DoD can’t handle inside threats

May 20th, 2009 by Agent Smith (2) Data Theft & Loss, In The Spotlight, security breach

The Department of Defense seems to have quite some trouble handling threats in his own backyard. One of their officials with top-secret security clearance, as it happens, has allegedly been leaking classified department data and documents to an official working for the Chinese government.

According to a Department of Justice announcement quoted by Dark Reading,  James Wilbur Fondren Jr., deputy director for the U.S. Pacific Command (PACOM) Washington Liaison Office, has been charged with espionage conspiracy for providing classified information to an agent of a foreign government. Fondren is believed to have sold information to a Taiwanese-American man. The information was subsequently sold to a Chinese government official, but apparently Fondren was unaware of this secon sale.

How was the leak possible? Poor security: Fondren had both a classified DoD computer and an unclassified one on his desk. One would expect a little less trust in high level clearance staff. It’s espionage we’re talking about!

banner-magenta-epp.jpg

Fondren, 62, allegedly funneled the data to Tai Shen Kuo, who was one of his consulting clients, between November 2004 to Feb. 11, 2008, according to the affidavit. Kuo purchased reports from Fondren for anywhere between $350 to $800, eight of which included classified information. Among the classified data Fondren supplied Kuo was information about a joint U.S.-China naval exercise, U.S.-China military meetings, and a DoD draft report on China.

In his turn, Kuo got around 50,000 US dollars for certain documents he obtained from Fondren and other DoD officials. I wonder who the other officials are. Will they be charged soon?

Possible Insider Leak: 10,000 Patient Records

May 18th, 2009 by Agent Smith (0) Data Theft & Loss, Identity Theft, security breach

Over 30 reports of data theft filed since January 2009 have lead investigators to a potential leak at Johns Hopkins Hospital. One of their employees is believed to have used her credentials to access and then leak data on more than 10,000 patients while working at the hospital. Law enforcement agencies also suspect that the thefts might be related to a fraudulent driver’s license scheme discovered in Virginia.

According to Dark Reading, Johns Hopkins representatives stressed the fact that the data leak was not a hacking incident, but that the suspected employee had access to the breached records as part of her job. They also stated the records contain no medical data, but do contain other sensitive details, such as Social Security numbers and addresses. As the Dark Reading article further explained, the hospital took comprehensive measures to balance the loss of data:

Johns Hopkins is offering credit monitoring and fraud resolution services, as well as $30,000 in identity theft reimbursements, to the 31 victims, as well as to any of the 526 Virginia residents in the database who report fraud. It also is notifying the other 10,000 patients whose records were in the database.

Two arrested in BNP data breach case

December 9th, 2008 by Agent Smith (2) DLP, security breach

The British National Party (BNP) members’ list was posted online in mid November, causing quite a hassle for those exposed, especially since some of them were required by their job descriptions to have no political affiliation.

Apparently, a Nottinghamsire pair is responsible for the leak and they are currently in the custody of the Welsh. A Register article quoting the Guardian stated the police said the pair were held in connection with alleged offenses under the UK Data Protection Act.

“We can confirm that last night Nottinghamshire police arrested two people as part of a joint investigation with Dyfed Powys police and the information commissioner’s office in conjunction with alleged criminal offences under the Data Protection Act,” a Dyfed Powys police spokesman told The Guardian.

The investigation was lead by the Welsh police in collaboration with the information commissioner’s office. What I would like to know now is if those who were about to lose their jobs because of this data breach will actually be fired. Or will it all be let to rest?

British party membership list gets posted online

November 21st, 2008 by Agent Smith (1) In The Spotlight, security breach

If you are British and have been plotting to stalk a member of the British National Party (BNP) you might just have missed the opportunity. A list with all the party’s members, including names, addresses, and email addresses has recently shown up online. Some of those who just got exposed online are also underage (an extra “benefit” of the family plan BNP offers) and others had mentions of other personal details made public, such as job or hobbies.

As the Register puts it, “That’s how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.” Members reacted pretty strongly, filing their comments with courses and outrage. As certain professions in the UK are expected to have no political color, they might even lose their job and according to several blog sources, some pretty powerful people in the BNP are to blame for the leak.

BNP spokespersons found out of the leak from the Register, but although completely unaware, they promised to treat whoever is responsible quite harshly!

© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML