Stealing laptops is a simple way data thieves can tap into porous corporate networks. The granddaddy of all data breaches attributed to a lost laptop involved the Department of Veterans Affairs. The agency lost records for 26.5 million active duty troops and veterans stored on a laptop and external drive, which disappeared during a burglary of the home of a VA data analyst in 2006.INSERT: THIS WAS A FALSE FLAG. I was going to post this last week. This is an email I sent to someone, read it and the response:
"26.5 million Vets SSN's/data "lost" was a false flag to facilitate RBAC/IPv6 auth/for Telework
The motive was obvious to me from reading this. 100% false flag data breach in 2006 (look at the language used also, the problem-reaction-solution theme is more than obvious--who ever got blamed for this anyways and what's your take on this?):
This was to create the fear they needed to make sure all the role based global information grid authentication police state bs would be effectively in place for the New World Orders slave/puppet private sector years in advance before their 2.0 version of Dark Winter.
Do a search for HSPD-7 and HSPD-12 I think there are others that are
also applicable to teleworking/network communications mandates etc as
well, but not sure.
Response to above email:
"I knew it was a set up when I first heard the story. This guy was the Secretary of Veterans Affairs when it happened. He had to resign of course - even though he had nothing to do with it.
I suspected there might have been blackmail involved... "do this or else" but what they wanted done wasn't possible to do by fiat. That's just a guess though.
It was a dirty deal."
Can any one say, blackmail...Hit list...800,000 doctors just became the new microbiologists, and will join the ranks of the 300+ murdered if they don't STFU about the truth, and push the mass extermination vaccines.
Pretty interesting how that much data can fit on one laptop, unless it's all just text. Why would it all be there consolidated nicely in one spot? I wonder if they used PROMIS/Ptech based enterprise architecture toa ccess all these records and consolidate them all onto this machine.
Full post af above link:Taking It Home -- to Thieves
Lost Laptops Are a Wake-Up Call for Telecommuters
By Amy Joyce
Washington Post Staff Writer
Sunday, June 11, 2006
As the public discovered that Social Security numbers and other personal information from 26.5 million retired and active U.S. military personnel were on a laptop stolen from the home of a Department of Veterans Affairs analyst last month, workers who were hoping to pitch their boss on a telecommuting option probably felt their hopes crash.
That breach was followed by the news that personal information was lost on a stolen laptop of a Giant employee. And more with the loss of a laptop by an Internal Revenue Service worker. And from an Ernst & Young worker. And on and on.
Well, in the much simplified words of teleworking experts and IT gurus this week, and without knowing all of the details: If workers are going to work with company data from computers at home, there need to be strict regulations in place. The agreement to take a laptop home can't be casual. And the only way people should be able to gain access to sensitive information is not through a disk or external hard drive (how 1984) but through a Virtual Private Network (VPN) line. Along with many firewalls and complicated log-ins.[Insert: Translation: "We need "more secure" ones enabled only by RBAC/IPv6.This news, however, should not stop companies from allowing teleworking
, said Robert Smith, director of the International Telework Association & Council. In fact, he hopes all this news will make organizations better arbiters of how to do so more carefully.
"I think what this might most likely do is really help companies and organizations focus on whether telework should be formal or informal," he said. "When it's informal, not all the policies are set down. It's usually a verbal agreement. That could work well, but making it formal ensures that all aspects of telework are practices that need to be followed."
Obviously, these happenings are not the best news for proponents of teleworking, said Chuck Wilsker, president and chief executive of the Telework Coalition.
But on the upside, he thinks this is going to be the "big wake-up that they really can't do things they aren't supposed to do, and violate security issues." The technologies exist, he pointed out, that allow workers to access a server from anywhere in the world. And then when they disconnect, everything they did stays on the server. "There is no reason to physically take things away to work on remotely,"
he said.Recent developments, including crippling hurricanes, terrorism and high fuel prices, have led many companies to offer a telework option, or at least to figure out a way to continue business should something disastrous occur. Now add the flu pandemic to that list, as organizations consider whether teleworking should be a part of their business plans if we get to that point.
Even the president's plan for business continuity in case of bird flu calls on companies to allow (or set up) teleworking options. Companies, and the federal government, need to allow teleworking also as a recruiting tool, said Steve O'Keeffe, executive director of the Telework Exchange, a public-private partnership that encourages such arrangements in the federal government. "Clearly the government is in a situation from a recruitment end that they need more teleworking," he said, suggesting that new workers may choose private companies over the government because they offer more flexible work situations.
But even though the government has been steadily increasing its number of teleworkers, the recent news should make both private and public organizations think hard about policies for working remotely by computer.
"Here, maybe for the first time, we have a screaming example of what can go wrong," said William Nolan, an employment lawyer. "With this particular situation, which is probably the worst-case scenario, it's really a question of [human resources] and tech people working together to make sure your data, your customer's data and employee data is secure."
Companies that allow teleworking should have a short telecommuter agreement, he said. It should give the employer the right to check a person's work space, for instance, to make sure the home office is as secure as a corporate office.
Since VIPDesk, a company that provides call center services for customers, was founded in 1998, most of its employees have worked from their homes. Having people work from anywhere was important to the company, so it could recruit from anywhere, not just within a 50-mile radius of Old Town Alexandria, said Dan Fontaine, vice president of technology. The company employs people as far away as Hawaii.
The company is "definitely concerned" when it hears stories about security breaches, he said. VIPDesk has clients in the financial industry where security, obviously, is key. Every one of its 100 remote employees has to sign in to the VPN to access the system, which is encrypted. The employees then have at least two log-ins that are "very difficult to crack," he said. Once inside, those who have access to certain customers can only see data for those customers. Everyone is required to have an antivirus, which must be running at all times.
Last month's news -- and the subsequent stories of other breaches -- had a rapid backlash, said Ken Siegel, an organizational psychologist. "Most businesses will probably engage in implementation of some restrictive policy," he said.
He likens the current security breach to what prompted the Sarbanes-Oxley Act, which puts pressure on top executives to attest that they have rules in place to ensure financial statements are correct. But Sarbanes-Oxley was enacted only because the government and companies didn't do enough about ethics until it was too late, he said. "Now you have this very repressive, extensive network of laws to make up for a lack of integrity," he said.
Companies need to think preventively and to instill in workers an increased sense of personal responsibility for the care and protection of data, he said. "If I were to be working from home and believe that how I act affects confidential, private information . . . I would behave differently," he said. "From my point of view, it's much more interesting to change people's mentality about this as opposed to what kind of systems we can put in place" to enforce security rules.
(Well, he is a psychologist, after all.)