07 November 2011

Defence loss

In the lead up to tomorrow's CyberSecurity conference, where I'm speaking on data breaches, it was timely to encounter reporting in The Age and Sydney Morning Herald regarding theft of "secret electronic documents" (a missing thumb drive in the backpack of a senior military aide travelling from the UK to Pakistan) and brouhaha about the loss of "secret" material within the Defence Department (likely to have been destroyed rather than snaffled by a James Bond).

The newspapers have used the Freedom of Information Act - rather than Wikileaks - in revealing that
a military aide to Australia's most senior commander in the Middle East had secret electronic documents stolen while travelling through Kuwait last year, in a major security breach.

An investigation found it was likely the documents - held on a thumb drive storage device and designated "Australian Eyes Only" - were either stolen by, or ended up in the possession of, a foreign intelligence service.

The loss of the material - which included secret Defence documents of the commander of Australian operations in the Middle East, Major-General John Cantwell - was described as a "major security incident" by a Defence investigation.

It is one of a series of embarrassing thefts and losses revealed in Defence Security Agency investigation reports between 2008 and last year. ... "The loss of the USB was a deliberate theft and not accidental", a report states.

In contravention of security policy, the aide had placed the thumb drive in a zippered pocket of his unlockable backpack, which he checked in when boarding a flight from Dubai on February 28 last year, ahead of meetings with Pakistani officials. The flight stopped over in Kuwait and it is there the device is thought to have gone missing, the report said.

When the aide, Major-General Cantwell and another officer arrived at Islamabad later that day, they were told the bags of a large number of people on their plane had been lost. It took several days for them to be located. When they were returned, they appeared untouched.

But the aide soon discovered the small thumb drive and a pair of sunglasses - both stored in the same small zippered pocket of his backpack - were missing. ...

It is not known exactly what was on the drive, with the report revealing only that it was the Lotus Notes files of Major-General Cantwell and the aide, downloaded from the Defence Secret Network.
Bad luck about the sunglasses!

We don't know what was on the USB drive. We don't know whether the drive was encrypted. We don't know whether the drive was snaffled by a spy or ultimately acquired by a foreign intelligence service.

We might however be unimpressed by senior defence personnel casually leaving USB drives in backpacks. Perhaps the aide hasn't heard of the breast pocket or even of carry-on luggage.