[ISN] MoD suppliers' laptop turns up on rubbish tip

From: InfoSec News (isn@private)
Date: Tue Apr 26 2005 - 22:22:36 PDT


Forwarded from: William Knowles <wk@private>

http://www.theregister.co.uk/2005/04/26/tip_secret_laptop/

By John Leyden
26th April 2005 

An Oxfordshire-based security company claims to have found sensitive
MoD-related files on a laptop bought from council rubbish dump.

The partner of a back-office worker at penetration testing outfit
SecureTest bought the IBM Thinkpad laptop for 80 from a colleague at
a council rubbish tip earlier this month.

SecureTest staff looked at machine for a favour. The technician who
investigated files left on the machine with forensic tools (called
ENcase) was shocked at what he found: recovered tenders for military
communications software contracts, technical information and minutes
of meetings with Navy personnel marked restricted. "It looks like a
MoD supplier.s laptop," Ken Munro, managing director of SecureTest
told El Reg. No secret files were involved but even so the case raises
further questions about the disposal of PCs containing potentially
sensitive military information.

Last week the MoD announced it was launching an investigation after a
Hampshire man found sensitive Ministry of Defence plans on a laptop he
was given at a rubbish dump*, circumstances that eerily parallel the
SecureTest find. SecureTest is yet to inform the MoD of its find.  
Munro declined to name the dump involved or the IT contractor whose
laptop, although ultimately beyond economic repair, contained
sensitive data.


Wombles of Wimbledon quizzed by MI5

Despite the government bringing in a new standard last August for the
secure destruction of data (InfoSec standard 5) many government
departments have failed to implement it successfully and most business
are unaware of it, according to Jon Godfrey, a data destruction expert
and managing director of Life Cycle Services (LCS). In a recent
research study by LCS and Glamorgan University, nearly half of a
sample of over 100 discarded hard drives contained personal
information, contravening the Data Protection Act. One in five (20 per
cent) contained financial information about the organisations which
owned the disks. Less then 10 per cent of the drives left functional
were completely clear of data.

One contained personal information about an extramarital affair and
could have been used for blackmail. Another contained information
about children. "I am constantly amazed at how lackadaisical major
organisations and even government can be regarding this issue", said
Godfrey, who is calling for regulations to established licensed PC
disposal centres. 

* Sounds odd but apparently you can get anything from working stereos
  to PCs from council dumps, apparently. Steptoe and Son, eat your  
  heart out.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Apr 27 2005 - 01:18:21 PDT