Sheriff's Online Database Leaks Info On Informants 185
Tootech writes with this snippet from NPR:
"A Colorado sheriff's online database mistakenly revealed the identities of confidential drug informants and listed phone numbers, addresses and Social Security numbers of suspects, victims and others interviewed during criminal investigations, authorities said. The breach potentially affects some 200,000 people, and Mesa County sheriff's deputies have been sifting through the database to determine who, if anyone, is in jeopardy. ... The FBI and Google Inc. are trying to determine who accessed the database, the sheriff said. Their concern: That someone may have copied it and could post it, WikiLeaks-style, on the Internet. 'The truth is, once it's been out there and on the Internet and copied, you're never going to regain total control,' Hilkey said. Thousands of pages of confidential information were vulnerable from April until Nov. 24, when someone notified authorities after finding their name on the Internet. Officials said the database was accessed from within the United States, as well as outside the country, before it was removed from the server."
Donutleaks strikes again! (Score:5, Funny)
Re: (Score:2, Interesting)
What I can't fathom is how a database from a county with 120.000 people [wikipedia.org] can affect 200.000 of them.
Am I missing something here?
Re:Donutleaks strikes again! (Score:4, Insightful)
Because people commit crimes from outside the county but are included in the database. I track the addresses of criminals with complaints in my county and while the majority reside within the boundaries, there are the outliers who hail from all over the State of Minnesota (this is a rolling 30 day picture and is purposefully limited to only the MSP metro area for clarity's sake): http://www.lazylightning.org/dakota-county-criminal-complaints-mapped-again [lazylightning.org]
Re: (Score:2)
Thank you. It all makes much more sense now.
Re: (Score:2)
Well, thanks. However you are not providing an apples to apples comparison. Something is out of whack somewhere in the reporting of the story of the database itself.
+The article says 200,000 names (not complaints) were leaked from the database.
+Even if you add up the populations of each adjacent county including Grand County, Utah, that population only reaches 316,148
=2/3 of the population from 7 counties are informants for Mesa County? I guess that is possible, but obviously Mesa County has some issues
Re:Donutleaks strikes again! (Score:4, Funny)
This is true, What does Fox News have to say on it? They are always 100% accurate!
Re: (Score:3, Insightful)
Re: (Score:2)
Galileo was considered to be a crackpot to the then establishment.
Point being, just because someone seems to be a crackpot doesn't mean they are. It may just mean the status quo doesn't like their opinion, and labels them "crackpot" in an attempt to dismiss them.
I think Nancy Pelosi is a crackpot, but somehow she keeps getting elected. Have you seen some of the crap she says? It doesn't say much for the party that put her into the Speaker of the House position.
Don't get me wrong, Behnor has the same problem
Re:Donutleaks strikes again! (Score:4, Insightful)
FTFA:
"Deputies have used the database since 1989 to collect and share intelligence gathered during the course of police work. It contains 200,000 names — Mesa County's population is about 150,000 — and includes investigative files from a local drug task force.
The information included data about Mesa County employees, information from the nearby Fruita and Palisade police departments — and possibly information from the U.S. Drug Enforcement Administration and Grand Junction police."
It wouldn't be very hard to have 200,000 entries in 21 years. Police investigations take in info on friends of friends and acquaintances. The data set likely includes most of the Mexican drug cartel's known players.
Re: (Score:2)
It wouldn't be very hard to have 200,000 entries in 21 years. Police investigations take in info on friends of friends and acquaintances. The data set likely includes most of the Mexican drug cartel's known players.
Just exactly how many people get murdered in Colorado?!?!
I ask about murder, because that's about the only possible justification for keeping names in a database for a time period stretching beyond the statute of limitations. Otherwise, they're violating the right to be "secure in one's papers" by retaining this data without a warrant, are they not?
Re: (Score:3, Interesting)
Well, with security breaches like this one, they do go through a LOT of informants...
They are EXTREMELY accident prone. Brake failures, falling anvils, gas furnaces blowing up, allergy attack's, you name it, it's happened to informants in the area.
Authorities have no idea why.
Re: (Score:2)
If they'd used the RIAA's damages calculator they'd have got twice the population of China.
Re:Donutleaks strikes again! (Score:4, Funny)
Quick, have the sheriff accused of rape in a scandinavian country and let interpol track him down!
