Reporters find Northrop Grumman data in Ghana market
A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.
The drive had belonged to a Fairfax, Virginia, employee who still works for the company and contained "hundreds and hundreds of documents about government contracts," said Peter Klein, an associate professor with the University of British Columbia, who led the investigation for the Public Broadcasting Service show Frontline. He would not disclose details of the documents, but he said that they were marked "competitive sensitive" and covered company contracts with the Defense Intelligence Agency, the National Aeronautics and Space Administration and the Transportation Security Agency.
The data was unencrypted, Klein said in an interview. The cost? US$40.
Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC. "Based on the documents we were shown, we believe this hard drive may have been stolen after one of our asset-disposal vendors took possession of the unit," the Northrop Grumman said in a statement. "Despite sophisticated safeguards, no company can inoculate itself completely against crime."
A Northrop Grumman spokesman would not say who was responsible for disposing of the drive, but in its statement the company noted that "the fact that this information is outside our control is disconcerting."
Some of the documents talked about how to recruit airport screeners and several of them even covered data security practices, Klein said. "It was a wonderful, ironic twist," Klein said. "Here were these contracts being awarded based on their ability to keep the data safe."
According to Klein, it's common for old computers and electronic devices to be improperly dumped in developing countries such as Ghana and China, where locals scavenge the material for components, often under horrific working conditions.
Last year the U.S. Government Accountability Office found that a substantial amount of the country's e-waste ended up in developing countries, where it was often dangerously disposed of.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld
On Twitter now
security
Powered by TwitterOn Twitter now
security
Brian Proffitt
openSUSE: Not for sale today
pasmith
Two new sources fuel the Verizon iPhone rumor mill
sjvn
The Corporation has gone Open Source
Mike Elgan
What to do with your Google 'Social Circle'
Sandra Henry-Stocker
Unix How To: Give me that old-time security!
Dan Tynan
What's worse than privacy legislation? No privacy legislation
The IFA consumer electronics exhibition turns 50
Albert Einstein opened the 7th Great German Radio and Phonograph Show, the forerunner to today's IFA, in Berlin in 1930. The show marked the public debut of a prototype 'television receiver.' Since then, some products, like the 3DTV, were ahead of their time. Others, like the MiniDisc...well, just never got off the ground. Here's a look at IFA's storied past.
IFA 2010
Samsung launches Galaxy Tab
3D content is king at giant tech show
PlayStation 3 will be ready for 3D by October
Sony announces music service, hints at TV service
Google's Schmidt to speak at Berlin show
3D, tablets galore expected at consumer electronics show
destroy data:
dd if=/dev/urandom of=/dev/hdc bs=4096and give it some hours time.
Physical destruction of disks
"The surest way to get your data off of a hard drive is to physically destroy it, Moulton said."enact june
Sorry, but that is absolute rubbish. Write 0's and 1's enough times over a disk using something like "Darik's Boot And Nuke" and no one can get the data back.
It annoys me that thinking the only way to destroy data is to physically break the disk. That just shows ignorance of how technology works.
Bad Blocks and Prcediural Errors
From the FA: the data recovered is from bad blocks (automatically remapped by the drive firmware and thus unwipeable) and from drives that were procedurally missed.It's a lot harder to "miss" a drive if your process is physical destruction, rather than a mere wipe: in the former case, a visual inspection will easily catch the oversight.