Computer disk containing missile defense details sold on Ebay


(BBC) Sensitive information for shooting down intercontinental missiles as well as bank details and NHS records was found on old computers, researchers say.

Of 300 hard disks bought randomly at computer fairs and an online auction site, 34% still held personal data.

Researchers from BT and the University of Glamorgan bought disks from the UK, America, Germany, France and Australia.

The information was enough to expose individuals and firms to fraud and identity theft, said the researchers.

Professor Andrew Blyth said: "It's not rocket science - we used standard tools to analyse the data".

The research involving the Welsh campus was led by BT's Security Research Centre and included researchers at Edith Cowan University in Australia and Longwood University in the US.

In addition to finding bank account details and medical records, the work unearthed job descriptions and personal identity numbers as well as data about a proposed $50bn currency exchange through Spain.

Details of test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground-to-air missile defence system was found on a disk bought on eBay.


The missile system, tested as recently as March 2009 following a controversial missile test by North Korea, is designed to destroy long-range intercontinental missiles launched by terrorists or countries the US considers to be "rogue states".

The missile system was designed and built by US defence group Lockheed Martin and the same computer hard disk also revealed security policies and blueprints of facilities at the group, and personal information on employees.

The researchers said a disk from France included security logs from an embassy in Paris, while two disks from the UK appear to have originated from a Scottish health board.

The disks had information from the Monklands and Hairmyres hospitals, part of Lanarkshire health board, and revealed patient medical records, images of x-rays, medical staff shifts and sensitive and confidential staff letters.

Another disk, from a US-based consultant, formerly with a US-based weapons manufacturer, revealed account numbers and details of proposals for the $50bn currency exchange as well as details of business dealings between organisations in the US, Venezuela, Tunisia and Nigeria.

Personal correspondence was also found from a member of a major European bank.

'Illegal'

Prof Blyth, an expert in computer forensics and principal lecturer at the University of Glamorgan's faculty of advanced technology, said the results were in line with previous studies which showed 40%-50% of second-hand disks that can be powered up contained sensitive data.

He said: "While it's not getting worse, its not getting any better either.

"It's not rocket science. I could probably take somebody who is 14 or 15 years old and in a day have them doing this."

Dr Andy Jones, head of information security research at BT, said: "It is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks.

"Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly."

In a statement, Lanarkshire health board said: "This study refers to hard disks which were disposed of in 2006. At that time NHS Lanarkshire had a contractual agreement with an external company for the disposal of computer equipment.

"In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable."

The board has carried out a review of its policies and now no longer uses external companies to dispose of IT equipment, the statement added.

A spokesman for Lockheed Martin said the company was not aware of any "compromise of data" related to the THAAD programme, and no government or law enforcement agency had notified it of any such loss.

The results of the study, the fourth in a five-year project, will be made available in a paper appearing in the next issue of the Journal of International Commercial Law and Technology (JICLT) 2009.



Copyright © Jewish Internet Defense Force
All Rights Reserved

LEGAL:
The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Related Posts with Thumbnails