It’s
ironic that the head of an optical disc company would even pose the
question: "Are optical discs dead?" It is a fair question, however, and
one that I am asked quite often. Of course, before I respond, I must
say there is no crystal-ball certainty in the comments that follow. They
should best be considered within the context of a Delphi-like
observation from, if not an industry expert, an industry observer.
From its origins as a data version of a music CD disc, CD-ROM entered
the computer world thought process in 1986. Slowly, drivers were
written permitting the operating system of the early personal computers
to recognize a foreign device connected to it and thus MSCDEX was born,
the MS DOS CD ROM extensions.
CD-ROM
technology was a technological revolution. Early uses of CD discs
included exploiting the capacity of these small, shiny wonders, which
could store a whopping 300,000 pages of information.
·
In 1988, the Army Corps of Engineers opted to use the medium to store
massive amounts of information that needed to be analyzed as part of a
project to close a military base. The project was led by Dr. John
Belshay, who was instrumental in using this technology and, in part,
paved the way for its early adoption.
Over in Reston, Va., a
geologist named Jerry McFaul had a vision and saw how this valuable new
storage medium could benefit the US Geological Survey. The USGS is
responsible for tremendous amounts of information and in the
pre-Internet era, dissemination by CD media proved to have distinct
advantages over paper.
·
Jerry McFaul and Duane Marquis in 1986 established a user group that
was active for years called SIGCAT, or the Special Interest Group for CD
Applications and Technology. This organization spawned numerous niche
chapters, and optical discs saw an explosion of growth and through
practical applications both in the government sector and in the
commercial world.
·
Large projects like the genealogical project of the Church of Jesus
Christ of Latter Day Saints sought to place all known genealogical
records on CD discs, which would then be made widely available at the
church’s various regional centers.
·
Also at the time, the Defense Mapping Agency had what was believed to
be the largest collection of CDs in the world with detailed maps and
data collected from our observation satellite platforms.
In 1995 the "big fat CD-ROM," better known as the Digital Versatile
Disc or DVD, came onto the marketplace. While a CD could hold 700 MB of
information, a single-layer DVD could hold nearly seven times that
amount, a staggering 4.7 GB.
By
1996 there were an estimated 5 billion floppy discs in use. In 2010,
it is difficult to find a motherboard with floppy support. In 2009 there
were only 12 million. Sony announced the death of the floppy in 2010.
Since 2009, CD ROM drives largely have been replaced by multi-function
DVD drives capable of reading and writing CDs, DVDs and the erasable
CDs and DVDs known as CD- or DVD-RAM.
So,
where are we going from here? To answer that important question, a
very short list of analysts and consulting firms track the optical disc
recording industry. Forefront in expertise in this niche analysis world
is the Santa Clara Consulting Group. The information below is taken
from their reports available on their web site at www.sccg.com
and from previous analysis done by Lawrence Leuck, the founder of
Magnetic Media Information Services, who passed away in 2008.
In
2008, CD-R media amounted to a worldwide production of about 5 billion
units. In 2009, that fell to about 4.2 billion. And in 2010, it was down
to 3.3 billion. At the same time, production of CD writers slipped from
about 13 million recorders in 2008 to virtually none in 2011. The
production of DVD-R media, meanwhile, surpassed CD-R media in 2009 and
continues to gain distance.
In
2008, about 180 million DVD recorders were produced. That fell to below
150 million in 2009, and down to about 145 million in 2010. In these
same years, DVD-R media production went from nearly 5 billion in 2008,
to about 4.5 billion in 2009, and to 4.1 billion in 2010.
From
its first invention and release in 1995 by companies such as Philips,
Sony, Toshiba and Panasonic, DVD sky-rocketed to be mainstream in the
personal computer industry by the late 1990s.
Blu-ray optical
discs entered the technology stage in late 2000 and by 2003 the first
prototype players and recorders were introduced. Blu-ray, now offering a
new increment in storage capacity of 25GB once again increased the
capacity of DVD by over a factor of five. While both standard DVD and
Blu-ray had
options for multiple layers and in turn increased capacity, the industry largely has stabilized in CD ROM to
700 MB, and in DVD to 4.7 GB and in Blu-ray to 25GB.
So, are optical discs now dead barely five years from the release of the first Blu-ray and about 25
years since CD ROM was born? It depends on if you believe dinosaurs
are dead or that they live on in the genetic code of birds.
