get -1. He's worse than dvorak.
  • bfdhud, on 10/12/2007, -0/+1As was my info, I got my letter last week.

    I only wish there was more that could have been done outside of firing him.
  • Khlept0, on 10/12/2007, -1/+2I didn't realize they were only checking URL now. That's terrible in itself. Why did they do that?
  • ersnyder, on 10/12/2007, -1/+2It wasn't supposed to be on the lap top. But the VA employee thought he could get some extra work done if he brought his work home with him. So he took the external HD home and Murphy's Law slapped him straight in the face. Though they should have had measures in place to prevent staff from doing such stupid things. I hope his balls have been severed and he should be in prison right now.

    My info was on that computer as well.
  • gerkin, on 10/12/2007, -1/+2I think the guy that took that data out, and then proceeded to LOSE it should LOSE his job. There is no excuse for it, no call for that kind of data to be taken off network at all. Stuff like this is super scary, and hey, this is on only the stuff we _hear_ about .. can you imagine what happens that never makes it to the public.

    My (your) data is out there and fools like this are handing it over to the highest bidder. Don't you feel safe and secure?
  • tonyjack63, on 10/12/2007, -1/+2Why is confidential material carried around on an insecure laptop anyhow? What a bunch of boneheads.
  • rauz, on 10/12/2007, -0/+1I was making a piracy joke, but never mind.
  • cbdgr, on 10/12/2007, -0/+1File> properties > accessed date> is date before stolen> if true file data has not been compromised. Yeah somehow I think there a logic flaw there lol. Only way I think they could definitely know is if the knew the S.M.A.R.T spin up time or something before it was stole and that no one tuned it on before it was returned

    Ps. I bet the data was in a file under 1mb on the desktop or something
  • R_Cubed, on 10/12/2007, -0/+1"...preliminary review indicated no data was taken."

    That's not to say that the laptop's hard drive could have been imaged.
  • inactive, on 10/12/2007, -2/+3Yeah, like it's possible to determine if ANY data was copied or not.
  • election, on 10/12/2007, -0/+0http://digg.com/tech_news/Workers_Disciplined_and_Fired_For_Taking_Laptops_Home_in_New_Corp_Policies
  • JQP123, on 10/12/2007, -2/+2Translation: ***** rolls downhill so you don't want to be the person at the bottom.
  • dante21, on 10/12/2007, -2/+2They sent me a letter and I wasn't really worried...my credit SUCKS
  • scairborn, on 10/12/2007, -3/+3Thank God! My ***** was on that computer! Still not satisfied though...
  • popsumer, on 10/12/2007, -1/+1What does this have to do with Verizon?
  • tfratzke, on 10/12/2007, -2/+2http://digg.com/world_news/Government_Says_Stolen_VA_Laptop_Recovered
  • election, on 10/12/2007, -0/+0Follow UP http://digg.com/tech_news/Workers_Disciplined_and_Fired_For_Taking_Laptops_Home_in_New_Corp_Policies
  • slapout, on 10/12/2007, -2/+2Why can't people just ignore dupes?
  • stevenb, on 10/12/2007, -2/+1So what if the hard drive was imaged? If it's even remotely secure the hard drive is encrypted.

    So what'd they get? An encrypted hard drive image that they don't know the access methodology to. Have fun trying to get any relevant data off of that.

    My work laptop comes home with me all the time, it's encrypted and requires a pin code to be accessed. Wrong pin code several times and the FS becomes corrupt and you can't recover anything on it.

    And drives keep access times, to image the drive you're still accessing the drive.
  • eyec, on 10/12/2007, -1/+0credit can be repaired, but with a SSN and birthdate you can get a drivers license; with a driver's license, SSN & other easily obtainable documents you can get a passport! i am suprised that has not been mentioned.
  • OmniShinzui, on 10/12/2007, -2/+1Interesting, my father got a letter from the Veterans Affairs Department about this in the mail about two weeks ago. I'll be sure to tell him about this article.
  • titlesaysitall, on 10/12/2007, -4/+1Because there was a check inside.
  • inactive, on 10/12/2007, -6/+1Why doesn't digg search for similar articles before letting people post a duplicate? I mean it wouldn't be difficult to add in a search for 'similar content' step during article submission would it?
  • Khlept0, on 10/12/2007, -8/+2This is only like the 10th time it has been posted.
  • flippydebop, on 10/12/2007, -7/+1one sure way to ensure your data doesnt get viewed/copied/etc is to use TrueCrypt.

    http://media.grc.com/sn/SN-041.mp3

    If steve gibson says its the bomb you know its super-secure

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.