• politics,  rim,  security

    New Information on Deleted Secret Service Text Messages

    Excellent reporting by Lawrence O’Donnell and The Last Word team at MSNBC.

    During the The Last Word telecast on July 21, O’Donnell details the facts of the case, as we know them, and raises very serious questions about the deleted Secret Service text messages from Jan. 5 and 6.

    In summary, O’Donnell reminds us that:

    • The Secret Service has a budget of $3B annually
    • The first of three emails informing staff to preserve records was sent by the Secret Service Office of Strategic Planning on Dec. 9, 2020
    • In an undated Jan. 2021 and a Feb. 4, 2021 email, sent by the Secret Service Chief Information Officer, reminds staff of their obligation to preserve records and includes instructions on how to do so
    • The Secret Service received the first written records preservation request before the physical act of exchanging agent smartphones for new devices
    • Ornato was promoted to the political post of White House Deputy Chief of Staff
    • The Secret Service runs a sophisticated cyber-crime organization and knows the legal obligations it has to handle and preserve records

    In my previous post on the Secret Service deleted text message fiasco, I suggested that we wait until more details about what happened by brought to light before placing blame on an IT staffer. Now it is beginning to look like the Secret Service, led by Director James Murray, either willfully ignored record preservation requests and established records and information management governance policies, or directly issued orders that the text messages be deleted from Secret Service issued smartphones. With a $3B annual budget, the Secret Service has more than enough money, in my opinion, to digitally and physically archive any Secret Service agent’s smartphone that was even remotely involved with the events leading up to and taking place on January 6, 2021. To suddenly have digital records be deleted and no discussion that I have seen about going back to the physical devices used on Jan. 5 and 6, is unfathomable to me. The Secret Service knows how to perform digital forensics and records preservation.

    While it will likely be years before the full story comes out about what happened to Secret Service text messages from Jan. 5 and 6, it is, in my opinion, growing more obvious this situation has less to do with an IT staffer having a bad day and that something much more politically motivated, possibly with criminal intent, has taken place.

  • mdm,  politics,  security

    About the Deleted Secret Service Text Messages from Jan. 5 and 6

    I was reading some of the coverage of the recently reported deleted text messages from US Secret Service smartphones from January 5 and 6, 2021.

    According to a Washington Post article:

    “The Department notified us that many U.S. Secret Service (USSS) text messages, from January 5 and 6, 2021 were erased as part of a device-replacement program,” he wrote in a letter dated Wednesday and obtained by The Washington Post. The letter was earlier reported on by the Intercept and CNN.

    There are a couple of details that are interesting about this situation.

    The first is the that the messages are reported as having been deleted as part of a “device-replacement” program being run by the Secret Service.

    If you think about how we switch from and old iPhone to a new iPhone, we do a backup to iCloud, switch over to the new iPhone, and then restore the iCloud backup to your new iPhone. But a large organization like US Secret Service, will be using a mobile device management (MDM) solution.

    MDM solutions allow IT departments to remotely manage a fleet of mobile devices. They don’t necessarily backup devices. They are used to enforce security features, automate software deployments, and, in the case of a lost or stolen device, securely erase devices that still have Internet access.

    In my opinion, having managed a corporate fleet of smartphones, the most probable answer is the most likely answer. New smartphones are purchased and activated, given to their new owners, and the owner signs into the MDM tool on the new smartphone to deploy the default configuration.

    While corporate email is stored on the server to be downloaded by the new device, plain old text messages, the ones that use the cellular network, are not.

    Specifically, what is and what is not backed up and restored during a smartphone refresh effort depends, obviously, on the migration software and procedures used by technicians during the cutover.

    In this first case, there is likely a contract IT staff member who is having a very bad day today if they made a mistake that prevented text message data from being migrated.

    The second detail, and the one that can land someone in legal trouble, is if someone in the Secret Service or their IT management firm, willfully instructed someone to erase smartphones, or by omission, leave out a migration step to transfer or archive text messages.

    This case is clearly supercharged by the US House Select Committee’s January 6th Attack on the United States Capitol and your position on The Big Lie. Deleted text messages, whether by mistake, or intentionally to obstruct justice, is only going to add more fuel to the debate.

    Colossal IT screw up or nefarious coup plot cover up?

    In my nearly three decades of IT experience, this feels like a poor IT staffer somewhere had a very bad, no good, rotten day.

    Let’s get all of the facts about what happened before blaming IT staff.