Slashdot Mirror

← Back to Stories (view on slashdot.org)

Governmental Servers Wiped? Never!

Posted by timothy on from the but-this-is-in-australia dept.

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

21 of 284 comments (clear)

  1. Understandable . . . by Gabrill · · Score: 5, Funny

    They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!

    --
    Always going forward, 'cause we can't find reverse.
    1. Re:Understandable . . . by acceber · · Score: 5, Interesting
      "Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

      The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems. It's not surprising that a blunder such as this went by unnoticed.

      I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

  2. I don't know what's worse... by Anonymous Coward · · Score: 5, Funny

    * That they have sold a bunch of servers laden with personal information for hardly any money at all, or
    * Somebody out there is still running AIX

    1. Re:I don't know what's worse... by Dogtanian · · Score: 4, Funny

      Somebody out there is still running AIX

      Yeah, I hear that AIX has a large lesbian following...

      --
      "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  3. Policy by Anonymous Coward · · Score: 5, Funny

    Why are we suddenly complaining about Government being too open?

  4. As an Australian... by PrivateDonut · · Score: 5, Funny

    this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)

    1. Re:As an Australian... by trime · · Score: 5, Funny

      Bruce here is head of the document security department, and is also in charge of the sheep dip.

    2. Re:As an Australian... by strider44 · · Score: 4, Funny

      Are we the only country with a leader who went swimming and never came back?

      (Note that, since I have space to use up for the spam filter, there are several ironically named swimming pools named after former Prime Minister Harold Holt, as well as an American Frigate.

  5. 14 bucks? you got ripped :) by ashridah · · Score: 5, Interesting

    At ~$14USD per server, it's amazing how cheap personal information has become.
    $14 USD? You got ripped off.

    A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
    Slashdot remembers :)

    Makes me proud to be an aussie sometimes :)

    1. Re:14 bucks? you got ripped :) by dbIII · · Score: 4, Interesting
      customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
      There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

      There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

      It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

      The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

  6. Government by Anonymous Coward · · Score: 5, Interesting

    Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

    Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

  7. You understand that... by PrivateDonut · · Score: 5, Insightful

    if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.

    Then at a later date, he could do his evil work using that data.

    Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.

  8. Does he have a license to the source now? by mveloso · · Score: 5, Interesting

    Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

  9. Re:Not trivial though by John+Seminal · · Score: 5, Funny
    Its kind of hard to get rid of your data on a hard drive.

    I found running a magnet over it is a good first step. Unscrewing it and opening it is a good second step. Taking a hammer to the internal parts is step 3. And putting the parts over a fire won't hurt. For a final step, I like to throw the hard drive in the lake of acid.

    I also pee on the hard drive. Just incase someone is smart enough to fuck me and find out what was on the hard drive, I can have the last laugh knowing they touched my pee.

    Oh, but you want to sell the hard drive, sans data? Now that gets tricky.

    Here is what I have done in the past when I wanted to sell or give away a hard drive, but did not want anything to be retrievable off the hard drive.

    I start with a format using a windows 98 floppy that will write a FAT table. I then load windows 98 on it and go to malware, spyware and those kinds of websites. When I get to 90% CPU in usage while doing nothing, I know I have enough spyware and viruses. I let them go to town on the hard drive. I delete files, and let the viruses rewrite them.

    Step 2 is putting a Debian CD in the cd-rom and reformatting the hard drive and installing Debian. I then go to websites with huge mpegs and download them until the hard drive is full of data. I delete all this data and do it all over again.

    Next is a Windows 2000 install, in NTFS. I go back to virus and malware websites, and let the hard drive get infected again.

    My final step is a simple FAT format, and the sale. If someone tries to recreate what was one the drive, they might recreate a virus. I toss the debian and large file step in the middle to over write what was written the first time. It is another layer to the cake.

    Oh, I am delusional and paranoid too. People tell me I get fanatical about shit like privacy. You might not need to go through all the steps. A simple format might be all you need, unless you suspect the person buying the hard drive has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  10. Goverment? by Stuart+Gibson · · Score: 4, Funny
    Govermental Servers Wiped? Never!

    "Eighteen AIX servers purchased from goverment via auction"
    So, is this genuinely how government is spelt in Australia, or are the editors too lazy to pick up on a glaringly obvious spelling mistake...

    Twice.

    Stuart
    --
    It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
  11. Reminds me of when I worked for US government... by Anti-Trend · · Score: 5, Interesting
    I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

    -AT

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.
  12. Cheaper ways... by pimpimpim · · Score: 5, Insightful
    There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:

    http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004
    see october 7th 2004

    Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

    These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.

    --
    molmod.com - computing tips from a molecular modeling
  13. you know they could have just.... by thegoogler · · Score: 5, Informative
    used dban, its not rocket science. just put the disk in and hit ok

    o wait, this is the goverment, nevermind

  14. ...really bad impersonation of Rolf Harris... by jd · · Score: 4, Funny

    "...And he sang as he laughed as he carted off the server rack - you'll come a-waltzing Matilda with me!"

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  15. What you *should* be worried about.... by brunes69 · · Score: 4, Insightful

    ... is the more likely scenario - that, for every one of these incidents that are reported, there are 10 that are not.

  16. ebay is great for this... by bani · · Score: 4, Interesting

    You could probably make a living selling data snarfed from used disks/tapes off ebay.

    I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.

    Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.