Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Hardware

Reporters Find US Gov't Data In Ghana Market 154

narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"
This discussion has been archived. No new comments can be posted.

Reporters Find US Gov't Data In Ghana Market

Comments Filter:
  • by Ritz_Just_Ritz ( 883997 ) on Thursday June 25, 2009 @07:00AM (#28464801)

    Yet another example of some bonehead "disposing" of old equipment without wiping the data first. Time to start cranking out those Pulitzer prizes. ;)

  • Contracts (Score:3, Interesting)

    by hellfish006 ( 1000936 ) on Thursday June 25, 2009 @07:03AM (#28464817)
    They should lose their contracts for failing to wipe the data off the hard drives.
    • Re:Contracts (Score:5, Informative)

      by Cheerio Boy ( 82178 ) * on Thursday June 25, 2009 @07:08AM (#28464851) Homepage Journal

      They should lose their contracts for failing to wipe the data off the hard drives.

      They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

      • Re:Contracts (Score:5, Insightful)

        by plover ( 150551 ) * on Thursday June 25, 2009 @07:32AM (#28464985) Homepage Journal

        They should lose their contracts for failing to wipe the data off the hard drives.

        They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

        They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."

        There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.

        • Then, the next time a contract goes out for tender, they will lose it. And, by 'lose' I mean 'win because they can demonstrate more experience than their competitors in this area'.
        • Re:Contracts (Score:5, Informative)

          by Cheerio Boy ( 82178 ) * on Thursday June 25, 2009 @07:40AM (#28465063) Homepage Journal

          They should lose their contracts for failing to wipe the data off the hard drives.

          They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

          They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."

          There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.

          ITAR is pretty strict but you're probably right in that they'll blame the recycling firm or some such nonsense. From my experience they can at least expect a fresh ITAR audit courtesy of the federal gooberment because there is now "reason to question" their security.

          Personally I don't let a hard drive out of the building unless it's been at least wiped (non-secure data) if not destroyed (secure data). Usually I destroy them just to make sure.

          • Just to clarify a point, to be REALLY sure you want to wipe AND destroy, if there is even a fraction left of a HD platter it might contain a file that a pro could recover given enough time, money and patience.
            • Re: (Score:3, Funny)

              by TheLink ( 130905 )
              I haven't tested this myself but I think something like an oxy-acetylene cutter can be pretty effective and fast.

              It will take a lot of effort to recover the data from the resulting molten puddles of metal ;).

              If you want to wipe very many hard drives at a go, there's always stuff like thermite, furnaces and bessemer converters.
          • Personally I don't let a hard drive out of the building unless it's been at least wiped (non-secure data) if not destroyed (secure data). Usually I destroy them just to make sure.

            I wonder how effective are the machines designed to bulk wipe hard drives (by bulk, I mean one whole drive at a time)?
            Wiping by writing data has problems -- remapped sectors might be recoverable to someone with the right equipment and know-how and these sectors won't be overwritten using normal disk-wiping methods.

        • Re: (Score:3, Insightful)

          by rpillala ( 583965 )

          Or maybe the whole thing is secret under the aegis of War On Terror or National Security or whatever the fuck. I don't think we'll hear much more about how this turns out, and therefore no accountability.

        • Re: (Score:2, Informative)

          Government Sub-contractors are required to maintain liability insurance for instances like this.

          Sadly, this poor fellow will be sued into oblivion; the minimum in Canada is 2 million, in the U.S. I don't even know.

          Northrop is usually very good but the issue is that it's "Sensitive Informaiton" chances are the person using the system didn't follow the security protocols in place (i.e. Not storing classified informaiton in an Unclass environment).

          It's for this very reason all of my file systems are e
    • Re:Contracts (Score:5, Interesting)

      by geobeck ( 924637 ) on Thursday June 25, 2009 @08:39AM (#28465615) Homepage

      They should lose their contracts for failing to wipe the data off the hard drives.