Re: (Score:2, Informative)
It should be noted that the "maybe use a drone or something" quote is from a _former_ adviser to the Canadian prime minister, so someone whose role in politics is minimal and historical. Also note that the article you linked to was from the 1st of December, before Assange was taken in to custody.
Re: (Score:2, Offtopic)
Still..."take out a contract"? What is this, the freakin' Sopranos? The guy was one step removed from offering Assange a pair of concrete shoes...
Re:Donutleaks strikes again! (Score:5, Insightful)
They are terrorists!
If you're referring to to the informants, IMO they are the terrorists. Most of the societal problems attributed to drugs are, in fact, caused by the laws against them.
It's easier for a teenager to buy pot than it is for an adult. One slashdot wag's sig reads "thanks to the war on drugs, it's easier to buy meth than it is to buy cough syrup."
One would think that alcohol prohibition would have taught us that such laws are incredibly harmful.
The only segment of society that benefits from anti-drug laws are the smugglers and dealers, which tell you who's funding the anti-drug lobby.
Re:Donutleaks strikes again! (Score:5, Insightful)
The only segment of society that benefits from anti-drug laws are the smugglers and dealers, which tell you who's funding the anti-drug lobby.
You forget pharmaceutical companies (hemp and marijuana would have a major impact on their bottom line for a lot of old standbys), so-called "rehab centers", and, let's not forget, our privately-owned prisons.
Re:Donutleaks strikes again! (Score:5, Insightful)
Re:Donutleaks strikes again! (Score:4, Insightful)
I mean, why would you let someone take away your government monopoly on legal substance abuse?
You're making the same mistake as people who gripe about "Big Oil" instead of "Big Energy". Just as Exxon-Mobil will gladly sell you hydrogen or biodiesel or whatever else when we migrate off oil, plenty of companies in the recreational drug industry will cheerfully market pot if it became legal.
Anheuser-Busch isn't in the business of selling you alcohol. Ultimately, they're in the business of getting you high. While they're currently most efficient at doing that by distributing ethanol, you can bet they could sell other stuff, too.
And think of the Super Bowl ads. You think they're funny now?
Re: (Score:2)
There was an entire documentary about this. I'm at work, so I'm not going to go googling for it, but I believe it was called "If Drugs Were Legal", or something to that effect. It talks about pharmaceutical companies making designer drugs that cause specific effects and side effects, allowing the user to tailor their experience to exactly what they want.
Personally, I'm not so sure I'd be willing to take a recreational drug created by a pharmaceutical company, but the market would undoubtedly be massive.
Re: (Score:3)
There was an entire documentary about this. I'm at work, so I'm not going to go googling for it, but I believe it was called "If Drugs Were Legal", or something to that effect. It talks about pharmaceutical companies making designer drugs that cause specific effects and side effects, allowing the user to tailor their experience to exactly what they want.
Personally, I'm not so sure I'd be willing to take a recreational drug created by a pharmaceutical company, but the market would undoubtedly be massive.
The entire movie appears to be on google video, but not working.
there is a good debate here - around the movie: http://video.google.com/videoplay?docid=-9145573810535960472#docid=-3840911425491936015 [google.com]
Re: (Score:3)
"I'm at work, so I'm not going to go googling for it..."
https://encrypted.google.com/ [google.com]
Re: (Score:3)
Anheuser-Busch isn't in the business of selling you alcohol. Ultimately, they're in the business of getting you high. While they're currently most efficient at doing that by distributing ethanol, you can bet they could sell other stuff, too.
If you keep carrying on that line of reasoning though, Anheuser-Busch is (like all companies) in the business of making profit. At the moment their core competencies are in the realm of making beer. As long as it is cheaper for them to continue to sell beer then to migrate into a new industry they will do that. Once they think they can make more profit by retooling to another industry, they will.
That's why big-oil is so willing to pursue other energy sources. Because they predict that over time those
Re: (Score:2)
Umm, that was pretty much exactly my point. I was replying to someone who said that pot would put brewers out of business, and I contend that those same brewers - who already specialize in elaborate, expansive distribution systems for recreational drugs - would be well-equipped to diversify into pot sales.
