Feeds

Missing hard drives reappear under FBI's nose

Just when you thought the cavalry had it under control...

  • alert
  • submit to reddit

Build a business case: developing custom apps

Two hard disk drives containing secret information on nuclear weapons, which disappeared from a secure area in the Los Alamos National Laboratory, were found behind a photocopier days after the area was searched, making it all but certain that they were replaced under the noses of FBI investigators.

The FBI's Computer Analysis Response Team (CART) is examining the drives for evidence that they may have been tampered with, and to determine whether or not the data on them has been duplicated.

CART will "try to determine if those hard drives were accessed", an FBI spokesman said. Because the FBI is reluctant to say precisely how it will examine the drives, it is not entirely clear that they can make these determinations with much confidence.

It will at least be possible for the team to determine if data on the drives has been modified, since Lab officials have stated that at least one more set exists, against which they can be compared.

The drives were found in the X Division of the Los Alamos campus, from which they originally vanished. The X Division is concerned with weapons design.

The drives in question contained detailed instructions on how to arm and disarm numerous nuclear weapons from US and other arsenals, including those of Russia and China. The information is kept handy by the Nuclear Emergency Search Team (NEST), which responds to nuclear attacks, accidents, and terrorist incidents.

The drives were discovered missing in May, when Los Alamos staff were struggling to secure the facility against a huge fire in the surrounding countryside, originally set by the US Parks Service in an ironic effort to thin the brush and so reduce the risk of wildfires.

About 25 FBI agents are now on the job at the Lab. They have interrogated and administered polygraph tests to the members of NEST's staff who had unfettered access to the missing drives. Some "irregularities" have already been observed during NEST staff interrogations, US Energy Secretary Bill Richardson has said.

Roughly 85 people at Los Alamos work part-time in NEST, but only 26 of them have unescorted access to the vaults where the hard drives were stored, and thus would not have had to sign out the kit, Lab officials said.

The last written audit on the drives was done in January, meaning that it's possible that they've been missing for as long as six months.

The University of California serves as the Lab's management and operating contractor. This is hardly the first time that practice of putting academicians in charge of national security has given occasion to bring the overall concept into question.

Politics

Meanwhile, Secretary Richardson, who entertains hopes of becoming Al Gore's vice-presidential nominee, convened an impromptu news conference Monday to assuage public fears that the hard drive incident has compromised US nuclear weapons security.

"I want to assure the American public that we're going to get to the bottom of the incident. We're going to hold people accountable; there's going to be disciplinary action," Richardson told reporters.

"I will not take a back seat to those who say I haven't put in strong security measures" at the Los Alamos Lab. Security is his "number one priority," he added.

Unfortunately, Richardson had previously assured the public that the country's nuclear weapons secrets were to become secure when he took over the Department in the wake of another debacle, in which it is believed that Los Alamos staffer Wen Ho Lee transferred sensitive weapons design information to China.

The Lee investigation was handled so poorly that by the time the Feds finally moved on him it was impossible to determine whether or not he had actually passed the information along. He was charged only with mishandling classified data, for which he is now awaiting trial.

Because the Lee disaster occurred before Richardson's tenure at DoE, many had hoped that under his leadership the Lab would improve security and avoid any further incidents of this sort.

However, many in Congress feel that Richardson's tenure at DoE has yielded few improvements beyond a slicker, more Clintonesque, PR routine. Senate Intelligence Committee Chairman Richard Shelby (Republican, Alabama) has been among those most critical.

"[Richardson] has not done a good job as Secretary of Energy," Shelby said in a brief press conference Monday. "The Senate and the House have basically lost confidence in him."

Noting that the drives reappeared in a supposedly secure area of the Lab, which was at the time the object of FBI surveillance, Shelby said that "the counterintelligence implications have increased by an order of magnitude. We may have someone on the inside who doesn't want anyone to know they had the drives or what they did with them."

It is all but certain that the X Division incident will obliterate Richardson's hopes of running for the Veepship. Perhaps now he can apply himself to his actual job as Energy Secretary, for better or for worse.

