CyberCrimeJusticeRegulationSecuritySecurity Management

Europol Terror Data Found On Unsecured Network Drive

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Red faces at Euro cops after sensitive terror data is found online by Dutch TV programme

The Dutch TV programme Zembla has revealed how it discovered sensitive Europol terror data on the Internet.

It seems the data was stored on an networked Iomega hard drive connected to the Internet. To make matters worse, the device was not password protected.

Europol is the European Union’s law enforcement agency, and it admitted the mistake, but said the data was nearly ten years old. Despite that, it confirmed it has launched an investigation into the matter.

spyware

Data Breach

According to Zembla, it had found more than 700 pages of confidential dossiers, including details of terrorism probes, on a hard drive linked to the Internet.

“Although this case relates to Europol sensitive information dating from around 10 years ago, Europol immediately informed the concerned member states,” a spokesman for the law agency told the BBC.

“As of today, there is no indication that an investigation has been jeopardised, due to the compromise of this historical data,” the spokesman said. “Europol will continue to assess the impact of the data in question, together with concerned member states.”

It is understood the data included the names and telephone numbers of hundreds of people associated with terrorism.

The data is from 2006 to 2008 and includes investigations into the Madrid train bombings, the Hofstad Network – a Dutch-based Islamist terror network – and foiled attacks on several flights.

A reporter for Zembla told the BBC that its investigators had found the documents via a service that specialises in finding internet-connected kit.

“We found the disk online through a search engine called Shodan,” said Vincent Verweij. “We were able to remotely access the disk through the internet. It didn’t require a password.”

Europol reportedly admitted that a police officer had copied the data to a personal drive in “clear contravention” of its rules, but said that she has since left the agency and now works for the Dutch police.

Encryption Fight

Ironically Europol is well known to issue security advice to others, and last year its chief called the increasing prevalence of encrypted Internet communications a major difficulty for law-enforcement and national security efforts.

But it is also heavily engaged in the fight against crime.

A couple of months ago Europol warned of an emerging threat from Android-based smartphones because criminal gangs are able to carry out fraudulent mobile payments on the mobile operating system.

And last year Europol and a number of security firms successfully took down the ‘polymorphic’ Beebone botnet, which infected thousands of computers across the world.

Quiz. Are you a security guru?