It
is inevitable in an age of high-speed Internet, cloud computing and
online video on demand that the commercial entertainment market segment,
which is by far the largest market segment for optical discs, will
continue to see a decline in worldwide production. At the current rate
of decline, CD-ROM media will be obsolete in 5 years or less, followed
soon after by DVD, with both media-types replaced by Blu-ray media.
However, it is fair to say that optical discs will continue to be of use
in the near to medium term (3-8 years) as a means of storing and
distributing entertainment media, such as music and movies, which do not
require the large capacity of Blu-ray discs. Optical discs also will be
of continuing use for storing sensitive or important information such
as legal, medical or security-sensitive data, meaning both CD and DVD
formats likely will survive for some time even after the industry
discontinues production.
Where
we are going in the future is evolving as optical, magnetic and solid
state technologies develop to provide even higher capacity, such as the
imminent holographic DVD format and the rapidly growing technologies for
USB and SSD drives. Indeed, the industry remains one that is exciting
and well worth the efforts to pursue its advancement.
Note: Any inaccuracies in this paper are the sole responsibility of the author and are unintentional. Comments can be sent to
*First published on 11-1-11 as 'Are Optical Discs Dead'
The smoking gun on China's U.S. cyberattacks By John Breeden II
Aug 26, 2011
A few weeks ago I wrote a column explaining, step by step, how hackers with a Chinese IP address attacked a honeypot network in the GCN Lab that had been set up for just that purpose.
We watched the attacks take place, made notes about what the hackers
did, the techniques they used, and tracked them back to several
addresses inside China.
In the comments section that followed, a few people complained that I
had no evidence that the attack actually came from China, implying that
I was slandering them in some way. Given that the Chinese government’s
official line has always been that it respects the rule of law and would
never attack a sovereign nation in cyberspace, I can see why they would
have defenders. In truth, other than the IP address of the people who
attacked our honeypot, I had no comeback, especially since IP addresses
can be spoofed.
But now, thanks to China itself, I have proof that the People’s
Liberation Army does attack the United States, and likely does so on a
regular basis.
China’s claims of innocence have come crashing down because of an
apparent mistake in editing in a documentary on the country’s own state
TV that should never have gone live. The PLA presentation demonstrated
its military capabilities. Amid all the tanks and planes, the propaganda
piece showed a mere four seconds inside the group's cyber warfare
center.
Without narration, one has to think that the cybersecurity part of
the piece was only put into the video by accident, a technical
background shot placed between segments for a bit of extra color.
However, those four seconds are both telling and damning to the Chinese
lie that they don’t attack the United States.
Here is the incredible part: During those four seconds, we clearly
see a Chinese soldier use a drop-down list to choose from preset target
websites around the world. Then he actually attacks a website in Alabama.
In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.
Going back to my original article, the type of attack that could be
instigated with the push of a button is exactly what I said happened to
the GCN honeypot network. First, a real hacker came in and tried to
steal data. Then the second team covered his tracks. The machine shown
on the PRC TV show is probably part of that second team. It could easily
do automatic attacks of the heavy-handed kind, things like SQL
injections that every high school hacker knows about. That program and
perhaps even that machine could be the one that attacked the lab
network.
Even though all the targets shown in the four-second video were Falun
Gong sites around the world, the fact that they were in a drop-down
menu is telling and appalling. You don’t set up drop-down menus with
attack buttons unless you plan to use them. And the Chinese military did
push the attack button in the video, so apparently it has no problem
pulling the trigger.
How many of these attack lists do they have? Is there another one
with U.S. government sites listed? Is there one with corporations or
media outlets in this country?
China has proved that it does not respect our borders when it comes
to cybersecurity. Government officials, Google and other victims of
cyberattacks have blamed China before, but always with China denying
involvement and its defenders using the spoofed-IP-address defense. But
now we have the proof. This was not a video made by “evil Western
democracies” or political dissidents. This was a program created by the
Chinese government and run on the country's own state TV.
