Friday, August 26, 2005

Media Reports on Recycled Computer

To/MS: All Employees
From/MS: Robert W. Kuckuck, DIR, MS A100
Phone/Fax: 7-5101/Fax 7-2997 (fax)
Symbol: DIR-05-323
Date: August 26, 2005
Subject: Media Reports on Recycled Computer


By now most employees have seen or heard about media reports
concerning a recycled Laboratory computer with intact files that
was purchased at an auction house by an employee of KOB-TV. I
would like to update you on what we currently know about this
issue.

The Laboratory's property database shows that the computer with
the serial number provided by KOB-TV was purchased by the
Laboratory in late 2002 and recycled in July 2005. The computer
had four owners, all of whom worked in an organization that does
not process classified material and which is located in an open
area. As such, the Laboratory has no reason at this time to
believe that the machine contains classified information. In
fact, the Laboratory does not ever recycle computers that have
been used to process classified information.

The images of what the KOB reporter termed "classified"
information that were shown in last night's televised report
appear to be phrases that are contained in two unclassified memos
regarding the handling of documents that were openly sent to all
employees during the time the computer was in use.

Laboratory security personnel are examining a copy of backup files
from the computer's hard drive and are working with the computer's
most recent user to confirm that the machine does not contain
classified or sensitive information. A preliminary review
indicates that no classified information was housed on the machine
at any time.

As could be expected, the provocative nature of the KOB-TV story
has led our sponsoring agencies and others to inquire about the
incident. We have apprised them of the true facts and are
cooperating fully in these inquiries.

Because of this situation, I want to remind all employees that the
Laboratory does have established procedures in place that are
designed to prevent incidents like this from occurring. Every
Laboratory employee should ensure that they follow these
procedures prior to declaring a computer as excess. Responsible
mitigating actions include user certification that the hard drive
on a computer has been wiped or degaussed prior to the computer's
removal from the user's organization.

Standard Laboratory procedures also call for removal of hard
drives and other memory devices from computers prior to public
sale. The Laboratory is investigating why the computer's hard
drive had not been removed and why it still contained readable
files. I will keep all of you updated on this issue as we learn
more.

Comments:
Well done Bob. Now, would you like to take a crack at addressing the huge credibility gab that presently exits between the LANL PA office, and the rest of the world?

Thank you in advance.
 
Standard Laboratory procedures also call for removal of hard drives and other memory devices from computers prior to public sale. The Laboratory is investigating why the computer's hard drive had not been removed and why it still contained readable
files. I will keep all of you updated on this issue as we learn
more.---Kuckuck ???

Then how come one Division fired off a note this morning stating that it's SOP to auction lab computers WITH hard drives because buyers (charitable organizations according to the memo) get more for their money? And because they are sold with drives, the USER is responsible for "wiping" them. No one I talked to today EVER heard about being responsible for wiping hard drives nor has anyone been trained to do so. The user has no idea when a computer will be sold because not all salvaged computers ARE sold.
 
10:14 you have a very good point. The memo that you cited is not official policy as far as I have been able to determine. This is another case of LANL hedging its bets so they could claim there was a policy in place that would allow them to scapegoat the computers former owner if it became politically expedient. LANL uses its conflicting policies in this way to attempt to avoid the admission that they have no acceptable systems or policies in place to deal with day-to-day operations at the lab. The bottom line is that LANL will never admit their incompetence in managing this facility and every employee is at risk because of it. I feel for the next person whose number comes up in this lottery.

John N. Horne
 
The "official policy" is that one either wipes drives or pulls them out to be destroyed, according to my ISSO. I have not had any experience with wiping all system's drives, but with PC wipe it's very easy to clean up PC drives, and it cleans them up to DOD specs.

Either Kuckcuk did not take the time to investigate the policy before issuing this email or by the time the definition of it traveled from S division to him it was totally garbled.

Since the flak over the attempted Mustang purchase, I have avoided watching the news from all Albuquerque stations. And it's easy to skip the articles in the local newspapers. Kuckuck was correct in saying that this was just provocative reporting from a station out to boost its ratings.
 
It is not easy to securely wipe a PC drive. People are fooling themselves
if they think it is easy. Using some "DOD Certified" wiping program while
you are still in the OS will not completely cleanse a drive. The only secure
means of wiping a PC drive is to boot into DOS (using a floppy or CD),
and then execute a low-level disk-cleaner/formatter. Most people have no
idea how to do this type of operation. Even software on ESD like "BCWipe"
will not completely cleanse your disk. If you don't believe me, check
out the numerous criminals who thought they were good at cleansing a hard
drive, but are now behind bars due to the excellent disk forensic work that
people in the FBI can perform. If you don't do a low-level write-over and
low-level re-format of all the disk sectors (while not within the original
OS), you have not scrubbed the disk. And the only means to fully scrub
a hard disk is to open it up, smash it into little pieces with a hammer,
degauss it with a mighty strong magnet, and then follow this all up with
a long, high temperature baking of the parts. Magnetic signals can be a
real bitch to get rid of completely.
 
BTW, if you are using a Mac, rather than a Windows machine, you'll need
to attempt a boot into Classic Mac mode via a floppy or CD, and then
use a low-level cleanser/formatter. Alternatively, you can use a CD bootable
version of Linux for the Mac (ie, Ubuntu for PowerPC chips), and then
perform the low-level cleansing. This is not something I would expect
the casual user to be tasked with as part of their offical duties.
 
A computer that has had four owners in four years is probably a student intern computer. I doubt there's anybody around to take the fall for it even if dozens of Students' Association picnic emails have fallen into enemy hands.
 
The drive wipe software I use does not boot
into the OS. The computer boots from the
CD, and the software will wipe the drive to DOD standards if that's what is selected. Of course drive wipe software that runs after the system boots will not clean up the drive, and who would expect it to.

This is not what the user is asked to do. It's what the user should ask qualified sys admins to do prior to salvaging equipment.
 
Geeze, the training office buys a computer in 2002, and then pitches it
in about two short years? It's clear that the training office clearly
has money to burn. But, then, the training office doesn't have to
bring in any funding to support their costs, do they? Other groups that
don't live off support overhead aren't nearly as extravagant with their
equipment budgets. If you work hard to bring in lab funding, you now
know one additional way in which your overhead burden is squandered.
 
"Of course drive wipe software that runs after the system boots will not
clean up the drive, and who would expect it to." (10:14pm)

Actually, lots of people would probably expect it to cleanse their drives.
That's one reason why so many crooks are in jail today. When people use a
"shred file" capability, they think they have erased all traces of a file's
contents. Not so.
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?