Coverup at the VA

[Kylere]

For those who missed it you can buy a clue at news.google.com.

The VA had an employee take home a laptop with data on CD or disk containing private data (name, social, home of record, etc) of nearly 30 million active and prior military back to like 72. Their house was reported to be burglarized ( but no valid evidence of this has been presented) and the data has been stolen.

I have been following this since the VA belatedly reported it, and I firmly believe that the truth is not coming out, and if they are being honest, I want to know why the stupid fucker has not been fired.

I demand his firing. Nothing less is acceptable, and the fact that they have done nothing of the sort yet, indicates to me that perhaps this guy was not breaking the rules because while they may have existed I have to wonder if they had a "climate" thing that did not prevent people from doing this stuff, so they cannot touch him without it being an issue of "hey we have been fucking up all along"

[Aabidano]

I demand his firing. Nothing less is acceptable

Clean up the White House staffers while you're at it.

[Aslanna]

How is demanding his firing (lol) here going to help any?

[Midnyte_Ragebringer]

I demand his firing. Nothing less is acceptable

Clean up the White House staffers while you're at it.

lmao

[Zaelath]

For those who missed it you can buy a clue at news.google.com.

The VA had an employee take home a laptop with data on CD or disk containing private data (name, social, home of record, etc) of nearly 30 million active and prior military back to like 72. Their house was reported to be burglarized ( but no valid evidence of this has been presented) and the data has been stolen.

I have been following this since the VA belatedly reported it, and I firmly believe that the truth is not coming out, and if they are being honest, I want to know why the stupid fucker has not been fired.

I demand his firing. Nothing less is acceptable, and the fact that they have done nothing of the sort yet, indicates to me that perhaps this guy was not breaking the rules because while they may have existed I have to wonder if they had a "climate" thing that did not prevent people from doing this stuff, so they cannot touch him without it being an issue of "hey we have been fucking up all along"

Fuck that, you should be after the head of the guy that allows laptops to be used for more than an RDP client to connect to sensitive data.

Security can only start at the policy level.

[Kylere]

Actually I have demanded it to the VA, and I am sure that I am not the only one.

I feel you on RDP, but it is a bitch to effectively encrypt, they should not be moving sensitive data to insecure locations, if he had been active duty he would be under Leavenworth now, and I do not want some middle level 'crat to get away with this BS.

Blaming the White House is dumbass, the VA has been fucked by every President since its founding ( except Ike, and oddly enough Carter) this is a department issue, because it does not matter who the Prez is, the bureaucracy moves on. The employee should be dumped, his manager should be if it was against the rules but winked at, etc.

What is really funny is that I am on my 4th address since I became a civilian, I have never reported my new address to the VA, but they managed to send a letter directly to me at my current address. They can do this, but not practice basic compsec?

[Zaelath]

I feel you on RDP, but it is a bitch to effectively encrypt

Eh? RDP travels an encrypted tunnel the same as any other data, it's not like you even have to fart about with NAT.

[Kylere]

The important part of the sentence was "effectively"

I do not trust my data to some putz using RDP. There are WAY too many insecurities, I would want it to be a dedicated line minimum, no dsl or worse yet party line cable.

But the truly important part is that there is no reason they can justify it considering it was agaisnt their own rules. If I take data home from any job, and it is compromised as a result and I was not supposed to have taken it. I would EXPECT to lose my job.

[Zaelath]

Place your emphasis where you will, it's bullshit. As long as you enforce a requirement for an end to end tunnel (VPN) before you can connect to the remote server the traffic is all very effectively encrypted.

That said, you missed my point completely.

If someone in Government has a laptop they use for work, it should have little more than an email client on it, or preferrably a VPN link to their internal webmail system such that you're limited to concerted hackers trawling swap files to even get a tiny look at your data. The RDP I was originally thinking of was from his laptop at his desk inside the building to the server in the next room.

Now, as to data being safe. Doesn't happen. You can make it more bother than it's worth, but it's never really safe. Hell, if I want your data I'll just ring up the VA and probably be able to get it, might take a few calls to work out their pattern, but it's almost always doable.

[Boogahz]

Place your emphasis where you will, it's bullshit. As long as you enforce a requirement for an end to end tunnel (VPN) before you can connect to the remote server the traffic is all very effectively encrypted.

That said, you missed my point completely.

If someone in Government has a laptop they use for work, it should have little more than an email client on it, or preferrably a VPN link to their internal webmail system such that you're limited to concerted hackers trawling swap files to even get a tiny look at your data. The RDP I was originally thinking of was from his laptop at his desk inside the building to the server in the next room.

Now, as to data being safe. Doesn't happen. You can make it more bother than it's worth, but it's never really safe. Hell, if I want your data I'll just ring up the VA and probably be able to get it, might take a few calls to work out their pattern, but it's almost always doable.

It's all a moot point if he's taking the data home on a CD. Apparently the CD is what had all of the information, not a laptop.

[Sabek]

Now, as to data being safe. Doesn't happen. You can make it more bother than it's worth, but it's never really safe. Hell, if I want your data I'll just ring up the VA and probably be able to get it, might take a few calls to work out their pattern, but it's almost always doable.

Exactly, social engineering is generally the most effective way of getting sensitive data.

We can put technologies in place to protect the data on our networks etc, but we can never engineer the stupid out of people.

[Kylere]

Short of a dedicated line that has its entire length physically guarded, they should not be remoting this type of data.

Short of firing, nothing less is acceptable for an employee who managed to violate the rules and expose 10% of the country to identity theft concerns. 30 million bloody people.

[Bubba Grizz]

You got a letter? Hell I hope they are sending out letters to all of us. Whether or not our names were one of the 30 million. If for nothing else than piece of mind. I half expected a call from my controller.

[Boogahz]

Place your emphasis where you will, it's bullshit. As long as you enforce a requirement for an end to end tunnel (VPN) before you can connect to the remote server the traffic is all very effectively encrypted.

That said, you missed my point completely.

If someone in Government has a laptop they use for work, it should have little more than an email client on it, or preferrably a VPN link to their internal webmail system such that you're limited to concerted hackers trawling swap files to even get a tiny look at your data. The RDP I was originally thinking of was from his laptop at his desk inside the building to the server in the next room.

Now, as to data being safe. Doesn't happen. You can make it more bother than it's worth, but it's never really safe. Hell, if I want your data I'll just ring up the VA and probably be able to get it, might take a few calls to work out their pattern, but it's almost always doable.

It's all a moot point if he's taking the data home on a CD. Apparently the CD is what had all of the information, not a laptop.

Ah, so I see now that the story has changed from when it was first released...

[Aabidano]

Short of firing, nothing less is acceptable for an employee who managed to violate the rules and expose 10% of the country to identity theft concerns. 30 million bloody people.

Just read that he's been fired, and the supervisor has resigned.

[Winnow]

U.S. vets everywhere can rest easy again:

Stolen laptop with veterans' data recovered By Vicki Allen
Thu Jun 29, 9:16 PM ET

WASHINGTON (Reuters) - A stolen laptop computer containing sensitive information on more than 26 million U.S. military veterans and service members has been recovered and a preliminary review indicated no data was taken, the FBI and Veterans Affairs Department said on Thursday.

The laptop and the external hard drive taken in early May from a VA employee's residence in suburban Washington were recovered, authorities said.

"A preliminary review of the equipment by computer forensic teams has determined that the data base remains intact and has not been accessed since it was stolen," the agencies said in a statement. "A thorough forensic examination is underway, and the results will be shared as soon as possible."

A person whom the FBI did not identify turned the laptop in to the agency's Baltimore office on Wednesday, officials and veterans organizations said.

FBI spokeswoman Michelle Crnkovich said that no charges were filed against that individual, and that she no information on where the laptop was between the time of the theft and when it was turned in.

The theft of the laptop from a VA employee who had brought it to his home in Aspen Hill, Maryland, raised fears that nearly all military personnel were at risk of identity theft. Authorities have said the theft as part of a routine burglary in which other items were taken.

BIPARTISAN BLAST

Lawmakers and veterans' advocates have voiced alarm that the government failed to safeguard the data that included Social Security numbers and disability ratings that could be used in credit card fraud and other crimes.

Senate Veterans Affairs Committee Chairman Larry Craig, an Idaho Republican, said "we are all holding our breath now for the FBI forensic analysis which we hope will confirm that the data has not been compromised."

Republicans and Democrats had blasted the administration for allowing the data to be lost and for responding slowly to the theft. Officials have said VA Secretary Jim Nicholson was first told of the May 3 crime on May 16 and only informed the public on May 22, almost three weeks after the theft occurred.

Cost of the theft was piling up for taxpayers. The White House this week asked Congress for $160 million to offer credit monitoring to military personnel worried of possible identity theft.

The VA also was spending millions of dollars to respond to the incident, including setting up a special call center to address veterans' concerns.

Rep. Steve Buyer (news, bio, voting record), an Indiana Republican who chairs the House of Representatives Veterans Committee, said that even though he was heartened by the laptop's recovery, the "history of lenient policies and lack of accountability within VA management must be rectified."

Jim Mueller, commander-in-chief of the Veterans of Foreign Wars of the U.S., said those responsible for the data loss and those who knew about the theft but did not tell Nicholson for 13 days should be held accountable.

"The secretary must act swiftly and decisively if he is to restore America's trust in the VA," Mueller said.

[Kylere]

Yeah he was fired, but union fired, aka he will get his job and backpay in 6 months after a long tax payer provided vacation.

[Ashur]

Every time someone fucks up in the news I have to go through a fire drill at work. Citibank losing backup tapes, VA losing sensitive data...

STOP FUCKING UP, RETARDS!

I have enough shit to do without putting everything on hold to fill out a half-dozen spreadsheets for upper management every time they read a story in the news and get cold sweats.

P.S. I'm a vet. I was never worried. I'm sure my "sensitive" data is in enough data marts/warehouses that if this sort of shit freaked me out I'd never sleep.

[Aneron]

What is really funny is that I am on my 4th address since I became a civilian, I have never reported my new address to the VA, but they managed to send a letter directly to me at my current address. They can do this, but not practice basic compsec?

Some how I had missed this post before, but anyway in the letter you got Kylere, it said that the VA worked with the IRS (using your SSN) to get the letter to you.