It's the system

Government-wide nuts-and-bolts steps required to secure 'secret' and 'top secret' information have been relaxed dramatically under the Clinton Administration, it was revealed during a joint hearing of the Senate Intelligence and Energy Committees chaired by Senator Shelby last week.

Access to the drives in question is limited first by general access to the area, which is confirmed with machine-readable ID badges, and biometric checks. Once one is inside the X Division area, a simple access list determines which people may proceed unescorted, and without electronic monitoring, to the vaults where the drives were stored, Los Alamos National Laboratory Director John Browne explained.

Incredibly, there are 26 members of NEST who are permitted to enter the vaults and remove materials without signing out the inventory or otherwise accounting for their comings and goings. The custodian on duty is responsible only for ensuring that those without unescorted access are supervised in and around the vaults. Thus anyone with the required clearance would have been permitted to remove the drives without notifying anyone else.

Not only is this risky from a counterintelligence point of view, it might make for some logistical disasters if NEST staff should need to respond immediately to a threat, and should then find the kit missing with no record who might have it.

The missing drives were classified as 'secret'. If they had been classified as 'top secret', there would be a written account of who had taken them.

The Intelligence Committee found this an appalling policy, with several Members sarcastically suggesting that retail shops and public libraries have better inventory control than the Los Alamos X Division.

"That sounds like a really bone-headed security procedure to me," Committee Co-Chairman Richard Bryan (Democrat, Nevada) observed. "I cannot conceive of not requiring some kind of sign-in and sign-out procedure for those 26 individuals."

"It's [my] personal opinion that the government made a mistake in the early 1990s by eliminating personal accountability for 'secret' documents across the government," Lab Director Browne replied. "'Secret' data is no longer accounted for in this country. Period."

These relaxed security measures were conceived during the Bush Administration, and subsequently put into practice under the Clintonites, he explained.

Rather than re-institute personal accountability for 'secret' documents, DoE Director of Security General Eugene Habiger suggested that some 'secret' documents should be bumped to 'top secret' for a higher level of protection.

"The Department of Energy needs to re-visit the classification levels for encyclopaedic data bases. There's such a large amount of very sensitive data on one piece of electronic media that we need to review our procedures," General Habiger noted.

"Ten years ago we had rules that information of this type would have been 'top secret'. When I became Chief of the Strategic Command, I was astounded in 1996 when I found that those rules had changed," he lamented.

Always look on the bright side of life

Energy Secretary Richardson has been soft-pedalling the significance of the Los Alamos security lapse, as he did during the Wen Ho Lee case. Of course back then no one could say it was his fault; it was Morning in the Department, so to speak.

However, this has since worn thin, especially because last week, while the Intelligence Committee was grilling his underlings, Richardson was over at the National Press Club chirping optimistically to reporters about improvements in energy efficiency among the latest automobiles. Apparently, he considered PR more important than fact-finding with Congress.

To symbolise their contempt for his cavalier behaviour, the Intelligence Committee conspicuously left an empty chair for Richardson at table, bearing his name card, throughout the hearing.

Meanwhile, Richardson has been expressing hopes that the data on the hard drives has not fallen into the wrong hands. The sudden re-appearance, he hopes, indicates only that whoever took them wishes to remain anonymous merely to spare himself inconvenience in a hot-button case.

The Register is not entirely confident in this scenario. If the drives were in fact removed and maintained according to regulations, then the person in question should have nothing to fear in stepping forward. The obvious desire for anonymity here suggests that there is a bit more behind this incident than some garden-variety 'irregularity', as Secretary Richardson calls it.

The Intelligence Committee intends to subpoena Richardson to be grilled during a closed hearing this week. We regret deeply that we'll be unable to play the fly on that wall. ®

Build a business case: developing custom apps

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
XBOX One will learn to play media from USB and DLNA sources
Hang on? Aren't those file formats you hardly ever see outside torrents?
Class war! Wikipedia's workers revolt again
Bourgeois paper-shufflers have 'suspended democracy', sniff unpaid proles
'Aaaah FFS, 'amazeballs' has made it into the OXFORD DICTIONARY'
Plus: 'EE, how shocking, ANOTHER problem I face with your service'
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.