A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.Reporters find Northrop Grumman data in Ghana market (via /.)The drive had belonged to a Fairfax, Virginia, employee who still works for the company and contained "hundreds and hundreds of documents about government contracts," said Peter Klein, an associate professor with the University of British Columbia, who led the investigation for the Public Broadcasting Service show Frontline. He would not disclose details of the documents, but he said that they were marked "competitive sensitive" and covered company contracts with the Defense Intelligence Agency, the National Aeronautics and Space Administration and the Transportation Security Agency.
The data was unencrypted, Klein said in an interview. The cost? US$40..."It was a wonderful, ironic twist," Klein said. "Here were these contracts being awarded based on their ability to keep the data safe."
Off-camera, sources in Ghana told the reporters that data thieves routinely scour these hard drives for sensitive information, Klein said.
Illegal e-waste dumped in Ghana includes unencrypted hard drives full of US security secrets
Leave a comment
More items
Advisor: Was it cruel to let poor kids in India play with my iPod?
A few years ago, I went on a trip to northern India to see the Dalai Lama. I traveled with a lawyer, a politician, a publicist, and a translator. One of the places we visited on the way up from Delhi was called Jalandhar — it's in the Punjab region and is home to a lot of sweatshops. While we ... More.
Mom calls 911 over son's video game habit
A desperate Boston mom called 911 late Saturday night because she couldn't get her 14-year old son to stop playing video games. A police spokesman said the call "was a little unusual, but by no means is it surprising."... More.
FCC unimpressed by Verizon's reply
Verizon's new $350 early termination fee and "gotcha" internet access charges recently attracted FCC attention. It is not amused by the company's reply, which has already drawn the Wrath of Pogue. Verizon's answers are "unsatisfying and, in some cases, troubling," says the FCC's Rick Kaplan. Kaplan ... More.
December 1945 issue of Popular Science
One of the highlights is a story explaining how nuclear power—remember, this is only five months after Hiroshima and Nagasaki—could be harnessed peacefully, to produce energy in America. The piece includes diagrams showing how a nuclear generator might be designed. Fun for comparing wi... More.
Pyramid Power! Classic 80s-era clock back in stock
Seiko's legendary talking pyramid clock returns in updated form, featuring LED lighting and sharp corners. It's Japan-only for the moment. [via CrunchGear]... More.
RSS Feed
SO.ANGRY.
yikes! I have a friend who worked for them, but they were bought out by another company. I imagine there are actually a lot of leaks this way.
And that's why you always degauss. (or put a drill through the platters.)
Well, security was yesterday's gold rush. Today, these businesses are probably chasing 'green' contracts. These businesses were just playing a part in US Security Theater™. Gotta get paid, y'know!
This story appeared on Frontline/World earlier this week. Frontline/World is a fantastic documentary series - highly recommended for your Tivo Season Pass list.
Degauss, drill and BFH (big frigging hammer, or give 'em to me I kill hard drives just by being near them.
War on terror = war on braainz.
Thermite is a cost effective solution for a variety of problems.
Simply wiping the disk would work. I had to do this at a couple of my employers. I recommend not destroying a perfectly good disks, as people like me and apparently Ghanans, can make good use of an old hard disk.
Where else am I going to get refrigerator magnets?
Wiping the disk doesn't remove the data. It just makes it harder (read more expensive) to retrieve.
The 'standard' for wiping data is to over write the disk multiple times using alternating data patterns. Until not so long ago, seven passes were thought sufficient, based on the way flight recorders can give up 7 separate 'recordings' from its loop of metal wire which serves as the internal recording media,.
Forensic software, designed to be used by police or governments, but freely available to whoever can afford it, has upped the acceptable limit to 20 or so passes. However the longer something is kept on magnetic media the harder it will be to remove completely, where there can be a 'screen burn' effect. Thus it's possible to examine magnetic media with electron microscopes to determine patterning of the magnetising agent.
