Thursday, March 10, 2016

USB keys are evil and must be destroyed - especially if you are worried about any sort of insider threat - what i am reading 3/10/2016

First Snowden, now some unnamed jihadi.  When will people learn that if you want to protect sensitive information allowing USB keys to be used is a losing proposition?

The documents held by the German authorities seem to have been collected at the end of 2013. Even the lowest estimate of the numbers that crossed the border in that period indicates the sheer scale of volunteers to Isis. The documents will be useful to intelligence agencies in confirming names and details of people suspected of joining Isis. However, it was reported that there are names not previously known to the intelligence services.
more 

The files were passed to Sky News on a memory stick stolen from the head of Islamic State's internal security police, an organisation described by insiders as the group's SS.
He had been entrusted to protect the organisation's core secrets and he rarely parted with the drive.

Classic case of an insider threat, and yes if he hadn't had the USB key he still could have gotten the information out somehow, but it would have been much more difficult.  USB keys make classified information extremely portable and therefore on any sensitive system should be disabled / alarmed  / monitored.

Note:  Yes, I really equated this guy with Snowden, they both walked off with their info in the same stupid way.  However, for the record I am glad ISIS learned nothing from the NSA debacle and this guy was able to leave with the info.  I will be even more glad when jihadis start disappearing from this realm of existence.

No comments: