Why is it that our government doesn’t use disk encryption for information like this?

It’s such a retardedly simple thing to do.

Or how about "why the fuck does anybody bring home a disk with the personal information of millions of people?"

They probaly do yous some type of encryption but peple can still get in to it.  I doubt they use real high end software.  Their is no 100% crack proof program out their, nor will their probaly ever be one. A lot of the  encryption designers build in back doors.  Also they NSA can crack just about anything their is.  Their is however enough free of readily available decryption software out their that is reletively easy to use.  I all depends on how much you know.

I can't believe that the people who possess this data is not more careful.  With the advent of distributed computing there has to more care in safe guarding data.

As far as I'm concerned;
The VA employee stole the data, and then had it "stolen" from him.
He should go to jail for this.

Quoted: ....NSA can crack just about anything their is.  Their is however enough free of readily available decryption software out their that is reletively easy to use.  I all depends on how much you know.

With all due respect, I disagree with your statement, there IS a program that cannot be compromised in any way, not even the NSA.

Recipe:

1. PGP 6.5.x and below compiled from source.

2. Old laptop w/ NO network/modem/other devices, it'll only be used to encrypt/decrypt files.

3. Stored in a highly secured safe/vault.

If you can or anybody can "crack" my encrypted files based on my system above, I'll give you 10 grand for your trouble.

Quoted: Quoted: ....NSA can crack just about anything their is.  Their is however enough free of readily available decryption software out their that is reletively easy to use.  I all depends on how much you know. With all due respect, I disagree with your statement, there IS a program that cannot be compromised in any way, not even the NSA. Recipe: 1. PGP 6.5.x and below compiled from source. 2. Old laptop w/ NO network/modem/other devices, it'll only be used to encrypt/decrypt files. 3. Stored in a highly secured safe/vault. If you can or anybody can "crack" my encrypted files based on my system above, I'll give you 10 grand for your trouble. www.ar15.com/images/smilies/smiley_evilsmile.gif

I’ve seen several instances where the FBI has cracked PGP. Mostly by pass phrase guessing but also using key logging.

Regardless, joe schmoe is not even going to be able to attack microsoft’s disk encryption.

Seriously, right click and select encrypt. How fucking hard is that? (Assuming a competent administrator set up PKI)  

Quoted: I’ve seen several instances where the FBI has cracked PGP. Mostly by pass phrase guessing but also using key logging.....

It's more to it then that........  are they able to "crack" PGP based on my "recipe"?

I wager, 10 grand.

The problem with most PGP users, they're casual users but the other few are pretty knowledgable on it and my PGP recipe is 100% "uncrackable" meaning 101% secure.

VA Press Release


He should be charged with 26 million counts as an accessory to identity theft.

Idiot.

Quoted: I’ve seen several instances where the FBI has cracked PGP. Mostly by pass phrase guessing but also using key logging. .... Seriously, right click and select encrypt. How fucking hard is that? (Assuming a competent administrator set up PKI)

Furthermore and with all due respect, the only people who are prone to passphrase guessing and key logging and other explouts are the casual PGP users.

In regards, to how "simple" a procedure to encrypt files, again, what most people fail to understand is there is more to simply "clicking" to encrypt/decrypt. As mentioned before, most 99% of encryption software users are casual/amateur/intermediate users.

The 1% though are 100% confident that our PGP system is 101% secure even from, the good folks at the FBI.

Quoted: Quoted: I’ve seen several instances where the FBI has cracked PGP. Mostly by pass phrase guessing but also using key logging.....   It's more to it then that........  are they able to "crack" PGP based on my "recipe"?

Right, it would take a warrant for your vault and about two days computer time on blue gene.  

Quoted: Right, it would take a warrant for your vault and about two days computer time on blue gene.

Consider this,

multiple undisclosed nondescript locations....

each encrypted file/s are sub files of the main file basically steps.....

no further comment......

PS: It is important to use PGP 6.5.x and below and Must be compiled from source (reliable and verified) and other important key measures to secure the encrypted file/s.

Quoted: Quoted: VA Press Release He should be charged with 26 million counts as an accessory to identity theft. Idiot. I'm willing to bet he was well compensated for his unauthorized removal of our personal info.   He's a crook.  He sold us out.

Reading a little further into that article… You are right. There’s a whole bunch of useful info for espionage on that disk. That data should not have been off site. The guy should be up on treason charges.

Quoted: Quoted: Quoted: VA Press Release He should be charged with 26 million counts as an accessory to identity theft. Idiot. I'm willing to bet he was well compensated for his unauthorized removal of our personal info.   He's a crook.  He sold us out. Reading a little further into that article… You are right. There’s a whole bunch of useful info for espionage on that disk. That data should not have been off site. The guy should be up on treason charges.

Who's betting he isn't promoted?

Funny.  They used to just give that information away.

When I was release from basic training in '88, I found in my service file, a computer sheet with all of the names, SS#'s and city of origins of the people I went to basic training with.  There were over 100 names on that list.

Just think of the mischief I could have caused if I were a devious person.

Oh shit...

Somebody in an old thread about encryption was saying if you took all of the atoms in the universe and turned them into top of the line computers you couldn't crack some high end methods of encryption. All I could say was

Data on 26.5 million veterans stolen from home Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst who improperly took the material home, Veterans Affairs Secretary Jim Nicholson said Monday. The data included names, Social Security numbers and dates of birth for the veterans, Nicholson said, but "there is no indication at this time" that the data had been used for identify theft. Nicholson said the theft of the data took place this month, but declined to identify the employee or the location of the burglary. "The employee has been placed on administrative leave pending the outcome of the investigation. We have a full-scale investigation going on in this," Nicholson told reporters by telephone. . . .

