Secret details about the U.S. missle defense system were found on a computer hard drive bought on eBay during an investigation into personal data stored on computers being carelessly discarded, the Guardian reported.
The information about defence contractor Lockheed Martin included a document detailing test launch procedures, blueprints of facilities and photos and personal data about employees – including their social security numbers.
Access to such data could allow identity theft or industrial espionage against Lockheed Martin, which is working on the Terminal High Altitude Area Defence (THAAD) system – a project begun under president Ronald Reagan’s “Star Wars” Strategic Defence Initiative in the 1980s. The computer, which has been turned over to the FBI, was bought online as part of a global research project conducted by three universities – Longwood University in the US, Glamorgan University in the UK and Edith Cowan University in Australia – along with BT and Sims Recycling Solutions.
The annual hard drive survey, now in its fourth year, is designed to bring to public attention the risk to personal data posed by carelessly discarded computer equipment which often contains huge amounts of personal and commercial data. The universities involved in the study use techniques and tools that are readily available from the internet and can be used by someone with a basic knowledge of technology to recover the data left on the drives, often this is not necessary as many are not even wiped. One of the men who analysed the drive – Glenn Dardick, assistant professor of information systems at Longwood University in Virginia – described it as “manna from heaven to hackers”. He said: “If this is out there, then it does beg the question: what else is out there?”
In the mid 80’s as a Field Engineer for TRW, we serviced computers for the Dept. Of Justice among others. At that time there was no way you could remove a hard drive from the premises. What has changed?
From what I’ve seen the contractors are very good at protecting data, the problem is the military/defense department people. I still can’t believe they were allowing USB drives and other external storage devices into the Pentagon until this past year.
I couldn’t bring anything electronic into the building I worked at, and I was just an intern.
#1 This had nothing to do with USB drives, but rather a machine that wasn’t sanitized before being sold on eBay.
#3
I know, I’m just saying that in my experience the contractors are much better about security.
The place I worked at had a shredder/destructor for drives from classified systems. The were never allowed to leave the building. There was no procedure for “sanitizing” drives that had held classified info, they had to be destroyed.
Probably overkill, but it keeps stuff like this from happening.
Hm. What kind of company would have engineering, facilities, and personnel data on the same hard drive?
Sweet Jeebus! Before I get rid of an old hard drive it is wiped (formatted & overwritten) or physically destroyed. That is just basic digital sanitation.
reminds me of several systems some friends and i myself purchaced surplus from the government many year ago amazing what was left on there. and what was tucked away in the manuals.. still waiting for the men in black to show up with mach-10’s
And they’re worried about P2P lol. What kind of numb skulls are these government agencies hiring?
Damn system isn’t going to work anyway. Just welfare for defense contractors. You have to kill them in boost phase to stand a chance. To knock out all MIRV’s you would need a nuclear warhead. Command and Control would never allow it to fire on time.
Sheesh. My company requires drives encrypted, with pass phrase access (not just a pass code).
This is followed by a finger print swipe, then separate access to the network! The next generation technology has a remote kill switch!! Seriously.
I can’t imagine why military is so lax.
My experience is that while most companies have great security Policies… actual practice is another story. While on the ground floor, in engineering and development groups (and usually IT) security practices are pretty strong. But once it goes to management for review (or whatever), security is out the window. I mean for cryin-out-loud, management is much too busy and important to worry about security. That’s for the peons.
In the mid 80’s… …What has changed?
Several things actually.
1 – Computers are much more prolific
2 – Hard drives in the 80’s were significantly larger (my first use of a HD was a 10Mb the size of a microwave)
3 – There was not a market for “old” hardware – most was simply thrown out due to hardware being outdated by the time it was taken out of the box and plugged in)
IMHO – Stories like this will always pop up. No matter how much security is put in place, there will always be a smaller USB drive, smaller cell phone camera, smaller whatever that will enable the ability to leak secure data. Everyone must remain vigilant but realize that leaks will happen. And perhaps in some cases, the leaks are on purpose for the sake of disinformation…
This had to be a laptop from either a politician or a political staffer. Because they’re just about the only ones who don’t give a crap about security, and what’s at stake. Or don’t have to, because they live in such an insular world of privilege. All their computers are maintained for them. So they’re never inconvenienced by patches, updates, hard drive crashes, or worms and viruses. They’re just handed a laptop, whenever they need it. And I’m sure if they’re on some committee that studies and approves defense projects. That data is all preloaded for their use. And when they’re done, its tossed back on the shelf for someone else’s eventual use. Congressmen and senators are only (recently) concerned with protecting their own, personal, campaign secrets. Or they lobbyist ties. Ever since they learned that their cellphones could be monitored. Remember that one, last year. And of course the person who taped that call, got into big legal troubles. NOT the politician shooting his mouth off over an unsecure cellphone. So I guess that citizen learned his lesson about coming forward, to clean up his corrupt government.
Anyway, complacency usually trickles down. If the politicians are concerned about information security (because they don’t have to be). Then those staffer and service personnel below them. Probably aren’t either. And I guessing that there’s quite a lot of theft of laptops from these government offices. So before these laptops (or hard drives) get a chance to be properly wiped. They could vanish and end up on eBay. Let’s face it, the US government (most branches of it) are lousy at keeping track of its taxpayer paid for goodies. Because the people working there are never held responsible for any losses, why the hell should they care? The taxpayers will just buy more for them. There’s probably a small warehouse full of laptops for them to use. And probably most of them have data on their that shouldn’t be allowed out of a secure environment. But maintaining that level of security, might inconvenience high level government workers and politicians. So… it’s never made an issue for them to observe. And little money is set aside for others to do it for them.
So you can almost be certain that somebody in Congress got careless with this information. Since they’d most likely need it to over see a budget. And haven’t the slighted concern about its loss. That’s the price of having a government, that’s privileged with having more freedoms that its citizens are.
Put mine through an industrial band saw.
Don’t know what changed.
I do recall that the weakest part of any security system is the human element. All it takes is one person having a brain dead moment of blinding stupidity to ruin the best security system.
In other words somebody didn’t take out the hard drive and smash it with a sledge hammer.
More recently, word as come about Digital printer-scanners, that have internal hard drives that keep copies of practically everything they’ve scanned. Sort of like a Tivo device, that scans documents and then prints them however you like. But only discards images of what it records, when the hard drive capacity starts to run out. And NOT BEFORE! These units are used by doctors, hospitals, law offices, police departments, banks, etc. And when they decide to get a better one. Off the units go to some foreign country, like Argentina, with all the files the have intact. Nobody, is erasing the damn things. So you SSN and medical history, and such, are probably being looked at all over the third world. And still the US’s streets are “paved with gold”. Of course we can all afford to have our identities stolen. DAMN!