Feeds

MoD suppliers' laptop turns up on rubbish tip

Disposal practices stink

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

An Oxfordshire-based security company claims to have found sensitive MoD-related files on a laptop bought from council rubbish dump.

The partner of a back-office worker at penetration testing outfit SecureTest bought the IBM Thinkpad laptop for £80 from a colleague at a council rubbish tip earlier this month.

SecureTest staff looked at machine for a favour. The technician who investigated files left on the machine with forensic tools (called ENcase) was shocked at what he found: recovered tenders for military communications software contracts, technical information and minutes of meetings with Navy personnel marked restricted. "It looks like a MoD supplier’s laptop," Ken Munro, managing director of SecureTest told El Reg. No secret files were involved but even so the case raises further questions about the disposal of PCs containing potentially sensitive military information.

Last week the MoD announced it was launching an investigation after a Hampshire man found sensitive Ministry of Defence plans on a laptop he was given at a rubbish dump*, circumstances that eerily parallel the SecureTest find. SecureTest is yet to inform the MoD of its find. Munro declined to name the dump involved or the IT contractor whose laptop, although ultimately beyond economic repair, contained sensitive data.

Wombles of Wimbledon quizzed by MI5

Despite the government bringing in a new standard last August for the secure destruction of data (InfoSec standard 5) many government departments have failed to implement it successfully and most business are unaware of it, according to Jon Godfrey, a data destruction expert and managing director of Life Cycle Services (LCS). In a recent research study by LCS and Glamorgan University, nearly half of a sample of over 100 discarded hard drives contained personal information, contravening the Data Protection Act. One in five (20 per cent) contained financial information about the organisations which owned the disks. Less then 10 per cent of the drives left functional were completely clear of data.

One contained personal information about an extramarital affair and could have been used for blackmail. Another contained information about children. "I am constantly amazed at how lackadaisical major organisations and even government can be regarding this issue", said Godfrey, who is calling for regulations to established licensed PC disposal centres. ®

*Sounds odd but apparently you can get anything from working stereos to PCs from council dumps, apparently. Steptoe and Son, eat your heart out.

Related stories

Man unearths MoD secrets at rubbish dump
The mysterious link between security, laptops and rubbish dumps
UK Government aims to track laptop theft via ID chips
Ministry of Defence loses 594 laptops
MoD laptop thefts put the wind up the US

Providing a secure and efficient Helpdesk

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.