You're completely right about all companies being in business to make money. In this case, those companies are exceptionally good at convincing customers that their brand of alcohol is better than their ne
Re: (Score:2)
Anheuser-Busch isn't in the business of selling you alcohol. Ultimately, they're in the business of getting you high. While they're currently most efficient at doing that by distributing ethanol, you can bet they could sell other stuff, too.
Indeed, nobody says "hmmm, do I want to smoke a joint or drink a beer?" Rather, they roll a doobie and pop open a can while the unskippible FBI warning before the Cheech and Chong movie starts is playing.
Re: (Score:2)
It is much easier to grow your own marijuana than it is to make your own alcohol.
Re: (Score:2)
It is much easier to grow your own marijuana than it is to make your own alcohol.
I've never grown marijuana, but I've helped neighbors brew beer and it wasn't that hard. Both are crummy paths to instant gratification, though, and likely only going to be popular among strong enthusiasts. Put another way, you're not going to brew beer or grow pot because you're craving a high. If that's your goal, you'd drive to your local grocery store and pick up your party supplies.
Re: (Score:2)
Re: (Score:2)
I have to no doubt that if Anheuser-Busch thought they could make more money selling pot than beer they would support it, but right now they have the factories, workers, and everything else set up to make beer. So I don't really see them switching businesses anytime soon. Not to mention, if pot was legal it would be fairly easy to get some seeds and grow my own.
Yes, I could m
Re: (Score:2)
But I don't drink beer to get drunk.
Then again, I don't drink Budweiser either. I guess I answered my own question!
Re: (Score:2)
In fairness of trying to keep things even, please note that the population in this country is also vastly larger. As anyone that works in or runs a large business can tell you, simply scaling your strategy up rarely works. You have to change your entire approach after a certain point.
That being said, I pretty much agree with you on the drug war expanding government's power over the people exponentially.
Re: (Score:2)
Mod parent up.
Yeah (Score:2)
Re: (Score:2)
Yes. They'd make money selling them.
Please identify which "old standbys" (which are usually out of patent and produced by a zillion companies at razor-thin margins) marijuana would compete with.
Both those businesses are far too small to have significant political impact. There is only one sig
Re: (Score:2)
While I agree that drug use (where it isn't a danger to people other than the one consuming it) shouldn't be illegal, that doesn't mean drug dealers are some kind of Robin Hood. At best they're profiting from the misery of others, and at worst they're violent thugs.
Re: (Score:2)
I'm not implying that drug dealers are some kind of Robin Hood, and in fact most informants are drug dealers who got caught.
But the DEA and FBI are thugs [slashdot.org] plain and simple. They're as bad as the dealers.
Re: (Score:2)
Re: (Score:3)
BTW, opium is morphine-based, and morphine is perfectly legal, and used by hospitals worldwide every day.
Re: (Score:2)
BTW, opium is morphine-based, and morphine is perfectly legal, and used by hospitals worldwide every day.
You have that backwards. Opium is the sap from the Opium Poppy, Morphine and heroin are refined opium.
But the rest of you comment is accurate.
Re: (Score:2)
Actually, heroin is diacetylmorphine, so it is a chemically modified form of morphine, which, as you say, comes from opium.
Re: (Score:3)
If you're referring to to the informants, IMO they are the terrorists.
No, not terrorist. It is a time honored tradition that every witch you catch has to name two other witches.
Re: (Score:2)
Well, at least someone noticed the sig. :)
Re: (Score:2)
Aside from the little detail that these anonymous informants do an end-run on the Constitutional requirement of being allowed to face your accuser.
Any society, or aspect thereof, that relies on the snitch system for enforcement, is already halfway to being a totalitarian state (defined as one where the gov't deems everything you do to be its business).
Re:Donutleaks strikes again! (Score:4, Insightful)
I wasn't aware that Mike Huckabe was calling for treason and the death penalty. I knew there was something about him I didn't like, but introducing "treason" executions for something that does not call for it so that the people will get desensitized to the idea.. yea he is the one that should be tried for treason.
Wikileaks style... pshh.. I can't help but think this was done on purpose for that one line. Yes I know it has been out there for awhile, which is why it makes this all the more scary the planning and limits the G men will go to.
