A hard drive, containing confidential data belonging to the Brandenburg police in Germany, was auctioned over eBay and bought by a student from the city of Potsdam for €20 (us$25/£14) according to a report by Spiegel, a leading weekly German newspaper.
The 20GB hard drive contained sensitive information detailing internal alarm plans on how the Police should handle “specific incidences” like hostage and kidnapping situations.
The drive also contained tactical orders and analysis of political security situations, along with contact names in the ‘crisis management group.’
This strictly confidential material should only be available to top level intelligence staff, the head of police, and the executive group around the Minister of Interior Schönbohm.
Schönbohm immediately banged tables loudly and initiated an investigation to discover how the hard drive ended up being sold over eBay and whether the information was leaked as a criminal act or some sort of inside blunder/employee theft (our money’s on the latter).
This cock up by the Brandenburg Police is not the first time a hard drive sold over eBay has set security bells ringing.
Last year, mobile security specialists Pointsec bought a load of hard drives off Internet auctions like eBay to find out how much sensitive company information they could unearth (and publicise their expertise in the bargain, natch).
Not surprisingly, they discovered that they were able to read 7 out of 10 of the hard drives, with their first purchase revealing the access and login codes to a major financial services group.
Peter Larsson, CEO of Pointsec Mobile Technologies, adopted an earnest face and commented, “Even when companies or individuals believe they have wiped the hard drive clean, it is blatantly clear how easy it is to retrieve sensitive information from them both during their current lifetime and beyond it.”
He added that this week’s exposure of leaked and highly critical information from the Brandenburg police in Germany “reinforces how important it is to never let mobile devices or hard drives leave the office without being adequately protected with encryption and strong password protection – even after they have been discarded.”
Pointsec sagely recommends that unencrypted drives should be re-formatted to within an inch of their lives before disposal (well, at least eight times) or professional “wipe-clean” software used.
Of course, if your drive contains nuclear secrets or damning photos of your late night encounter with an armadillo in stockings, the only way to absolutely guarantee the destruction of the data would be to torch it. And then take a hammer to it. And then stamp on it. And then…..
Out-law.com (via The Register)