Britain’s largest and busiest airport has become one of the latest victims of a data leak as critical security files were found on a USB drive in the streets of London. Information within the USB drive was visible to a man who found the drive and plugged it into a computer at his local library. What he saw included: the Queen’s airport routes, the Queen’s security measures, ID requirements for restricted areas, patrol timetables and shifts, CCTV cameras, escape routes, security measures for Cabinet members, details of a runway radar system, and much more. In total there were 2.5 GB of data in 76 folders with maps, videos, and documents on an unencrypted USB drive with no password. Essentially the open access to the information sensitive on that drive is a potential terrorist’s dream come true. The man who found the USB drive turned it over to the Sunday Mirror.

The drive was found on Ilbert Street in Queen’s Park, West London. On the drive were documents labeled confidential but didn’t have any passwords or protective measures whatsoever. Some files provided the details of the Royal Suite used by the Queen, Royal Dignitaries, and Cabinet Members. Hidden in the files were also radio codes used in security events. Additionally other documents referenced past terrorist incidents inside and outside of the UK.

Heathrow Airport Official Response

Chief Executive Officer John Holland-Kaye has responded to news of the incident by stating:

“From the information that I have seen… that was on the USB stick that was reported in the papers, there was nothing there that causes us any security concerns…”

The CEO then went on to state that an internal investigation was underway with the assistance of London Metropolitan Police. Airport insiders have been attempting to find out if the data breach was a result of negligence of if there was a malicious insider among them. The information on the drive involves a variety of systems that make up nearly the total security approach of Heathrow Airport. To have such a level of security details all in one place suggests there was an intentional compiling of information. Insiders at the airport have admitted this is a significant data breach and a national security risk.

Despite Holland-Kaye’s confidence security experts fear the worse may have happened. It is unknown how the USB drive came to be on the street and how many hands it was in possession of. The Sunday Mirror reported that a police source fears that the information was downloaded and disseminated on the dark web possibly. Potentially available for any would be terrorists to get their hands on.

Current Threat Climate

The UK’s security service, MI5, has established the current threat level for international terrorism and from Northern Ireland to be “SEVERE.” This level of threat means that terror attacks are highly likely. The threat level can be escalated to CRITICAL at any moment which is where a terror attack is expected to happen at any second. The USB Drive expands terrorist capability and dramatically shortens how much time they would need to prepare. As of right now it is unknown the potential scale of the threat that may come as a result of this data breach.

Was This Preventable?

Until the investigation is finished it would be pure speculation to discuss how this may have happened. However, the leak of data as a result of insider incident was preventable. It is unknown for how long the data leak was going on for. To compile that much information from so many sources likely took sometime as security information is not normally centralized in one place ready for duplication. There are some technologies that would have definitely block data from being leaked outside the network from an insider.

Auto-Detection and Blocking

For starters this file was found on an unencrypted USB drive. The data was flowing out of the network somehow. Thankfully, security technology has come to a point where it is possible to block user activity. This goes beyond a simple alert, a user can be blocked, redirected, and locked-out automatically at the time of the incident; this happens while notifications are sent to administrators and management. In this case, data could have been blocked from being sent over email, written to a USB drive, or even printed. Security suites such as Teramind offer these type of solutions.

User Behavior Analytics

Data was moving through the network of Heathrow Airport likely in a suspicious manner to all come onto that one USB drive. Technologies such as user behavior analytics could have detected this behavior immediately by way of machine learning based log analysis. Through this technology a network baseline would have been developed as well as a individual user baseline. After any deviations of behavior from the baseline would indicate that suspicious or abnormal behavior is happening on the network or from a user. It is at this point that administrators and management could take keep watch or take preventative action before a breach occurs.

In the coming weeks more information will come out about this data breach that has now put the UK’s national security at severe risk. This is one of the very scary and extreme scenarios where a data breach crosses from the digital world to the real world. Stay safe out there.