VA Laptop Didn’t Inhale

Posted by on . 4 comments.

A few weeks ago, the Veterans Administration received a big black eye when it was discovered that a laptop chock full of veterans’ personal information had been stolen. The laptop has been recovered, and something smells fishy:

The government has recovered a stolen laptop computer and external hard drive that contains the birthdates and Social Security numbers for millions of veterans and military personnel, the Department of Veterans Affairs said Thursday.

The Federal Bureau of Investigation said in a statement from its Baltimore field office that it appeared that the data had not been copied or misused.

“A preliminary review of the equipment by computer forensic teams has determined that the database remains intact and has not been accessed since it was stolen,” the statement said.

Now I know we have tech expert readers, and I want to know if the FBI statement is plausible, because reputation and a lot of money is at stake:

The department offered to pay for a year of free credit monitoring for the veterans, which it said would cost about $160.5 million. The director of the White House Office of Management, Rob Portman, suggested Wednesday that the department pay for such monitoring with about $130 million from a food stamp employment and training program, a farmers’ assistance program, student loans and a program for young people released from prison.

It’s cute that they were going to penalize food stamp recipients and students for the VA’s mistake, and now that they are claiming that the data is intact and un-viewed / un-copied, it’s kind of a “no harm, no foul” situation for them. But is it really? If someone hooked up the drive and computer to another device (iPod / flash drive / hard drive) would that even leave a record behind?

Comments

  1. Winux says:
    June 30, 2006 at 6:25 am

    The FBI statement that the data was not accessed is not plausible. It is entirely possiblet to remove the hard drive from the laptop, clone it, and then re-insert it back into the laptop. This would make it look like nothing was done.

    What is more disturbing is the fact that no arrest was made. I think someone is covering up for someone, and that this was all an inside job……

  2. marc says:
    June 30, 2006 at 7:15 am

    I’m still wondering about the person who returned it. How did the laptop just “turn up”? And did they get the $50,000 reward money?

  3. sarabeth says:
    June 30, 2006 at 7:47 am

    WaPo:

    FBI officials and local authorities said at a news conference that a person who had the laptop contacted U.S. Park Police on Wednesday after seeing news accounts and notices of a $50,000 reward offered by Montgomery County police. The devices were recovered in the “general vicinity” of Aspen Hill (where they were stolen from), said Chief Dwight E. Pettiford of the Park Police.

    FBI Special Agent in Charge William D. Chase, of the agency’s Baltimore office, said it is “way too early” to say whether the person will get the reward or whether criminal charges will be filed soon. FBI spokeswoman Michelle Crnkovich said the tipster is not a suspect.

  4. GG says:
    June 30, 2006 at 9:57 am

    If someone just connected an external storage (like a flash drive or even those USB storage keys) and copied all the data on that, nobody would be able to tell.

    What sounds weird to me in first place is: why would anybody keep that much data (26.5m records) on a laptop hard drive? That’s too much data to be kept on a laptop. Usually, this kind of data is kept in database servers to which people are given access permissions to run queries and retrieve a part of data when they want.
    Even if the person had permission to take the laptop home, they would be able to connect to the database servers remotely and do whatever they want. Still doesn’t make sense to keep all that data on your laptop (unless they intentionally want to lose sensitive data…).