The question you have to ask yourself is how badly would someone want anything you might have stored on your hd.
If you're a defence contractor, then the physical destruction of the media makes a lot of sense.
"Get'er'done!"
-or-
"Lisa, if you don't like your job, you don't strike. You just go in every day and do it really half-assed. That's the American way."
Redundancy will get you no matter what. That's how they got the nazis.
They kept records of everything, meticulously.
Every day, big containers with thousands and thousands of old computers are being shipped to low-cost nations to be dismantled and disposed of.
That's because some private company said they could dispose of your old shit at a ridiculously low price, and now they've got the contract.
They do not Degauss, drill, or anything else but ship it.
Actually, Marcel, more and more organizations are requiring the waste processing contractors to shred the electronics prior to shipping. The military has changed its standards to where the material has to either be shredded before leaving the site or an employee has to witness the shredding before title passes to the disposal contractor.
I think it's a terrible idea. Yes, it solves the data leaks, but it wastes an incredible resource and adds immensely to the waste stream and energy usage. Why shred perfectly usable parts when it's a tiny fraction of them that causes problems? Simply set an internal standard for separating the drives and sell them (and only them) on a must-shred contract. The data loss issue is solved while still preserving untold amounts of energy and preventing toxin releases.
I guess the military has more reasons for the shredding, though; their problem was some unauthorized countries (i.e. Iran) were buying fighter parts through third parties that came from US military surplus. But it shouldn't be too hard to restrict only those material classes that would represent a security problem.
Anyone else think this would make a great plotline for a techno-thriller? Some massive wrongdoing by a US security agency, and this kid in Ghana has the only evidence. Now an international techno-game of techno-cat and techno-mouse ensues!
Aren't they worried about the security of their $*!#?
http://www.youtube.com/watch?v=563QNm_A7WI
www.dban.org, bitches! My data is SAFE!
Some interesting info here: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
For physical disk destruction, no piece should be larger than a single 512 byte record block, about 1/125th of an inch. So forget the drill, use a grinder.
Awesomes.
Between the desire, And the spasm
Between the potency, And the existence
Between the essence, And the descent
Falls the Shadow
For Thine is the Kingdom
For Thine is, Life is, For Thine is the
This is the way the world ends
This is the way the world ends
This is the way the world ends
Not with a bang but a whimper.
Third world data mining, who'd a thunk it?
Don't worry, we'll hurry up and close the barn door after the horses are out. All that shredding and ruination is "Too little, Too late".
Plus, if there was no verification that things were being wiped, who really thinks that the cut rate contractors will waste money on the energy to shred the stuff. Easier to palletize and sell, that way you get paid twice.
CPU and server hard drives are only a small part of the picture.
Printers/scanners/copiers - many have a 5gb to 20gb hard drive - containing the details of the last several hundred print/scan/copy runs.
Cell phones, Blackberrys, PDAs all have a lot of personal data held on them. Even GPSs have your family and friends addresses.
Routers, Switches? No company data but static IP addresses and other network data - helps open up your network to attack.
Witnessed destruction - take your drives/equipment to an ewaste shredding company and watch them go into the shredder - sure it'll cost you a few hundred bucks, but i bet Northrup wish they had done that rather than get back a few bucks by selling the equipment for "asset management" (read: Brand Destruction)
From the article, it's not clear that this is "US Security Secrets." "Competition Sensitive" is not a US Govt. security marking, and more often than not covers pricing data, rather than technical data. Embarassing? Yes. Security leak? Not so clear.
This is on top of a UK study undertaken recently where they bought second hand drives from eBay and looked at what was on them, one had launch codes for a US missile and had come from Lockheed Martin.
Witnessed destruction is indeed the only way, send the newest tech down with them, pay the money, feel the comfort.
Hey this could really be useful! Imagine if terrorist people "accidentally" had a PC whose HDD went its long way to Ghana!
We could even prevent some future attacks if those secret plans got unveiled! I would even see this as a chance to prevent mischief...