The Times of India and several other news sites are carrying articles about a break?in to the Defence Material Store Research Development and Establishment (DMSRDE) in India. As far as I can tell, this is a research laboratory under aegis of the Ministry of Defence (or Defense, if you prefer), a branch of an Indian DARPA that deals with materials research. As such, one would expect a more than adequate level of security. The details in the Times article bears this out: “the entire boundary wall is fenced and the wires are electrified.” I’d assume armed guards, most probably military, were also securing the entrances as well.
Three computers were stolen, and due to the circumstances, there is a not-unsurprising belief that this was an inside job. Thankfully, nothing of strategic importance has been stolen, according to official statements released by the government; however, I would imagine there are some reasons for concern. One of the computers had the names of projects, and the names and addresses of the scientists working on them. Supposedly the information regarding the project was “coded,” whatever that may mean. I guess it could mean that the contents were encrypted. Or perhaps all the scientists and projects were given codenames such as Mr. Pink, a la Reservoir Dogs.
The other two computers were used for laboratory work such sample identification and quality measurement, so I would imagine that security?wise they don’t pose a problem. The situation could have introduced all sorts of difficulties for the researchers, but they have backups to everything that they’ve done so far, so the situation is a minor inconvenience for the researchers. For the government, however, this is a major headache. To begin with, who was behind this? And why did they do this? Just a random burglary, or something more sinister? And how could someone so easily carry out a such a plan?
As is usually the case in any attempt to steal, breaching the outside perimeter is hardest. But once that’s taken care of, there wasn’t much protecting the computers in the research lab. The door to the room where these three machines were located had a simple lock that was broken; indeed, that was the first hint that something was wrong when people started to arrive to work. The rest was probably easy. Go out the way you came in. If you were a janitor, you’ve got trash bags and containers to hide the booty.
Computer security experts always say that there is no perfect security solution. My guess is any security or safety expert will say the same, ranging from OSHA to Secret Service agents. Knowing this, the best one can do is to minimize the risk of security and data breaches and thefts. Whether by design or by luck, the DMSRDE wasn’t subject to a particularly alarming data breach, but the potential that it could have been more must be worrisome. Furthermore, reviewing and planning committees must have been under the impression that what they had in place was enough for the circumstances. They’ll probably want to review their inventory as well as current security policies and practices, and even consider encryption, such as provided by AlertBoot, to further minimize any potential risks they find