So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.
It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it.
Download the PDF version of Operation Shady RAT report
For the last few years, especially since the public revelation of Operation Aurora,
the targeted successful intrusion into Google and two dozen other
companies, I have often been asked by our worldwide customers if they
should worry about such sophisticated penetrations themselves or if that
is a concern only for government agencies, defense contractors, and
perhaps Google. My answer in almost all cases has been unequivocal:
absolutely.
Having investigated intrusions such as Operation Aurora and Night Dragon
(systemic long-term compromise of Western oil and gas industry), as
well as numerous others that have not been disclosed publicly, I am
convinced that every company in every conceivable industry with
significant size and valuable intellectual property and trade secrets
has been compromised (or will be shortly), with the great majority of
the victims rarely discovering the intrusion or its impact. In fact, I
divide the entire set of Fortune Global 2000 firms into two categories:
those that know they’ve been compromised and those that don’t yet know.
Lately,
with the rash of revelations about attacks on organizations such as
RSA, Lockheed Martin, Sony, PBS, and others, I have been asked by
surprised reporters and customers whether the rate of intrusions is
increasing and if it is a new phenomenon. I find the question ironic
because these types of exploitations have occurred relentlessly for at
least a half decade, and the majority of the recent disclosures in the
last six months have, in fact, been a result of relatively
unsophisticated and opportunistic exploitations for the sake of
notoriety by loosely organized political hacktivist groups such as
Anonymous and Lulzsec. On the other hand, the targeted
compromises — known as ‘Advanced Persistent Threats (APTs)’ (although
this term lately lost much of its original meaning due to overzealous
marketing tactics of various security companies, as well as to the
desire by many victims to call anything they discover being successful
at compromising their organizations as having been an APT) — we are
focused on are much more insidious and occur largely without public
disclosures. They present a far greater threat to companies and
governments, as the adversary is tenaciously persistent in achieving
their objectives. The key to these intrusions is that the adversary is
motivated by a massive hunger for secrets and intellectual property;
this is different from the immediate financial gratification that drives
much of cybercrime, another serious but more manageable threat.
What
we have witnessed over the past five to six years has been nothing
short of a historically unprecedented transfer of wealth — closely
guarded national secrets (including from classified government
networks), source code, bug databases, email archives, negotiation plans
and exploration details for new oil and gas field auctions, document
stores, legal contracts, SCADA configurations, design schematics and
much more has “fallen off the truck” of numerous, mostly Western
companies and disappeared in the ever-growing electronic archives of
dogged adversaries.
What is happening to all this data — by now
reaching petabytes as a whole — is still largely an open question.
However, if even a fraction of it is used to build better competing
products or beat a competitor at a key negotiation (due to having stolen
the other team’s playbook), the loss represents a massive economic
threat not just to individual companies and industries but to entire
countries that face the prospect of decreased economic growth in a
suddenly more competitive landscape and the loss of jobs in industries
that lose out to unscrupulous competitors in another part of the world,
not to mention the national security impact of the loss of sensitive
intelligence or defense information.
Yet, the public (and often
the industry) understanding of this significant national security threat
is largely minimal due to the very limited number of voluntary
disclosures by victims of intrusion activity compared to the actual
number of compromises that take place. With the goal of raising the
level of public awareness today we are publishing the most comprehensive
analysis ever revealed of victim profiles from a five year targeted
operation by one specific actor — Operation Shady RAT, as I have named it at McAfee (RAT is a common acronym in the industry which stands for Remote Access Tool).
This
is not a new attack, and the vast majority of the victims have long
since remediated these specific infections (although whether most
realized the seriousness of the intrusion or simply cleaned up the
infected machine without further analysis into the data loss is an open
question). McAfee has detected the malware variants and other relevant
indicators for years with Generic Downloader.x and Generic BackDoor.t
heuristic signatures (those who have had prior experience with this
specific adversary may recognize it by the use of encrypted HTML
comments in web pages that serve as a command channel to the infected
machine).
