"We put the disk in the drive to see what it was, but it was encrypted."

"As soon as I saw it belonged to the Home Office I placed it in the company safe and called the police."

If he put in the company safe "as soon as I saw it belonged to the Home Office", how did he manage to put it in the disk drive...?

Or more likely "wow, I can be famous... aww crap. Suppose I better be seen to do the right thing"

I wonder if the eBay seller will get good feedback ...or a visit from PC Plod?

clue - a nice tea and biscuits session with the person that took the lappie for repair, followed by a damn good attempt at tracking down the ebay vendor......

I guess they must, because as soon as the disc, labelled "Home Office Confidential" was seen to belong to the Home Office, they locked it in the company safe, and also put the disc in the drive to see what it was...

BTW, probably best not to buy a laptop on eBay if it needs repairing straight after

Hang on, hang on, hang on - is there actaully any evidence that it was sold on eBay, rather than just being stolen?

Also, as an aside - who the hell hides CDs under a laptop keyboard?

"However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory. "

Presumably the article is referring to the recent work at Princeton. This attack is simply infeasible in this instance. The main memory of the laptop would have faded and thus the key would not have been recoverable. Furthermore, since the data has held on floppy disk there is nothing to suggest that the floppy disk's encryption key would have ever resided in the laptop's main memory (this relies upon the assumption that at some stage the disk had been used in that laptop, moreover, it must have been used recently)

Optical disk "under" the keyboard?

I can think of better palces to put one. What's that all about? How does a cd end up inside a laptop? That's just weird.

So was the auction for a Home Office CD-ROM with free laptop or vice versa...?

Mines the one with HOIT written on the back...

did removing the disk that some idiot had crammed under the keyboard fix the laptop?

What user stores a CD UNDER the keyboard? Ho many screws had to be removed to take out the keyboard? This sounds fishy. Possibly an attempt by the HO to demonstrate that they have cleaned up their act re: data security? What better way than to flog a lappy on eBay with a hidden prize. Like a box of cereal.

.. it could be a wind-up! Lets face it - who in the Home Office would have the knowledge to hide a disk UNDER the keyboard. I can believe a forgotten disc in the drive but.....

When they decrypt it it'll probably be the complete "Third Policeman" by Flann O'Brien!

I suspect there'll be thousands of "Property of Home Office - Confidential" disks appearing from everywhere in the coming months.

In fact, it'd be a good line in CD labels.... for those of an entrepreneurial bent.

♠

That's all that holds my keyboard down. It's where I keep my emergency €20/£10/$20 when travelling. Never tried to squeeze anything else in there though. Must remember to take them out before I return the laptop.

This is tabloid journalism, Lewis. It's a blatant attempt to criticise the government, even though they've done nothing wrong in this instance. I expect better from The Register.

The HO put this on e-bay knowing what would happen, either that or it was never on e-bay and its an elaborate ruse making us think our data is safe out in the low cost data centres of helmand province.

> Ho many screws had to be removed to take out the keyboard?

I can take mine out just by popping two tabs at the back. never thought about hding a secret disc there, tho'...

I've found a disc, it says Home Office and Confidential on it. It's encrypted - ergo it must belong to the Home Office. That's flawless reasoning right there.

No chance that it's an a) wind up, b) some guys back up of his home and office files?

I'm looking inside a fairly common brand of Dell laptop just now, there's oodles of space (technical specification of oodles can be provided on request) to hide maybe 2 cd's side by side without causing too much damage.

I assume that the disc label was all official looking and didn't just have 'Home Office' scrawled on it in permanent marker (with smudged finger prints, coffee stains etc)?

Cos shurely you could fill a CD with random bytes and then scrawl 'MS Windows 2010 source code' couldn't you? And the 'real owner' as such would be out of their mind to risk the possibility that the disc was in fact legitimate rather than a fake.

This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.

A very slim chance, but maybe that's what happened here?

No, really.

There's a bunch of kerfuffle about the home office losing data.

Then a mysteriously "encrypted" cd turns up from eBay with the words Home Office and Confidential on it.

What's the bet that someone created a CD sized bunch of random data, encrypted it, put it on eBay, then started counting down how long it takes for people to figure out (if ever)?

Half of the point of encryption is that people wouldn't be able to tell if there really is data in there. ;->

Has anybody seen a laptop made in the last ten years or so where it's actually possible to squeeze anything at all in to the case / under the keyboard?

Unless it's a Toughbook, in which case the disc wasn't hidden, it was just sitting in the drive.

This sounds like an elaborate prank to me.