      What's so ridiculous is how easy it is to destroy data without investing in ultra-super-duper-mil-spec data destruction software. When I destroyed hard drives for my old company, I'd pull out the drive, take it down to the shop floor, and watch as one of our fabricators put a 1/2-inch hole through the platters with a drill press. It's theoretically possible that an expert who really, really wanted our data could have read something from the partial platters, but I guarantee that none of our drives ever showed up in use anywhere else.

      And with the old IBM death stars, pretty much any possibility of data recovery was eliminated when those glass platters shattered inside the case as the drill went through.

      Of course, this technique requires you to have a drill press or a good, sturdy hand drill somewhere on your site, but I think Northrop Grumman could afford one of those.

    • by Gilmoure ( 18428 )

      On the DOE side of things, hard drives don't get wiped, they get shredded [youtube.com]. Have purchased a surplus computer that had been DOE owned and it had hard drive, optical drive, ram and video card pulled.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Thursday June 25, 2009 @07:06AM (#28464841)
    Comment removed based on user account deletion
    • Re:Yea (Score:5, Insightful)

      by rhook ( 943951 ) on Thursday June 25, 2009 @07:39AM (#28465041)
      Those "locks" do nothing to protect the data, and the drive still spins up when power is applied. You can even retrieve the password if you know what you're doing. Full drive encryption is a much better solution.
      • Those "locks" do nothing to protect the data, and the drive still spins up when power is applied. You can even retrieve the password if you know what you're doing.

        This might be possible if you know the drive very well; the vendor might have a tool which can handle it. But you need to know the manufacturer's comment to print the HDD lock code, since there is [obviously] no standard ATA or ATAPI code to do so. If there were, hacking Xboxes would be a hell of a lot easier.

      • Comment removed based on user account deletion
    • Couldn't you just replace the circuit board with an identical one? Tada, data.
  • by Peter Simpson ( 112887 ) on Thursday June 25, 2009 @07:08AM (#28464849)

    I disassemble it, remove the platters, mount each one in a vise and bend it by striking it with a hammer.

    If they can get data off that platter, they're welcome to it.

    • by rotide ( 1015173 ) on Thursday June 25, 2009 @07:16AM (#28464907)
      Sounds time intensive. While a little pricey, get a hard drive destroyer. Pop it in, hit go and it folds 90 degrees!

      http://www.garner-products.com/PD-8400.htm [garner-products.com]

      • by Anonymous Coward

        They make nice targets. Even the NSA would be hard-pressed to get data off of platters with bullet holes in them. I have seen this done with a high-velocity 7mm bolt-action rifle. VERY effective. Auditor asks how we ensure that hard drives are erased when they are taken out of service. Of course we erase them before using our "special process". Showed them a few samples, bullet holes and all. No more questions about hard drive erasure.

        • Do you shoot the rifles inside the secure office area? No? Do you carry the drives outside of the building and shoot them in a less secure area of your campus? No? Do you take them off site and shoot them at a range somewhere? Yes?

          You're not as secure as you think.

      • by khallow ( 566160 )
        A degausser is more useful IMHO. Fortunately, this product apparently can work with one.
      • Re: (Score:3, Interesting)

        by Rich0 ( 548339 )

        I don't pretend to know all the regulations involved, but that website mentions that such a device is suitable for emergency destruction of top secret data.

        In an emergency this probably would be a good tradeoff between security and time - you can't take three weeks to do an "emergency" destruction if your security guards are holding off a regiment of troops looking to capture your data (which I think is the actual scenario envisioned - maybe some paratroops drop in on your roof or something or there are rio

        • by mlts ( 1038732 ) *

          At some places, not just government offices, but private companies, they use thermite packages to destroy hard disks. The hard disks go in the enclosure, thermite packs are laid atop the drives, cover is closed, and the stuff is ignited. The result is metal slag that goes to a scrapyard for recycling.

