Sunday Mirror reports LHR security files found on unencrypted USB stick.
Oct 30, 2017, 2:02 am
#1
Original Poster
Join Date: Apr 2010
Location: Tel Aviv, Israel
Programs: BA, LY, QF, UA, HH
Posts: 182
Sunday Mirror reports LHR security files found on unencrypted USB stick.
http://www.mirror.co.uk/news/uk-news...urity-11428132
Allegedly, it contained:
The exact route the Queen takes when using the airport and security measures used to protect her.
Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
Routes and safeguards for Cabinet ministers and foreign dignitaries.
Details of the ultrasound radar system used to scan runways and the perimeter fence.
Allegedly, it contained:
The exact route the Queen takes when using the airport and security measures used to protect her.
Files disclosing every type of ID needed – even those used by covert cops – to access restricted areas.
A timetable of patrols that was used to guard the site against suicide bombers and terror attacks.
Maps pinpointing CCTV cameras and a network of tunnels and escape shafts linked to the Heathrow Express.
Routes and safeguards for Cabinet ministers and foreign dignitaries.
Details of the ultrasound radar system used to scan runways and the perimeter fence.
Nov 1, 2017, 2:58 am
#2
Join Date: Sep 2014
Location: Brexile in ADB
Programs: BA, TK, HHonours, Le Club, Best Western Rewards
Posts: 7,067
That is an appalling security breach and I hope the police do a thorough investigation into HAL.
Extra security should be in place given that the airport is part-owned by Qatar, a state which has been accused of funding ISIS.
Extra security should be in place given that the airport is part-owned by Qatar, a state which has been accused of funding ISIS.
Nov 1, 2017, 7:04 am
#4
FlyerTalk Evangelist
Join Date: Nov 2011
Location: Brighton. UK
Programs: BA Gold / VS /IHG Diamond & Ambassador
Posts: 14,196
BA through IAG is part owned by QR (owned by the Qatar Government).
HAL is also part owned by the Governments of China and Singapore - neither of whom are always particularly nice people.
Concerned about that?
Nov 1, 2017, 8:13 am
#5
Join Date: Sep 2015
Programs: LH SEN; BA Gold
Posts: 8,405
So it took 2 post to have this thread heading to OMNI/PR. 
BTW: Am I the only one here not worried too much about a drive with sensitive data being found in the street by someone who alarmed authorities?
I'm much more worried about the fact THAT someone was able to copy it to a drive in the first place. That kind of data should not be transferable. God knows how many drives are out there!
I've worked for small companies working with confidential data where USB ports had simply been disable to prevent any data from leaving the building.
BTW: Am I the only one here not worried too much about a drive with sensitive data being found in the street by someone who alarmed authorities?
I'm much more worried about the fact THAT someone was able to copy it to a drive in the first place. That kind of data should not be transferable. God knows how many drives are out there!
I've worked for small companies working with confidential data where USB ports had simply been disable to prevent any data from leaving the building.
Nov 1, 2017, 8:40 am
#6
Moderator: UK and Ireland & Europe
Join Date: Jan 2003
Location: Biggleswade
Programs: SK*G, Lots of Blue Elsewhere
Posts: 13,611
I'm much more worried about the fact THAT someone was able to copy it to a drive in the first place. That kind of data should not be transferable. God knows how many drives are out there!
I've worked for small companies working with confidential data where USB ports had simply been disable to prevent any data from leaving the building.
I've worked for small companies working with confidential data where USB ports had simply been disable to prevent any data from leaving the building.
However, we can't necessarily make assumptions. We don't know whether the data is genuine, or whether it was transferred directly. However, there are basic measures you'd expect for something several layers less important than this (PII, for example, especially post-GDPR).
But I've been in this business long enough to know it very often doesn't happen. And that there's so often a loophole, particularly when the whole thing's been set up by long-forgotten contractors. Secure information on a machine with no USB ports and no internet access? Ah, but what's that, there's a machine on that network archived to S3? Oh, look, you can get the files over to a burner S3 bucket and on to a memory stick for transfer via a public PC. No malice intended, perhaps someone who needs to work from home and still hasn't got that VPN key sent out them from that outsourced support desk. And you know, getting your laptop hard drive encrypted makes it *so* slow, etc, etc.
<apologies to thread for unwarranted geek-speak>
What's comforting is that this stuff changes regularly anyway - that's a core facet of security.
Nov 1, 2017, 10:23 am
#7
Join Date: Sep 2014
Location: Brexile in ADB
Programs: BA, TK, HHonours, Le Club, Best Western Rewards
Posts: 7,067
I just meant that given the critical nature of Heathrow, there should be government oversight of the security arrangments at Heathrow given the vulnerabilities which the current ownership structure has.
It did also make me wonder why someone would have collected what appears to have been a very significant amount of data on a memory stick. There are legitimate reasons for this, no matter how foolhardy. But there also nefarious reasons which I am sure the police will be looking at.
It did also make me wonder why someone would have collected what appears to have been a very significant amount of data on a memory stick. There are legitimate reasons for this, no matter how foolhardy. But there also nefarious reasons which I am sure the police will be looking at.