With all of those crazy defense contracts
Lockheed Martin has goin' on, you'd think the company would have its act together as far as the need to hold down its data goes -- but according to
The Daily Mail, this may not be the case. Researchers at BT's Security Research Center have found an overwhelming amount of sensitive data on hard drives purchased through computer fairs and auctions as a part of a recent study, including: bank account details, medical records, and confidential business and financial data. Although many organizations were found to be at fault, the most troubling (sensational) instance included test launch procedures for Lockheed Martin's THAAD (Terminal High Altitude Area Defense) missile defense system, found on hardware purchased from eBay. Also on the same disk were security policies, blueprints, and employees' personal info. When asked for a comment, a spokesman for the company stated that "Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source." It looks like we're not getting to the bottom of this one any time soon, but in the meantime: if any defense contractors have any questions on the subject,
we'll be happy to help.
[Via
Slashdot]
posted May 7th 2009 4:39PM
Forget trying to wipe the drive, just fill it with pr0n.
my discarded hard drives would make you horny
then why the heck did you discard it?
No wonder everytime I boot up my computer plans for the Yf-24 pop up.
Go figure.
This is porn to some people.
looks like they need to use data tapes back.
just degauss before disposing off.
Or they could just smash their hard drive with a hammer.
...then put the smashed remains in a incinerator.
With some of our nations brightest working there you'd think they'd know how get rid of top secret data....
@Platinum_Skeet - I graduated from GT and worked for their alumni association. Both the people who I talked to who worked there and my friends who were hired there out of college really aren't the brightest people in the world. Sure they can do some pretty complicated problems, but most of the old people don't like computers and the new generation feel they don't have the time to care and figure the company would take care of it.
You don't have to be smart to get a defense project, you just have to like making things that go BOOM!
Or just show the hard drives a picture of whoever (or whatever?) that is in your avatar. Eesh!
If they degaussed them, they wouldn't be on eBay; running a HD through a degauss process renders it unusable as it erases ALL magnetic data- including track servo data that the drive needs to determine exactly where the head is.
Why don't people discard harddrives AFTER they have destroyed them? I read not too long ago about different ways to destroy harddrives. Just use a drill and punch some holes in it or grind it to dust with some sand paper/power sander. If they have all the time in the world to get rid of these harddrives, you'd at least think that they would take the time to shred the harddrive by rewriting over it or something.
Or just open it and pass a couple of magnets over it. It'll be wiped out then.
you're doing it wrong... thermite
Actually ontrack a civilian company advertises being able to recover data from hard drives with bullet holes after being submerged under water..... and they aren't the only ones that can do that
so yeah... shread drive then melt it... even then it probably isn't 100% safe :-P
w/ the price of a typical hard drive it would probably be more cost-saving in terms of man-power if they could just destroy the old hdd and replace it w/ a new one.
Does anyone else suspect, this was an internal leak for profit?
No
I'm all for income at someone else's expense, sticking it to the man, and various other types of anti-establishment activities. However, when it comes to espionage, I probably wouldn't fuck with the U.S.
Shit I wish I come across one of them, instant cash from the Chinese Government.
Totally agree, i would upload all the information to wiki leaks and tell lockheed to evaluate that!
Even if it comprised your country and consequently your welfare? Thought not. Typical internet 'bad ass'.
And instant death from the US Government when they find out, you traitor :)
Yes, because large, international spy agencies really need your help to obtain the janitor's phone number and their launch procedures.
Watched this on BBC News tonight, un-be-freakin-lievable.
BAH that was meant for @wetworker.
This shows you how stupid people are, yet they are in charge. Maybe one should question the upper ups, which I think would have no clue either.
this does not show you how stupid ppl are, this last election shows you that. this just shows you that there was a major slip up in the security department for that project ( which is a very very small part of the company as a whole ).
@stellar
I'll assume you were you referring to the last Canadian federal election.
Epic fail. I work in the industry and for something like this to happen there has to be a whole series of screw ups. No one person is responsible for things like this. Things like this always happen when people start being too comfortable with processes and procedures. Yeah, its an epic pain in the ass to give a drive downgraded and destroyed, but it has to be done.
Did they really need a study to tell them not to do that?
