NASA Selling PCs Without Erasing Classified Data

Thursday, December 09, 2010



An audit of used hardware being sold off by the National Aeronautics and Space Administration (NASA) found that the majority of the hard drives had not been properly wiped clean of sensitive data.

Ten of the fourteen computers tested in the audit still had information on them, and at least one contained data on the Space Shuttle considered to be secret in nature.

Contractors charged with eliminating data prior to the sale of the equipment were found to be using software for the procedure that was not approved by the agency.

Other contractors and NASA personnel were found to be deficient in their efforts to properly mark and track the hardware as having been properly cleared.

Pallets of PCs were were found in an electronics recycling center with NASA IP addresses on the processor cases, presenting a serious security problem according to the report:

"Release of NASA Internet Protocol addresses is a potential security weakness because these addresses could provide a hacker a means to gain unauthorized access to NASA's internal network. Knowing a specific Internet Protocol address allows a hacker to target a particular computer, test the system for vulnerabilities, and possibly load malicious software programs or access information on the computer or network."

Also noted in the report were hard drives that had been disposed of in a publicly accessible dumpster.

With all of the panic inspired by the WikiLeaks data dumps, it is mind boggling to think the findings in this audit is just business as usual.

This report follows on the heels of news that the Department of Defense (DoD) is still trying to figure out what other documents may have been compromised in the WikiLeaks breach.

The DoD had announced hours before the latest WikiLeaks disclosures that only sixty percent of the department's systems were meeting even the most basic definitions of "secure".


Possibly Related Articles:
Data Loss Hardware NASA Headlines PC Security WikiLeaks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.