Granted, it’s not every IT administrator who has to deal with a C-level executive in a remote office losing confidential company data because an elite armed military force broke into the place he was staying and took it. That said, there’s a number of lessons that IT administrators can take away from this week’s news.
It’s one of an IT administrator’s worse nightmares, to lose 10 hard drives, five computers and more than 100 thumb drives. But even if it’s left in the back of a cab, rather than being taken by Navy SEALs, it’s still a problem. So let’s look at some of the issues.
1. Backups. Did bin Laden do a backup? We already know his system wasn’t replicated, because the news articles have all said he didn’t have Internet access to his compound. If he did do a backup, then what? Was it located in the same hideout, and also taken? Or did someone use Sneakernet — or, in this case, Sandalnet — and manually carry backups to another location? If not, al-Qaida may have permanently lost access to this data. Takeaway: Do backups, and make sure copies are stored off-site.
2. Encryption. Was the data on the hard disks and thumb drives encrypted? If so, how hard is it going to be for computer experts in the government to find a key? Sent through plain text in an email message, perhaps? On one of the thumb drives? Or, Allah forbid, on a yellow sticky on the computer like some offices I’ve seen?
Failing that, how hard is it going to be for government computer experts to crack the encryption? Does bin Laden use 128-bit or 256-bit? What method? Security experts had varying opinions as to whether bin Laden practiced safe computing, or used one of his wives’ names as the key like ordinary people do.
If the data is encrypted, the U.S. government isn’t saying at this point. Officials are saying the drives contained “very valuable information,” which means either it wasn’t encrypted or it used the encryption equivalent of pig Latin. Or, for that matter, the officials could be shining us on as well. What’re they going to say? “All we found is three seasons’ worth of pirated Friends episodes and some goat porn”?
Ironically, according to MSNBC, this sort of data capture has happened before.
“The most notable previous bonanza that has publicly been revealed was uncovered in July 2004, when al-Qaida computer expert Mohammed Naeem Noor Khan was captured in Pakistan. His laptop computer provided a trove of information and more than 1,000 compact disk drives that were found in his apartment.”
You’d think they’d have learned.
Or maybe they did. One hopes that the government computer experts are taking precautions as well. Keep in mind that a number of incidents of malware — including Stuxnet – have been spread using thumb drives, under the theory that even intelligent people will pick up a thumb drive and pop it onto their computer to see what it does. Says writer Wayne Rash:
“This is exactly what happened a couple of years ago in Iran when the Israeli Defense Forces quietly planted some USB memory sticks in places frequented by Iranian nuclear engineers. Like everyone else, they popped the devices into their computers and the rest is history.”
If U.S. government computers start going nuts in a few days, we’ll know why.