Slashdot Mirror

← Back to Stories (view on slashdot.org)

Governmental Servers Wiped? Never!

Posted by timothy on from the but-this-is-in-australia dept.

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

14 of 284 comments (clear)

  1. Understandable . . . by Gabrill · · Score: 5, Funny

    They're just rushing to get rid of the things without properly preparing them. Kinda like this attempt at a firt post!

    --
    Always going forward, 'cause we can't find reverse.
    1. Re:Understandable . . . by acceber · · Score: 5, Interesting
      "Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

      The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems. It's not surprising that a blunder such as this went by unnoticed.

      I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

  2. I don't know what's worse... by Anonymous Coward · · Score: 5, Funny

    * That they have sold a bunch of servers laden with personal information for hardly any money at all, or
    * Somebody out there is still running AIX

  3. Policy by Anonymous Coward · · Score: 5, Funny

    Why are we suddenly complaining about Government being too open?

  4. As an Australian... by PrivateDonut · · Score: 5, Funny

    this is why I love living in Australia! Nobody takes anything too seriously (except beer and sport, which we take very seriously)

    1. Re:As an Australian... by trime · · Score: 5, Funny

      Bruce here is head of the document security department, and is also in charge of the sheep dip.

  5. 14 bucks? you got ripped :) by ashridah · · Score: 5, Interesting

    At ~$14USD per server, it's amazing how cheap personal information has become.
    $14 USD? You got ripped off.

    A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
    Slashdot remembers :)

    Makes me proud to be an aussie sometimes :)

  6. Government by Anonymous Coward · · Score: 5, Interesting

    Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

    Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

  7. You understand that... by PrivateDonut · · Score: 5, Insightful

    if this guy planned on doing anything with the data, he probably wouldn't have blogged about it. He would copy the data, wipe the disks and pretend that he had seen nothing.

    Then at a later date, he could do his evil work using that data.

    Therefore, this particular blunder is nothing to get worked up about, but the potential for future blunders is.

  8. Does he have a license to the source now? by mveloso · · Score: 5, Interesting

    Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

  9. Re:Not trivial though by John+Seminal · · Score: 5, Funny
    Its kind of hard to get rid of your data on a hard drive.

    I found running a magnet over it is a good first step. Unscrewing it and opening it is a good second step. Taking a hammer to the internal parts is step 3. And putting the parts over a fire won't hurt. For a final step, I like to throw the hard drive in the lake of acid.

    I also pee on the hard drive. Just incase someone is smart enough to fuck me and find out what was on the hard drive, I can have the last laugh knowing they touched my pee.

    Oh, but you want to sell the hard drive, sans data? Now that gets tricky.

    Here is what I have done in the past when I wanted to sell or give away a hard drive, but did not want anything to be retrievable off the hard drive.

    I start with a format using a windows 98 floppy that will write a FAT table. I then load windows 98 on it and go to malware, spyware and those kinds of websites. When I get to 90% CPU in usage while doing nothing, I know I have enough spyware and viruses. I let them go to town on the hard drive. I delete files, and let the viruses rewrite them.

    Step 2 is putting a Debian CD in the cd-rom and reformatting the hard drive and installing Debian. I then go to websites with huge mpegs and download them until the hard drive is full of data. I delete all this data and do it all over again.

    Next is a Windows 2000 install, in NTFS. I go back to virus and malware websites, and let the hard drive get infected again.

    My final step is a simple FAT format, and the sale. If someone tries to recreate what was one the drive, they might recreate a virus. I toss the debian and large file step in the middle to over write what was written the first time. It is another layer to the cake.

    Oh, I am delusional and paranoid too. People tell me I get fanatical about shit like privacy. You might not need to go through all the steps. A simple format might be all you need, unless you suspect the person buying the hard drive has thousands of dollars in equipment and training to recreate your deleted data (like the National Security Agency in conjunction with the CIA and colonel sanders from KFC. Why would a military grade officer be selling chicken? To get closer to YOU!).

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  10. Reminds me of when I worked for US government... by Anti-Trend · · Score: 5, Interesting
    I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

    -AT

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.
  11. Cheaper ways... by pimpimpim · · Score: 5, Insightful
    There was a case in the Netherlands where a state prosecutor just put his personal pc at the trash when it didn't work anymore due to spyware:

    http://www.expatica.com/source/site_article.asp?su bchannel_id=19&story_id=13469&name=The+Dutch+news+ in+October+2004
    see october 7th 2004

    Some taxi-driver found it, discovered that it had very sensitive information about some current open cases on it, and a lot of personal stuff that could make the prosecutor vulnerable for blackmail etc. when in the wrong hands.

    These things just show that some state organisations (or the people working there) have really too little awareness of handling computer data the right way. Actually this year we had a case in the netherlands where some secret state report ended up in an upload filesharing folder of the person working on it, and thereby just could spread all over. I think people working at such positions really should be instructed on safe computing, especially at home or using laptops, the risks are pretty high that data can get stolen.

    --
    molmod.com - computing tips from a molecular modeling
  12. you know they could have just.... by thegoogler · · Score: 5, Informative
    used dban, its not rocket science. just put the disk in and hit ok

    o wait, this is the goverment, nevermind