Reporters Find US Gov't Data In Ghana Market 154
Posted
by
samzenpus
from the full-recycle-bin dept.
from the full-recycle-bin dept.
narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"
Contracts (Score:3, Interesting)
Yea (Score:4, Interesting)
When I dispose of an obsolete drive (Score:3, Interesting)
I disassemble it, remove the platters, mount each one in a vise and bend it by striking it with a hammer.
If they can get data off that platter, they're welcome to it.
Umm.. that's not how it works (Score:3, Interesting)
It's a long standing complaint that governments keep information about contracts secret for the benefit of the contractors. Now you're complaining that a contractor didn't keep information about their contracts adequately secured? Are you stupid or something? The US taxpayers have a right to know the details of these contracts.. but they are denied that by commercial confidentiality concerns. If you want to cry a river for someone, think about the shareholders, but don't go blathering on about "secret government contracts" because they simply shouldn't exist.
Re:Still? (Score:3, Interesting)
NG said it went through an outside firm, that doesn't mean it did. Not only that but this could have been from a personal computer.
Northrop Grumman is a business. Their employees don't take an oath to support (or defend) the constitution. It's all about the money.
Cheaper option: Rifle (Score:2, Interesting)
They make nice targets. Even the NSA would be hard-pressed to get data off of platters with bullet holes in them. I have seen this done with a high-velocity 7mm bolt-action rifle. VERY effective. Auditor asks how we ensure that hard drives are erased when they are taken out of service. Of course we erase them before using our "special process". Showed them a few samples, bullet holes and all. No more questions about hard drive erasure.
Re:When I dispose of an obsolete drive (Score:3, Interesting)
Not to mention...you have some fun in the process. :)
Although, I can't imagine running it through a DoD wipe with DBAN would be recoverable, and then the drive is reusable. We already have enough electronic junk going in landfills, so I find destroying drives rather than properly wiping them to be particularly distasteful.
me smell's B.S (Score:2, Interesting)
not that this does'nt happen, i just find the story unlikely , reporters go to a random market in a random country and find this disk. more likely they had the disk beforehand and just made up the market bit.
Re:Name of outsourced company? (Score:3, Interesting)
Re:Contracts (Score:5, Interesting)
What's so ridiculous is how easy it is to destroy data without investing in ultra-super-duper-mil-spec data destruction software. When I destroyed hard drives for my old company, I'd pull out the drive, take it down to the shop floor, and watch as one of our fabricators put a 1/2-inch hole through the platters with a drill press. It's theoretically possible that an expert who really, really wanted our data could have read something from the partial platters, but I guarantee that none of our drives ever showed up in use anywhere else.
And with the old IBM death stars, pretty much any possibility of data recovery was eliminated when those glass platters shattered inside the case as the drill went through.
Of course, this technique requires you to have a drill press or a good, sturdy hand drill somewhere on your site, but I think Northrop Grumman could afford one of those.
Re:When I dispose of an obsolete drive (Score:3, Interesting)
I have a fast and simple solution. I take my trusty drill and run the bit through the platter at least once to several times depending on the importance of the drive. Yea, someone could in theory super reconstruct the data, but not without spending hundreds of thousands if not millions of dollars more than the data was worth. For that kind of money, I would just give them the data. It is a simple, cheap, quick solution that in all but the most sensitive situations would be sufficient to keep the data from being recovered in 99.9% of all cases.
The thing people forget in all their bs about "just overwrite it with 0 and 1" is that hard drives are often being discarded because they have mechanical problems. The platter is likly still in good shape, just something else has failed that stops it from being mountable. My solution fixes both.
Re:Position Sensitivity (Score:3, Interesting)
I'd say an Oath is a Moral "contract" and a Contract is a Legal "contract". God is not part of any oath i've ever taken. The US Constitution is the highest authority in the country.
It's nice to talk to a contractor that has had good experiences working inside the government. I'm being very honest, it's good to hear a gov employee say they take their job very seriously.
I have mostly dealt with KBR and NG which left a bad taste in my mouth. The worst cases being the $7,000 per month (rent) canvas tents my platoon lived in and a $100K generator that wouldn't run more than 10 hrs without someone babysitting it. The true reasons the Iraq war has cost us so much money.
Re:When I dispose of an obsolete drive (Score:3, Interesting)
I don't pretend to know all the regulations involved, but that website mentions that such a device is suitable for emergency destruction of top secret data.
In an emergency this probably would be a good tradeoff between security and time - you can't take three weeks to do an "emergency" destruction if your security guards are holding off a regiment of troops looking to capture your data (which I think is the actual scenario envisioned - maybe some paratroops drop in on your roof or something or there are rioters outside looking to break in).
However, I think that if a hard drive truly contained top secret data it would probably need to be almost completely incinerated to be secure - preferably to the point of melting the platters and destroying the memory chips. Top secret data potentially would be of interested to a very determined government - a merely bent hard drive could probably be read just fine with something like a tunnelling electron microscope. Sure, it would take quite a bit of determination, but if you're talking about the detailed designs and source code for an F22 or a nuclear bomb or something like that I'm sure somebody would be willing to go through the trouble. Reading the bits off of a bent hard drive has to be easier than building your own from scratch.
Re:Yea (Score:0, Interesting)
Speaking as someone that works at seagate, doing test process and calibration:
If you replace the board with an 'identical' one, you will lose all the calibration information, this includes things like telling the drive how to keep the heads from crashing into the disk to where the data tracks actually are, things that differ from drive to drive.
Most likely pulling this switch will yeild nothing but a brick.