Loss of RAF Data
JPA is without doubt the greatest act of sabotage inflicted on the British Forces. For negative retention alone it is priceless. Why would a terrorist or foreign power want to hack in?
No member of Al Qaeda could ever hope to emulate the damage done to the Military by Nu Labour, aided and abetted by the civil serpents.
No member of Al Qaeda could ever hope to emulate the damage done to the Military by Nu Labour, aided and abetted by the civil serpents.
Join Date: Oct 2005
Location: Far from the madding crowd
Posts: 250
Likes: 0
Received 0 Likes
on
0 Posts
Well, yesterday came home from work to be greeted by the 'oops we seem to have made an error' letter, however it was not for me it was for the previous occupant of the MQ only 6 yrs out of date!!! 
Join Date: Aug 2006
Location: firmly on dry land
Age: 80
Posts: 1,541
Likes: 0
Received 0 Likes
on
0 Posts
The numbers involved are so huge, and we have a date as early as 1969, that it is almost a racing certainty that everyone is on it.
Join Date: May 2005
Location: newcastle
Posts: 3
Likes: 0
Received 0 Likes
on
0 Posts
Team MOD
Just to add to the list, though I`m sure its long and distinguished.....like erm...well...TGQ
Found out, I too, am part of the many whose details are spread wide over the world; though I wasnt privy to a letter. My folks up North had the honour to receive it, the letter had been posted to a house I hadn`t lived in for over 10 years...
Go team MOD....
As Hudson said in "Aliens"
"howd do i get out of this chicken S!"t outfit"..
Found out, I too, am part of the many whose details are spread wide over the world; though I wasnt privy to a letter. My folks up North had the honour to receive it, the letter had been posted to a house I hadn`t lived in for over 10 years...
Go team MOD....
As Hudson said in "Aliens"
"howd do i get out of this chicken S!"t outfit"..
Join Date: Jun 2006
Location: Never far from water
Posts: 76
Likes: 0
Received 0 Likes
on
0 Posts
So if the design and location of our outside-the-wire SFA weren't enough of a giveaway, the database with our previous (!) addresses should confirm where we all live in large numbers. joy.
Join Date: May 2004
Location: Up North
Posts: 801
Likes: 0
Received 0 Likes
on
0 Posts
My data has been lost, photocopies (with nonessential information redacted and instructions to destroy) sent to get full details of what was held on me.
I've asked MoD to confirm that they accept responsibility and thus liability in the event of my being prejudiced by their negligence. What is particularly galling is that the letter spins the incident as a "theft" rather than as a catastrophic failure in security at many levels that allowed the theft!
Letter to Information Commissioner and MP will follow...as for ID cards, no way, and even the Census is starting to look dubious (US contractor in line for it....how safe will that data be?!?!)
The only way to stop the cavalier attitude to personal data is to have an automatic entitlement to compensation in the event of loss. Say £500 for each person whose record is lost. Multiply that by 600,000 (or even 25million!) and you have a very large incentive to look after data properly!
I've asked MoD to confirm that they accept responsibility and thus liability in the event of my being prejudiced by their negligence. What is particularly galling is that the letter spins the incident as a "theft" rather than as a catastrophic failure in security at many levels that allowed the theft!
Letter to Information Commissioner and MP will follow...as for ID cards, no way, and even the Census is starting to look dubious (US contractor in line for it....how safe will that data be?!?!)
The only way to stop the cavalier attitude to personal data is to have an automatic entitlement to compensation in the event of loss. Say £500 for each person whose record is lost. Multiply that by 600,000 (or even 25million!) and you have a very large incentive to look after data properly!
Join Date: Nov 2000
Location: South Wales
Age: 63
Posts: 729
Likes: 0
Received 0 Likes
on
0 Posts
As posted at # 7, my daughter has also had “some very personal” data lost on this laptop.
Since the incident she has received a letter explaining the situation with a mega apology from the MOD.
She also rang the help line and has since received two calls from them keeping her informed of developments.
She is more than happy with the way she has been treated throughout this incident.
However what struck me was her attitude (she is only 20). Her main thoughts were for the poor lad that has lost the laptop: no career, no sympathy, and no support. All because of the way the mass media, politicians and the mass population get on the band wagon to blow up an incident out of all proportion and only because it’s the in thing at the moment.
Her words: “Dad, I stand more chance of my personal details being nicked and used from Amazon, Ebay or Paypal than that laptop being stolen by people who are going to actually use the data”.
I must admit I am quite proud of her lack of “I’m going to take the entire world to court, and I demand an explanation, and I want blood” type attitude.
