Hot on the heels of news in the British press last week about secret intelligence papers relating to Al Quaeda being found on a train comes news of a second incident, this time concerning Iran.
Being a slightly paranoid CISSP, of course, my thoughts turned immediately to 'leaks' deliberately sanctioned by Whitehall or the government - misinformation, propaganda and counterintelligence, designed to throw Britain's enemies, Johnny Foreigner, off the scent.
But then I started to wonder about the possibility that Al Quaeda themsleves might be implicated in the 'accidents', perhaps some sort of dispute with one of their agents/moles? Why should we trust the official government announcements/press releases regarding the suspension of those held accountable any more than we trust the original story? Perhaps the gummt is communicating with Al Quaeda via the newspapers, maybe sending an entirely different message to that which the literal words imply?
And finally, coming back to Earth, it occurred to me that the most likely explanation is plain old human error. I recall my sage biology teacher patiently describing Occam's Razor to the class. In essence, unless there is some justifiable reason for believing otherwise, the simplest explanation is most likely correct. I have no inside knowledge of the British gummt or Al Quaeda, and no special reason to assume deep dark 007-style maneuverings beyond my fertile imagination, and fond memories of "Yes Minister!".
Human beings place extraordinary, perhaps mystic significance in plain old coincidence. Before the rise of the scientific discipline, society thrived on religious doctrine, magicians, snake oil salesmen, alchemists and assorted crystal-ball-gazers. I remain truly amazed at the extent to which such charlatans still influence modern culture, and the lottery (described by some wags as 'a tax on the mathematically challenged') continues to rake in great fortunes from willing victims. [Aside: I sometimes suspend my personal disbelief long enough to buy a lottery ticket too - but while I enjoy making charitable donations and dreaming about the possibilities, I don't actually expect to win. Choosing number combinations such as 1-2-3-4-5-6-7-8 amuses me but shocks the lottery agents.].
So, scratching the surface a little deeper, I wonder just how much other valuable information gets accidentally 'left on the train' or 'forgotten on the back seat of the taxi' ... and how interesting it might be for someone so inclined to visit a 'lost luggage' facility with some social engineering skills and malicious intent.
There's a lot to be said for routinely strongly encrypting such sensitive data on ALL removable media, including laptop hard drives, and ideally banning the use of printers for secret or higher-grade information. We have the technology. Does management have the will?
Kind regards,
Gary
Gary Hinson
Passionate about security awareness
www.NoticeBored.com Creative awareness materials
www.ISO27001security.com ISO/IEC 27000 standards