There's important background for this story. As we all know, when the media attaches itself to one narrative (shark bites, knife crime, kidnapping) they report every single occurrence on the front page, to prove a trend.

In Britain, one of the facets on which PM Brown is being attacked is the government's perceived lack of security with respect to data. There have been instances in the past months of "Top Secret" documents (like, manila folders with red ribbons, stamped "Top Secret") being left on trains; CDs with bank details sent by courier but never received; laptops stolen; etc.

This is just playing to the meta-narrative that Gordon Brown can't be trusted because people who work for him lose things. SO WE'RE ALL GOING TO DIE! NAKED CHICKS ON PAGE 3!

At least, that's what I learned from the tabloids. :)

Posted by skiddie | July 21, 2008 5:45 PM

1) How long was it from the time is was stolen to the time it was *discovered* stolen? - looks like at least overnight. Enough time to do a fair amount of hacking.

2) Unclassified and classified networks are supposed to be completely separate; one of the rules to try to ensure this is a prohibition on wireless devices within spaces with classified IT equipment. My experience is that the higher ups tend to have a bad track record on following the IT rules - and that the aides to higher ups are even worse.

Posted by Kolohe | July 21, 2008 5:46 PM

It's too bad it wasn't Brown cabinet member Ed Balls that got caught in the honeytrap.

[insert Balls joke here]

Posted by joejoejoe | July 21, 2008 5:46 PM

Kind of surprises me that nations can still get away with petty stuff like this, without causing a major international incident.

Posted by Anthony Damiani | July 21, 2008 5:47 PM

In other news, Mc$ame paid a historic visit to the World Wide Web.

I find it very amusing that president Ahmadinejad writes a daily blog and US presidential hopeful thinks email is a service provided by the US postal service.

Good luck with your democracy.

Posted by Hameed | July 21, 2008 5:47 PM

In other news, Mc$ame paid a historic visit to the World Wide Web.

I find it very amusing that president Ahmadinejad writes a daily blog and US presidential hopeful thinks email is a service provided by the US postal service.

Good luck with your democracy.

Posted by Hameed | July 21, 2008 5:50 PM

Forget that ... one of the primary IT features of the Blackberry is that the administrator may remotely both remove it from the network and wipe its contents.

Posted by Nicholas Beaudrot | July 21, 2008 5:52 PM

Good luck with your democracy.

Hey, at least we don't double-post!

Wow, I totally pwned you there!

Posted by skiddie | July 21, 2008 5:54 PM

Your referencing of Neuromancer made my day.

Posted by Alex | July 21, 2008 6:01 PM

Kind of surprises me that nations can still get away with petty stuff like this, without causing a major international incident.

All that's known is that the aide took a comely lass back to his hotel and then his blackberry went missing. Seems thin for an international incident. Part of the operation, I would think, is to present just this kind of deniable profile.

As for MY's suggestion, I think turning off the service hardly renders the value of the device nil. Without any knowledge of blackberry internals, there must be at least some traces of protocols, net addresses, etc. that would prove interesting to the would-be cyber intruder. Depending on what security elements may be resident on the device, it could be much more valuable. In any case, I hardly think the idea was to use the purloined device to dial-in to 10 Downing Street or some such.

Posted by hoi polloi | July 21, 2008 6:02 PM

I don't understand this post at all. Of course the Blackberry could be turned off and service cancelled. But presumably the information useful for an attack was obtained before that happened. And I don't think anybody was arguing that the Chinese could use that particular Blackberry to engage in the attack after it was turned off, but rather that the BlackBerry may have contained some information about the network that helps enable a later attack.

Posted by Al | July 21, 2008 6:03 PM

Kuang Mk. 11 FTW!

Posted by Trevor | July 21, 2008 6:04 PM

Can't the owner just report the phone stolen and have the service canceled? And why would a Blackberry let you do that anyway?

The article was (surprise, surprise) poorly written. The blackberry itself (that is, the actual device) won't have anything to do with any malicious/hostile behaviour. But the information contained in/on it may be helpful to unhelpful parties... Besides emails, phone calls and texts to various parties (the network identities of which are non-public) the meta-data about server setup, location, versions and patch revisions, will provide an excellent roadmap for further investigation and, in some cases, suggest possible attack vectors.

Posted by petr | July 21, 2008 6:06 PM

It's true that Chinese encryption-breaking skills play an important role in Neuromancer but that doesn't make this a real problem.

Yeah, from the same guy who has ignored the danger of Robot Ping Pong Dominance for weeks now... it's pretty clear you've been subverted by the Chinese-Ping-Pong-Robot-Conspiracy, and I wonder why you don't have the courage to admit your allegiance, now that you have been confronted with the truth?

Posted by J.W. Hamner | July 21, 2008 6:10 PM

I want to see a picture of the honey. It seems likely the honies are usually surprisingly homely.

Posted by blah | July 21, 2008 6:15 PM

When a BlackBerry is lost, the BlackBerry server administrator can immediately send a "wipe handheld" command. If the device is talking with the cell provider, it will immediately receive the command and initiate a wipe of ALL data on the device. If it is not currently on, it will initiate the wipe the next time it is powered on. After that completes (takes about 5 minutes) the blackberry is essentially in an "out of the box" state. The question here is how long it took from the theft to the command to wipe.