Can’t fault her and certainly proud of the fact that she is not one of the “where there is a blame, there is a claim" culture”
Since the incident she has received a letter explaining the situation with a mega apology from the MOD.
She also rang the help line and has since received two calls from them keeping her informed of developments.
She is more than happy with the way she has been treated throughout this incident.
However what struck me was her attitude (she is only 20). Her main thoughts were for the poor lad that has lost the laptop: no career, no sympathy, and no support. All because of the way the mass media, politicians and the mass population get on the band wagon to blow up an incident out of all proportion and only because it’s the in thing at the moment.
Her words: “Dad, I stand more chance of my personal details being nicked and used from Amazon, Ebay or Paypal than that laptop being stolen by people who are going to actually use the data”.
I must admit I am quite proud of her lack of “I’m going to take the entire world to court, and I demand an explanation, and I want blood” type attitude.
Can’t fault her and certainly proud of the fact that she is not one of the “where there is a blame, there is a claim" culture”
Last edited by SRENNAPS; 8th Feb 2008 at 20:42.
I don't own this space under my name. I should have leased it while I still could
Srennaps, well done your daughter. I think most on here are not so much concerned with 'hang the guilty b^st^rd but how and why was all that information on the laptop in the first place.
Who actually supervised the procedures?
Now the men in grey suits are quite happy to say 'we make the policy and we can't be expected to resign if someone doesn't follow the rules.'
It is inconceivable that a junior officer could collect and collate all that material on his own. Someone, somewhere set up a system or process where he was able to get that data. Was it authorised by someone who has yet to hold his hand up?
Even the regional 1* is unlikely to have needed that quantity of data.
Just what was actually going on?
Who actually supervised the procedures?
Now the men in grey suits are quite happy to say 'we make the policy and we can't be expected to resign if someone doesn't follow the rules.'
It is inconceivable that a junior officer could collect and collate all that material on his own. Someone, somewhere set up a system or process where he was able to get that data. Was it authorised by someone who has yet to hold his hand up?
Even the regional 1* is unlikely to have needed that quantity of data.
Just what was actually going on?
Join Date: Jan 2003
Location: England
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
Just what was actually going on
Join Date: Nov 2000
Location: South Wales
Age: 63
Posts: 729
Likes: 0
Received 0 Likes
on
0 Posts
PN,
No disrespect but I think it comes down to “Hind sight is a wonderful thing”.
Since the IT revolution in the RAF (when it finally sunk in to officers that computers were a good thing) there has been paranoia about holding data.
There has been an attitude of “the more we hold, the better it must be”.
The amount of un-usable or not required data on computers has grown and grown since that revolution in the early nineties.
Sadly the processes to keep, and control data has not really changed since those early days and more importantly processes have not even changed with the recent loss of data in other Government departments.
The system was there to evolve as time went on but let’s face it when it comes down to IT (In the RAF) it does not happen until it is too late. We are not good at it.
In the job I used to be in a few years ago, a couple of quotes I remember :
“We have no reason to move from MS DOS to Windows 3,1 and we have no requirement for colour monitors.
More recently:
We will stay with Windows NT as we have no need for Windows 2000 or XP.
I have no idea what the policy is on Vista but I have no doubt that the RAF will get it 3 years after the rest of the world.
The point I am trying to make is that while there is such a negative attitude towards change within IT there will always be complacency and ultimately mistakes will be made.
No disrespect but I think it comes down to “Hind sight is a wonderful thing”.
Since the IT revolution in the RAF (when it finally sunk in to officers that computers were a good thing) there has been paranoia about holding data.
There has been an attitude of “the more we hold, the better it must be”.
The amount of un-usable or not required data on computers has grown and grown since that revolution in the early nineties.
Sadly the processes to keep, and control data has not really changed since those early days and more importantly processes have not even changed with the recent loss of data in other Government departments.
The system was there to evolve as time went on but let’s face it when it comes down to IT (In the RAF) it does not happen until it is too late. We are not good at it.
In the job I used to be in a few years ago, a couple of quotes I remember :
“We have no reason to move from MS DOS to Windows 3,1 and we have no requirement for colour monitors.
More recently:
We will stay with Windows NT as we have no need for Windows 2000 or XP.
I have no idea what the policy is on Vista but I have no doubt that the RAF will get it 3 years after the rest of the world.
The point I am trying to make is that while there is such a negative attitude towards change within IT there will always be complacency and ultimately mistakes will be made.
Last edited by SRENNAPS; 8th Feb 2008 at 21:36.
