Western companies routinely abandon confidential, sensitive, and personally identifying information to private companies in foreign countries when they upgrade their servers, workstations, and networking gear for new hardware, a source tells Business Insider.
The unprotected data is a goldmine for hackers.
The source, based in Romania, approached us after reading our December 22 article on whether hackers had the ability to take entire countries offline. The source runs an IT hardware refurbishment company that buys up old equipment from countries such as Spain, the Benelux area, and the UK, and sells it to customers who don’t need top-spec equipment. Typically he is buying truckloads of old servers, “stuff that is past its prime or out of warranty, but it is still perfectly usable. The procedure is simple: hardware comes in, gets evaluated, fixed, wiped, sold,” the source says.
The problem, our source says, is that even when the incoming hardware has been marked as being already wiped clean it often is not.
“Over the last 3 years I have found a lot of crazy things,” the source says, including:
Our source asked for anonymity because his company and its clients would be angered if their identities appeared in an article about lax security.
But two independent sources with industrial cybersecurity expertise — Nir Giller, the CTO of CyberX and Darktrace Director of Technology Andrew Tonschev — both confirmed to Business Insider that the Romanian source’s scenario was both common and plausible.
“Even now, I am processing the remains of a server farm that until a month or so ago, was part of a power company in France,” our source says. The buyer noted the ability of hackers to burn down factories simply by accessing unprotected systems which control things like temperature sensors that prevent equipment from burning out. “Guess what, data [from the French company] is still there,” the source claims. “Right now, I’m looking at the sensor listing, their IP’s and access data. Obviously, I’m sanitizing everything before passing it on, but it never should have gotten into my hands in the first place.”
The source says that sometimes the data he finds is so critical that he contacts the originating company to alert them to that they have a problem with security. “In most cases the reaction was one of disbelief, ‘no, it cannot happen to us, we’re well protected!'”
The problem exists because of the way server space is discarded by large corporations. Few companies want the bother of maintaining their own server farms. So they lease space from specialists. At the end of a lease, companies can walk away from their contracts — leaving the servers with the vendor, which is supposed to carefully destroy the data. Alternatively, when older servers reach the end of their warranty they are replaced in “forklift” upgrades, en masse. In both cases, the disused servers are supposed to be wiped by certified experts using special software and approved processes. In reality, it’s quicker to skip steps, or not do it properly, or let mistakes go. The result is that the original data is often accessible even when an old server has been certified clean.
“The West is failing at an institutional level to keep their critical data safe,” the source says “No need for CSI-worthy hacking stories, just a credit card to buy up your used hardware – odds are the data will be still there, even if someone marked them as already wiped.”
John McCann The sun is out (still pretty cloudy though…), the arrivals hall at McCarren International Airport is filled with a buzz of excitement and there’s a lanyard hanging round our neck. It can mean only one thing… it’s time for CES 2019! CES 2019 is the world’s biggest tech show, and we’re reporting live...
The good 125x 24-3,000mm (equivalent) lens Excellent image stabilization Fully articulating LCD 4K UHD video RAW capabilities The bad Bulky Variable image quality No touch screen Short battery life Verdict Even with its impressive focal range of 24mm to 3,000mm (35mm equivalent), this camera is a lot for the average photographer to handle. But, with...