14 DAY TRIAL // Journalism students from University of British Columbia (UBC), who were investigating e-waste dumping in underdeveloped countries, have uncovered a serious data breach. They have found U.S. government contracts marked sensitive on a scrapped HDD acquired from an open-air market in Ghana.
UBC Associate Professor Peter Klein and a group of students from the UBC's Graduate School of Journalism set out to investigate a growing problem in developing countries – electronic waste dumping. The investigation aired on the Public Broadcasting Service as part of its FRONTLINE/World program, under the title "Ghana: Digital Dumping Ground."
One of the students bought several second-hand hard disks from a local open-air market for a little over $35. The drives, scavenged by locals from a local e-waste dumping site, were taken back to a computer lab for analysis. Many of them contained the personal and financial information of their previous owners, including things such as credit card data or histories of online transactions, but one in particular shocked its new owners.
Apparently, the controversial HDD used to belong to Northrop Grumman, one of the largest U.S. military contractors. On it, the students found contracts between the company and the likes of the Defense Intelligence Agency, the Transportation Security Agency or the National Aeronautics and Space Administration (NASA).
One Transportation Security Agency contract contained information about how people were recruited for security-related positions at airports. "The government contracting process is supposed to be confidential. If I know how you're hiring the people for security related job, TSA air marshals, then I can prepare a person to fit that model and get my guy in. Once I have my guy in, you have no security," James Durie, a data security expert working for the FBI who inspected the drives, commented.
Northrop Grumman said in a statement that it believed the security breach occurred at one of its asset-disposal vendors, from where the drive might have been stolen. "The fact that this information is outside our control is disconcerting," the company commented, according to Network World.
"It was a wonderful, ironic twist. Here were these contracts being awarded based on their ability to keep the data safe," Professor Klein noted. "The reason the students discovered this security breach is that they took the time to go see for themselves what’s going on [e-waste dumping], without pre-conceived ideas of the story, and they did some amazing enterprise reporting," he added.