http://www.freenewmexican.com/news/47240.html By ANDY LENDERMAN The New Mexican August 1, 2006 Los Alamos National Laboratory employees auctioned off a surplus computer last year without wiping lab documents off the laptop's hard drive, government investigators said. No classified information was on the computer, but the lab didn't follow its own rules or U.S. Department of Energy rules, the department's Office of Inspector General wrote in a report released Monday. "This resulted in the unauthorized release of a computer hard drive containing laboratory documents on matters such as budget, time and attendance, and unclassified procedures for transmitting classified information," the inspector general's report reads. The report said the handling of the documents on the hard drive, which were from a lab-training facility, raise serious concerns about security at the lab, where scientists manage the nation's nuclear-weapons stockpile. The lab has since developed new guidelines to "sanitize" salvaged computers of information or to remove their hard drives altogether, said an official with the National Nuclear Security Administration, which oversees the lab. "Since this particular incident, we have had no similar occurrences," lab spokesman Steve Sandoval said. Random inspections of the new program since last October have shown the program is working, Michael C. Kane of the NNSA wrote in a response to the report. The report was made public the same month that Energy Secretary Samuel Bodman reprimanded a senior official because 1,502 nuclear-weapons workers were not told for nearly 10 months that their Social Security numbers and other information had been stolen by a computer hacker from a National Nuclear Security Administration service center in Albuquerque. "Recent events concerning the loss of personal information by government agencies have highlighted the need to protect sensitive information and take timely follow-up actions when that information may have been compromised," Inspector General Gregory Friedman wrote in a letter accompanying the report dated July 26. The report had three recommendations: First, that all surplus computers are "sanitized," or wiped clean of all information; that all hard drives are removed before the computers are sold; and that the lab maintain an accurate inventory of its surplus equipment. The report also said those recommendations are applicable across the department. The computer, an Apple MAC G4, was sold to an employee of KOB-TV on Aug. 13, 2005, at an Albuquerque auction house. The television station ran a report on Aug. 25. That spurred the inspector general's report as well as a lab investigation. The subcontractor that sold the surplus computer at the auction had that authority taken away until new procedures were established. Seven computers had already been sold and were not available for inspection. The new owners were contacted, and they said there were no hard drives. An inspection of a sample of other computers at the auction house found they did not have hard drives in them, according to the report. Los Alamos has a history of computer-related security problems, including several instances in which computer disks containing nuclear secrets went missing or were misplaced in recent years. After a run of embarrassing financial and security lapses, the Energy Department put the lab's management contract up for bid. The lab had been run for more than 60 years by the University of California. The new team, which took over in June, includes UC and several corporate partners. The Associated Press contributed to this report. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Aug 01 2006 - 02:02:20 PDT