Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporters Find US Gov't Data In Ghana Market

Posted by samzenpus on from the full-recycle-bin dept.

narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"

20 of 154 comments (clear)

  1. Contracts by hellfish006 · · Score: 3, Interesting

    They should lose their contracts for failing to wipe the data off the hard drives.

    1. Re:Contracts by Cheerio+Boy · · Score: 4, Informative

      They should lose their contracts for failing to wipe the data off the hard drives.

      They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

      --

      "Bah!" - Dogbert
    2. Re:Contracts by plover · · Score: 5, Insightful

      They should lose their contracts for failing to wipe the data off the hard drives.

      They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

      They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."

      There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.

      --
      John
    3. Re:Contracts by Cheerio+Boy · · Score: 4, Informative

      They should lose their contracts for failing to wipe the data off the hard drives.

      They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.

      They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."

      There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.

      ITAR is pretty strict but you're probably right in that they'll blame the recycling firm or some such nonsense. From my experience they can at least expect a fresh ITAR audit courtesy of the federal gooberment because there is now "reason to question" their security.

      Personally I don't let a hard drive out of the building unless it's been at least wiped (non-secure data) if not destroyed (secure data). Usually I destroy them just to make sure.

      --

      "Bah!" - Dogbert
    4. Re:Contracts by geobeck · · Score: 4, Interesting

      They should lose their contracts for failing to wipe the data off the hard drives.

      What's so ridiculous is how easy it is to destroy data without investing in ultra-super-duper-mil-spec data destruction software. When I destroyed hard drives for my old company, I'd pull out the drive, take it down to the shop floor, and watch as one of our fabricators put a 1/2-inch hole through the platters with a drill press. It's theoretically possible that an expert who really, really wanted our data could have read something from the partial platters, but I guarantee that none of our drives ever showed up in use anywhere else.

      And with the old IBM death stars, pretty much any possibility of data recovery was eliminated when those glass platters shattered inside the case as the drill went through.

      Of course, this technique requires you to have a drill press or a good, sturdy hand drill somewhere on your site, but I think Northrop Grumman could afford one of those.

      --
      Find environmentally and socially responsible products on http://buy-right.net
  2. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  3. When I dispose of an obsolete drive by Peter+Simpson · · Score: 3, Interesting

    I disassemble it, remove the platters, mount each one in a vise and bend it by striking it with a hammer.

    If they can get data off that platter, they're welcome to it.

    1. Re:When I dispose of an obsolete drive by rotide · · Score: 5, Informative
      Sounds time intensive. While a little pricey, get a hard drive destroyer. Pop it in, hit go and it folds 90 degrees!

      http://www.garner-products.com/PD-8400.htm

    2. Re:When I dispose of an obsolete drive by FudRucker · · Score: 3, Funny

      thermite, lets see them get data out of a pile of slag

      --
      Politics is Treachery, Religion is Brainwashing
    3. Re:When I dispose of an obsolete drive by Patrik_AKA_RedX · · Score: 4, Funny

      My methode is much better. I install windows on it, have internet explorer start automaticly and open Slashdot. By the time they're done, the data is way to old to be of any relevance.
      The rest of the drive I fill up with the combine works of David Hasselhof. Cruel, but effective.

    4. Re:When I dispose of an obsolete drive by hairyfeet · · Score: 3, Insightful

      Same here, that is just stupid and wasteful, not to mention based on old wives tales. I have yet to see ANYBODY recover a DoD wiped drive. You'd think that one of those data recovery firms would brag about it if they had actually been able to pull it off, yet nada. Give them a good DoD wipe and then they can be reused in computers for the poor.

