BT study shows sensitive data still available on eBayby Steve Ragan - May 7 2009, 21:20
A study commissioned by BT and conducted by the Faculty of Advanced Technology at the University of Glamorgan has revealed -- among other personal information -- missile defense plans on one of 300 used hard drives purchased around the world to determine exactly what type of information could be recovered.
34 percent of the 300 disks examined contained information of either a personal nature that could be identified to an individual or commercial data identifying a company or organization. The researchers concluded that a “surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.”
So what exactly did they discover? One disk bought on eBay revealed details of test launch procedures for the THAAD (Terminal High Altitude Area Defense) ground-to-air missile defense system, used to shoot down Scud missiles in Iraq. The disk also contained security policies, facility blueprints, and personal information on employees all belonging to technology company Lockheed Martin -- which designed and built the missile system.
Lockheed Martin is said to be investigating how the information ended up on the disk, as it claims the disk was not owned by the company.
Another disk, purchased from France, contained network data and security logs from the German Embassy in Paris. A disk from a U.S. bank revealed account numbers and details of proposals for a $50 billion USD currency exchange through Spain.
In addition, details were uncovered concerning business dealings originating in the U.S. with organizations in Venezuela, Tunisia, and Nigeria. Other personal correspondence was also found from a member of the Federal Reserve Board suggesting that one of the deals, already under scrutiny by the European Central Bank, looked suspicious.
Professor Andrew Blyth, who led the research at the University of Glamorgan, said in a statement: “Of significant concern is the number of large organizations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data.”
Dr. Andy Jones, head of information security research at BT added: “This is the fourth time we have carried out this research and it is clear that a majority of organizations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks.”
“For a very large proportion of the disks we looked at we found enough information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail, and identity theft,” he added.
The drives were bought from Australia, France, Germany, the United Kingdom and the United States through computer auctions, computer fairs, and eBay. The research was carried out by BT’s Security Research Center in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the United States.
The research will appear in the next issue of the Journal of International Commercial Law and Technology.