Wednesday, February 14, 2007
DOJ Audit Reveals FBI Let Its Laptops Go Missing and Stolen
What's worse? The fact FBI lost 11 laptops a month for two years, or the fact that it does not even know what was on them
Today the U.S. Department of Justice (DOJ) released a report on an audit that it had been conducting on the FBI for nearly the past six years (PDF). The investigation was started when members of the FBI had been made aware that weapons and laptops containing sensitive and classified information had been lost and stolen. The investigation was initially started by the Office of the inspector General (OIG) over the control of weapons and laptop computers with several other government bodies such as the Drug Enforcement Administration (DEA) and the United States Marshal Service (USMS).
Initial data from early audits revealed that the FBI count not account for 317 laptops that were lost, missing or stolen over a 28 month period. Despite these incidents, details in the report revealed that the FBI did not report the missing or stolen laptops to the DOJ and information on these items were not entered into the National Crime Information Center (NCIC) database. The report also revealed that those that were aware of the missing laptops did not report the incidents in a timely manner and investigations were not launched in an attempt to find and retrieve the laptops.
Since 2001, the DOJ's second audit on the FBI reported that 160 laptops were unaccounted for during a 44 month period. This follow-up report concluded that the number of stolen declined, cases for missing laptops increased.
However, since the laptops were already gone, the FBI could not determine whether or not the laptops had critically sensitive information on them.
The FBI's security division had very limited information about the missing laptops. During the 44 month follow up audit, only 8 of the 160 missing notebooks were reported correctly. The FBI's security division later revealed that some of the laptops contained following:
Software for creating identification badges
Information and software used to process surveillance digital imaging
Security plans for access control systems
Names, addresses and phone numbers of FBI personnel
Sensitive but unclassified data
The DOJ report also indicated that the missing laptops occurred over several different FBI divisions, including its counterterrorism division, cyber crime division and counter-intelligence division. According to the report:
We believe that the FBI was lax in adhering to its own policies of reporting the contents of lost or stolen laptop computers. The FBI has to be more diligent in ensuring that it responds appropriately and aggressively to each laptop loss.
While some of the missing laptops were eventually found, the majority of the laptops are still missing today, and there is little hope that they will show up again. In high-security organization like the FBI, a large number of laptops still goes missing or gets stolen, which spells some trouble for large companies that try to keep an eye on their assets.
In conclusion, the DOJ states:
The FBI failed to give sufficient priority to property management. Periodic inventories of accountable property were not conducted, departing employees did not always return all property that had been issued to them, and the destruction of outdated, damaged, or excessed laptop computers was not adequately documented. Additionally, while the FBI documented the disposal of laptop computers, it did not adequately document that all sensitive or classified information had been sanitized prior to their disposal.
Today the U.S. Department of Justice (DOJ) released a report on an audit that it had been conducting on the FBI for nearly the past six years (PDF). The investigation was started when members of the FBI had been made aware that weapons and laptops containing sensitive and classified information had been lost and stolen. The investigation was initially started by the Office of the inspector General (OIG) over the control of weapons and laptop computers with several other government bodies such as the Drug Enforcement Administration (DEA) and the United States Marshal Service (USMS).
Initial data from early audits revealed that the FBI count not account for 317 laptops that were lost, missing or stolen over a 28 month period. Despite these incidents, details in the report revealed that the FBI did not report the missing or stolen laptops to the DOJ and information on these items were not entered into the National Crime Information Center (NCIC) database. The report also revealed that those that were aware of the missing laptops did not report the incidents in a timely manner and investigations were not launched in an attempt to find and retrieve the laptops.
Since 2001, the DOJ's second audit on the FBI reported that 160 laptops were unaccounted for during a 44 month period. This follow-up report concluded that the number of stolen declined, cases for missing laptops increased.
However, since the laptops were already gone, the FBI could not determine whether or not the laptops had critically sensitive information on them.
The FBI's security division had very limited information about the missing laptops. During the 44 month follow up audit, only 8 of the 160 missing notebooks were reported correctly. The FBI's security division later revealed that some of the laptops contained following:
Software for creating identification badges
Information and software used to process surveillance digital imaging
Security plans for access control systems
Names, addresses and phone numbers of FBI personnel
Sensitive but unclassified data
The DOJ report also indicated that the missing laptops occurred over several different FBI divisions, including its counterterrorism division, cyber crime division and counter-intelligence division. According to the report:
We believe that the FBI was lax in adhering to its own policies of reporting the contents of lost or stolen laptop computers. The FBI has to be more diligent in ensuring that it responds appropriately and aggressively to each laptop loss.
While some of the missing laptops were eventually found, the majority of the laptops are still missing today, and there is little hope that they will show up again. In high-security organization like the FBI, a large number of laptops still goes missing or gets stolen, which spells some trouble for large companies that try to keep an eye on their assets.
In conclusion, the DOJ states:
The FBI failed to give sufficient priority to property management. Periodic inventories of accountable property were not conducted, departing employees did not always return all property that had been issued to them, and the destruction of outdated, damaged, or excessed laptop computers was not adequately documented. Additionally, while the FBI documented the disposal of laptop computers, it did not adequately document that all sensitive or classified information had been sanitized prior to their disposal.
Labels: FBI
# posted by raveneye @ 5:04 PM 