      Even to this day I have no problem giving away a 400Mhz or better to somebody who doesn't actually have a PC. Just slap DSL-N and they have a nice clean desktop that is quite fast and a pleasure with to surf. I keep a 733MHz around to run Win9X for old games and to surf on when my main boxes are busy, and with 384Mb of PC100 and DSL-N it is a very pleasurable surfing experience. It is just stupid and wasteful to destroy those drives and make even more e-waste when they can be reused by those that don't have any. Single moms, homeless shelters, churches, there are tons of places that are quite happy to take a free working machine, and if everyone destroys the drive the cost of giving those machines away suddenly becomes too expensive.

      So don't fall for old wives tales, DoD wipe and recycle. Good for the environment and your fellow man.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:When I dispose of an obsolete drive by DavidTC · · Score: 3, Informative

      I have yet to see ANYBODY recover a DoD wiped drive. You'd think that one of those data recovery firms would brag about it if they had actually been able to pull it off, yet nada. Give them a good DoD wipe and then they can be reused in computers for the poor.

      Forget DoD wipes, it has never even been demonstrated it's possible to recover data from a single 00000000 wipe. No one has ever managed to read as much as a byte of data after it has been overwritten once with any value.

      The whole thing is sheer paranoid lunacy. It has its origin when hard drives encoded data in a different way, and were a lot looser in where they wrote on the drive, so in theory parts of the signal could be left behind. But that was only hypothetical even back then, there was no way to separate the signals out, and hard drives are a lot denser and encode the signal differently now.

      The only thing that makes a bit of sense is that hard drives can reassign clusters and leave data behind in bad ones, but you can get around that by using the right commands. It would be a hell of a lot more useful if the DoD would just invest in some external hard drive controller-type device to low-level format drives, and then when they're done turn on a huge magnet just to make sure.

      And stop wasting all that hardware.

      --
      If corporations are people, aren't stockholders guilty of slavery?
  4. They found... by iamapizza · · Score: 4, Funny

    some of the documents talked about how to recruit airport screeners

    It contained a link to monster.com?

    --
    Always proofread carefully to see if you any words out.
    1. Re:They found... by pjt33 · · Score: 3, Funny

      Airport screeners know how to use monster.com?!

  5. Bargain basement??? by fuzzyfuzzyfungus · · Score: 4, Insightful

    $40 for a used hard drive of unknown provenance seems pretty high, unless you are talking about a considerably cooler than ordinary drive. Methinks that those journalists were haggling about as effectively as someone with an expense account for the story might be expected to.

  6. Re:Umm.. that's not how it works by langelgjm · · Score: 3, Insightful

    .I thought the same thing at first, but then I read the rest of the summary:

    some of the documents talked about how to recruit airport screeners and several of them even covered data security practices

    Typically we're interested in contracts during the bidding process (to make sure the public is not being ripped off), and later on, to see that the contractor actually delivers the goods. But "transparency" doesn't mean everyone needs to know the details of how Northrop Grumman builds its missiles or whatever.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  7. Re:Umm.. that's not how it works by Opportunist · · Score: 3, Funny

    I think it's asking a bit much of the US taxpayer that he should be required to go to a local market in Ghana to buy the info. It should be provided by the government.

    Besides, this is a company providing the info. I'm not really much into socializing everything, but dammit, there are some things that belong into government hands!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re:Still? by Ritz_Just_Ritz · · Score: 4, Informative

    Did you even read the article? It doesn't appear that the employee was at fault. The computer was "disposed of" by some outside company. Allegedly, they are responsible for sanitizing the hardware prior to binning it or parting it out.

    I would expect, however, that this "outside firm" is wondering if they still have their contract with Northrop Grumman. I suspect not.

  9. Re:Yea by rhook · · Score: 5, Insightful

    Those "locks" do nothing to protect the data, and the drive still spins up when power is applied. You can even retrieve the password if you know what you're doing. Full drive encryption is a much better solution.

  10. The NSA should just buy all the drives on eBay! by whoever57 · · Score: 4, Funny

    Instead of using illegal wiretaps, the NSA should just buy every drive that is sold on eBay. Just think of the information they could mine out of them!

    --
    The real "Libtards" are the Libertarians!