Confidential Document Leaks, Hacks and Human Error: Do you know where your critical information is?

It seems that not a day goes by without a news story breaking concerning the leak, theft, interception or misplacement of critical information.

10 June 2009

It seems that not a day goes by without a news story breaking concerning the leak, theft, interception or misplacement of critical information.

In just the last few weeks:

  • Police in Australia have been investigating how stolen personal details of thousands of credit and debit card holders came to be posted to a blogging site and auto-indexed into the Google search engine (Source: Australian IT)
  • Microsoft has warned of hackers starting to use DirectX-enabled files to give them remote access to users' PCs across the internet (Source: ZDNet)
  • The UK Ministry of Defense admitted that documents detailing affairs, drug use and personal debt of military personnel, contained on a hard disk has been stolen (Source: BBC)
  • It was revealed in Singapore that Royal Dutch Shell, the world's second largest oil company, had leaked its restructuring plans, an employee having posted a confidential HR memorandum on a chat site used by Shell employees (Source: The Straits Times)
  • The US government mistakenly published a 266-page report to the web, its pages marked "highly confidential," that gives detailed information and maps showing the precise locations of stockpiles of fuel for nuclear weapons (Source: BBC)

...and there was hilarity and shock in equal measure as full membership details, including home address, email address and cell phone numbers of the membership of Spank, a London gentlemen's club, were mischievously published by a gossip magazine.

Serious as these breaches are, the following story clearly demonstrates the additional personal consequences of getting it wrong.

Britain's anti-terror chief, Bob Quick, exposed details of coordinated raids planned to arrest suspected Al-Qaeda activists allegedly organizing an attack on the UK. The dossier, in the hand of the officer, was photographed by a journalist as he walked into 10 Downing Street. The suspects were hurriedly rounded up, prematurely arrested but subsequently released and deported to Pakistan. As a result, Assistant Commissioner Quick resigned; the end of an otherwise illustrious career.

Bob QuickQuick Document

Those deported it seems were released owing to a lack of evidence. Let's hope that Bob's negligence hasn't further, less personal and more terrifying consequences.

Clearly having such sensitive information on paper is a big mistake. To many of us it is concerning that sensitive information still exists on paper, or indeed on flash drives, disks or laptops, transmitted by e-mail, by fax or by courier or managed in ways that make it accessible to those that we'd prefer to deny access.

Critical information is too often easily stolen, intercepted or misplaced.

Technology exists to securely store this information, permission and audit its access, track its transmission and prevent it being printed. It is surely time to embrace the digital age and file, access and exchange critical information securely.

I suspect Assistant Commissioner Quick wishes he'd done so.