Slashdot Mirror
Reporters Find US Gov't Data In Ghana Market
narramissic writes "'Hundreds and hundreds of documents about government contracts,' were found on a hard drive purchased at a market in Ghana for the bargain basement price of $40, said Peter Klein, an associate professor with the University of British Columbia, who led an investigation into the global electronic waste business for the PBS show Frontline. The hard drive had belonged to US government contractor Northrop Grumman and in a made-for-TV ironic twist, 'some of the documents talked about how to recruit airport screeners and several of them even covered data security practices,' Klein said. 'Here were these contracts being awarded based on their ability to keep the data safe.'"
They should lose their contracts for failing to wipe the data off the hard drives.
They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.
"Bah!" - Dogbert
some of the documents talked about how to recruit airport screeners
It contained a link to monster.com?
Always proofread carefully to see if you any words out.
$40 for a used hard drive of unknown provenance seems pretty high, unless you are talking about a considerably cooler than ordinary drive. Methinks that those journalists were haggling about as effectively as someone with an expense account for the story might be expected to.
http://www.garner-products.com/PD-8400.htm
Did you even read the article? It doesn't appear that the employee was at fault. The computer was "disposed of" by some outside company. Allegedly, they are responsible for sanitizing the hardware prior to binning it or parting it out.
I would expect, however, that this "outside firm" is wondering if they still have their contract with Northrop Grumman. I suspect not.
They should lose their contracts for failing to wipe the data off the hard drives.
They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.
They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."
There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.
John
Those "locks" do nothing to protect the data, and the drive still spins up when power is applied. You can even retrieve the password if you know what you're doing. Full drive encryption is a much better solution.
They should lose their contracts for failing to wipe the data off the hard drives.
They likely will as this is almost certainly a violation of ITAR regulations. Northrup Grumman does very little that is non-military.
They most certainly will not lose their contracts over this. They'll find a way to blame the lost data on some tiny sub-subcontractor that the subcontractor responsible for disposing of used equipment hired to wipe the drives, and they'll get fired. Or maybe they'll fire the person who kept the data on their hard drive instead of the network drive, and trot out the click-through policy that says "we told you we could fire you for violating this policy."
There's always a weasel-way for companies to get out of these situations by blaming someone for the failure.
ITAR is pretty strict but you're probably right in that they'll blame the recycling firm or some such nonsense. From my experience they can at least expect a fresh ITAR audit courtesy of the federal gooberment because there is now "reason to question" their security.
Personally I don't let a hard drive out of the building unless it's been at least wiped (non-secure data) if not destroyed (secure data). Usually I destroy them just to make sure.
"Bah!" - Dogbert
My methode is much better. I install windows on it, have internet explorer start automaticly and open Slashdot. By the time they're done, the data is way to old to be of any relevance.
The rest of the drive I fill up with the combine works of David Hasselhof. Cruel, but effective.
What's so ridiculous is how easy it is to destroy data without investing in ultra-super-duper-mil-spec data destruction software. When I destroyed hard drives for my old company, I'd pull out the drive, take it down to the shop floor, and watch as one of our fabricators put a 1/2-inch hole through the platters with a drill press. It's theoretically possible that an expert who really, really wanted our data could have read something from the partial platters, but I guarantee that none of our drives ever showed up in use anywhere else.
And with the old IBM death stars, pretty much any possibility of data recovery was eliminated when those glass platters shattered inside the case as the drill went through.
Of course, this technique requires you to have a drill press or a good, sturdy hand drill somewhere on your site, but I think Northrop Grumman could afford one of those.
Find environmentally and socially responsible products on http://buy-right.net
Instead of using illegal wiretaps, the NSA should just buy every drive that is sold on eBay. Just think of the information they could mine out of them!
The real "Libtards" are the Libertarians!