McAfee has gained access to one specific Command &
Control server used by the intruders. We have collected logs that reveal
the full extent of the victim population since mid-2006 when the log
collection began. Note that the actual intrusion activity may have begun
well before that time but that is the earliest evidence we have for the
start of the compromises. The compromises themselves were standard
procedure for these types of targeted intrusions: a spear-phishing email
containing an exploit is sent to an individual with the right level of
access at the company, and the exploit when opened on an unpatched
system will trigger a download of the implant malware. That malware will
execute and initiate a backdoor communication channel to the Command
& Control web server and interpret the instructions encoded in the
hidden comments embedded in the webpage code. This will be quickly
followed by live intruders jumping on to the infected machine and
proceeding to quickly escalate privileges and move laterally within the
organization to establish new persistent footholds via additional
compromised machines running implant malware, as well as targeting for
quick exfiltration the key data they came for.
After painstaking
analysis of the logs, even we were surprised by the enormous diversity
of the victim organizations and were taken aback by the audacity of the
perpetrators. Although we will refrain from explicitly identifying most
of the victims, describing only their general industry, we feel that
naming names is warranted in certain cases, not with the goal of
attracting attention to a specific victim organization, but to reinforce
the fact that virtually everyone is falling prey to these intrusions,
regardless of whether they are the United Nations, a multinational
Fortune 100 company, a small non-profit think-tank, a national Olympic
team, or even an unfortunate computer security firm.
In all, we
identified 71 compromised parties (many more were present in the logs
but without sufficient information to accurately identify them). Of
these, the breakdown of 32 unique organization categories follows:
And
for those who believe these compromises occur only in the United
States, Canada and Europe, allow me change that perception with the
following statistics on 14 geographic locations of the targets:
The
interest in the information held at the Asian and Western national
Olympic Committees, as well as the International Olympic Committee (IOC)
and the World Anti-Doping Agency in the lead-up and immediate follow-up
to the 2008 Olympics was particularly intriguing and potentially
pointed a finger at a state actor behind the intrusions, because there
is likely no commercial benefit to be earned from such hacks. The
presence of political non-profits, such as the a private western
organization focused on promotion of democracy around the globe or U.S.
national security think tank is also quite illuminating. Hacking the
United Nations or the ASEAN (Association of Southeast Asian Nations)
Secretariat is also not likely a motivation of a group interested only
in economic gains.
Another fascinating aspect that the logs have
revealed to us has been the changing tasking orders of the perpetrators
as the years have gone by. In 2006, the year that the logs begin, we saw
only eight intrusions: two on South Korean steel and construction
companies, and one each on a Department of Energy Research Laboratory, a
U.S. real-estate firm, international trade organizations of an Asian
and Western nations and the ASEAN Secretariat. (That last intrusion
began in October, a month prior to the organization’s annual summit in
Singapore, and continued for another 10 months.) In 2007, the pace of
activity jumped by a whopping 260 percent to a total of 29 victim
organizations. That year we began to see new compromises of no fewer
than four U.S. defense contractors, Vietnam’s government-owned
technology company, US federal government agency, several U.S. state and
county governments, and one computer network security company. The
compromises of the Olympic Committees of two nations in Asia and one
Western country began that year as well. In 2008, the count went up
further to 36 victims, including the United Nations and the World
Anti-Doping Agency, and to 38 in 2009. Then the number of intrusions
fell to 17 in 2010 and to 9 in 2011, likely due to the widespread
availability of the countermeasures for the specific intrusion
indicators used by this specific actor. These measures caused the
perpetrator to adapt and increasingly employ a new set of implant
families and command & control infrastructure (and causing activity
to disappear from the logs we have analyzed). Even news media was not
immune to the targeting, with one major U.S. news organization
compromised at its New York Headquarters and Hong Kong Bureau for more
than 21 months.