Join Date: Nov 2000
Location: South Wales
Age: 63
Posts: 729
Likes: 0
Received 0 Likes
on
0 Posts
By sheer fluke, that's probably not such a bad thing......wait until the first upgrade (SP1, Spring 2008 - maybe - & associated glitches have been eradicated), then move across!
I remember an IT security type policeman back in 2002 stating that if it was not for him Bill Gates and Windows 2000 would have gone under. Strange he is still a copper and Bill Gates is still rich.
Realise that this software is tested in places that you can’t even imagine and the addition of SP1 will have no impact on your security requirements.
Based on your attitude you might as well wait for SP2 (because there will be a release in the future). That way you are guaranteed to get Vista 3 years after the rest of the world.... just like previous operating systems.
I don't own this space under my name. I should have leased it while I still could
There was a massive clear out of paper and instructions to clean out old files, computer files and the like. The delete folder was to be emptied at switch off etc.
The main driver was to avoid being caught by the Act. The more we held the less likely we would be to know we held it and thus could be open to charges if we unwittingly concealed something.
At the same time the D CinC STC, now CinC Air, declared the arrival of the paperless office. Of course that didn't work as we didn't have the scanner/filer/shredder systems in place.
On holding data, I took over a job that had been gapped. With the job came about 6 filing cabinets but no keys. I managed to get through 3 of them before I was posted. One of them contained ancient reports on many of the staff when they had been students. Like a priest I kept my council. Twenty years on I can reveal that one highly respected instructor had a very marginal pass when he was first trained. Still it proved the initial assessment and subsequent training system all worked.
Last edited by Pontius Navigator; 9th Feb 2008 at 06:47.
Join Date: Aug 2003
Location: Coventry
Posts: 40
Likes: 0
Received 0 Likes
on
0 Posts
it gets better, cos they then sent letters to everyone on the computer, to the addresses they had at the time, which include service personel living in or used to live in ireland!! i was lucky enough that my old address was on the patch and my mate lives there now, he got my letter, which contained plenty of personal details.
"Upgrading" to Vista
The rest of the corporate world seems to manage without [Vista] SP1 but the MOD (RAF) cant.
There is almost zero uptake of Vista in the corporate world, the only Vista PC's in most larger organisations are laptops or similar which won't run XP.
Any PC coming into the place I work (>5,000 PCs) that comes with Vista is "down-graded" to XP before it goes onto a user's desk. We are still buying brand-new Dell desktop PCs with 512MB RAM and ~2GHz Celeron chips which come with XP. These wouldn't have enough memory, CPU or graphics power to run Vista, but are entirely adequate for XP / Office2003. A roll-out of Vista will require us to replace or upgrade thousands of desktops. It ain't going to happen for at least another two or three years, by which time our policy may well have changed to specify Linux/OpenOffice for light users, if only someone can come up with an Outlook-compatible email client + calendar manager + contact manager. I live in hope
Join Date: Jan 2003
Location: England
Posts: 964
Likes: 0
Received 0 Likes
on
0 Posts
Ouch!! This is going to hurt
Particularly as they have named him.
http://www.thesun.co.uk/sol/homepage...icle791210.ece
Particularly as they have named him.http://www.thesun.co.uk/sol/homepage...icle791210.ece
AN Army laptop packed with secret information has been handed to The Sun — after a dozy officer left it in a PUB.
It contains personal details of more than 200 soldiers, plus data on their movements, military exercises and weapons store locations.
The computer was left by Royal Engineers Captain Luke Badger after a late-night drinking session in central London’s Troy Club.
A Sun reader found it under a table — and handed it to us.
It even contains the names of troops’ wives and children plus reports on soldiers including recommendations for promotion and disciplinary issues.
The blunder is another huge embarrassment for the Ministry of Defence, particularly as the data was not encrypted.
That is a serious breach of strict rules issued just three weeks ago by Cabinet Secretary Sir Gus O’Donnell.
Following a string of lost data scandals, he banned all laptops holding unprotected information from leaving government offices.
Capt Badger’s computer would have provided a goldmine for terrorists.
The Sun reader, who wants to remain anonymous, said: “I was amazed. He’s been very careless.”
We will return the laptop to the MoD, which promised an “urgent” probe.
It contains personal details of more than 200 soldiers, plus data on their movements, military exercises and weapons store locations.
The computer was left by Royal Engineers Captain Luke Badger after a late-night drinking session in central London’s Troy Club.
A Sun reader found it under a table — and handed it to us.
It even contains the names of troops’ wives and children plus reports on soldiers including recommendations for promotion and disciplinary issues.
The blunder is another huge embarrassment for the Ministry of Defence, particularly as the data was not encrypted.
