U.S. missile defense information found in disk bought on eBay

Share this article:
A hard disk containing the launch procedures for a U.S. military missile defense system was recently bought on eBay. The purchase was made as part of an ongoing study into discarded hard disks.

Specifically, test launch procedures for the THAAD (Terminal High Altitude Area Defense) ground-to-air missile defense system were contained on the disk, Glenn Dardick, study researcher and associate professor of information systems at Longwood University in Virginia, told SCMagazineUS.com Thursday.

In addition, he said the disk contained security policies, blueprints of facilities and personal information on workers at Lockheed Martin, including Social Security numbers. Lockheed Martin designed and built the THAAD system.

In a statement to SCMagazineUS.com Thursday, a spokesperson for Lockheed Martin said the company is not aware of any compromise of data related to the THAAD program. The company declined additional comment until it can evaluate the hard drive.

Dardick said the drive is now in the possession of the FBI. 

The drive had been reformatted in an apparent attempt to erase the information on it, Dardick said. But reformatting does not effectively wipe clean a computer hard drive, despite what many consumers and small businesses assume, he said.

The U.S. government has stringent policies for disposing of hard drives, requiring contractors and subcontractors to identify information contained on a hard drive, treat information as inventory and categorize it by sensitivity level -- and then properly expunge data before disposal, Dardick said.

“It could have been released by Lockheed, or a contractor of Lockheed -- we don't know," Dardick said. “That's where there will be an ongoing investigation to determine how this information got onto the open market.”

The information was discovered as part of an annual research study that began in 2005 to analyze the information remaining on disks offered for sale on the second-hand market, he said.

As part of the 2008 study, researchers also found a disk from a U.S. bank whose name could not be revealed because of the ongoing investigation, Dardick said. The disk contained the details of a $50 billion U.S.-to-Spanish currency exchange proposal and other U.S. business dealings with organizations in Venezuela, Tunisia and Nigeria.

Moreover, in the 2008 study, one in three hard disks was found to contain sensitive information, according to a news release about the study released by the University of Glamorgan in the UK.

Share this article:

Sign up to our newsletters

More in News

Report: SQL injection a pervasive threat, behavioral analysis needed

Report: SQL injection a pervasive threat, behavioral analysis ...

Long lag times between detection and resolution and reliance on traditional methods impair an organization's ability to combat SQL injection attacks.

WhatsApp bug allows for interception of shared locations

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Google tweaks its terms of service for clarity on Gmail scanning

The company is currently dealing with a lawsuit that challenges its email scanning practices.