The shortest time that an organization remained
compromised was less than a single month; nine share that honor:
International Olympic Committee (IOC), Vietnam’s government-owned
technology company, trade organization of a nation in Asia, one Canadian
government agency, one US defense contractor, one US general government
contractor, one US state and one county government, and a US accounting
firm. I must, however, caution that this may not necessarily be an
indication of the rapid reaction of information security teams in those
organizations, but perhaps merely evidence that the actor was interested
only in a quick smash and grab operation that did not require a
persistent compromise of the victim. The longest compromise was recorded
at an Olympic Committee of a nation in Asia; it lasted on and off for
28 months, finally terminating in January 2010.
Below is the
complete list of all 71 targets, with country of origin, start date of
the initial compromise and duration of the intrusions:
Victim
Country
Intrusion Start Date
Intrusion Duration (Months)
South Korean Construction Company
South Korea
July 2006
17
South Korean Steel Company
South Korea
July 2006
11
Department of Energy Research Laboratory
USA
July 2006
3
Trade Organization
Country in Asia
July 2006
1
U.S. International Trade Organization
USA
September 2006
12
ASEAN (Association of Southeast Asian Nations) Secretariat
Indonesia
October 2006
10
U.S. Real-Estate Firm #1
USA
November 2006
8
Vietnam’s Government-owned Technology Company
Vietnam
March 2007
1
U.S. Real-Estate Firm #2
USA
April 2007
17
U.S. Defense Contractor #1
USA
May 2007
21
U.S. Defense Contractor #2
USA
May 2007
20
U.S. Northern California County Government
USA
June 2007
7
U.S. Southern California County Government
USA
June 2007
24
U.S. State Government #1
USA
July 2007
6
U.S. Federal Government Agency #1
USA
July 2007
8
Olympic Committee of Asian Country #1
Country in Asia
July 2007
28
U.S. State Government #2
USA
August 2007
1
U.S. State Government #3
USA
August 2007
25
U.S. Federal Government Agency #2
USA
August 2007
7
Olympic Committee of Western Country
Western Country
August 2007
7
Taiwanese Electronics Company
Taiwan
September 2007
8
U.S. Federal Government Agency #3
USA
September 2007
4
U.S. Federal Government Agency #4
USA
September 2007
8
Western Non-profit Democracy-promoting Organization
Western Country
September 2007
4
Olympic Committee of Asian Country #2
Country in Asia
September 2007
7
International Olympic Committee
Switzerland
November 2007
1
U.S. Defense Contractor #3
USA
November 2007
7
U.S. Network Security Company
USA
December 2007
3
U.S. Defense Contractor #4
USA
December 2007
7
U.S. Accounting Firm
USA
January 2008
1
U.S. Electronics Company
USA
February 2008
13
UK Computer Security Company
United Kingdom
February 2008
6
U.S. National Security Think Tank
USA
February 2008
20
U.S. Defense Contractor #5
USA
February 2008
9
U.S. Defense Contractor #6
USA
February 2008
2
U.S. State Government #4
USA
April 2008
2
Taiwan Government Agency
Taiwan
April 2008
8
U.S. Government Contractor #1
USA
April 2008
1
U.S. Information Technology Company
USA
April 2008
7
U.S. Defense Contractor #7
USA
April 2008
16
U.S. Construction Company #1
USA
May 2008
19
U.S. Information Services Company
USA
May 2008
6
Canadian Information Technology Company
Canada
July 2008
4
U.S. National Security Non-Profit
USA
July 2008
8
Denmark Satellite Communications Company
Denmark
August 2008
6
United Nations
Switzerland
September 2008
20
Singapore Electronics Company
Singapore
November 2008
4
U.K. Defense Contractor
United Kingdom
January 2009
12
U.S. Satellite Communications Company
USA
February 2009
25
U.S. Natural Gas Wholesale Company
USA
March 2009
7
U.S. Nevada County Government
USA
April 2009
1
U.S. State Government #5
USA
April 2009
3
U.S. Agricultural Trade Organization
USA
May 2009
3
U.S. Construction Company #2
USA
May 2009
4
U.S. Communications Technology Company
USA
May 2009
7
U.S. Defense Contractor #8
USA
May 2009
4
U.S. Defense Contractor #9
USA
May 2009
3
U.S. Defense Contractor #10
USA
June 2009
11
U.S. News Organization, Headquarters
USA
August 2009
8
U.S. News Organization, Hong Kong Bureau
Hong Kong
August 2009
21
U.S. Insurance Association
USA
August 2009
3
World Anti-Doping Agency
Canada
August 2009
14
German Accounting Firm
Germany
September 2009
10
U.S. Solar Power Energy Company
USA
September 2009
4
Canadian Government Agency #1
Canada
October 2009
6
U.S. Government Organization #5
USA
