Posted by: Arian Eigen Heald
Hardware & InfoSec, Security
I came across a recent post from the Breach Blog reporting that a U.S. Naval Laboratory employee – the computer administrator – had stolen 19,709 pieces of computer equipment, worth up to $1.6 million.
Did no one see this guy carting hardware out the door? I’m not talking about the small stuff, I’m talking about the more than 100 personal computers. Doesn’t a Naval laboratory have cameras on the exits, and guards? I know it’s easy to have hindsight vision, but this seems like it should have tripped somebody’s awareness alarm.
We can also extrapolate that there was no inventory control of hardware, AND no financial oversight of hardware costs. This happened over the course of ten years, so maybe he was able to slide it in under the radar.
What about the information ON the hardware? The Navy says only 14 people were affected. Given the evidence of their controls so far, I’m not sure I have a high level of confidence. They had to go through hard drives, CDs, Zip drives and all those computers. I hope they did.
How was this discovered? He and his wife are divorcing, she filed a protection request, and told his bosses she wanted his “work stuff” out of the house. He had so much stuff, he was storing some of the equipment at a neighbor’s house.