Dayum!

I fall right into to the timeline for this.

Better start paying close attention to my credit reports.

That dumb bastard should be drawn and quartered for this, what the hell was he doing.  

Quoted: VA Press Release He should be charged with 26 million counts as an accessory to identity theft. Idiot.

Preach on!



-K

Quoted: Or how about "why the fuck does anybody bring home a disk with the personal information of millions of people?"

Ding ding ding! We have a winnah!



Seriously, WTF?

That is just about sufficient to create new IDs for all of our new identification-challenged lowriding overlords.

Not to hijack the thread, but this is one of the main defects of efforts to register guns or ammo.  Gives the crooks a convenient list of who to target.

"WASHINGTON - Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday."


"We have a full-scale investigation," said Nicholson, who said the FBI, local law enforcement and the VA inspector general were investigating. "I want to emphasize, there was no medical records of any veteran and no financial information of any veteran that's been compromised."

Man, they just can't stop themselves from lying to the public. It seems to be rule #1-Lie, Rule #2-Deny, Rule #3-Lie

Quoted: Not to hijack the thread, but this is one of the main defects of efforts to register guns or ammo.  Gives the crooks a convenient list of who to target.

Next thing you know, we'll have folks from state govts taking home CHL/CCW registration lists and having them "stolen".


Oh wait, why do that when you can just leak them in the newspaper?!?

Some people are alive only because it is illegal to kill them.

Secretary Nicholson Announces VA to Provide Free Credit Monitoring

"WASHINGTON – As part of the continuing efforts by the Department of Veterans Affairs (VA) to protect and assist those potentially affected by the recent data theft that occurred at an employee’s Maryland home, Secretary of Veterans Affairs R. James Nicholson today announced that VA will provide one year of free credit monitoring to people whose sensitive personal information may have been stolen in the incident.

“VA continues to take aggressive steps to protect and assist people who may be potentially affected by this data theft,” said Nicholson.  “VA has conducted extensive market research on available credit monitoring solutions, and has been working diligently to determine how VA can best serve those whose information was stolen.  

“Free credit monitoring will help safeguard those who may be affected, and will provide them with the peace of mind they deserve,” he added.  

The Secretary said VA has no reason to believe the perpetrators who committed this burglary were targeting the data, and Federal investigators believe that it is unlikely that identity theft has resulted from the data theft.

This week, VA will solicit bids from qualified companies to provide a comprehensive credit monitoring solution.  VA will ask these companies to provide expedited proposals and to be prepared to implement them rapidly once they are under contract.

After VA hires a credit monitoring company, the Department will send a detailed letter to people whose sensitive personal information may have been included in the stolen data.  This letter will explain credit monitoring and how eligible people can enroll or “opt-in” for the services.  The Department expects to have the services in place and the letters mailed by mid-August.

Secretary Nicholson also announced VA is soliciting bids to hire a company that provides data-breach analysis, which will look for possible misuse of the stolen VA data.  The analysis would help measure the risk of the data loss, identify suspicious misuse of identity information and expedite full assistance to affected people.

As part of VA’s efforts to prevent such an incident from happening again, Secretary Nicholson previously announced a series of personnel changes in the Office of Policy and Planning, where the breach occurred; the hiring of former Maricopa County (Ariz.) prosecutor Richard Romley as a Special Advisor for Information Security; the expedited completion of Cyber Security Awareness Training and Privacy Awareness Training for all VA employees; that an inventory be taken of all positions requiring access to sensitive VA data by June 30, 2006, to ensure that only those employees who need such access to do their jobs have it; that every laptop in VA undergo a security review to ensure that all security and virus software is current, including the immediate removal of any unauthorized information or software; and that VA facilities across the country – every hospital, Community-Based Outpatient Clinic (CBOC), regional office, national cemetery, field office and VA’s Central Office – observe Security Awareness Week beginning June 26.

People who believe they may be affected by the data theft can go to www.firstgov.gov for more information.  VA also continues to operate a call center that people can contact to get information about this incident and learn more about consumer-identity protections.  That toll free number is 1-800-FED INFO (1-800-333-4636).  The call center is operating from 8:00 am to 9:00 pm (EDT), Monday-Saturday as long as it is needed."

I'm sorry the taxpayers have to foot the bill for this, but it's the right thing to do.

Quoted: Secretary Nicholson Announces VA to Provide Free Credit Monitoring "WASHINGTON – As part of the continuing efforts by the Department of Veterans Affairs (VA) to protect and assist those potentially affected by the recent data theft that occurred at an employee’s Maryland home, Secretary of Veterans Affairs R. James Nicholson today announced that VA will provide one year of free credit monitoring to people whose sensitive personal information may have been stolen in the incident. <snip>

They're still not outing the bastard, huh?

Am I the only one who finds it incredibly criminal moronic ironic that they're protecting this person's identity?

Update:

www.govexec.com/story_page.cfm?articleid=34448&dcn=todaysnews

Follow-up arfcom thread:

www.ar15.com/forums/topic.html?b=1&f=5&t=477706

Quoted: Update: www.govexec.com/story_page.cfm?articleid=34448&dcn=todaysnews Follow-up arfcom thread: www.ar15.com/forums/topic.html?b=1&f=5&t=477706

"The FBI on Thursday announced that the laptop computer and external hard drive stolen from a Veterans Affairs Department employee's home early last month, compromising personal information on 26.5 million veterans, has been recovered. "

I read that in my local paper.  Good news.

So what are the odds the DVA employee [at least] knew the data theif?