Illegal e-waste dumped in Ghana includes unencrypted hard drives full of US security secrets

Discuss

21 Responses to “Illegal e-waste dumped in Ghana includes unencrypted hard drives full of US security secrets”

  1. jimkirk says:

    Some interesting info here: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

    For physical disk destruction, no piece should be larger than a single 512 byte record block, about 1/125th of an inch. So forget the drill, use a grinder.

  2. gollux says:

    Awesomes.

    Between the desire, And the spasm
    Between the potency, And the existence
    Between the essence, And the descent
    Falls the Shadow
    For Thine is the Kingdom

    For Thine is, Life is, For Thine is the

    This is the way the world ends
    This is the way the world ends
    This is the way the world ends
    Not with a bang but a whimper.

    Third world data mining, who’d a thunk it?

    Don’t worry, we’ll hurry up and close the barn door after the horses are out. All that shredding and ruination is “Too little, Too late”.

    Plus, if there was no verification that things were being wiped, who really thinks that the cut rate contractors will waste money on the energy to shred the stuff. Easier to palletize and sell, that way you get paid twice.

  3. zuzu says:

    Gotta get paid, y’know!

    Get’er’done!

    -or-

    Lisa, if you don’t like your job, you don’t strike. You just go in every day and do it really half-assed. That’s the American way.”

  4. Anonymous says:

    Anyone else think this would make a great plotline for a techno-thriller? Some massive wrongdoing by a US security agency, and this kid in Ghana has the only evidence. Now an international techno-game of techno-cat and techno-mouse ensues!

  5. bardfinn says:

    SO.ANGRY.

  6. blueelm says:

    yikes! I have a friend who worked for them, but they were bought out by another company. I imagine there are actually a lot of leaks this way.

  7. dculberson says:

    And that’s why you always degauss. (or put a drill through the platters.)

  8. DWittSF says:

    Well, security was yesterday’s gold rush. Today, these businesses are probably chasing ‘green’ contracts. These businesses were just playing a part in US Security Theaterâ„¢. Gotta get paid, y’know!

  9. Anonymous says:

    Aren’t they worried about the security of their $*!#?
    http://www.youtube.com/watch?v=563QNm_A7WI

  10. Anonymous says:

    From the article, it’s not clear that this is “US Security Secrets.” “Competition Sensitive” is not a US Govt. security marking, and more often than not covers pricing data, rather than technical data. Embarassing? Yes. Security leak? Not so clear.

  11. Lord Xenu says:

    http://www.dban.org, bitches! My data is SAFE!

  12. Adam Stanhope says:

    This story appeared on Frontline/World earlier this week. Frontline/World is a fantastic documentary series – highly recommended for your Tivo Season Pass list.

  13. demidan says:

    Degauss, drill and BFH (big frigging hammer, or give ‘em to me I kill hard drives just by being near them.

    War on terror = war on braainz.

  14. LightningRose says:

    Thermite is a cost effective solution for a variety of problems.

  15. Anonymous says:

    This is on top of a UK study undertaken recently where they bought second hand drives from eBay and looked at what was on them, one had launch codes for a US missile and had come from Lockheed Martin.

    Witnessed destruction is indeed the only way, send the newest tech down with them, pay the money, feel the comfort.

  16. Anonymous says:

    CPU and server hard drives are only a small part of the picture.

    Printers/scanners/copiers – many have a 5gb to 20gb hard drive – containing the details of the last several hundred print/scan/copy runs.

    Cell phones, Blackberrys, PDAs all have a lot of personal data held on them. Even GPSs have your family and friends addresses.

    Routers, Switches? No company data but static IP addresses and other network data – helps open up your network to attack.

    Witnessed destruction – take your drives/equipment to an ewaste shredding company and watch them go into the shredder – sure it’ll cost you a few hundred bucks, but i bet Northrup wish they had done that rather than get back a few bucks by selling the equipment for “asset management” (read: Brand Destruction)

  17. Marcel says:

    Redundancy will get you no matter what. That’s how they got the nazis.
    They kept records of everything, meticulously.

    Every day, big containers with thousands and thousands of old computers are being shipped to low-cost nations to be dismantled and disposed of.

    That’s because some private company said they could dispose of your old shit at a ridiculously low price, and now they’ve got the contract.

    They do not Degauss, drill, or anything else but ship it.

  18. Drew from Zhrodague says:

    Simply wiping the disk would work. I had to do this at a couple of my employers. I recommend not destroying a perfectly good disks, as people like me and apparently Ghanans, can make good use of an old hard disk.

    Where else am I going to get refrigerator magnets?

  19. Anonymous says:

    Hey this could really be useful! Imagine if terrorist people “accidentally” had a PC whose HDD went its long way to Ghana!
    We could even prevent some future attacks if those secret plans got unveiled! I would even see this as a chance to prevent mischief…

  20. dculberson says:

    Actually, Marcel, more and more organizations are requiring the waste processing contractors to shred the electronics prior to shipping. The military has changed its standards to where the material has to either be shredded before leaving the site or an employee has to witness the shredding before title passes to the disposal contractor.

    I think it’s a terrible idea. Yes, it solves the data leaks, but it wastes an incredible resource and adds immensely to the waste stream and energy usage. Why shred perfectly usable parts when it’s a tiny fraction of them that causes problems? Simply set an internal standard for separating the drives and sell them (and only them) on a must-shred contract. The data loss issue is solved while still preserving untold amounts of energy and preventing toxin releases.

    I guess the military has more reasons for the shredding, though; their problem was some unauthorized countries (i.e. Iran) were buying fighter parts through third parties that came from US military surplus. But it shouldn’t be too hard to restrict only those material classes that would represent a security problem.

  21. a_user says:

    Wiping the disk doesn’t remove the data. It just makes it harder (read more expensive) to retrieve.

    The ‘standard’ for wiping data is to over write the disk multiple times using alternating data patterns. Until not so long ago, seven passes were thought sufficient, based on the way flight recorders can give up 7 separate ‘recordings’ from its loop of metal wire which serves as the internal recording media,.

    Forensic software, designed to be used by police or governments, but freely available to whoever can afford it, has upped the acceptable limit to 20 or so passes. However the longer something is kept on magnetic media the harder it will be to remove completely, where there can be a ‘screen burn’ effect. Thus it’s possible to examine magnetic media with electron microscopes to determine patterning of the magnetising agent.

    The question you have to ask yourself is how badly would someone want anything you might have stored on your hd.

    If you’re a defence contractor, then the physical destruction of the media makes a lot of sense.

Leave a Reply