Slashdot Mirror
Governmental Servers Wiped? Never!
Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."
They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!
Always going forward, 'cause we can't find reverse.
* That they have sold a bunch of servers laden with personal information for hardly any money at all, or
* Somebody out there is still running AIX
Why are we suddenly complaining about Government being too open?
this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)
And what, ever since I posted to /. about finding the best way to *really* wipe a harddrive I've gotten about 45 emails telling me all kinds of ways to sort out this kind of problem (I still get emails about it, and the posting was more than three years ago). Everything from a quick thermite burn to breaking into a telco exchange for some ultra-high-current bit rearrangement.
those government types just beed to think outside the box a little more. hell, why settle for thermite - these boys have access to our nuclear arsenal!
===== Warble://VX
Interesting, that the blogs subtitle is:
:D
If it's not on fire, then it's a software problem.
Looks like you're about to have a hardware problem
At ~$14USD per server, it's amazing how cheap personal information has become.
:)
:)
$14 USD? You got ripped off.
A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
Slashdot remembers
Makes me proud to be an aussie sometimes
Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.
Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.
if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.
Then at a later date, he could do his evil work using that data.
Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.
It's .. um .. transparent government. Yeah, that's it.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?
I found running a magnet over it is a good first step. Unscrewing it and opening it is a good second step. Taking a hammer to the internal parts is step 3. And putting the parts over a fire won't hurt. For a final step, I like to throw the hard drive in the lake of acid.
I also pee on the hard drive. Just incase someone is smart enough to fuck me and find out what was on the hard drive, I can have the last laugh knowing they touched my pee.
Oh, but you want to sell the hard drive, sans data? Now that gets tricky.
Here is what I have done in the past when I wanted to sell or give away a hard drive, but did not want anything to be retrievable off the hard drive.
I start with a format using a windows 98 floppy that will write a FAT table. I then load windows 98 on it and go to malware, spyware and those kinds of websites. When I get to 90% CPU in usage while doing nothing, I know I have enough spyware and viruses. I let them go to town on the hard drive. I delete files, and let the viruses rewrite them.
Step 2 is putting a Debian CD in the cd-rom and reformatting the hard drive and installing Debian. I then go to websites with huge mpegs and download them until the hard drive is full of data. I delete all this data and do it all over again.
Next is a Windows 2000 install, in NTFS. I go back to virus and malware websites, and let the hard drive get infected again.
My final step is a simple FAT format, and the sale. If someone tries to recreate what was one the drive, they might recreate a virus. I toss the debian and large file step in the middle to over write what was written the first time. It is another layer to the cake.
Oh, I am delusional and paranoid too. People tell me I get fanatical about shit like privacy. You might not need to go through all the steps. A simple format might be all you need, unless you suspect the person buying the hard drive has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Twice.
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
-AT
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004
see october 7th 2004
Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.
These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.
molmod.com - computing tips from a molecular modeling
o wait, this is the goverment, nevermind
The UK's Data Protection Act, especially as it pertains to medical data, is remarkably strict.
Nonetheless, it came as no surprise to me that, when I worked at a medical centre and they upgraded all their machines, the old ones were merely dumped in the attic before being carted off by the local Council's binmen.
I asked about this (not in terms of security, but because I wanted the machines). Apparently UK companies have to PAY the Council to removed old computers, as part of some enviromental legislation. I offered to take them away for free, naturally.
The only reason I didn't get any "protected" data along with them was because I'd previously wiped it off. But even that was little more than a standard "empty recycle-bin" - it likely wouldn't stop anyone who knew what they were doing.
It's all very well having data protection policies, but unless you tell officials HOW to erase data, it won't be done.
Argh.
"...And he sang as he laughed as he carted off the server rack - you'll come a-waltzing Matilda with me!"
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
... is the more likely scenario - that, for every one of these incidents that are reported, there are 10 that are not.
You could probably make a living selling data snarfed from used disks/tapes off ebay.
I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.
Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.