U.S. missile defense information found in disk bought on eBay

Share this article:
A hard disk containing the launch procedures for a U.S. military missile defense system was recently bought on eBay. The purchase was made as part of an ongoing study into discarded hard disks.

Specifically, test launch procedures for the THAAD (Terminal High Altitude Area Defense) ground-to-air missile defense system were contained on the disk, Glenn Dardick, study researcher and associate professor of information systems at Longwood University in Virginia, told SCMagazineUS.com Thursday.

In addition, he said the disk contained security policies, blueprints of facilities and personal information on workers at Lockheed Martin, including Social Security numbers. Lockheed Martin designed and built the THAAD system.

In a statement to SCMagazineUS.com Thursday, a spokesperson for Lockheed Martin said the company is not aware of any compromise of data related to the THAAD program. The company declined additional comment until it can evaluate the hard drive.

Dardick said the drive is now in the possession of the FBI. 

The drive had been reformatted in an apparent attempt to erase the information on it, Dardick said. But reformatting does not effectively wipe clean a computer hard drive, despite what many consumers and small businesses assume, he said.

The U.S. government has stringent policies for disposing of hard drives, requiring contractors and subcontractors to identify information contained on a hard drive, treat information as inventory and categorize it by sensitivity level -- and then properly expunge data before disposal, Dardick said.

“It could have been released by Lockheed, or a contractor of Lockheed -- we don't know," Dardick said. “That's where there will be an ongoing investigation to determine how this information got onto the open market.”

The information was discovered as part of an annual research study that began in 2005 to analyze the information remaining on disks offered for sale on the second-hand market, he said.

As part of the 2008 study, researchers also found a disk from a U.S. bank whose name could not be revealed because of the ongoing investigation, Dardick said. The disk contained the details of a $50 billion U.S.-to-Spanish currency exchange proposal and other U.S. business dealings with organizations in Venezuela, Tunisia and Nigeria.

Moreover, in the 2008 study, one in three hard disks was found to contain sensitive information, according to a news release about the study released by the University of Glamorgan in the UK.



Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.