November 2009
2
U.S. Defense Contractor #11
USA
December 2009
2
U.S. Defense Contractor #12
USA
December 2009
1
Canadian Government Agency #2
Canada
January 2010
1
U.S. Think-Tank
USA
April 2010
13
Indian Government Agency
India
September 2010
2
Below are the complete timelines for each year of
intrusion activity. It could be an interesting exercise to map some of
these specific compromises to various geopolitical events that occurred
around these times (The gaps in the timelines for continuous infections
at specific victims may not necessarily be an indication of a successful
cleanup before a new reinfection, but rather an artifact of our log
collection process that did not mark every activity that occurred on the
adversary’s infrastructure, potentially leading to these gaps in the
data)
Although
Shady RAT’s scope and duration may shock those who have not been as
intimately involved in the investigations into these targeted espionage
operations as we have been, I would like to caution you that what I have
described here has been one specific operation conducted by a single
actor/group. We know of many other successful targeted intrusions (not
counting cybercrime-related ones) that we are called in to investigate
almost weekly, which impact other companies and industries. This is a
problem of massive scale that affects nearly every industry and sector
of the economies of numerous countries, and the only organizations that
are exempt from this threat are those that don’t have anything valuable
or interesting worth stealing.
Dmitri
P.S. I would like to thank Adam Meyers for the invaluable support and assistance he provided to us during this investigation
Update:
As we’ve worked further with the Korean Government on this
investigation, we have come to a conclusion that a Korean Government
agency was most likely not a victim of these intrusions. We are still
working to determine the identity of the victim organization
On the
outskirts of Ghana's biggest city sits a smoldering wasteland, a slum
carved into the banks of the Korle Lagoon, one of the most polluted
bodies of water on earth. The locals call it Sodom and Gomorrah.
Correspondent
Peter Klein and a group of graduate journalism students from the
University of British Columbia have come here as part of a global
investigation -- to track a shadowy industry that's causing big problems
here and around the world.
Their
guide is a 13-year-old boy named Alex. He shows them his home, a small
room in a mass of shanty dwellings, and offers to take them across a
dead river to a notorious area called Agbogbloshie.
Agbogbloshie
has become one of the world's digital dumping grounds, where the
West's electronic waste, or e-waste, piles up -- hundreds of millions of
tons of it each year.
The team meets with Mike Anane, a local journalist who has been writing about the boys at this e-waste dump.
“Life
is really difficult; they eat here, surrounded by e-waste,” Anane tells
them. “They basically are here to earn a living. But you can imagine
the health implications.”
Some of
the boys burn old foam on top of computers to melt away the plastic,
leaving behind scraps of copper and iron they can collect to sell. The
younger boys use magnets from old speakers to gather up the smaller
pieces left behind at the burn site.
Anane
says he used to play soccer here as a kid, when it was pristine
wetland. Since then, he's become one of the country's leading
environmental journalists.
“I'm
trying to get some ownership labels,” Anane tells reporters. “I'm
collecting them because you need them as evidence. You need to tell the
world where these things are coming from. You have to prove it. Now,
just look,” he says, pointing to an old computer with the label:
“School District of Philadelphia.”
When
containers of old computers first began arriving in West Africa a few
years ago, Ghanaians welcomed what they thought were donations to help
bridge the digital divide. But soon exporters learned to exploit the
loopholes by labeling junk computers "donations," leaving men like
Godson to sort it out.
Godson, one of the e-waste dealers who have set up shop close to the port, shows the contents of the container he has bought.
“Some
are from Germany and the U.K., and also from America,” he says, when
asked where the equipment has come from. He sorts through them looking
for working electronics that can be sold. He says that maybe 50 percent
of the shipment is junk and the rest he will be able to salvage in
some way.
