Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Researchers Find Missile Defense Data On Used Hard Drive

Study also produces sensitive data from Ford Motor, Laura Ashley, and other businesses

For the fourth straight year, researchers at the University of Glamorgan in Scotland have turned up surprisingly sensitive data -- including details of test-launch procedures for a U.S. defense missile -- by buying secondhand PCs.

Although the official data from this year's study has not yet been released, the research team, which included Edith Cowan University of Australia and BT, revealed some early results yesterday in news reports by the BBC and British television affiliates.

The research is part of a five-year study to show the implications of poor hard drive and device data-wiping and disposal practices. In last year's study, the researchers found a wide range of sensitive data on BlackBerrys and other mobile devices. In 2007 and 2006, researchers found sensitive data on many of the PC hard drives they purchased in the used market.

This year, the researchers found personal or sensitive data on 34 percent of 300 hard disks bought randomly at computer fairs and online auctions in the U.K., U.S., Germany, France, and Australia. The information was enough to expose individuals and firms to fraud and identity theft, they said.

One of the most interesting finds in this year's batch was the test-launch procedures for the U.S. THAAD (Terminal High Altitude Area Defense) ground-to-air missile defense system, which was found on a disk bought on eBay. The missile system was built by Lockheed Martin, and the same computer hard disk also revealed security policies and blueprints of facilities at the company, as well as personal information about employees, according to the news reports. Lockheed Martin officials said they had no knowledge of a data loss.

The PC purchases also turned up sensitive data from companies such as Laura Ashley and Ford Motor, as well as patient medical records from the U.K.'s Lanarkshire National Health Services agency, according to a report by BBC Channel 4.

Another disk, previously owned by a U.S.-based consultant who formerly worked with a U.S.-based weapons manufacturer, revealed account numbers and details of proposals for a $50 billion currency exchange through Spain. It also revealed details of business dealings between organizations in the U.S., Venezuela, Tunisia, and Nigeria.

Andrew Blyth, an expert in computer forensics and principal lecturer at the University of Glamorgan's faculty of advanced technology, told the BBC that the results were in line with previous studies, which showed that 40 to 50 percent of second-hand disks that could be powered up contained sensitive data.

"While it's not getting worse, it's not getting any better, either," Blyth said of hard drive erasure practices. "It's not rocket science. I could probably take somebody who is 14 or 15 years old and in a day have them doing this."

"It is clear that a majority of organizations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks," added Andy Jones, head of information security research at BT.

The results of the study are scheduled to be released in a paper appearing in the next issue of the Journal of International Commercial Law and Technology later this year.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2020-35124
PUBLISHED: 2021-01-28
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
CVE-2020-25782
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
CVE-2020-25783
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
CVE-2020-25784
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.