|
Computer hard drive sold on eBay 'had details of top
secret U.S. missile defence
system'
By Daily Mail Reporter
Mail Online
Retrieved May 7, 2009
Go to Original Article
Highly sensitive details of a US military missile air defence
system were found on a second-hand hard drive bought on
eBay.
The test
launch procedures were found on a hard disk for the THAAD (Terminal High
Altitude Area Defence) ground to air missile defence system, used to shoot down
Scud missiles in Iraq.
The disk
also contained security policies, blueprints of facilities and personal
information on employees including social security numbers, belonging to
technology company Lockheed Martin - who designed and built the
system.
A missile launch in California: Details of the ground-to-air
defence system were found on a computer hard drive
British
researchers found the data while studying more than 300 hard disks bought at
computer auctions, computer fairs and eBay.
The experts
also uncovered other sensitive information including bank account details,
medical records, confidential business plans, financial company data, personal
id numbers, and job descriptions.
The drives
were bought from the UK, America, Germany, France and Australia by BT's Security
Research Centre in collaboration with the University of Glamorgan in Wales,
Edith Cowan University in Australia and Longwood University in the
US.
A spokesman
for BT said they found 34 per cent of the hard disks scrutinised contained
'information of either personal data that could be identified to an individual
or commercial data identifying a company or
organisation.'
And
researchers said a 'surprisingly large range and quantity of information that
could have a potentially commercially damaging impact or pose a threat to the
identity and privacy of the individuals involved was recovered as a result of
the survey.'
Two disks
appear to have been formerly used by Lanarkshire NHS Trust to hold information
from the Monklands and Hairmyres hospitals including patient medical records,
images of x-rays, medical staff shifts and sensitive and confidential staff
letters.
In
Australia, one disk came from a
nursing home and contained pictures of patients and their
wounds.
Confidential material including network data and
security logs from the German Embassy in Paris
were also discovered on a disk from France.
And the
trading performances and budgets of a UK-based fashion company, corporate data
from a major motor manufacturing company were discovered along with details of a
proposed 50 billion currency exchange through Spain involving
a US-based consultant.
Dr Andy
Jones, head of information security research at BT, who led the survey, said:
'This is the fourth time we have carried out this research and it is clear that
a majority of organisations and private individuals still have no idea about the
potential volume and type of information that is stored on computer hard
disks.
'For a very
large proportion of the disks we looked at we found enough information to expose
both individuals and companies to a range of potential crimes such as fraud,
blackmail and identity theft.
'Businesses
also need to be aware that they could also be acting illegally by not disposing
of this kind of data properly.'
Dr Iain
Sutherland of the University of Glamorgan said: 'Of significant concern is
the number of large organisations that are still not disposing of confidential
information in a secure manner. In the current financial climate they risk
losing highly valuable propriety data.'
A spokesman
for Lockheed Martin, who make the THADD launch system, said: 'Lockheed Martin is
not aware of any compromise of data related to the Terminal High Altitude Area
Defence programme.
'Until
Lockheed Martin can evaluate the hard drive in question, it is not possible to
comment further on its potential contents or
source.'
A spokesman
for NHS Lanarkshire said: 'This study refers to hard disks which were disposed
of in 2006. At that time NHS Lanarkshire had a contractual agreement with an
external company for the disposal of computer
equipment.
'In this
instance the hard drives had been subjected to a basic level of data removal by
the company and had then been disposed of inappropriately. This was clearly in
breach of contract and was wholly unacceptable.'
The
spokesman said the trust now destroy equipment containing data on the premises,
so no longer use external companies to dispose of IT
equipment.
|