Posted by Alan | July 21, 2008 6:58 PM

Here's a low tech way to exploit a Blackberry while the owner is sleeping.

Hit reply to messages in the inbox and type in:

PM needs next year MI-5 budget immediately. Plz send as attachment.

Posted by Steve Sailer | July 21, 2008 7:37 PM

Nothing cuts through black ICE like that Chinese shite.

Posted by Dixie Flatline | July 21, 2008 7:52 PM

I have to admit that I don't know much about this particular walled garden, but it appears as if the BES works as a kinda sorta VPN, which is obviously valuable in the land of the Great Firewall. As petr says, those login and server credentials are likely useful to some degree by themselves, even if the server admins are vigilant.

Posted by pseudonymous in nc | July 21, 2008 8:07 PM

When I was an aide to a current Governor we were told that if our blackberry went missing we were to get in contact with our IT director who (apparently) had the ability to wipe clean the phone remotely.

That's what we trained to do, no idea how it works in practice.

Posted by Steve Balboni | July 21, 2008 8:27 PM

I want to see a picture of the honey. It seems likely the honies are usually surprisingly homely.

Obviously, you weren't a 13 year old boy during the Profumo scandal.

Posted by Jeffrey Davis | July 21, 2008 8:42 PM

Well, clearly this is not a problem you would have during a Mccain administration.

Posted by pittanylion | July 21, 2008 9:26 PM

It would work on Alias.

Posted by Deborah | July 21, 2008 9:35 PM

It's not the phone - it's the information on the phone. Passwords for email and other pieces of the aides identity, which could potentially be leveraged into a real security breach (say, if the blackberry gave access to the email account, where a password for a government server was stored). Even if the Blackberry is shut off, it's probably cached or otherwise saved some sensitive information, which will remain on the physical hard drive regardless of what the service provider does.

Of course, these problems aren't unique to government officials - anyone losing a piece of hardware with that much of their identity on it would be at risk, and any trust placed in them by the digital powers that be would be in danger of being compromised by the thieves (or the thieves customers).

Posted by Jai | July 21, 2008 9:40 PM

"When a BlackBerry is lost, the BlackBerry server administrator can immediately send a "wipe handheld" command."

The thief can remove the storage medium and read it elsewhere, without turning on the Blackberry - or just turn it on in a dungeon or other radiowave shelter, or disable reception (cut a wire to the antenna?)

Posted by skeptonomist | July 21, 2008 10:49 PM

If a common crook steals your blackberry, it can be wiped. If someone stings you specifically to steal your blackberry, they have brought a faraday cage with them.

Posted by Njorl | July 21, 2008 11:41 PM

I don't own a blackberry, but aren't these things small and easy to lose? It looks like they will get misplaced all the time.

I'm not sure a honey trap is even necessary, just shadow the aides to the Defense Minister, for example, for a few weeks and eventually someone will put it down someplace and not pick it up immediately. Make the shadow a skilled pickpocket.

This tells me that the theft of a blackberry probably isn't a big deal since they can be disabled easily. Either that or the government should ban its employees from using them. Or not hire klutzes, however talented. Or maybe that it should operate under the assumption that nearly all its "secrets" will get stolen since information is now much more accessible.

Posted by Ed | July 22, 2008 2:32 AM

This is just playing to the meta-narrative that Gordon Brown can't be trusted because people who work for him lose things.

Maybe, but the narrative pretty much writes itself - UK's families put on fraud alert:

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. (...) The missing information contains details of all Child Benefit recipients: records for 25 million individuals and 7.25 million families.

Posted by novakant | July 22, 2008 3:45 AM

How was I to know she was with the Chinese too?

Posted by Elvis Elvisberg | July 22, 2008 9:09 AM

I thought it was Russian ICE hacking software though...

Posted by N M | July 22, 2008 10:59 AM

I thought it was Russian ICE hacking software though...

Posted by N M | July 22, 2008 11:14 AM

http://www.order-order.com/2008/07/shanghai-surprise-just-chinese-takeaway.html

Posted by M | July 22, 2008 11:35 AM

It always helps if you read the article.

The phone was removed in shanghai, who do you think controls the cell tower (which would broadcast the wipe command)?

Posted by litch | July 22, 2008 12:19 PM

I too was pleased by the Neuromancer plug.
I actually just re-read that book for like the 5-6th time...
And it was Chinese Ice....
Not Russian.

Posted by Nama | July 22, 2008 12:46 PM

There was a security flaw found recently in BlackBerry Enterprise Server that would allow an activated BlackBerry to remotely execute code on the server. However, if the server was on a properly secured network, the notional hacker would not be authenticated to access user data or anything else outside of the server itself.

Posted by Hardrada | July 22, 2008 1:19 PM

Wouldn't it be a major coup just to get the contact list full of names, addresses, phone numbers and email addresses?

Maybe they're going to trojan-spam the British government with As1an h0tt1ez are to r0ving you r0ng t1me messages.

Posted by Aatos | July 22, 2008 1:32 PM

The Nueromancer refence made my day and inspired my first post as a long time reader.

Posted by JPKK | July 22, 2008 1:35 PM

"Wouldn't it be a major coup just to get the contact list full of names, addresses, phone numbers and email addresses?"

I'm pretty sure Chinese intelligence has those already.

Posted by Ginger Yellow | July 22, 2008 2:18 PM