Regardless, this has nothing to do with Wikileaks, and is completely the fault of whoever didn't make sure it was secured. But I bet Mike Huckabee won't call on that person to be brought up on charges of treason, even though they did in fact provably put people at risk.
Re: (Score:2)
What if (Score:5, Insightful)
Re:What if (Score:5, Interesting)
Certain data is a lethal weapon and should be treated appropriately.
Re: (Score:2)
Just law enforcement? (Score:3, Insightful)
What if annual security training was mandatory for all the IT staff connected with law enforcement IT equipment...
I don't see why that last phrase is on there, i.e., why the statement should be restricted to law enforcement. IT staff in every internet-connected company which stores data on other people (which is most companies larger than a mom&pop gas station these days) have a responsibility to the people that data pertains to.
Every time I hear about another database getting hacked, I blame the idiots who let it happen. It makes me really leery of doing simple things like buying *anything* from *anywhere* with a
Re: (Score:3)
I can sum it up by a phrase said to me by many PHBs that ignore basic security:
"Security has no ROI".
Until this attitude gets changed by laws with actual teeth, expect to continue to see more of "xxx hacked, millions of people's data exposed" stories.
Two laws are needed: The first is obvious -- follow due diligent security practices or be shut down. A restaurant that doesn't pass health inspections gets shut down. Same with a store in a mall without a sales and use tax permit.
It doesn't take much brainpo
Re: (Score:2)
It might be nice if we had some kind of information security, but unfortunately people aren't perfect. Therefore, your information is going to get out.
At least one of my credit cards is used fraudulently once a year. It is unavoidable because too many people have access to the information to possibly keep is secure. Also, you get paid for sending credit card info to certain folks, so there is a tremendous incentive to do so if you have access to 50-100 credit card numbers a day.
There is no security which
Re: (Score:3)
What if annual security training was mandatory for all the IT staff connected with law enforcement IT equipment -- just like weapons training is mandatory for all law enforcement officers. This includes the CIO [if they have one], the city manager, the systems architect [whichever poor IT technician is erroneously saddled with this responsibility], and all law enforcement officers who access this data.
Let me guess, somebody with the proper political connections would make a lot of money by "training", but there would be no improvement in results?
Re: (Score:2)
What would that help? If you put data to an Internet-connected machine, there's a risk of it leaking. It doesn't require security training to understand that, simple common sense is sufficient. And no amount of training will help people who refuse to use their common sense because they can use "teh computers are scary" as
what about paying for new hardware and software (Score:2)
what about paying for new hardware and software as well as more IT workers! not cutting staff that makes some IT jobs not get done / get done alot slower.
Re: (Score:2)
What if annual security training was mandatory for all the IT staff connected with law enforcement IT equipment -- just like weapons training is mandatory for all law enforcement officers.
Good idea, except:
1) Better trained IT staff would get better-paying IT jobs elsewhere. ...would demand higher wages. ...which would raise your taxes. ...and if they could do THAT, they'd rather hire more officers, buy more guns - like maybe some AR14s! HELL YEAH!
2)
3)
4)
etc
They're using bad IT staff because they're not an 'IT shop'. They point guns at people for a living - that's their core business. The 'database people' or 'website people' are going to be low on the totem pole, under paid, under appreci
Re: (Score:2)
What if they didn't put that database on a server facing the internet? Could that be a good idea? Or maybe they should just return all their computers since they can't be trusted to use them securely...
This is the best argument against the database state. Intentions might be good, but as long as they don't have the know how to secure the data, this type of information should be purged periodically or only kept in traditional archives. The government is not out to get you, but it's incompetent enough to let others harm you.
Re:What if (Score:5, Insightful)
The government is not out to get you
It is if you're a pot smoker or Julian Assange.
Re: (Score:3)
Nah. You just need to be a black or poor pot smoker. Last I checked, an Ivy Leaguer with an ounce of green wasn't getting arrested on a regular basis.
Re: (Score:2)
An Ivy Leaguer can get away with damned near anything, period, whether harmful or harmless. He'd get in trouble for raping the Mayor's daughter, but not for raping a poor woman.
Re: (Score:3)
2 reasons.
1 - idiot manager syndrome. There are complete and utter morons in positions of power that make decisions like that. they go against all recommendations and do what they want because they know better! They are the BOSS!
