Reporters Find US Gov't Data In Ghana Market 154
Posted
by
samzenpus
from the full-recycle-bin dept.
from the full-recycle-bin dept.
narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"
Re:Contracts (Score:5, Informative)
They should lose their contracts for failing to wipe the data off the hard drives.
They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.
Re:When I dispose of an obsolete drive (Score:5, Informative)
http://www.garner-products.com/PD-8400.htm [garner-products.com]
Re:Still? (Score:5, Informative)
Did you even read the article? It doesn't appear that the employee was at fault. The computer was "disposed of" by some outside company. Allegedly, they are responsible for sanitizing the hardware prior to binning it or parting it out.
I would expect, however, that this "outside firm" is wondering if they still have their contract with Northrop Grumman. I suspect not.
Re:Contracts (Score:5, Informative)
They should lose their contracts for failing to wipe the data off the hard drives.
They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.
They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."
There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.
ITAR is pretty strict but you're probably right in that they'll blame the recycling firm or some such nonsense. From my experience they can at least expect a fresh ITAR audit courtesy of the federal gooberment because there is now "reason to question" their security.
Personally I don't let a hard drive out of the building unless it's been at least wiped (non-secure data) if not destroyed (secure data). Usually I destroy them just to make sure.
Re:Erasure Device? (Score:3, Informative)
DBAN http://dban.sourceforge.net/ [sourceforge.net]
Re:Bargain basement??? (Score:3, Informative)
Re:Contracts (Score:1, Informative)
They will not loose anything. Some poor slob will be scapegoated. I personally have been on the receiving end of that throat cutting. It's very simple, you sign a contract (yes, I was a sub-sub contractor) that says you will obey all their policies, which includes doing whatever the BNOM (Base Network Operations Manager) tell you to do. When he tells you to mult-home a server between secure and unsecure LANs, in clear violation of security policies and common sense, you do it because it's you job if you don't. When it gets caught, you're the one to blame. If you complain, you are told to follow normal policy (as per your contract) which requires you to complain through the BNOM!
The general contractor never takes the blame and always take at least 75% of the awarded contract.
BTW If you sue, they cut the BNOM's throat. You have his blood on your hands but still no money in your pocket.
Re:Contracts (Score:2, Informative)
Sadly, this poor fellow will be sued into oblivion; the minimum in Canada is 2 million, in the U.S. I don't even know.
Northrop is usually very good but the issue is that it's "Sensitive Informaiton" chances are the person using the system didn't follow the security protocols in place (i.e. Not storing classified informaiton in an Unclass environment).
It's for this very reason all of my file systems are encrypted.
As for Northrop they are responsible to meet all IT Security Policies in place by the Military, that's one of the reasons classified systems are soo damn expensive, you buy it for 5K, service it for 100K and then de comission it for 10K, if the guy is just taking the 10K and recycling it then you have a problem. Ideally the Hard drives should be wiped, degaussed, smashed with large hammers (hydraulic or sledges work well) or shredded and then thrown into an furnace. That is a NATO standard for classified information. It's a lot of labor and hence the 10K.
Re:When I dispose of an obsolete drive (Score:3, Informative)
I have yet to see ANYBODY recover a DoD wiped drive. You'd think that one of those data recovery firms would brag about it if they had actually been able to pull it off, yet nada. Give them a good DoD wipe and then they can be reused in computers for the poor.
Forget DoD wipes, it has never even been demonstrated it's possible to recover data from a single 00000000 wipe. No one has ever managed to read as much as a byte of data after it has been overwritten once with any value.
The whole thing is sheer paranoid lunacy. It has its origin when hard drives encoded data in a different way, and were a lot looser in where they wrote on the drive, so in theory parts of the signal could be left behind. But that was only hypothetical even back then, there was no way to separate the signals out, and hard drives are a lot denser and encode the signal differently now.
The only thing that makes a bit of sense is that hard drives can reassign clusters and leave data behind in bad ones, but you can get around that by using the right commands. It would be a hell of a lot more useful if the DoD would just invest in some external hard drive controller-type device to low-level format drives, and then when they're done turn on a huge magnet just to make sure.
And stop wasting all that hardware.
Re:Yea (Score:3, Informative)
Nonsense, placing platters into other drive enclosures to aid in data recovery is one of the oldest tricks in the book. It may not be perfect but it'll certainly work well enough.
Re:Contracts (Score:3, Informative)
Cheers