A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.
The drive had belonged to a Fairfax, Virginia, employee who still works for the company and contained "hundreds and hundreds of documents about government contracts," said Peter Klein, an associate professor with the University of British Columbia, who led the investigation for the Public Broadcasting Service show Frontline. He would not disclose details of the documents, but he said that they were marked "competitive sensitive" and covered company contracts with the Defense Intelligence Agency, the National Aeronautics and Space Administration and the Transportation Security Agency.
The data was unencrypted, Klein said in an interview. The cost? US$40.
Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC. "Based on the documents we were shown, we believe this hard drive may have been stolen after one of our asset-disposal vendors took possession of the unit," the Northrop Grumman said in a statement. "Despite sophisticated safeguards, no company can inoculate itself completely against crime."
A Northrop Grumman spokesman would not say who was responsible for disposing of the drive, but in its statement the company noted that "the fact that this information is outside our control is disconcerting."
Some of the documents talked about how to recruit airport screeners and several of them even covered data security practices, Klein said. "It was a wonderful, ironic twist," Klein said. "Here were these contracts being awarded based on their ability to keep the data safe."
According to Klein, it's common for old computers and electronic devices to be improperly dumped in developing countries such as Ghana and China, where locals scavenge the material for components, often under horrific working conditions.
Twitter's @anywhere could ushe ...
"Many South by Southwest attendees reportedly walked out halfway through the keynote appearance ..."
Google to simplify Exchange to ...
"Google has created a free tool to simplify and automate the migration of e-mail, calendar and c ..."
Law enforcement push for stric ...
"Law enforcement officials in the U.K. and U.S. are pushing the Internet Corporation for Assigne ..."
Home grown eMed app gets Web 2 ...
"The University of NSW Faculty of Medicine has developed an in-house student management system, ..."
Twitter to simplify integratio ...
"Twitter plans to launch a new platform that lets Web publishers display 'tweets' on their sites ..."
"Here the discussion it the true condition of the IT professionals the effec ..."
alexinarogger
"Twitter is definitely a great tool, but they are not doing enough to make i ..."
Josh
"Good to see Geelong Hospital using video for interpreter services and for ..."
Claire Larsen
"Rodney,
Thanks for your informative article regarding the recent researc ..."
Gary Ryan
"Hi, Saltmarch Media is organizing 3rd Edition of Great Indian Developer ..."
Shaguf
Last year the U.S. Government Accountability Office found that a substantial amount of the country's e-waste ended up in developing countries, where it was often dangerously disposed of.
The reporters bought seven hard drives, Klein said. The other drives contained sensitive information about their previous owners, including credit-card numbers, resumes and online account information.
Off-camera, sources in Ghana told the reporters that data thieves routinely scour these hard drives for sensitive information, Klein said.
Although that may be worrying to some, security experts say that there is already a vast quantity of this type of information available online from criminals who have stolen it from hacked computers.
Compared to hacking, stealing data from old hard drives is pretty inefficient, said Scott Moulton, an Atlanta data-recovery expert who teaches classes on data recovery. "It's a tremendous amount of work, so it's only going to be the bottom-of-the-barrel guys who would do that," he said. "It's happening on a small scale."
Still, it's easy for criminals to find data on drives, even when they've been legitimately wiped clean, Moulton said. He buys used hard drives by the hundreds for his classes. These drives have been professionally wiped, but his students always find at least one drive in each class with information still on it.
That's because it's easy for a drive to get missed during the wiping process or improperly wiped. Compounding the problem, the software that some recycling companies use doesn't actually remove all data from the drive, especially data that may be hidden on corrupted parts of the hard drive known as bad blocks, he explained.
The surest way to get your data off of a hard drive is to physically destroy it, Moulton said.
References
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Cloud Computing: Tips on differing models, best use, and easy adoption
Flexible Service Desk? Dynamic Markets - Independent Market Research Report
Computerworld Strategy Guide: Business Intelligence
Making the move to Ethernet | A DECISION GUIDE
CIO2CIO Research Study | State of the Market: Application Performance Management
Database Management | A Computerworld Strategy Guide
Video Overview | Successful Migration to Windows 7
Overtaken by Events? The Quest for Operational Responsiveness | A Survey of Global Energy, Telecoms, and Logistics Businesses
Zones provide focussed content from CIO and leading technology partners.






















Comments
Post new comment