Governmental Servers Wiped? Never!

Geoff writes with a story from Australia: "Eighteen AIX servers purchased from government via auction -- none of them had data removed from them. Ticket Vending and Validation source code, Payroll, Finance, Emails and Customer complaints. All there on every server; they were even nice enough to include some old backup tapes. At ~$14USD per server, it's amazing how cheap personal information has become."

14 bucks? you got ripped :)

[ashridah]

At ~$14USD per server, it's amazing how cheap personal information has become.
$14 USD? You got ripped off.

A few years back, some guy wearing a workmans uniform and holding a clipboard wandered into the (iirc) customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.
Slashdot remembers :) [slashdot.org]

Makes me proud to be an aussie sometimes :)

Not trivial though

[baldvin]

Its kind of hard to get rid of your data on a hard drive. You are lucky if it works, then you can try 'dd if=/dev/zero of=/dev/xxx'. However, if first thay laid off their aix staff, employed some windows engineers, then they decided to sell those aix boxes... Well, well :)

Your task is even harder if you have a hard drive that ceased operating. There exists companies like http://www.kurt.hu/ [www.kurt.hu] that have state of the art technology to retrieve data from damaged hard drives. If you need your data: good for you. If you'd like to get rid of it for sure: better take good care of it...

Government

[Anonymous Coward]

Makes you wonder how many governmental organizations even know how important properly disposing of a computer can be.

Or if the government really cares. Who's going to arrest them? There's no risk of punishment here.

Re:Understandable . . .

[acceber]

"Keep in mind that these servers came from the State Transit Authority of NSW, how is it possible and acceptable in this day of age that governmental servers be decommissioned and sold without wiping the contents of the drives?"

The STA is responsible for the operations of the Sydney Buses network which I used to rely on for travel to & from school, work, and for social events -- until I got my car. It is the most unreliable system ever, on par with the NSW Cityrail system both which has been constantly riddled with problems [smh.com.au]. It's not surprising that a blunder such as this went by unnoticed.

I would like to do my bit for the environment and use public transport as much as possible but I never get where I need to on time. I've been to Russia and even there, the buses and subway system are more reliable.

Does he have a license to the source now?

[mveloso]

Just wondering. He bought the computer and its contents from the government, so does he have rights to the source on the box?

Reminds me of when I worked for US government...

[Anti-Trend]

I used to work for city government here in SoCal, USA. In contrast to our Aussie friends, they were super paranoid about data leakage. When there was actually a situation where the red tape was momentarily pierced and we were authorized to give away outdated equipment to schools, they made us do a multiple-pass low-level format on each and every HDD that left the building. A royal pain-in-the-ass more than a security consideration -- none of those machines had anything which would be of much interest to anybody. If you ask me, the most damning piece of information one could gleam from those systems wasn't in the HDD at all. Rather, it's the glaring question of why there were gaming-class video and sound cards in all of the upper-management's old PCs, and nothing but cheap Trident cards in the CAD workstations of the time...

-AT

Re:14 bucks? you got ripped :)

[dbIII]

customs building here in Australia. Carted off one of the servers from a machine room, and no-one stopped them, or remembered what they looked like.

There was the first "middle eastern appearance" conclusion that was jumped to, but it appears that was only fed the the press and the internal investigation showed that there wasn't even that clue.

There was also the incident a couple of years back when large quantites of backup tapes for three government departments were stored in wheeled garbage bins - as anyone who read this can expect the tapes ended up being dumped and lost forever, and the contractor (Telstra, the half government owned telecomunications company) was not even rapped over the knuckles for it.

It's not just the government - I picked up an old Sun E250 for parts at an auction. To see if it worked I booted off an install CD, plugged in a serial terminal, edited a couple of files with ed (/etc/passwd and /etc/shadow I think, was a while back) to get root on reboot and was very surprised to find a lot of stuff apart from the OS still on the disks. I wasn't curious enough to find out whose it was and what was there - peril lies that way for no gain, so I just did what should have been done and repartitioned the thing.

The opposite extreme is the clueless accountant taking to a retired server with a hammer - saying something about traces being left in the RAM - but he probably hated the thing or just wanted to smash things. If it was me there was a perfectly good 200 ton hydraulic press that could have been used in the same place, a small heat treatment furnace to get all the data off that drive by going beyond the curie temperature, a large array of machine tools and an impact testing rig.

In my department...

