Wednesday, November 24, 2010

E-Waste Threat

Interesting vid. It's over a year old, but worth the watch.

What I find interesting is not just the environmental impact of the improper handling of electronic waste, but the security risk, as well. Public school districts, government agencies and large corporations, as well as private citizens, are sending their old computers off, not know where or in whose hands they will wind up.

Hard drives that can be salvaged are displayed at open-air markets. Off camera, Ghanaians admit that organized criminals sometimes comb through these drives for personal information to use in scams.

As part of the investigation, one of the students buys a number of hard drives to see what is on them, secretly filming the transaction to avoid the seller's suspicions.

The drives are purchased for the equivalent of US$35.

The students take the hard drives to Regent University in the Ghanaian capital and ask computer scientist Enoch Kwesi Messiah to help read what is on them.

Within minutes, he is scrolling through intimate details of people's lives, files left behind by the hard drives' original owners.

There is private financial data, too: credit card numbers, account information, records of online transactions the original owners may not have realized were even there.

"I can get your bank numbers and I retrieve all your money from your accounts," Messiah says. "If ever somebody gets your hard drive, he can get every information about you from the drive, no matter where it is hidden."

That's particularly a problem in a place like Ghana, which is listed by the U.S. State Department as one of the top sources of cyber crime in the world. And it's not just individuals who are exposed. One of the drives the team has purchased contains a $22 million government contract.

It turns out the drive came from Northrop Grumman, one of America's largest military contractors. And it contains details about sensitive, multi-million dollar U.S. government contracts. They also find contracts with the defense intelligence agency, NASA, even Homeland Security.

When the drives' data are shown to James Durie, who works on data security for the FBI, he's particularly concerned about the potential breach at the Transportation Security Administration (TSA).

"The government contracting process is supposed to be confidential. If I know how you're hiring the people for security related job, TSA air marshals, then I can prepare a person to fit that model and get my guy in," Durie says. "Once I have my guy in, you have no security."

So, TSA employees and contractors, under color of government authority, are groping and scoping Americans. Meanwhile, the government and its contractors are not doing what it takes to defend us against a real information security threat, which happens also to be an environmental and public health disaster.

Who is more stupid? Our government officials for doing what they do, or we Americans for letting them get away with it?

No comments:

Post a Comment