It will probably not go down as the crime of 2014. But after reading this, you may rank it among the “2014 nice tries”.
Yesterday evening, a friend and I were sitting in front of the telly, each having a Medium MacD meal. Telly was on and a Dutch news broadcast started. As they clone their broadcasts from CNN or the BBC, it started with appetizers before the actual broadcast.
My friend and I looked at each other with our mouths full of Quarter Pounder or MacChick. What was that first appetizer? Had we heard it right? No – surely it was a mistake? Nah, it must have been a joke! Friend turned up the volume and we waited for the first news item.
No mistake: an IT system engineer working for Dutch police had copied their most secret, triple-whatever-secured-data and “temporarily” parked it on his or her family member’s server. There the data had sat for an unspecified period of time, with free access for anyone using search engines like Google, Yahoo, whatever.
It’s difficult to gawp with your mouth full of Quarter Pounder or MacChick. My friend nearly choked on the Quarter. I swallowed a piece of Chick so fast, I needed to slosh a helping of Sprite after it. Clean forgot about the ice cubes.
We both worked in ICT for decades. We found this porker hard to believe. But the broadcast continued with a reporter feeding more details.
The data on the family member’s server had included private information like secret telephone numbers, addresses, names, mobile phone numbers of policemen, top lawyers, justice department and ministry officials and staff, informers, under-cover men and women, suspected jihadists, terrorists, top-secret information about organised crime and criminal organisations, complete files with all details of murder and other cases, names and information of secret departments which officially do not even exist, and so on.
Two CEOs from IT companies were interviewed to comment on this topic – as nobody remotely related to police were available (or willing) to comment. The two blathered about data, data bases, software and systems nowadays being so protected by security measures and protocols, that employees simply can’t do their work anymore. So you ask a friendly system engineer to park the data you need on a server. Common practise.
Common practise?! Amay! These two bright-lights were beyond belief! My friend and I started to snigger, then laugh out loud.
We both used to develop software and worked with system engineers, before quitting the IT field. During testing, upgrading, updating, implementing, or maintenance, perhaps occasionally a copy of sensitive data might be placed on a back-up server, but that server would and should be part of the IT department’s secure network. How did the family server hook up to the secure network?
Moreover: you don’t just park any company or client data on your granny’s, young Bill’s, or cousin Steve’s server! That is illegal. Surely this had been hammered into the employee or external consultant?
The journalist stressed words like “accidental”, “mistake”. Someone had been working hard on damage control. The journalist had lapped everything up. He reassured the camera the data had been removed from the family server. The system engineer had been sent home to await procedures. Mr journalist had no idea how long the secret and sensitive data had been parked on that server. (Hours, days, months, years?)
The anchor woman asked if any measures were being taken to ensure those who needed protection would be safe. Nah, it was wait and see if anything happened. But of course, he continued reassuringly, with the web you never know if all traces are erased.
While my friend gulped down a medium coke and hurried for the door – forgetting all about French fries, I thought “Mistake my eye!”
Hope it’s not someone I know and worked with. All traces erased! Ever tried to get Google to obliterate anything? But this certainly beats Wiki Leaks and Snowden.
The door slammed shut. My friend was in a hurry to reach home and a computer with a secure internet connection, to see what traces of this “accident” had been left on the www for all and sundry to read.