Do your spies actually label disks, "Home Office" "Confidential"?

Extending your theory a bit - if the bloke who sold the laptop was having a bit of a laugh with some random data, he'll get done for not providing a decryption key.

Or his defence could be - ask the HO!

Yes, because none of The Bad Men would want to steal your laptop.

Looks like the price of laptops have got so low that its cheaper to stash CDs in the keyboard than use a Jewel Case ;-)

Did they check?

So the government lost a laptop, it happens. They had taken all the right steps to make sure that all that was lost was a bit of kit, and no sensitive data made available. Your weasely attempts to suggest that the data could still have been copied are pathetic.

When they do something wrong, go ahead and kick them. When they do it right, report that or at the very least shut up.

HMG typically uses "Restricted", "Confidential", "Secret" and "Top Secret" as its labelling scheme. Stuff properly marked Confidential shouldn't be taken out of a Government office, regardless of whether encrypted or not and regardless of whether on paper, cd or a laptop. So someone is for the chop if this is true. More likely a prank though.

Looks like eBay is now being used for Dead-Drops...

Good thing that the [Chinese | Ruskies | Terrrrreeeerrrrreeessstttss | Cubans | French] were out bid this time... next time we may not be so lucky...

(shame there isn't an icon of Paris Hilton riding a Black Helicopter with her coat ...)

or the plain text of the contents of the disk and if not then they can go to jail!

I don't habitually carry my laptop when out (example for a meal). It's most often safely locked away in the office or hotel.

... guess what I found under the keyboard of this laptop I bought off a dodgy-looking bloke in a pub? A neatly-folded inflatable girlfriend and a tube of KY both labelled "Property of David Blunkett, The Home Office, Queen Anne's Gate, London SW1"

And a couple of Bonio biscuits.

I have a CD on my desk which is marked as property of the Home Office. When I put it in my drive, it comes up blank. Obviously, this is the work of a form of unbreakable encryption which requires access to the entire set of data to use as a decryption key.

Ingenious.

This message was encrypted with dual rounds of ROT13 for your protection.

Paris, for your protection.

Q: "Also, as an aside - who the hell hides CDs under a laptop keyboard?"

A: People lke e o all e me, o kow.

i guess those laughing at the thought of hiding something under a keyboard have not used an ibm laptop before with the keyboard you can tilt/lift???

I got it: "Home/Office" backup install disk of windows XP.

Nothing whatsoever to do with THE Home Office.

Really, that took 2 minutes of speculation.

Paris? Well, get a clue.

> I can believe a forgotten disc in the drive but.....

Maybe it was an old relic that had the CD drive under the keyboard. If that was the case it could have been a forgotten disc in the drive. :)

"This reminds me of the stories in the 80's and 90's of users 'missing' the floppy or cd drive slot and a service engineer finding a neat little pile of disks inside the machine.

A very slim chance, but maybe that's what happened here?"

Yes. How about the CD wasn't properly seated in the CD drive and the CD got pushed under the keyboard.

I've just taken a look at a Dell laptop and you'd need a bent or loose case, but it looks possible.

So, some sausage fingers in the HO looses a CD inside the laptop and fails to own up and send the laptop for repair to get the CD out. Or they'd been stiffed with a money grabbing support contract and a repair would cost more than a new laptop. "It costs too much to get the CD out - just make another".

It looks like another example of not following the rules about documents with protective marking. Okay, the data was encrypted. But the CD was still marked confidential and should have been handled accordingly.

"under the keyboard"

My old Toshiba has a pop-up plastic strip near the hinge; pop it up and the keyboard comes out on a little ribbon cable. It's easy, and there's probably enough space there for some cash - thanks to the previous commentator for that wheeze - but a CD wouldn't fit, there are sticky-out prongs that keep the keyboard aligned.

It seems odd to hide something from theft by putting it in a laptop. That would be like hiding valuable sweets by grinding them into powder and sprinkling them into a mobile phone; clever on the surface, but the phone is likely to get nicked, taking the sweets with it. As seems to have happened in this case.

Furthermore, phones are typically nicked by exactly the kind of person who loves sweets.

Actually, hiding a confidential disk under the keyboard of a laptop would be a really good way of getting it off site. At the guard house you solemnly present the laptop and the associated paperwork that lets you take it out, and the guard searches the bag, finds no CDs and lets you out. Then, before you can sell the juicy data to your buyer, you lose the laptop on the train, and some light-fingered git flogs it on ebay.

The laptop should be traceable from its serial number, back to the HO unit that lost it, if it's an HO machine. Maybe it belonged to a bent contractor? What, wait! Surely there's no such thing.

