Veterans Affairs Laptop Recovered!

[nihil]

Hmmmm,

An anonymous source handed it in to the FEDs?................... I actually don't like the sound of that because it means that they KNEW what it was and what it contained.

Say you just "found" a laptop or a wallet or a camera or whatever?..............I would hand it in to the local police and get a receipt. If I knew what it was I would still hand it in to the local police, but make sure that I saw a senior officer.

If I had actually stolen it, it would now be at the bottom of the Atlantic or Pacific Ocean. Unless you really know what you are doing, you can get killed for far less than the $50,000, let alone the $26.5billion?

To "conveniently" go straight to the FEDs is too convenient in my book.

As --Th13 and I have pointed out, those data could have been copied a million times, and there would be no trace, so for the FEDs to make out that it hasn't been copied is a damn lie...........nothing less. I mentioned forensics protocol as they are obviously aware of it. So they know that what they came out with was pure B/S?................... they have no way of knowing.

When supposedly independent law enforcement agencies start lying to protect the administration it is time to watch out? But, if you let active service law enforcement people be political appointments, that is exactly what you should expect.

Insurance companies generally pay a 10% recovery fee.................. 10% of $26.5 billion is how much? .................. not quite $50,000?

I think that the case should proceed as the damage has been done..................the data has been out of safe keeping for far too long.

[chrimsonnight]

I agree with nihil we need to go ahead with the lawsuit and the A@##@$% who took the laptop home needs to not only be fired but pursicuted as well for taking sensitive data home.

[RoadClosed]

These ideas pretty much END the entire Idea, notion, technology, policy and philosophy of TeleCommuting, remote access, VPNs, wireless etc. Across the globe. **** better pack up and head to work at 10:31 PM MST or GMT -7. See ya.

[nihil]

Hey, RoadClosed please do not be so despondent my friend

It is not the concept or the mechanism that is at fault, it is the people. A bit like it is not the computer or the operating system, it is the users?

Hey, I have worked on highly classified stuff at home............ no problem, because I was working on the mechanisms not the actual material that they would handle.

If you have the data dictionary and the entity relationship diagrams you can easily write a script to generate valid test data that is totally meaningless and therefore secure. All you really need to do is a logical reversal of your input/data validation rules, and you will get "good" records.

As I said, this guy was lazy..............................

[thehorse13]

The VA incident has radically changed how we handle remote computing organization wide. The odd thing here is that the theft of that laptop was the best thing that could have happened. Why? Because C level management now sees what could happen if they don't listen to their security experts. Since the incident, all of our policy and procedure changes have magically gone through legal at record pace. People who dragged their asses implementing our security measures suddenly have done so with such enthusiasm that you'd think they were receiving double pay to do so.

The only thing that I don't like about this is that it placed many people in panic reactive mode and in doing so, many bad descisions are made. Fortunately for us, we have a tight handle on things so our front line managers can't get themselves into too much trouble.

Anyway, another perspective.

--TH13

[RoadClosed]

I was being serious Nihil. Granted I wouldn't have done it but I often have sensitive material at home but not of this magnitude. The VA should adopt some DOD standards. I don't know what the dude was doing but he could use test data at home. Or at least a few dozen valid data accounts. I can think of some instances where if he was reconstructing the database he would need the whole account. And if found criminal in nature it WILL change the face and concept of Telecommuting, working at home etc. If I couldn't work at home sometimes I would go bonkers myself. Not defending the guy just the reaction this in pending, I know my government. And the opportunity for some people to become rich at my expense. The only way I would have done that is if I was extremely naive or under serious pressure to complete a project. Who knows. Shouldn't have bought that watchguard stock. (joke - they make firewall VPN technology for remote access)

With the laptop secured within a domicile I am not sure how anyone could win a court case of that. It just makes me crazy. My home is more secure than most businesses with very sensitive personal data. We are going to set legal precedence that say, hey if someone breaks into your business and steals your file cabinet, there is nothing you can do. Your base are belong to us - the lawyers.

[Relyt]

Recovery was just to simple. I smell a huge skunk in this one. Since the laptop has been recovered, the government is probably not under any obligation to pay that $1000.00 per.

cheers

[nihil]

RoadClosed , I can see where you are coming from......... my bitch was that the guy took the entire live database ............ what for? ........ why? Hell, I don't believe that the entire VA is run off a laptop with an external hard drive?

He would have to do stress testing on the live DB with at least similar kit to the real stuff? so why not do as I suggested and generate his test data............? I don't consider myself to be any better than an average database analyst and architect but I do know that much

Relyt

Recovery was just to simple. I smell a huge skunk in this one.

I have to agree with that one mate!.......... $26.5 billion would keep me drunk for several days

When those kind of numbers are involved, I would not expect anyone to play fair............ they could even "buy" someone to take the rap?.............. even Osama bin Laden is only worth $25 million? errrr............ like 1%?

[thehorse13]

I spoke to some "top men" over at the agency about this press release. I was told that there are several versions of the release, some more accurate than others and that the FBI really never said that the data wasn't accessed. Needless to say, the word "determined" was used in all of them and the previous comment could not be let go without rebuttal.

Being the smartass that I am, I simply took the dictionary.com definition of the word, "determined" and sent it over to my POC. Apparently they were floaded with similar e-mails, calls and so forth.

The bottom line here is that the FBI now has the credibility of the video professor. Perception is reality. They should have more carefully considered what to release.

If it were me, I would have said that while we can never be certain that the data was copied (chain of custody forever lost), we feel the probability is low and then state the reasons why. To me, if they did this then I would beleive that they have skilled technical people working for them and although it's a bitter pill to swallow, at least I know that they are being honest and technically correct. For the FBI, the leader in forensic studies, to say that they determined that the data was never accessed is laughable.

--TH13

[nihil]

--TH13

Precisely!

"We are unable to determine whether these data have been accessed or not, but preliminary investigations do not indicate that they have. Naturally, we shall be conducting a full forensic analysis over the next few days and will advise concerned parties of our findings"

Errrrrr............ just how does one spell "profezhonul" ??????????????