Forgot your password?

Close
typodupeerror
Security Hardware

Reporters Find US Gov't Data In Ghana Market 154

Posted by samzenpus
from the full-recycle-bin dept.
narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"
This discussion has been archived. No new comments can be posted.

Reporters Find US Gov't Data In Ghana Market More

Reporters Find US Gov't Data In Ghana Market

Comments Filter:

  • Bargain basement??? (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Thursday June 25 2009, @08:14AM (#28464887) Journal
    $40 for a used hard drive of unknown provenance seems pretty high, unless you are talking about a considerably cooler than ordinary drive. Methinks that those journalists were haggling about as effectively as someone with an expense account for the story might be expected to.

  • Re:Umm.. that's not how it works (Score:4, Insightful)

    by langelgjm (860756) on Thursday June 25 2009, @08:17AM (#28464911) Journal

    .I thought the same thing at first, but then I read the rest of the summary:

    some of the documents talked about how to recruit airport screeners and several of them even covered data security practices

    Typically we're interested in contracts during the bidding process (to make sure the public is not being ripped off), and later on, to see that the contractor actually delivers the goods. But "transparency" doesn't mean everyone needs to know the details of how Northrop Grumman builds its missiles or whatever.

  • Re:Bargain basement??? (Score:3, Insightful)

    by Opportunist (166417) on Thursday June 25 2009, @08:22AM (#28464933)

    Depends on how it was marketed. I mean, how much would you pay for a use HD from NorGrum?

    I'm fairly sure a HD once used in the development area of MS can fetch a nice price.

  • Re:Contracts (Score:5, Insightful)

    by plover (150551) * on Thursday June 25 2009, @08:32AM (#28464985) Homepage Journal

    They should lose their contracts for failing to wipe the data off the hard drives.

    They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

    They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."

    There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.

  • Re:Yea (Score:5, Insightful)

    by rhook (943951) on Thursday June 25 2009, @08:39AM (#28465041)
    Those "locks" do nothing to protect the data, and the drive still spins up when power is applied. You can even retrieve the password if you know what you're doing. Full drive encryption is a much better solution.

  • Linux CD (Score:2, Insightful)

    by fenring (1582541) on Thursday June 25 2009, @08:43AM (#28465087)
    Yes, it's called a linux bootable cd. It turns out it's quite cheap as well.

  • Re:Bargain basement??? (Score:2, Insightful)

    by adosch (1397357) on Thursday June 25 2009, @08:46AM (#28465109)
    $40 seems steep, but the size of the hard drive wasn't even list ITFA, and there was definite intent and motive to go find some secret government/contractor data on a piece of computer hardware, too, by the journalists themselves. So it's evident price or need of a hard drive wasn't an issue. With dumpster diving and shady data mining practices that have been at least publicly practiced over the last decade quite over announced, have people not learned to wipe the data on their storage devices? I pitty the "outside" company who is suppose to be in charge of doing that (or so NG claims). At work, it's kind of a break from the pace to sit down with a bunch of servers, and let DOI standard wipe policy chug away. It's not like you have to constantly monitor it; should be one of the easiest things do to on the side.

  • Re:Erasure Device? (Score:3, Insightful)

    by plover (150551) * on Thursday June 25 2009, @08:49AM (#28465147) Homepage Journal

    While destroying the HD physically is a solution, it prevents the drive being reused.

    Destroying the drive physically has a benefit beyond the obvious that the data is rendered unrecoverable. The more critical benefit is that if you have two crates of disk drives to destroy, you can look at them and know that the crate full of smashed drives is the "done" crate. That's especially important when you have an unskilled labor pool doing the work. You post a guy at the door with a clipboard ensuring only smashed drives are allowed to leave the building. It doesn't take a computer scientist to do that job correctly.

    Wiping the drive and selling it has much less benefit than you might think. The value of the used drive is tiny -- especially since you still have to pay someone to track it through the wiping process, and you have to pay someone to wipe it. When you finally sell it, you might make a dollar or two at most.

    Compared to the cost of the risk of losing data, it's a false economy to think that salvaging drives is a smart choice. Just the legal costs Northrup Grumman is about to go through over this one far exceeds the amount of money they have now or ever will make selling used drives.

  • Re:Contracts (Score:3, Insightful)

    by rpillala (583965) on Thursday June 25 2009, @10:21AM (#28466073)

    Or maybe the whole thing is secret under the aegis of War On Terror or National Security or whatever the fuck. I don't think we'll hear much more about how this turns out, and therefore no accountability.

  • Same here, that is just stupid and wasteful, not to mention based on old wives tales. I have yet to see ANYBODY recover a DoD wiped drive. You'd think that one of those data recovery firms would brag about it if they had actually been able to pull it off, yet nada. Give them a good DoD wipe and then they can be reused in computers for the poor.

    Even to this day I have no problem giving away a 400Mhz or better to somebody who doesn't actually have a PC. Just slap DSL-N and they have a nice clean desktop that is quite fast and a pleasure with to surf. I keep a 733MHz around to run Win9X for old games and to surf on when my main boxes are busy, and with 384Mb of PC100 and DSL-N it is a very pleasurable surfing experience. It is just stupid and wasteful to destroy those drives and make even more e-waste when they can be reused by those that don't have any. Single moms, homeless shelters, churches, there are tons of places that are quite happy to take a free working machine, and if everyone destroys the drive the cost of giving those machines away suddenly becomes too expensive.

    So don't fall for old wives tales, DoD wipe and recycle. Good for the environment and your fellow man.

  • V.I. Lenin said it best (Score:3, Insightful)

    by Torodung (31985) on Thursday June 25 2009, @10:41AM (#28466317) Journal

    "The Capitalists will sell us the rope with which we will hang them." -V.I. Lenin

    Let's prove him wrong, eh?

    --
    Toro

  • Re:Cheaper option: Rifle (Score:1, Insightful)

    by Anonymous Coward on Thursday June 25 2009, @11:41AM (#28467009)

    It's funny how people go all alarmed about the milligrams of heavy metals in e-waste, such as a hard drive, which gets buried in a sanitary landfill. But blasting it open with a good-sized chunk of lead and spewing the resulting fragments all over the place is OK, though.

  • Re:Contracts (Score:1, Insightful)

    by Anonymous Coward on Thursday June 25 2009, @05:44PM (#28472961)

    Encryption is less of an issue. If AES is implemented in a reasonable way (there are bad implementations of AES as well as good ones), there is no known way to obtain the data without the key.

    What is attackable is how the keys are stored, and how keys are put in.

    So, if a drive sitting on a shelf in Elbonia is encrypted via almost all FDE mechanisms out there, be it TrueCrypt, BitLocker, PGP, PointSec, Safeboot, WinMagic, BestCrypt, or others, the only avenue the bearer of the drive has is to figure out which program encrypted it, and then start brute forcing the passphrase, which can be almost impossible to do especially if the drive was encrypted using a cryptographic token, or TPM where the key could be anywhere in the keyspace, as opposed to what someone would type in.

You had mail. Paul read it, so ask him what it said.