Computer containing confidential data about Lockheed Martin staff was bought online
Artist’s concept: a missile heads towards its target, a nuclear-tipped ICBM, as part of the US government’s Strategic Defence Initiative in the 1980s. Image: Time Life/Getty
Highly sensitive details of a key US missile defence system have been found on the hard drive of a computer that was disposed of in California.
The information about defence contractor Lockheed Martin included a document detailing test launch procedures, blueprints of facilities and photos and personal daat about employees – including their social security numbers.
Access to such data could allow identity theft or industrial espionage against Lockheed Martin, which is working on the Terminal High Altitude Area Defence (THAAD) system – a project begun under president Ronald Reagan’s “Star Wars” Strategic Defence Initiative in the 1980s.
The computer, which has been turned over to the FBI, was bought online as part of a global research project conducted by three universities – Longwood University in the US, Glamorgan University in the UK and Edith Cowan University in Australia – along with BT and Sims Recycling Solutions.
The annual hard drive survey, now in its fourth year, is designed to bring to public attention the risk to personal data posed by carelessly discarded computer equipment which often contains huge amounts of personal and commercial data. The universities involved in the study use techniques and tools that are readily available from the internet and can be used by someone with a basic knowledge of technology to recover the data left on the drives, often this is not necessary as many are not even wiped.
One of the men who analysed the drive – Glenn Dardick, assistant professor of information systems at Longwood University in Virginia – described it as “manna from heaven to hackers”. He said: “If this is out there, then it does beg the question: what else is out there?”
Capable of destroying an incoming missile at around 93 miles above the Earth, THAAD is a “hit to kill” system without a warhead that homes in on its target and collides with it “like a bullet hitting a bullet”. At that height, according to experts on the website missilethreat.com, the subsequent impact will safely diffuse “any nuclear, chemical, or biological weapons, thus minimising the risk of missile debris raining down on civilian or military populations”.
When the Guardian told Lockheed Martin’s press office of the discovery, a spokeswoman commented “it never pours but it rains” as she replaced the phone. Later, a spokesman for the company said: “Lockheed Martin is not aware of any compromise of data related to the Terminal High Altitude Area Defense program. In addition, no governmental or law enforcement agency has notified us of any such data loss.”
Lockheed Martin had not responded to repeated requests for clarification about the drive by the time of publication.
News of the drive’s loss has provoked concern among experts. “From the point of view of espionage, knowing who is working on a project is tremendously useful,” said Peter Zimmerman, emeritus professor of science and security at the Department of War Studies at London’s King’s College.
“This is a horrible violation of privacy. If it fell into the wrong hands, then it opens up the possibility of a range of blackmail options. You could use this to glean a lot of intelligence. I would not be happy if this fell into anyone’s hands.”
The current view among computer security professionals is that the odds on someone buying a drive who has the contacts to be able to dispose of it to someone who is willing to buy it are so great that the data on discarded drives does not constitute a threat.
However in Nigeria it has recently emerged that discarded phones now sell for 50% more if they have data left on them.
According to Jon Godfrey, a director for Sims, which runs the largest electrical recycling plant in Europe, 90% of the PCs sent to it for recycling had had their hard drives removed first – but possibly not by the original owners.
“We are fairly certain that the drives are not being removed by those disposing of the PCs because the drives being rejected are the smaller and older ones, which would have less value as spares and less recent data on them.
“Over a third of devices discarded contain data which has its highest value in the wrong hands.”
– Careless disposal of confidential data is on the rise, says study
Pete Warren
Thursday 7 May 2009 13.43 BST
Source: The Guardian