After it’s sorted, a lot of the contents of the container will still be dumped at the burn site outside of town.
Hard
drives that can be salvaged are displayed at open-air markets. Off
camera, Ghanaians admit that organized criminals sometimes comb through
these drives for personal information to use in scams.
As part
of the investigation, one of the students buys a number of hard drives
to see what is on them, secretly filming the transaction to avoid the
seller's suspicions.
The drives are purchased for the equivalent of US$35.
The
students take the hard drives to Regent University in the Ghanaian
capital and ask computer scientist Enoch Kwesi Messiah to help read what
is on them.
Within
minutes, he is scrolling through intimate details of people's lives,
files left behind by the hard drives' original owners.
There
is private financial data, too: credit card numbers, account
information, records of online transactions the original owners may not
have realized were even there.
“ I can
get your bank numbers and I retrieve all your money from your
accounts,” Messiah says. “If ever somebody gets your hard drive, he can
get every information about you from the drive, no matter where it is
hidden.”
That's
particularly a problem in a place like Ghana, which is listed by the
U.S. State Department as one of the top sources of cyber crime in the
world. And it's not just individuals who are exposed. One of the drives
the team has purchased contains a $22 million government contract.
It
turns out the drive came from Northrop Grumman, one of America's largest
military contractors. And it contains details about sensitive,
multi-million dollar U.S. government contracts. They also find
contracts with the defense intelligence agency, NASA, even Homeland
Security.
When
the drives’ data are shown to James Durie, who works on data security
for the FBI, he's particularly concerned about the potential breach at
the Transportation Security Administration (TSA).
“The
government contracting process is supposed to be confidential. If I
know how you're hiring the people for security related job, TSA air
marshals, then I can prepare a person to fit that model and get my guy
in,” Durie says. “Once I have my guy in, you have no security.”
Northrop
Grumman refused to speak to FRONTLINE/World on camera. But they did
issue a statement saying the potential security threat was
disconcerting, and they pledged to investigate.
Right
now there are no tough U.S. laws regulating the disposal of e-waste,
leaving companies and consumers to sort out the claims of recyclers on
their own.
Following
the recycling process as a consumer would, students drop off some
e-waste at a facility on America’s West Coast. They are wearing a hidden
camera and are assured that what they are bringing in will be disposed
of safely and locally.
One
worker at the facility tells them: “What they literally do is dump it
into a blast furnace and it burns it all up; and all they get out of it
is a bunch of ash and some of the precious metal. Everything else gets
consumed, burnt. And that's an actual fact.”
The
team notes the container numbers leaving the facility and, using public
records, traces where they're sent. A few weeks later, their reporting
takes them to the port of Hong Kong.
Just a
few miles from Hong Kong’s port, hidden behind eight-foot-high
corrugated walls, are mountains of computer monitors, printer cartridges
from Georgia, relics of old video arcades…
In China, e-waste has become big business.
The
southern Chinese city of Guiyu has been completely built around the
e-waste trade. Miles and miles of nothing but old electronics.
Jim
Puckett is an environmental activist credited with discovering this
harmful e-waste route to China. He has accompanied the team to Guiyu, a
place he first visited eight years ago, and calls it the dirty little
secret of the hi-tech industry.
Video
Puckett shot in 2001 was the first anyone had documented showing
Western computers being dumped in Guiyu. He found tens of thousands of
people working here in the toxic trade. On this return visit, Puckett
says things have gotten worse.
“I was
there first in 2001 and it was shocking enough then. It had gone from
very bad to really horrific. And what is happening there is rather
apocalyptic.”
One of
the most disturbing things Puckett points out is happening behind
closed doors. Women literally cooking circuit boards to salvage the
computer chips, which have trace amounts of gold.
“All
these old mother boards and other types of circuit boards are being
cooked day in and day out, mostly by women, sitting there, breathing the
lead tin solders. It’s just quite devastating,” Puckett says.
To find
out who is making money off this hazardous work, the team travels to
downtown Hong Kong, home to hundreds of companies that import e-waste
into China. No one here will speak to the reporters on camera, so they
film surreptitiously.