          Even if any data remained on an unmelted part of the drive, the hard disk would have been heated far beyond the Curie point so any data on it would be long gone.

      • Sure, disassembling hard drives is time-intensive. But the real reward is that you can salvage a bunch of really powerful magnets for mad-science experiments.

      • I keep wondering why people always bring up "drive destroying" methods when disposing of a hard drive. What about that Linux (I think) command that overwrites the entire hard drive with 0's? Wasn't there some website offering a pile of money to any data-recovery place that can get anything off of a drive that's had that done? And hasn't pretty much every data-recovery place either failed, or refused to even try once they heard that this command was used?

        So... why no just use that command? At least the d

        • by hplus ( 1310833 )
          I think the problem was that the "pile of money" offered was really that the security firm could keep the drive afterwards. The drive was only 40 gigs, making the pile about 35 dollars tall.
      • by fm6 ( 162816 )

        Jeez, talk about overkill. For most purposes, wiping the disk [thefreecountry.com] is perfectly adequate. If your hat is made of tinfoil, use software that implements DoD 5220.22M. But really, if you're up against somebody who can recover data after even a basic destructive overwrite (someone like the NSA), they already know all your secrets — assuming they even care that you exist.

        • by rotide ( 1015173 )
          It may be overkill, but that has NOTHING to do with what is and isn't reasonable for your employer to set as a policy.

          If they want to be able to tell their clients/customers that their data will literally be destroyed when the server is decommissioned, so be it.

          • by fm6 ( 162816 )

            What do you mean by "literally destroyed?" Taking the disk apart and smashing the platters with a hammer? Somebody with the right resources could still reassemble the disks and recover the data. Perhaps you need to dissolve them in acid? Expensive, and there are environment issues.

            Show me any evidence that somebody has been able to recover data on disks wiped by DOD-grade software, and I'll concede that you have a point. Going beyond that just so you can claim it's "literally destroyed" is pure security the

    • by FudRucker ( 866063 ) on Thursday June 25, 2009 @07:33AM (#28464989)
      thermite, lets see them get data out of a pile of slag
      • Re: (Score:3, Interesting)

        by cbiltcliffe ( 186293 )

        Not to mention...you have some fun in the process. :)

        Although, I can't imagine running it through a DoD wipe with DBAN would be recoverable, and then the drive is reusable. We already have enough electronic junk going in landfills, so I find destroying drives rather than properly wiping them to be particularly distasteful.

        • Comment removed (Score:4, Insightful)

          by account_deleted ( 4530225 ) on Thursday June 25, 2009 @09:25AM (#28466117)
          Comment removed based on user account deletion
          • Re: (Score:3, Informative)

            by DavidTC ( 10147 )

            I have yet to see ANYBODY recover a DoD wiped drive. You'd think that one of those data recovery firms would brag about it if they had actually been able to pull it off, yet nada. Give them a good DoD wipe and then they can be reused in computers for the poor.

            Forget DoD wipes, it has never even been demonstrated it's possible to recover data from a single 00000000 wipe. No one has ever managed to read as much as a byte of data after it has been overwritten once with any value.

            The whole thing is sheer pa

            • and then when they're done turn on a huge magnet just to make sure.
              And stop wasting all that hardware

              Erasing the the whole drive with a giant magnet (ie. not JUST the data area, but also the tracking informatiion encoded ny the manufacturer) is every bit as bad as physically destroying the drive. You certainly won't be using it ever again, unless the manufacturer is specifically involved in refurbishing it (which probably is probably too expensive to be worthwhile).

            • turn on a huge magnet just to make sure. And stop wasting all that hardware.

              FYI the magnet doesn't help with destroying data, or saving the drive. I attached the biggest magnet I could find to a unused hard drive, and booted the computer, it booted but started making a horrible scratching noise. I shutdown and took off the magnet couple tries over a couple days, and the drive was dead (same horrible noise. Let it sit for 2 weeks, and whatever bent/magnetized metal in the drive recovered enough that all of the data was then readable, drive still works (poorly) with 99.9% of the d

          • Yeah, but there are thousands and thousands of old machines 400MHz and up, and most of those are willingly discarded or recycled by those with no sensitive data on them at all, or by those who don't know to wipe their own data off the drive first.

            All of those drives are more than enough to supply the single moms, homeless shelters, and churches of the world. Meanwhile, other drives - those that actually have critical information where the consequences of release are high - can be destroyed.

            If it makes you

    • by Patrik_AKA_RedX ( 624423 ) on Thursday June 25, 2009 @07:49AM (#28465143) Journal
      My methode is much better. I install windows on it, have internet explorer start automaticly and open Slashdot. By the time they're done, the data is way to old to be of any relevance.
      The rest of the drive I fill up with the combine works of David Hasselhof. Cruel, but effective.
    • I hope you don't do this with glass platters.
    • Re: (Score:3, Interesting)

      by cenc ( 1310167 )

      I have a fast and simple solution. I take my trusty drill and run the bit through the platter at least once to several times depending on the importance of the drive. Yea, someone could in theory super reconstruct the data, but not without spending hundreds of thousands if not millions of dollars more than the data was worth. For that kind of money, I would just give them the data. It is a simple, cheap, quick solution that in all but the most sensitive situations would be sufficient to keep the data from

    • Sounds like a lot of effort.

      Find a local building work and give him £20 to put it on top of the next thing he attacks with a kango.

      JD.
  • 'Here were these contracts being awarded based on their ability to keep the data safe.'"

    Diversion wrapped in a diversion cloaked in a diversion. I bet the spies who read the contracts went out of their ways to break the procedures outlined in them, wasting precious time and resources instead of just getting em on the cheap in Africa. Where is your Isser Dzerzhinsky now?

  • by iamapizza ( 1312801 ) on Thursday June 25, 2009 @07:09AM (#28464859)

    some of the documents talked about how to recruit airport screeners

    It contained a link to monster.com?

  • by QuantumG ( 50515 ) * <qg@biodome.org> on Thursday June 25, 2009 @07:11AM (#28464867) Homepage Journal

    It's a long standing complaint that governments keep information about contracts secret for the benefit of the contractors. Now you're complaining that a contractor didn't keep information about their contracts adequately secured? Are you stupid or something? The US taxpayers have a right to know the details of these contracts.. but they are denied that by commercial confidentiality concerns. If you want to cry a river for someone, think about the shareholders, but don't go blathering on about "secret government contracts" because they simply shouldn't exist.

    • by langelgjm ( 860756 ) on Thursday June 25, 2009 @07:17AM (#28464911) Journal

      .I thought the same thing at first, but then I read the rest of the summary:

      some of the documents talked about how to recruit airport screeners and several of them even covered data security practices

      Typically we're interested in contracts during the bidding process (to make sure the public is not being ripped off), and later on, to see that the contractor actually delivers the goods. But "transparency" doesn't mean everyone needs to know the details of how Northrop Grumman builds its missiles or whatever.

      • some of the documents talked about how to recruit airport screeners and several of them even covered data security practices

        Typically we're interested in contracts during the bidding process (to make sure the public is not being ripped off), and later on, to see that the contractor actually delivers the goods. But "transparency" doesn't mean everyone needs to know the details of how Northrop Grumman builds its missiles or whatever.

        The whole TSA/airport security thing is theater, it would still be trivial to get a bomb onto a plane, or to get a squad of terrorists onto same with some crappy weapons. It is not possible that any meaningful details of airport security were leaked because:

        1. There is no airport security.
        2. Security by obscurity is no security at all
        3. The terrorists can probably trivially get a copy of the security procedures anyway.
    • by Opportunist ( 166417 ) on Thursday June 25, 2009 @07:19AM (#28464921)

      I think it's asking a bit much of the US taxpayer that he should be required to go to a local market in Ghana to buy the info. It should be provided by the government.

      Besides, this is a company providing the info. I'm not really much into socializing everything, but dammit, there are some things that belong into government hands!

  • From the article:

    The drive had belonged to a Fairfax, Virginia, employee who still works for the company...

    But for how much longer?

    • Re:Still? (Score:5, Informative)

      by Ritz_Just_Ritz ( 883997 ) on Thursday June 25, 2009 @07:20AM (#28464925)

      Did you even read the article? It doesn't appear that the employee was at fault. The computer was "disposed of" by some outside company. Allegedly, they are responsible for sanitizing the hardware prior to binning it or parting it out.

      I would expect, however, that this "outside firm" is wondering if they still have their contract with Northrop Grumman. I suspect not.

      • Re: (Score:3, Interesting)

        by tibman ( 623933 )

        NG said it went through an outside firm, that doesn't mean it did. Not only that but this could have been from a personal computer.

        Northrop Grumman is a business. Their employees don't take an oath to support (or defend) the constitution. It's all about the money.

      • by Rich0 ( 548339 )

        Gotta love modern business.

        If some part of the business is expensive (usually because it requires following regulations or requires the company to be safe) it gets outsourced. The main qualification for the outsourcer is that they are dirt cheap and that they sign off that they do everything by the book. Then when it turns out that they don't do things by the book they get fired (after making profits for 10 years), and then the contract is put out for bid again and the cheapest supplier is again hired.

        Mea

  • by fuzzyfuzzyfungus ( 1223518 ) on Thursday June 25, 2009 @07:14AM (#28464887) Journal
    $40 for a used hard drive of unknown provenance seems pretty high, unless you are talking about a considerably cooler than ordinary drive. Methinks that those journalists were haggling about as effectively as someone with an expense account for the story might be expected to.
    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )

      Depends on how it was marketed. I mean, how much would you pay for a use HD from NorGrum?

      I'm fairly sure a HD once used in the development area of MS can fetch a nice price.

    • Re: (Score:2, Insightful)

      Comment removed based on user account deletion
    • by dnwq ( 910646 )
      It's reasonable to assume that electronics may be more expensive in Ghana, so a used HDD may be worth more. But, yes, foreigners haggling probably can't get a good price anyway.
    • I think the "bargain basement" reference was to the value of the information contained on the hard drive, not the hardware itself.

    • Re: (Score:3, Informative)

      by Culture20 ( 968837 )
      A used 300GB Ultra320? I'd pay $40 if it worked at sale.
    • $40 for a used hard drive of unknown provenance seems pretty high, unless you are talking about a considerably cooler than ordinary drive.

      I paid $125 for my external hard drive, and that is STILL a good price (this was a year ago, on deep discount at costco)

      $40 might be a fantastic price, especially in Ghana.

  • Does anyone know if there are any stand alone devices designed to erase the data on a hard drive? I am thinking something you plug in and it then goes about erasing all the data (I am thinking simpler and cheaper than a PC). I doubt a magnet would be a reliable solution. While destroying the HD physically is a solution, it prevents the drive being reused.

    • Linux CD (Score:2, Insightful)

      by fenring ( 1582541 )
      Yes, it's called a linux bootable cd. It turns out it's quite cheap as well.
    • I suspect that there are dedicated devices; but I'd be shocked if they are any cheaper or much simpler than a basic x86 with some easily accessible drive bays and a copy of DBAN.
    • Re: (Score:3, Insightful)

      by plover ( 150551 ) *

      While destroying the HD physically is a solution, it prevents the drive being reused.

      Destroying the drive physically has a benefit beyond the obvious that the data is rendered unrecoverable. The more critical benefit is that if you have two crates of disk drives to destroy, you can look at them and know that the crate full of smashed drives is the "done" crate. That's especially important when you have an unskilled labor pool doing the work. You post a guy at the door with a clipboard ensuring only smashed drives are allowed to leave the building. It doesn't take a computer scientist t

      • by 1u3hr ( 530656 )
        Destroying the drive physically has a benefit ...

        And it has cost: you have turned a useful piece of hardware into electronic waste. For all the waffle talked about using electronic microscopes, etc, to read a wiped drive, is irrelevant. This drive was not wiped. It was just unplugged and sold as-is.

        I don't believe anyone has demonstrated being able to read data in any useful quantity (not just a few bytes here and there) from a wiped drive, even one simply overwritten with zeros in the most simple-min

        • Data recovery firms can recover data from formatting

          For clarity, this is often since formatting simply writes the bare minimum for the disk to be useable. To be really sure you need a low-level format that writes random 1s and 0s to the whole disk.

        • by plover ( 150551 ) *

          Destroying the drive physically has a benefit ...

          And it has cost: you have turned a useful piece of hardware into electronic waste.

          That's the problem. You seem to be saying that "waste" and "cost" have some magically significant difference. But everything boils down to cost: smashing the drive into aluminum and glass and fiberglass shards costs you time, labor, disposal fees, and the lost opportunity to resell or reuse the device. Wiping the drive has a different cost: labor, tracking, and the risk that the drive will not be properly wiped before resale. My point is that risk has a higher cost than anything else above, by a very

          • by 1u3hr ( 530656 )
            But everything boils down to cost:

            Not for everyone. Creating toxic waste by destroying a useful article may financially be the optimal choice, but it's objectionable on other grounds; morality, social responsibility. But apparently you don't think these matter.

            And if a company can't work out how to be sure they erase a disk before they dispose of it, I submit they can't be trusted to do much at all. Obviously they also thought "everything boils down to cost" and chose the lowest cost option, some contra

            • by plover ( 150551 ) *

              But everything boils down to cost:

              Not for everyone. Creating toxic waste by destroying a useful article may financially be the optimal choice, but it's objectionable on other grounds; morality, social responsibility. But apparently you don't think these matter.

              My opinion matters some, in that I have a say in how my corporation disposes of some of our used equipment. But my post is not just our experience, it's an observation of how most big corporations do business, and how engineers and managers are taught to evaluate decisions like these. Corporations make most decisions based on money, because it's the only universal score card they know. Some corporations certainly try to "do good" or "be green", (or at least take credit for it when it's easy to do so) bu

              • by 1u3hr ( 530656 )
                When you're dealing with hundreds of locally contracted service people and installers, not every one turns out to be a rocket scientist

                Yeah. And again, this is caused by simply trying to do it at the lowest possible cost. I could, in 5 minutes, work out a simple cheap, effective way to do this. (Old PC with removable drive bays: erase, image with FreeDOS, DSL or whatever and show a boot screen. Stamp drive with "CLEANED" label.) If it's an important problem -- and it is, as the "cost effective" method dem

    • I'd think anything that specialized would be so low volume as to be as expensive as a PC, even though it's much simpler.

      My suggestion:
      Next time you or a friend upgrades their computer, or you find one on the side of the road (maybe with data on it..), or whatever, grab it.
      Pull all the nonessential parts - HD, vid card if it's got onboard or you have a low power junker sitting around - so it uses less power. Cut a hole in the side of the case, and run a PATA and SATA cable, and appropriate power cables out

    • Re: (Score:3, Informative)

      by jps25 ( 1286898 )

      DBAN http://dban.sourceforge.net/ [sourceforge.net]

      • by mlts ( 1038732 ) *

        At my last job, I used DBAN in combination with HDDErase when reassigning machines from one department to another.

        HDDErase which tells the drive to do a secure erase on the controller level, erasing even remapped tracks. Then, I run DBAN, and it saves a confirmation that the drive was erased to a floppy, and that is kept as an audit log.

        In reality, either method will do the job. However, HDDErase gets parts of the drive that DBAN doesn't, and DBAN generates a good audit file. Should something come up abo

    • This [ics-iq.com] company sells a thing called the "Wipemasster" for mass wiping of up to 9 hard drives at a time.

      Simpler than a PC, definitely. Cheaper? Not really at $2500...

      • Just took a look. It isn't cheaper, but given the number of drives it can do at once, it is probably more convenient. I am sure their security budget would cover that easily.

    • I doubt a magnet would be a reliable solution.

      I tested the magnet approach with a old laptop drive, it is not a effective method.
      IE I got too of the best magnets I could find, 100# vertical hold stacked them on top of the drive, and booted the laptop. it booted, then started making scratching noises (apparently either the write head, or the disks were deflected by the force enough to rub) The drive did quickly become un-useable. 2 days later, still un-useable. 2 weeks later, the drive was 100% fine, whatever was magnetized/bent from the exposure re

    • Does anyone know if there are any stand alone devices designed to erase the data on a hard drive? I am thinking something you plug in and it then goes about erasing all the data (I am thinking simpler and cheaper than a PC).

      It's call a power drill. Just fit it with a metal cutting drill bit and you're ready.

  • How tough is it DBAN (Darik's Boot And Nuke) a PC before sending it to the disposal company?

    This employee should be forced to EABOD (Erase A Bunch Of Disks).

  • The only secure information is never written down or told to other people.
  • me smell's B.S (Score:2, Interesting)

    by Anonymous Coward

    not that this does'nt happen, i just find the story unlikely , reporters go to a random market in a random country and find this disk. more likely they had the disk beforehand and just made up the market bit.

    • ... likely they had the disk beforehand ...'

      As though getting hold of this disk beforehand isn't also a security failure? Where and how they got it isn't the real story.

    • by codegen ( 103601 )
      The link given in the summary is a horrible article. IT was actually Canadian Journalism students, and they were working on a story about ewaste. It wasn't just some random country, they were following leads from North america. Better links are at the register [theregister.co.uk] and at the CBC [www.cbc.ca].
  • pubs and dems speak of. Problem is that we have to go countries like Chana, Russia, China, Venezuela, Iran, and North Korea to get it. Hopefully, Obama realizes that Security MUST change. We need to worry more about other nations and the companies that we employ, and less about spying on our citizens.
  • They should implement a stronger punishment and reward scheme for this.Award a major amount of money for drives that are not wiped clean...this will lead you to the person who did the damage. So you pay to find out who, then that person in turn owes you back for the money you spent...so 1 or 2 cases like these will be enough to send a clear picture to the rest of them...its easy enough to use a data wiping software...turning all bits into zeros. Seriously...get educated if you handle getting rid of hardware

  • by Torodung ( 31985 ) on Thursday June 25, 2009 @09:41AM (#28466317) Journal

    "The Capitalists will sell us the rope with which we will hang them." -V.I. Lenin

    Let's prove him wrong, eh?

    --
    Toro

  • a defensive exercise. It doesn't matter what you do possibilities like this are always going to happen. There are always going to be lapses or loopholes and when they happen it's always going to be "OH-MY-GOD-I-CANT-BELIEVE-THIS-IS-POSSIBLE" and then there's some outrage and then either behavior continues or some other "OH-MY-GOD-I-CANT-BELIEVE-THIS-IS-POSSIBLE" thing happens.

    It does bring up the point that you shouldn't count on contractors like Lockheed, Northrop, etc to keep us safe, they'll only do w
  • All that is (in fact...) coming from the government that wants to force ACTA onto the world.
    http://www.eff.org/press/archiveso/2009/05/06 [eff.org]

    Yes, the military-industrial complex owns the government.
  • The best way to dispose of a hard drive is to open it up to get the platters, blast them with a blowtorch until they become brittle, smash them to tiny bits/powder with a hammer then scatter the tiny bits into the ocean.

"Show me a good loser, and I'll show you a loser." -- Vince Lombardi, football coach

Working...