The VA's stolen laptop

topic posted Fri, September 15, 2006 - 8:46 PM by  Tony
So I got home from work tonight and found this nice little letter from the VA in my mailbox. Out of curiousity I actually open it (last time I got one like this it was to tell me my SSN was _probably_ stolen.)

Low and behold they say they recovered the stolen laptop! Is that a miracle or what? First I am thinking "How did they get a laptop back?" Then as I read it I almost die laughing...

"I am pleased to report that both the laptop and the hard drive have been recovered thanks to hardworking law enforcement officials in the local and federal communities. Based on the results of forensic tests, the Federal Bureau of Investigation (FBI) has told us that they are highly confident the sensitive data were not accessed."


You mean to tell me that if I put a Knoppix CD into a system and then boot off of it, mount a harddrive in read-only mode, copy the entire file system off of it, then remove the Knoppix CD, they will know that I did this? Better yet, what if I boot the system with a Ghost or ImageCast disk and grab an image of said HD and restore it somewhere else? How the hell are they going to know I did this? Ghost will not mark a drive if you set it not to. Knoppix supposedly does not do anything to a disk. I can think of about half a dozen other easy ways to copy data from a system without actually touching it, IF I had physical access to the disks. What logs are there? Who are these guys at the FBI?

I personally am planning to send them a letter asking them how they can make this type of FALSE statement "...results of forensic tests..." What tests can they run?

"Given the FBI's degree of confidence that the information was not compromised, individual credit monitoring will not be necessary."

I have been doing this since before I was in the Army and then even more so once I was in the Army after I realized how your freaking SSN is just thrown around like it is nothing.

Well there's my rant. Here is the original letter I received:

Any comments? Anyone else out there prior-service get this letter as well?
posted by:
SF Bay Area
  • Re: The VA's stolen laptop

    Sat, September 16, 2006 - 12:53 AM
    I'm guessing that a lawyer did not read and approve this letter before it was sent. How do I surmise this? The following quote:

    "Given the FBI's high degree of confidence that the information was not compromised, individual credit monitoring will not be necessary."

    An attorney would have changed that wording to "may not" or "should not". Now they've left themselves open to a serious liability, telling everyone not to bother monitoring their credit report.
    • Re: The VA's stolen laptop

      Thu, March 1, 2007 - 10:52 PM
      I received those same letters. They didn't mean you should not monitor your own credit. In fact, they encouraged that. What they meant was they would not spend the money on having our credit monitored for us as a result of this incident.
  • Re: The VA's stolen laptop

    Mon, September 18, 2006 - 1:25 PM
    Yeah, I laughed at that when I read that letter too... While still in the Marines we worked a child porn bust and I was the IT tech assigned to help NIS in their investigation. The FIRST thing they had me do was boot the system off a floppy that locked the drive to read only then do a sector by sector image of the whole drive to another harddrive, then also labeled as evidence. Once that was done the original drive and computer were placed in a safe and the grueling job of going through and categoring the information began along with annotating when each of the files was last modified and last accessed.

    So they can see when the last time the data file on that computer was accessed, but not weither or not it was imaged or brought up in a read only mode.
    • Re: The VA's stolen laptop

      Thu, September 28, 2006 - 8:42 PM
      You make a good point they could have stolen the SSNs, but like the FBI said they most likely didn't. I was following this story for some time, and I think the part I find funny is that they claim that excellent police work was what recovered the laptop when in reality the guy who bought it off of a truck realized what he had and gave it to the police.

Recent topics in "hackers"