[Anonymous Coward]

...we don't let a hard drive out the door. All storage media(disks, tapes, CD/DVD, etc) remain in the buildings unless encrypted(laptops) or we are certain they contain no protected data - such as educational CDROMs, etc. Everything else is dismantled and destroyed. For example, CDs and HDD platters are sanded, tape is shredded.

Anything that goes to auction is diskless, and we cannot return a drive under warranty as it's impossible to securely erase a faulty drive, or, for that matter, a good drive - think bad sector remapping.

We're Federal Government, not State, BTW.

Re:Not trivial though

[Anonymous Coward]

Nope, much slower and not a bit more secure. It doesn't matter what you overwrite a bit with. The remaining magnetization is different when you overwrite a 1 with a 0, a 1 with a 1, a 0 with a 0 or a 0 with a 1. If the residual magnetization from the previous content is stronger than the noise floor of your reader, then you can reconstruct the erased data, regardless of the overwrite pattern.

If there is a reasonable chance that someone might want your data bad enough to attempt reconstruction of overwritten data, then you should a) never store unencrypted data and b) still never sell the harddrive.

Otherwise overwriting with zeroes is sufficient.

Australian Law says you must now wipe..

[Anonymous Coward]

If you have signed all usual secrecy and privacy forms before.

The best you can do is to sent STA a stiff invoice for professional data sanitation. Fix ther wagon!

If you are outraged, tell the STA Union their members details were leaked because a slack security (any excuse to strike), tell the State Auditor, tell tax, and the privacy commissioner. Butts will be kicked.

The auction mob were slack, they are meant to wipe the data, and remove all identifying stickers. But the real blame lies higher up.

Conclusions. The STA are as reliable as their timetables, and going to windows will be more risky than ever, if their admins default everything.

Re:Government

[mistfall]

Given the number of governments that flirt with the concept of ID cards (especially when the bombs go off) aren't you glad they practise such strong safeguards when it comes to data?

Re:Odd...

[Lectrik]

I seem to recall a few years ago watching a program that mentioned how the brittish government decomissioned some of it's hard drives.
With a low level format, then a blast furnace, and then holding on to the smelted chunk of crud for a while. [this may have been only for stuff that was "sensative" though]
Of course my brain sucks for holding normal info, but it kinda stood out because we do similar stuff at work, machine dies, we take it out back with a sledge hammer and a cutting torch, someone asks us to strip the machine for parts half an hour after we're tired.

Re:Blatant theivery.

[gl4ss]

there was a wave of laptop thefts in large companies a year or two back here... done by people who wore suits, they just walked into the open offices and wandered off with the laptops.

Please read DBAN FAQ

[bersl2]

Q: Is the Gutmann method the best method?

A: No.

Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.

In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.

In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".

In other words, DBAN doesn't work for modern hard drives. It's as good as random scrubbing. Which is not that effective anyway.

Re:I don't know what's worse...

[linzeal]

AIX still runs massive databases for big insurance companies, weather stations and criminal databases. IBM has a moderate representation on the databases and hardware they digitally store fingerprints and mugshots on. Sold them in the 80's and they have upgraded on IBM a few times since than.

ebay is great for this...

[bani]

You could probably make a living selling data snarfed from used disks/tapes off ebay.

I picked up some "blank" used DLT tapes from ebay. These "blanks" contained a filesystem backup for the online store of a multibillion dollar corporation.

Why get so worried about personal data being stolen by l337 h4x0rz through the intarweb? All they need to do is buy a bunch of used media off ebay -- much easier.

In Canada...

[myov]

One of the major banks decomissioned servers which eventually wound up on ebay. The person who bought them discovered that all data was still intact.

Re:Warranty policies

[Michael Hunt]

Reminds me of an anecdote I heard a few years back. It's off-the-wall enough to be true, but I don't vouch for its accuracy. It was a pub conversation, after all.

Co-worker at a previous job had an acquaintance who was working for a defense contractor (RLM, i think it was), on some crazy uber-classified Over-the Horizon Radar project. They used an absolute stackload of data in Compaq (ex DEC) SANs, I'm told.

Due to the fact that all this data was classified at some level, and they were a good customer, Compaq gave them an unconditional replacement guarantee on the disks in their RAID arrays. If one failed, Compaq didn't want it back.

So, this friend of a friend started sending in bogus RMA requests and taking the disks home. When this came to light, Compaq, obviously, were rather aggrieved. Since they couldn't do him for theft (the contract being rather ambiguous, and they HAD issued him with the RMAs,) they had the Australian Fed. Police arrest him for Treason.

He got 5 to 10 years.