Slashdot Mirror

← Back to Stories (view on slashdot.org)

Governmental Servers Wiped? Never!

Posted by timothy on from the but-this-is-in-australia dept.

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

8 of 284 comments (clear)

  1. 14 bucks? you got ripped :) by ashridah · · Score: 5, Interesting

    At ~$14USD per server, it's amazing how cheap personal information has become.
    $14 USD? You got ripped off.

    A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
    Slashdot remembers :)

    Makes me proud to be an aussie sometimes :)

    1. Re:14 bucks? you got ripped :) by dbIII · · Score: 4, Interesting
      customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
      There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

      There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

      It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

      The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

  2. Government by Anonymous Coward · · Score: 5, Interesting

    Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

    Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

  3. Re:Understandable . . . by acceber · · Score: 5, Interesting
    "Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

    The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems. It's not surprising that a blunder such as this went by unnoticed.

    I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

  4. Does he have a license to the source now? by mveloso · · Score: 5, Interesting

    Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

  5. Reminds me of when I worked for US government... by Anti-Trend · · Score: 5, Interesting
    I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

    -AT

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.
  6. Re:I don't know what's worse... by linzeal · · Score: 3, Interesting

    AIX still runs massive databases for big insurance companies, weather stations and criminal databases. IBM has a moderate representation on the databases and hardware they digitally store fingerprints and mugshots on. Sold them in the 80's and they have upgraded on IBM a few times since than.

    --
    An Education is the Font of All Liberty
  7. ebay is great for this... by bani · · Score: 4, Interesting

    You could probably make a living selling data snarfed from used disks/tapes off ebay.

    I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.

    Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.