PACKET RAT: Second-hand security
Antique methods don't keep secrets from being handed down or passed to outsiders
Michael J. Bechetti
Browsing an early spring yard sale, the Rat stumbled across an old Atari gaming console with a set of cartridges. He held one up to show his wife: 'Missile Command,' the old anti-ballistic missile game of his ... well, maybe not his youth, but earlier in his life.
'I bet Boeing and Northrop Grumman could use this software,' he sighed. 'It's more secure than their missile defense network.'
The Rat was alluding to the recently revealed major security faux pas perpetrated by contractors working on the Missile Defense Agency's ground-based communications network. 'Shared passwords? That's so Windows 95,' the whiskered one winced.
Apparently, someone on the project was using security best practices that were contemporaries of the Atari console. Even though the network is allegedly physically secure, the weak access controls could leave the door open for all sorts of monkey business. The excuse? Adherence to current DOD security policy wasn't in the contract.
Of course, shortly after the DOD inspector general's report caught the attention of the press, it got yanked from the IG's Web site. 'Somebody just got re-assigned to Guantanamo, I bet,' the Rat whispered to himself as he checked the cables on the Atari's joysticks.
Speaking of IG reports, the Energy Department had its own batch of bad news again. The agency that brought you hard drives found behind copiers now reports that officials could not locate '18 items of sensitive computer processing equipment' from Energy's Office of Intelligence'notebook PCs and other gear that may or may not have classified data on them.
And given that hundreds of other pieces of 'sensitive property' weren't being properly tracked'the Office of Intelligence failed to do annual inventories for three years'even more problems might have disappeared behind the office coffee cart or gone out the door with departing employees.
'Maybe they should be checking yard sales like this,' the Rat's wife said, as he blew dust from a Commodore 64 keyboard. 'Or eBay. Apparently, you can find anything on eBay.'
'Except, perhaps, a clue,' the Rat sighed.
The United States doesn't hold a monopoly on government missteps with sensitive data. The provincial government of British Columbia, it was recently reported, accidentally auctioned off backup tapes holding thousands of records with citizens' ID numbers and medical histories.
The tapes were sold with other equipment for about $300 Canadian. Fortunately (at least for the people whose records were on the tapes that were found), the purchaser discovered what was on the tapes, and turned them over to the Vancouver Sun.
After a light haggle, the Rat laid down cash and scooped up the crate of Atari gear, along with an assortment of tchotchkes his better half had decided that she couldn't live without, to take it to the car.
'I sure hope these folks erased their top scores off of these before they sold them,' the Rat said.
'Why's that?' asked Mrs. Rat.
'Knowing our kids, they'll track down the original owners to gloat once they've beaten them.'The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at firstname.lastname@example.org.