According to the Associated Press, a man who was convicted (and released from prison) for terrorist activities is suspected in the theft of an external hard drive from a forensic doctor’s office. The story is full of puzzling questions, including why the Belgian government is not doing an adequate job of securing their data.
Illias Khayari was convicted in Brussels, in 2016, for participating in terrorist activities (he confessed to decapitating a person in Syria as part of said activities but somehow that didn’t factor into his sentence of five years in prison). This, of course, appears to the layperson as a comparatively insignificant amount of time. Even worse, he was released after serving only half that time (what, how, and why!?) because he was arrested earlier this month for (allegedly) stealing a hard drive, among other items.
The hard drive, located in the “forensic doctor’s office at the city’s [Brussels] main justice offices” contained “autopsy reports about the victims of the suicide bombings in Brussels in 2016.”
Khayari has denied the charges. Naturally, he didn’t give a motive as to why he picked that particular location in which to burgle. The nature of his past conviction and the hard drive’s contents would seem to provide a reason; however, it could also be a huge coincidence. The city of Brussels seems pretty confident it’s the latter:
Brussels prosecutor’s office spokesman Denis Goeman said the hard drive was a backup of an office computer so it contained several files relating to different cases. He said there was no label on the drive that might have identified it as containing material related to the March 22, 2016 attacks on the Brussels metro and airport that killed 32 people. No files or evidence was lost and no cases have been compromised by the Jan. 3 theft.
“It is therefore premature to say that this is a theft concerning precise documents, on the contrary,” Goeman said. The suspect has denied the charges.
It most certainly is premature. But would it be erroneous? Of all the different places Khayari could break into, he chooses that place? And steals that hard drive? The other items that were stolen in tandem could just be to make it appear as if the drive was not the target. The lack of a label on the drive is insignificant; why would you assume that a storage device in a forensic doctor’s office holds something other than forensic evidence?
Encryption in Government Facilities
Belgium is part of the European Union. Indeed, the EU headquarters is located in its capital city, Brussels. As such, it would be weird if its government didn’t follow certain privacy and information security directives and laws that have been passed over the years.
And while the EU does not require the use of encryption, it does strongly encourage it. One imagines that its use would be especially encouraged where it involves sensitive data surrounding an ongoing case.
Was encryption used on the stolen hard drive which, incidentally, is yet to be recovered? Based on the words and actions of the prosecutor’s office, one would have to guess a careful “no.” Those who could be potentially affected by the disk theft have been notified, a move that is not required if the information had been secured via encryption.
Related Articles and Sites: