Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unclean Military Hard Drives Sold On eBay

Posted by CmdrTaco on from the they-should-know-better dept.

An anonymous reader writes "The Daily Mail reports, 'Highly sensitive details of a US military missile air defense system were found on a second-hand hard drive bought on eBay. The test launch procedures were found on a hard disk for the THAAD (Terminal High Altitude Area Defense) ground to air missile defense system, used to shoot down Scud missiles in Iraq. The disk also contained security policies, blueprints of facilities, and personal information on employees (including social security numbers) belonging to technology company Lockheed Martin — who designed and built the system.' Scary that they did not wipe it to Department of Defense standards, which I believe is wiping the whole disk and then writing 1010 all over it."

5 of 369 comments (clear)

  1. please... by VMaN · · Score: 5, Interesting

    Before people start discussing if drives should be overwritten 32 or 2^32 times, please show me ONE proven example of a regularly zeroed drive being recovered.

    This challenge has stood for more than a year.
    http://16systems.com/zero.php

  2. Re:Scary that they sold the disk at all by bleh-of-the-huns · · Score: 4, Interesting

    There are much quicker ways then that. In fact, at my old office, we had NSA approved degaussing equipment for hard drives, that destroyed the data permanently (no amount of forensics will be able to retrieve it), but left the drive itself intact for reuse or resale.

    The fun part of course is that when you turn it on.. 2 or 3 floors of lights all dimmed at the same time for a few seconds while it powered up and it hummed.. loudly... Thats a powerful magnet :)

    --
    I came, I conquered, I coredumped
  3. Probably illegally sold by roger_that · · Score: 5, Interesting

    The drives were probably illegally sold. DoD requires the destruction of classified drives, and contractors are supposed to follow the same rules. If the drive(s) in question held classified data (which they apparently did), they should have been wiped, then physically destroyed. Sounds like someone bypassed the last step, and tried to make a little profit on the side, by selling the "destroyed" drive.

    Disclaimer: I work for a contractor on a US Government contract, working with classified data. (at the five-sided building)

  4. Re:DoD wiping standards by bleh-of-the-huns · · Score: 4, Interesting

    Certain 3 letter facilities in the US do that.. in fact, any electronic equipment going in.. never leaves. I have seen the destruction of a thumb drive that accidentally made it into the facility (many people arrived for a meeting there), but was caught on the way out and destroyed.

    Same facility provides all electronic equipment needed for various press events and what not.

    --
    I came, I conquered, I coredumped
  5. Re:Why not just destroy these disks? by camperdave · · Score: 5, Interesting

    Why does the DoD not simply destroy the disks in question?

    Sometimes it's easier to detect a security problem by letting some information leak.

    --
    When our name is on the back of your car, we're behind you all the way!