U.S. missile defense information found in disk bought on eBayA hard disk containing the launch procedures for a U.S. military missile defense system was recently bought on eBay. The purchase was made as part of an ongoing study into discarded hard disks.
Specifically, test launch procedures for the THAAD (Terminal High Altitude Area Defense) ground-to-air missile defense system were contained on the disk, Glenn Dardick, study researcher and associate professor of information systems at Longwood University in Virginia, told SCMagazineUS.com Thursday.
In addition, he said the disk contained security policies, blueprints of facilities and personal information on workers at Lockheed Martin, including Social Security numbers. Lockheed Martin designed and built the THAAD system.
In a statement to SCMagazineUS.com Thursday, a spokesperson for Lockheed Martin said the company is not aware of any compromise of data related to the THAAD program. The company declined additional comment until it can evaluate the hard drive.
Dardick said the drive is now in the possession of the FBI.
The drive had been reformatted in an apparent attempt to erase the information on it, Dardick said. But reformatting does not effectively wipe clean a computer hard drive, despite what many consumers and small businesses assume, he said.
The U.S. government has stringent policies for disposing of hard drives, requiring contractors and subcontractors to identify information contained on a hard drive, treat information as inventory and categorize it by sensitivity level -- and then properly expunge data before disposal, Dardick said.
“It could have been released by Lockheed, or a contractor of Lockheed -- we don't know," Dardick said. “That's where there will be an ongoing investigation to determine how this information got onto the open market.”
The information was discovered as part of an annual research study that began in 2005 to analyze the information remaining on disks offered for sale on the second-hand market, he said.
As part of the 2008 study, researchers also found a disk from a U.S. bank whose name could not be revealed because of the ongoing investigation, Dardick said. The disk contained the details of a $50 billion U.S.-to-Spanish currency exchange proposal and other U.S. business dealings with organizations in Venezuela, Tunisia and Nigeria.
Moreover, in the 2008 study, one in three hard disks was found to contain sensitive information, according to a news release about the study released by the University of Glamorgan in the UK.