Pretty sad stuff. I worked as a contractor for a government agency doing very unclassified scientific research. We followed the top OpSec rules, wipe the drive with random data (1 pass) then take the drive apart and smash the platters. Lockheed should be embarrassed.
again, lockheed has nothing to be embarrased about, this story doesnt even have details, for all we know someone stole a work pc and sold it on ebay, but yes, someone could have screwed up but it doesnt reflect the entire company. of all companies globally, they are in the upper ten percent because of their outstanding success. failure may be popular sediment for the majority of ppl, but if you work there, a little slip gets you fired, a big slip lands your ass in jail.
HOLY SHIT I WORK THERE
COOL!
We know all about it already.
Where? Karakura town, hueco mundo or soul society?
BT is a British company so they do not have a Security Research Center, they have a Security Research Centre.
This may sound like a small thing but really it's disrespect for cultural differences.
RE-
Samboini @ May 7th 2009 5:25PM
Even if it comprised your country and consequently your welfare? Thought not. Typical internet 'bad ass'.
...........................................................................................................................................................................
Hell why not, that's how the US got to be top dog, help from Nazi scientist after the war.
The Germans were light years ahead of everyone with their rocket technology, the Russians managed to scraped up of few of them but the lions share went to the US, firing squad or work for uncle Sam.
war technology has been passed down from one people to the next. Sun Tzu - The Art of War is used by the US government so why not get paid for some US technology you legally bought. I'm not American BTW
You know you could just hit reply right?
I'm employed as an IS Software guy, with an engineering background.... I think I have a fairly unique view on things like this, at least as it goes where I work.
1. The MIS department is responsible for software and hardware.
2. Engineering thinks all of MIS is incapable and that they can do better.
3. Engineering completely disregards MIS.
4. Engineering sends old hard drives home with a janitor... (no, seriously)
Things like this happen because companies don't enforce policies from the top down, you'd certainly hope that a company with such a high level of security access would have strict enough procedures in place to prevent something like this from happening... apparently not strict enough.
This title is not only deceiving, it's a flat out lie! Is Lockheed selling drives that haven't been properly wiped? I certainly don't doubt it. However, nothing in that article makes me think that it has to do with anything classified. They are simply drives form normal computers. If it was classified data that would be a MAJOR deal and would probably get any responsible department COMPLETELY shutdown by the government. As is, this is just a case of LM being stupid with their own proprietary data, not Government Classified info.
I work for LM and I can tell you that classified drives are NEVER resold. They are destroyed. They do this because they know you can never truly make all the data irrecoverable. So I'm asking you to please get your titles straight as your looseness with wording, if taken literally, would be tantamount to putting the company out of business. That can majorly affect a company when reported in the media.
"you can never truly make all the data irrecoverable"
.... low level format... done
but out of precautions, they probably just destroy them.
I did a study of my own as well and I found that there are still stupid people that work for important companies. I'm doing a similar study about government administrations that's not finished yet, but I think I know where this one's going.
;-)
"How much data was compromised?"
"Oh, um... just a THAAD."
(insert rim shot here)
Sorry.
ummm why wasn't the drive incinerated or exposed to the magnet capable of doing an MRI? Last time I checked, that is the requirement......
Two programs:
Shred
Eraser
C'mon you guys are freakin rocket scientists!!! You should know better.
Or:
Stick them in a pile on the space shuttle launch pad and watch em melt.
I know some people where I work got a little nervous when one of our old servers we'd recycled back to the vendor showed up on ebay with our branding still on it (oops).
Now I've got a setup that allows for pxe booting into a custom DBAN build now to not only auto-wipe but syslog what it does as well.
I used to work there with a TS/SCI clearance and I can honestly say that we as a nation have a big problem using this company for our defense purposes.The truely innovative engineers from GE are now either retired or dead and there is no one left except young kids who don't even know how a computer truely works. The company has become much more friendly toward foriegn govenments. I couldn't believe some of the people I used to work with. There were a handful of good workers left, but I really mean very few. The majority of Lockheed Martin employees that I dealt with were technical dunces and were just there to collect there weekly paycheck. They have the buggest network of people that cover each others backs while they get away with fraud. I know 1 employee who claims to be working from home a lot and he is at the local bar drinking most of the day!! My supervisor was in the office about 2 times a month and when he was he was only there for a few hours each time. This is an amazing dream job!! I worked with another employee who couldn't even spell correctly!! He has been there for almost 10 years now and the whole time I knew him he never completed 1 successful project!! Any time someone would doubt his performance he would go to the Ethics department telling them he was being discriminated against. There are so many more incidences I encountered I could write a book. Lockheed Martin is taking the USA for a ride, and I don't mean in a SR-71!!!!