Puckett and one of our reporters arrange to meet an e-waste broker willing to explain the e-waste trade from the inside.
The man
explains how hundreds of thousands of tons of American e-waste makes
its way into China, despite laws intended to stop it.
“If we
were to send you our material, would our recyclers get in trouble with
the Chinese government if they find their material coming into
mainland?” Puckett asks the broker.
“I can
only say that if they get caught it has nothing to do with you. Because
I buy from you, and then I sell to him. He is buying from me; he's not
buying from you,” the man explains.
He says
that since Hong Kong ships millions of containers to the U.S. and most
return empty, it's cheap to load them with e-waste, and too expensive
to dispose of the waste safely -- no matter what recyclers claim.
When the reporters ask what sort of due environmental due diligence there is, the man responds:
“I can
only say one thing, if you want to do it environmentally, you have to
pay. They have to invest in machinery, labor, everything. It isn’t worth
it to pay so much money.”
On the
last trip of the assignment, the team heads to India. No longer just a
dumping ground, India is now generating its own e-waste at an alarming
rate, thanks to a growing middle class with a taste for high tech.
“Last
year, we sold more than seven million PCs in India,” says Indian
businessman Rohan Gupta. “We generated 330,000 tons of electronic waste
within India. So all these are going to comeback to the waste stream
sooner or later. It’s a growing industry.”
Gupta is giving a tour of his state-of-the-art facility outside Bangalore.
He is
betting on a new Indian law that could force its high tech industry to
recycle responsibly and maybe one day put the digital dumps out of
business.
At
another recycling plant in Bangalore, they are literally trying to spin
the waste into gold, refining the scrap in a safe environment and
fashioning it into watches and jewelry they market as eco friendly.
Plants
like this could become part of a global network of certified e-waste
recyclers that Puckett's group is trying to get off the ground. But even
Puckett realizes it's an uphill struggle.
“Even
if you have a state-of-the-art facility in a country like India, the
free market there will send it to the lowest common denominator, to the
worst facilities where people are sitting on the streets just picking
through it by hand,” he says. “It’s a myth to think that you can just
solve the problem immediately with technology alone.”
NASA sold computers with sensitive data, report says
Rueters
http://www.reuters.com/
By Irene Klotz Originally published Dec 10, 2010, retrieved Jan 19, 2011 Go to original article
Failure to delete information was 'serious' security breach, audit finds
CAPE
CANAVERAL, Florida — NASA failed to delete sensitive data on computers
and hard drives before dispensing with the equipment as part of its
plan to end the Space Shuttle program, an audit released on Tuesday
shows.
The
Office of Inspector General found what it termed "serious" security
breaches at NASA centers in Florida, Texas, California and Virginia.
"Our
review found serious breaches in NASA's IT (information technology)
security practices that could lead to the improper release of sensitive
information related to the Space Shuttle and other NASA programs,"
NASA Inspector General Paul Martin said in a statement.
"NASA needs to take coordinated and forceful actions to address this problem."
The
report cites 14 computers from the Kennedy Space Center that failed
tests to determine if they were sanitized of sensitive information, 10
of which already had been released to the public. It also found that
hard drives were missing from Kennedy and from the Langley Research
Center in Virginia. Some of the Kennedy hard drives were later found
inside a dumpster that was accessible to the public, the audit says.
Investigators
also found several pallets of computers being prepared for sale that
were marked with NASA Internet Protocol addresses.
"Release
of Internet Protocol information could lead to unauthorized access to
NASA's internal computer network," the report said.
They
found that Kennedy managers were not notified when computers failed
testing for the removal of sensitive data, that no testing was being
performed at facilities in Texas and California, and that all the
facilities except Virginia were using unapproved sanitation software.
NASA
said it would update policies and issue a new IT security handbook by
June 2011, a response the Inspector General's office found lacking.
"(NASA's)
response did not reflect the sense of urgency we believe is required
to address the serious security issues uncovered by our audit," the
report said.
NASA is dispensing with thousands of surplus items as it prepares to end the space shuttle program next year.