That is a serious breach of strict rules issued just three weeks ago by Cabinet Secretary Sir Gus O’Donnell.
Following a string of lost data scandals, he banned all laptops holding unprotected information from leaving government offices.
Capt Badger’s computer would have provided a goldmine for terrorists.
The Sun reader, who wants to remain anonymous, said: “I was amazed. He’s been very careless.”
We will return the laptop to the MoD, which promised an “urgent” probe.
I don't own this space under my name. I should have leased it while I still could
Hole, swallow and the S-word all seem reasonable options.
So one dark blue and one brown one. Light blue turn next?
Fit laptop bags with thermal destruct charges?
At least one hopes that secret information means personal or private or at worst restricted.
So one dark blue and one brown one. Light blue turn next?
Fit laptop bags with thermal destruct charges?
At least one hopes that secret information means personal or private or at worst restricted.
Join Date: May 2004
Location: Up North
Posts: 801
Likes: 0
Received 0 Likes
on
0 Posts
I doubt Capt Badger's laptop would be above Restricted. The man is clearly a fool anyway.
There are further questions about the 600,000 records lost however. I did the security officer course and subsequent secondary duty (pain in the arrse, RAF police are the best friends you will ever have in this thankless task). It was my job to know at least a little about the JSP 440. So I was left scratching my head, following my letter from MoD saying my details were lost:
- individual protective marking of records: surely Restricted-Staff.
- aggregate protective marking of entire database: I would say Secret (given the tests for protective marking), at least Confidential. Not to be on a bog-standard laptop or IT system.
- Need to hold data: My lost record is 10 years old. I have a corresponding Service record. Is there any need to keep both? If you don't need it, destroy it (and ensure a destruction certificate etc). At the very least, my record should have been archived.
- "Need to know": Does anyone need to have download access to 600,000 records?
- Laptop authorisation: I used to have to sign a Restricted laptop out in advance. Pain in the backside for NATO meetings especially! Who was responsible for the establishment IT security procedures? Normally the CO - in name only - delegated downwards.
- All of the above. We know a hapless matelot left a laptop in his car at the first sniff of rum on a barmaid's apron. Walk the plank he should, but the ship is leaking big time, the fish is rotting from the head down etc.... This was not an opportunistic theft (as my letter spun it) or down to an individual error of judgement. Security is supposed to be multi-layered, to prevent one individual making such a mistake.
There are further questions about the 600,000 records lost however. I did the security officer course and subsequent secondary duty (pain in the arrse, RAF police are the best friends you will ever have in this thankless task). It was my job to know at least a little about the JSP 440. So I was left scratching my head, following my letter from MoD saying my details were lost:
- individual protective marking of records: surely Restricted-Staff.
- aggregate protective marking of entire database: I would say Secret (given the tests for protective marking), at least Confidential. Not to be on a bog-standard laptop or IT system.
- Need to hold data: My lost record is 10 years old. I have a corresponding Service record. Is there any need to keep both? If you don't need it, destroy it (and ensure a destruction certificate etc). At the very least, my record should have been archived.
- "Need to know": Does anyone need to have download access to 600,000 records?
- Laptop authorisation: I used to have to sign a Restricted laptop out in advance. Pain in the backside for NATO meetings especially! Who was responsible for the establishment IT security procedures? Normally the CO - in name only - delegated downwards.
- All of the above. We know a hapless matelot left a laptop in his car at the first sniff of rum on a barmaid's apron
. Walk the plank he should, but the ship is leaking big time, the fish is rotting from the head down etc.... This was not an opportunistic theft (as my letter spun it) or down to an individual error of judgement. Security is supposed to be multi-layered, to prevent one individual making such a mistake.
I don't own this space under my name. I should have leased it while I still could
From the photo of the laptop it looks rather swish for the 'best value for money' or the 'cheapest money can buy' laptop.
Bit like the 777 crash I be we can come up with some good theories and rumours.
I would almost hazard a guess that:
1. It was a private laptop because the security clamp down impinged on his ability to do work.
2. He could have used a company laptop but this would have meant collecting and returning it perhaps out of hours.
3. He took it into the pub to stop it being nicked from his car, assuming he was not on public transport.
Simply the whole laptop issue is fraught.
Bit like the 777 crash I be we can come up with some good theories and rumours.
I would almost hazard a guess that:
1. It was a private laptop because the security clamp down impinged on his ability to do work.
2. He could have used a company laptop but this would have meant collecting and returning it perhaps out of hours.
3. He took it into the pub to stop it being nicked from his car, assuming he was not on public transport.
Simply the whole laptop issue is fraught.
