It has recently been found that an officer working for the Europol agency has leaked sensitive material about the agency’s online investigations.
A televised documentary stated that it had found over 700 pages of confidential data which included terrorism investigations. The data was found on a hard drive that had been linked to the internet. The program also stated that the hard drive containing the information was not password protected. Before the documentary aired, Europol released a statement acknowledging the leak and that an investigation has been launched to find out how, and why the data became public:
Although this case relates to Europol sensitive information dating from around 10 years ago, Europol immediately informed the concerned member states. As of today, there is no indication that an investigation has been jeopardized, due to the compromise of this historical data. Europol will continue to assess the impact of the data in question, together with the concerned member states.
A reporter for the program that was aired stated that he found the information via a search engine called Shodan; a search engine that searches the Internet of Things. He also stated that there was no password needed to access the hard drive; which he did remotely through the internet.
It was also reported that the documents contained names and telephone numbers of terrorism suspects, and associates. Most of the data was from 2006 to 2008. It included the Madrid train bombing investigations, a Netherlands based Islamist terror cell called The Hofstad Network, as well as information about attacks that have been successfully stopped aboard several flights. The reporter also said that the hard drive contained information on investigations that were never made public.
Europol claims that the officer responsible for the leak had copied the files to a separate, personal hard drive against Europol’s rules; but that the officer no longer worked for the agency.
The hard drive in question was a Lenovo Lomega and the Chinese based company had released a statement saying that it is up to the owner of the drive to make it secure. Older models such as this one require the user to input a password before they can be used securely.
Dr. Bibi van Ginkel, a senior researcher with the Netherlands Institute of International Relations, thinks a leak containing data such as this one could have negative consequences:
Police organizations never want to reveal how much they know to prevent bad guys from understanding how the police operate and infiltrate them. In times that better international-cooperation and data exchange is needed, this leak might jeopardize the trust between states.
Europol Director Rob Wainwright announced that in light of this investigation he will be attending a seminar in London this January to learn more about data protection and online privacy practices.