2 - hiring incompetent IT/Web-design because they cant understand why you need to actually pay that position a wage that attracts competent applicants. $12.95 an hour = guy who is handy and knows 'puters.... The position requires $35.00 an hour minimum to attract a competent gu
Comment removed (Score:4, Interesting)
Re: (Score:2)
Yep. Things would be hell for a while (but possibly a lesser hell than what the drug war has given us) and then the problem would fix itself. "Think of it as evolution in action."
Re:What if (Score:5, Insightful)
Re: (Score:2)
In case you didn't notice, there is no such thing as trust. You can't trust anyone anymore. Everyone wants to be famous and one way to be famous is to leak information that you have access to.
I am expecting Congresspeople's credit card records to start showing up. There are people that have access and they will use this to post this information. Unless Julian Assange and the leaker that gave him the information are both publically executed on the Capital Mall you can expect other people wanting this sor
This isn't a leak. (Score:5, Insightful)
The article makes this situation comparable to the current wikileaks situation, which it isn't.
Some IT person left the data freely accessible on the internet and eventually a crawler found it. They're guessing it was a malicious person but in all odds it is not.
This is just another IT mistake not an act of whistleblowing or terrorism or something else the government wants to make illegal.
Re: (Score:2)
Re: (Score:3)
The Wikileaks comparison has more to do with the Sheriff's Office's response to the leak, than the nature of the leak itself. They could've run around saying they were going to track down and dismember anybody who has a copy of the file, but instead their comments to the press focus on the nature of the problem, its possible consequences, and what they're doing about those consequences. Compare to the Wikileaks situation where much of the political hot air is about leaning on one group that's disseminating
Re: (Score:3)
The joke of it is, this mistake/negligence probably has a higher risk of leading to someone getting killed than the wikileaks release does.
Yes it is (Score:2)
A leak is a leak. Doesn't matter how or why it happened, what matters is the information was leaked out hence a "leak". Doesn't mean it is a good thing, just means it is what it is.
However for that matter in some of the Wikileaks discussion threads there were people advocating total transparency of government information. I pointed out this would include things like names of people in witness protection and so on and they said that was fine, that the government should figure out how to not need to keep that
A concession to reality (Score:4, Insightful)
"'The truth is, once it's been out there and on the Internet and copied, you're never going to regain total control"
That's a remarkably pragmatic approach, and portrays the Sherrif's office as focussed and efficient. Public perception matters a lot in these instances, and while they could've threatened to rip off the ears of anyone who shares the files, it would have had no effect on actual information sharing, at a great cost to their public image in at least some quarters.
It's also nice to see that someone understands what "information wants to be free" means: that information tends to be free, and you have to plan for this.
Re: (Score:2)
and while they could've threatened to rip off the ears of anyone who shares the files, it would have had no effect on actual information sharing, at a great cost to their public image in at least some quarters.
I think that threat still applies.
sifting through the database (Score:2)
Good (Score:2)
Not like (Score:3)
Charges (Score:4, Interesting)
"To Serve And Protect"...
so you want a low level IT guy to take the heat fo (Score:2)
so you want a low level IT guy to take the heat for some PHB lack of knowing about IT?
Re: (Score:2)
Most informants are informants because they've been caught dealing dope, and snitch for a lighter sentence. So their lives have already been destroyed by the government itself.
Re: (Score:2)
I'd love to see where you got this information. "Informant" could be the nosy 70 year-old neighbor who sees the Johnsons' kid dealing on a street corner. Or, the roommate who knows people are selling out of his house and doesn't want to go down with them when they get caught. There are lots of innocent people who give information to the police, but refuse to become "witnesses" for their own safety.
Re: (Score:3)
The information is first hand information. In the late '70s when I was in college and my hair reached my ass, the price of pot got a little high (one guy had pretty much got a monopoly in my town) and I decided to go to a different city and buy a pound, figuring it would last a long time. It didn't; I wound up selling to five or six friends.
One of them got busted. I was lucky; he showed up at my doorstep and I didn't even recognise him, he'd shaved and cut his hair. He confessed and apologized that he'd tur
200,000 CI's? (Score:5, Interesting)
Deputies have used the database since 1989 to collect and share intelligence gathered during the course of police work. It contains 200,000 names — Mesa County's population is about 150,000 — and includes investigative files from a local drug task force.
