Slashdot Mirror

← Back to Stories (view on slashdot.org)

Governmental Servers Wiped? Never!

Posted by timothy on from the but-this-is-in-australia dept.

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

14 of 284 comments (clear)

  1. 14 bucks? you got ripped :) by ashridah · · Score: 5, Interesting

    At ~$14USD per server, it's amazing how cheap personal information has become.
    $14 USD? You got ripped off.

    A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
    Slashdot remembers :)

    Makes me proud to be an aussie sometimes :)

    1. Re:14 bucks? you got ripped :) by dbIII · · Score: 4, Interesting
      customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
      There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

      There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

      It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

      The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

  2. Not trivial though by baldvin · · Score: 2, Interesting

    Its kind of hard to get rid of your data on a hard drive. You are lucky if it works, then you can try 'dd if=/dev/zero of=/dev/xxx'. However, if first thay laid off their aix staff, employed some windows engineers, then they decided to sell those aix boxes... Well, well :)

    Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it...

  3. Government by Anonymous Coward · · Score: 5, Interesting

    Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

    Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

    1. Re:Government by mistfall · · Score: 2, Interesting

      Given the number of governments that flirt with the concept of ID cards (especially when the bombs go off) aren't you glad they practise such strong safeguards when it comes to data?

  4. Re:Understandable . . . by acceber · · Score: 5, Interesting
    "Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

    The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems. It's not surprising that a blunder such as this went by unnoticed.

    I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

  5. Does he have a license to the source now? by mveloso · · Score: 5, Interesting

    Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

  6. Reminds me of when I worked for US government... by Anti-Trend · · Score: 5, Interesting
    I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

    -AT

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.
  7. Re:Odd... by Lectrik · · Score: 2, Interesting

    I seem to recall a few years ago watching a program that mentioned how the brittish government decomissioned some of it's hard drives.
    With a low level format, then a blast furnace, and then holding on to the smelted chunk of crud for a while. [this may have been only for stuff that was "sensative" though]
    Of course my brain sucks for holding normal info, but it kinda stood out because we do similar stuff at work, machine dies, we take it out back with a sledge hammer and a cutting torch, someone asks us to strip the machine for parts half an hour after we're tired.

    --
    --- As to make my comment seem, by comparison, more intelegent... doodie doodie doodie poop poop poop!
  8. Re:Blatant theivery. by gl4ss · · Score: 2, Interesting

    there was a wave of laptop thefts in large companies a year or two back here... done by people who wore suits, they just walked into the open offices and wandered off with the laptops.

    --
    world was created 5 seconds before this post as it is.
  9. Re:I don't know what's worse... by linzeal · · Score: 3, Interesting

    AIX still runs massive databases for big insurance companies, weather stations and criminal databases. IBM has a moderate representation on the databases and hardware they digitally store fingerprints and mugshots on. Sold them in the 80's and they have upgraded on IBM a few times since than.

    --
    An Education is the Font of All Liberty
  10. ebay is great for this... by bani · · Score: 4, Interesting

    You could probably make a living selling data snarfed from used disks/tapes off ebay.

    I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.

    Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.

  11. In Canada... by myov · · Score: 2, Interesting

    One of the major banks decomissioned servers which eventually wound up on ebay. The person who bought them discovered that all data was still intact.

    --
    I use Macs to up my productivity, so up yours Microsoft!
  12. Re:Warranty policies by Michael+Hunt · · Score: 2, Interesting

    Reminds me of an anecdote I heard a few years back. It's off-the-wall enough to be true, but I don't vouch for its accuracy. It was a pub conversation, after all.

    Co-worker at a previous job had an acquaintance who was working for a defense contractor (RLM, i think it was), on some crazy uber-classified Over-the Horizon Radar project. They used an absolute stackload of data in Compaq (ex DEC) SANs, I'm told.

    Due to the fact that all this data was classified at some level, and they were a good customer, Compaq gave them an unconditional replacement guarantee on the disks in their RAID arrays. If one failed, Compaq didn't want it back.

    So, this friend of a friend started sending in bogus RMA requests and taking the disks home. When this came to light, Compaq, obviously, were rather aggrieved. Since they couldn't do him for theft (the contract being rather ambiguous, and they HAD issued him with the RMAs,) they had the Australian Fed. Police arrest him for Treason.

    He got 5 to 10 years.

    --
    You're doing it wrong.