The Register® — Biting the hand that feeds IT

Feeds

Defense-contract discs sold in African market for $40

Northrop Grumman and Pentagon data dumped

By John Leyden, 25th June 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Dumped hard drives with US defense data have turned up for open sale in a West African market.

A team of Canadian journalism students bought a hard drive containing information on multi-million dollar contracts between military contractor Northrop Grumman and the Pentagon for just $40 in a market near Accra, Ghana. The exercise was part of shooting a documentary on e-waste by Vancouver journalism students, researching what happens to the West's discarded and donated electronics.

"You'd think a security contractor that constantly deals with very secret proprietary information would probably want to wipe their drives," Blake Sifton, one of the three graduate journalism students told CBC. The team bought seven hard drives at a market in the port of Tema, a major point of entry for electronic waste from Europe and North America into Africa.

Northrop Grumman is reported to be investigating how an unencrypted hard drive containing sensitive data on the firm ended up on an African market, in violation of its established kit disposal procedures.

"Based on the documents we were shown, we believe this hard drive may have been stolen after one of our asset-disposal vendors took possession of the unit," Northrop Grumman told CBC.

A documentary of the students' research, Ghana: Digital Dumping Ground, aired in the PBS program Frontline/World on Tuesday. The disposal of electronic waste is controlled by European and US regulations but spare - often broken - kit often finds its way to Africa and other regions of the developing world where it is dumped. Cannibalized parts end up on markets while the rest of the kit is piled together and burned.

Sifton recalled seeing seven fires spewing "black, sticky, acrid smoke" at one Ghanian dump. "The ground is just scorched absolutely everywhere. Everywhere you walk, there's shards of plastic and metal and glass protruding from the ground."

The fires are used to extract scrap metal, valued at just 50 cents a kilogram, which locals use to scratch out a meager existence. It's the effect on the local environment and people of the West's throw-away culture around electronic kit - rather than the information security element, which is well understood - that Sifton and his colleagues are trying to highlight.

Sifton added that he did visit universities in Ghana supplied with computers donated from the West that would have otherwise been unaffordable. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (13)
Latest Comments
Anonymous Coward

Fail to read often?

The information is about the contracts ... agreed. Most contracts I've seen contain sensitive information like (RFQ - Request for Quotes) for a financial reference along with the necessary engineering prints and processes required for a company to analyze during their bidding procedures.

Why attempt to wipe the disk at all? For security, just scrap the disk, cut and shred it for recycling. The technology will be old and obsolete soon enough.

0
0
Tom 13

@Clint and John: Fail to read often?

It said the information was about the contracts, not the classified material itself. Information about the contracts is rarely classified secret or better by the government. From the context of the article, it isn't even clear that it is government sensitive (aka 'For Governmental Use Only'), not company sensitive. As such it needn't be encrypted or require clearance.

AC 25-06-09 20:25 is closet to what ought to happen here. To be really secure the company has to wipe the disks before they leave the premises. That being said, there are reputable companies that are engaged solely in the secure destruction of classified hard drives. The gear to degauss then shred hard drives is pretty expensive. It is more efficient for most companies to contract to them for the certified destruction of classified materials. But such companies themselves ought to be secure against the kind of theft NG is alleging is the cause of the drive being available.

Still it is an Epic Fail by NG, becauase ultimately, they are responsible for the safety of the data, and that responsibility is non-transferable.

0
0
Throatwobbler Mangrove

well

"I wonder why [the waste disposal] bit was never picked up by article on here ...."

Because there can be no disagreement that the waste disposal situation is a complete shitshow and it's (hopefully) not something that needs any debate?

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
125
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13