Is it just me or does it seem odd to you that they have 200,000 confidential informants in a county with a population of 150,000? What the frack is going on in Mesa County?
Re: (Score:2)
Nobody said "unique names". It could be the same person listed 200,000 times, or anything in between.
Re: (Score:2)
It could be the same person listed 200,000 times, or anything in between.
I also predict a strong correlation between the number of bullet holes in the bodies, and the number of times their name appears in the database...
Re: (Score:2)
And the database goes back to 1989. Your point is? That a town of population 150,000 has a recorded incident once every hour or so on average? Hardly shocking. And that's assuming that each individual record only names one person per incident.
Re: (Score:2)
Re: (Score:2)
They used Diebold machines for accounting.
What an incredible waste of time and resources (Score:2)
We can all help them (Score:4, Funny)
Everyone on Slashdot should download as many copies as they can and then delete them (Shift + Delete only!). That way the world will run out of copies and everyone will be safe.
Well, they *were* informants (Score:2)
Methinks this might hurt their ability to recruit informants in the future as well.
WikiLeaks-Style?! (Score:5, Insightful)
Their concern: That someone may have copied it and could post it, WikiLeaks-style, on the Internet.
Let's hope they post it WikiLeaks-style. That would mean they spend months coordinating with journalists to redact names and other information that might put individuals' lives at risk. Then, they would only release a few select important parts of the material in a completely responsible manner.
Of course, that is not what the editors and poster were trying to convey by 'WikiLeaks' style. Why insert this useless anti-free-speech FUD into the story?
Re: (Score:2)
Just remember whose side the media is on, and interpret accordingly.
Re: (Score:2)
That would mean they spend months coordinating with journalists to redact names and other information that might put individuals' lives at risk. Then, they would only release a few select important parts of the material in a completely responsible manner.
Of course, that is not what the editors and poster were trying to convey by 'WikiLeaks' style.
In fairness, journalists aren't the ones making the calls to redact from wikileaks. Wikileaks has started to do some redaction, and then releasing their documents. Journalists/their bosses are deciding that wikileaks isn't redacting nearly enough, and applying further redaction. Take, for example, the list of sites that are vital to the security of the US, which includes mines and undersea communications cables that are located outside the US. Does it surprise ANYONE that a list like this exists, or that th
Note to self. (Score:2)
Maybe database servers (like MySQL) are safer than stuff like access (or sqlite), since is possible and easy to copy a whole database file mistakely put on /www, while is very rare to put /var/mysql/data on /www
Remember this point when defending database server against database files.
Wonder why people don't talk to law enforcement? (Score:2)
It's not to protect drug dealers, it's to protect *themselves* from this kind of crap.
Wikileaks-style? (Score:2)
What wikileaks stands for is total transparency of how governments (and other large entities) go about their business, not total transparency in the form of all information about everybody anytime. Else wikileaks wouldn't take their time redacting information for safe public consumption (gasp! they do that?) and would just release the information as fast as they can verify it. ./ article is about how names of informants and the like has been leaked and can therefore be a dan
The difference? The focus of this
Obligatory (Score:2)
Re: (Score:2)
Here's a kicker.... all that info is freely available to anyone along with all their financial records. All it takes is a credit card and a search on Nexis-Lexis.
Re: (Score:2)
"To check security, confirm the last 4 digits of your SS #."
Then there's the Family Tree Crawler sites for the Ma's Maiden Name.
Facebook chimes in with Favorite Pet/Favorite Teacher.
Re: (Score:2)
Depends... if the machine had to do some virtual memory paging, it might be spending time waiting for the data to get under the HDD head as opposed to deciding the fate of humanity.
This is why you always put your Skynet systems on tier 2 or tier 3 storage. Tier 1 flash storage just lets it decide that humanity has to go a lot faster.
Re: (Score:2)
Data: I did consider it for a time.
Picard: Really? For how long?
Data: Ten milliseconds. But that's a long time for an android.
No wonder Marvin was so depressed!
Re: (Score:2)
Exactly! How many times have we heard that lack of knowledge of the law is no excuse for breaking it? ...but then those were usually just small fries who'd be wipe out by lawyer fees in a heartbeat...