...where the user managed to wedge a CD between the chassis and the CDROM drive. I suppose it'd be more difficult, but feasible that someone (especially in government) could get one stuck under a laptop keyboard...

Nice to know that when you take a computer to this company and you leave a CD inside it that the first thing they do is put it in the CD to find out whats on it.

"However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory."

Yes, and those circumstances were absent here. You have to find the computer while it's *actually performing a decryption* (so the keys will actually be in memory -- they get zeroed out as soon as you quit the decryption program), and quickly reboot it. And even then, you're relying on the bit of memory where the keys were stored not getting overwritten during the startup process.

So what we had was a disc of encrypted data and no key. In other words, everything done right. No story.

Anyway, anything that says on it "HOME OFFICE - CONFIDENTIAL" is so obviously a fake, whoever called the Old Bill wants charging with Wasting Police Time.

That isn't that far-fetched with my former laptop. Now that could've been some good way to smuggle CD's in and out of my former job... one of my co-workers had 50+ CD's in his desk, despite company policy prohibiting *any* kind of removable media. Wonder if he did this ...

With regards keeping cash (or anything else, for that matter) under the keyboard. I wonder what the probability of frying the laptop due to the metallic strip.... (Presumably it will conduct electricity)

In these politically-correct times, I'll have you know that's a "contractor of non-heterosexual orientation", ducky...

... The CD contained a backup of the encryption software and the keys for what was on the laptop HD.

Could a user be this stupid? Er.... yes.

if I jam a flash drive labelled "secret terrorist WMD locations" inside the casing of an old trash computer, and then call the police can I be considered a war hero?

"Also, as an aside - who the hell hides CDs under a laptop keyboard?"

Don't CD drives on laptops sit under the keyboard? ;)

I totally see your point. You chuck money under your laptop's keyboard, so that if you are robbed, you still have money for a beer, a sammich and a bus ride. Clever.

Mine's the one with the banknote taped on the back

That government computers come with motorized cupholder / donut trays ..

( push the little button that says 'eject' on the front of the computer )

I'm amazed it wasn't an 8 inch 200 K byte single sided floppy disk ....

..If the Reg is still in the business of reporting news or looking for a good reason to slander an unliked agency/corporation.

Everyone who reads now knows you can recover encryption keys from RAM, why try to hold it against the gov that their encrypted drive could be subject to this. And what kind of speculation is that they 'could have written they keys down'...

Come on guys. At least it *was* encrypted this time.

I have two of these. The optical drives are under the keyboard, and top-loading; a clip on the front allows the keyboard to hinge up to access the drive, which looks like the top-loading CD drive on some cheap old stereos.

The whole story smells of BS to me though.

"However, in certain unusual circumstances a savvy attacker can lift the keys from computer memory."

That's what these guys were trying to do - they lifted the keys then found the CD...

Watch out, Beadles about?

or Intel CD Inside?

Dum, dum dum de dum!

The owner of the shop did not actually say that the disk was encrypted - all he said is that he put it in a CD drive and 'it would not boot, or anything'. 'Encryption' was then assumed by the interviewer and has obviously since become 'the truth'.

Of course -you realise they sold it cos they dropped the thing, hence the CD slipping out of the tray into the machine.

This demonstrates an extremely poor build and I myself have pulled a disc from an end-users machine guts.

Makes a nice 'nails on chalkboard' numbing screech.

$d3%*gs6%2kij==(*gs4ga;o3r9878rqb;fI8hfob;o8;nEIUF;efu .baFEK.J.KJ

Someone call in Sherlock.

"The possibility also exists of the encrypted government files having been copied, which is much easier than decrypting them - although not as trivially easy as copying normal unprotected files."

Have you ever actually used a computer? This sentence is garbage. A file is a file and copying it is exactly as easy regardless of whether it's a file full of plain text or encrypted gibberish. How on earth did you manage to type this without stopping short and saying "Hang on a minute, I'm talking complete bollocks"? You really ought to read back your text sometime in between writing it and posting it on the site, because there's really no excuse for this kind of pathetic blooper.

When you start asking the right questions on this story and the others in the 'data loss' debacle in which are our 'responsible' government leaders are involved in then nothing stands up to scrutiny. WTF is going on? Why aren't the media showing that this is all nonsense, like 'it's too expensive to create a subset of data from a rdbms so we sent the whole db', who would have that sort of access anyway?

Why hide a cd in a laptop? April 1st gets earlier every year . . .

Come on you guys, get real. Who's doing what to whom here?