Page last updated at 05:48 GMT, Thursday, 7 May 2009 06:48 UK

Missile data found on hard drives

Prof Andrew Blyth said he found pictures of someone with a gun and also pornography

Sensitive information for shooting down intercontinental missiles as well as bank details and NHS records was found on old computers, researchers say.

Of 300 hard disks bought randomly at computer fairs and an online auction site, 34% still held personal data.

Researchers from BT and the University of Glamorgan bought disks from the UK, America, Germany, France and Australia.

The information was enough to expose individuals and firms to fraud and identity theft, said the researchers.

Professor Andrew Blyth said: "It's not rocket science - we used standard tools to analyse the data".

The research involving the Welsh campus was led by BT's Security Research Centre and included researchers at Edith Cowan University in Australia and Longwood University in the US.

In addition to finding bank account details and medical records, the work unearthed job descriptions and personal identity numbers as well as data about a proposed $50bn currency exchange through Spain.

A majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks
Dr Andy Jones, BT

Details of test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground-to-air missile defence system were found on a disk bought on eBay.

The missile system, tested as recently as March 2009 following a controversial missile test by North Korea, is designed to destroy long-range intercontinental missiles launched by terrorists or countries the US considers to be "rogue states".

The missile system was designed and built by US defence group Lockheed Martin and the same computer hard disk also revealed security policies and blueprints of facilities at the group, and personal information on employees.

The researchers said a disk from France included security logs from an embassy in Paris, while two disks from the UK appear to have originated from a Scottish health board.

Hard drive (EyeWire)
Drives were bought in America, the UK, Germany, France and Australia

The disks had information from the Monklands and Hairmyres hospitals, part of Lanarkshire health board, and revealed patient medical records, images of x-rays, medical staff shifts and sensitive and confidential staff letters.

Another disk, from a US-based consultant, formerly with a US-based weapons manufacturer, revealed account numbers and details of proposals for the $50bn currency exchange as well as details of business dealings between organisations in the US, Venezuela, Tunisia and Nigeria.

Personal correspondence was also found from a member of a major European bank.


Prof Blyth, an expert in computer forensics and principal lecturer at the University of Glamorgan's faculty of advanced technology, said the results were in line with previous studies which showed 40%-50% of second-hand disks that can be powered up contained sensitive data.

He said: "While it's not getting worse, its not getting any better either.

"It's not rocket science. I could probably take somebody who is 14 or 15 years old and in a day have them doing this."

Dr Andy Jones, head of information security research at BT, said: "It is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks.

"Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly."

In a statement, Lanarkshire health board said: "This study refers to hard disks which were disposed of in 2006. At that time NHS Lanarkshire had a contractual agreement with an external company for the disposal of computer equipment.

"In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable."

The board has carried out a review of its policies and now no longer uses external companies to dispose of IT equipment, the statement added.

A spokesman for Lockheed Martin said the company was not aware of any "compromise of data" related to the THAAD programme, and no government or law enforcement agency had notified it of any such loss.

The results of the study, the fourth in a five-year project, will be made available in a paper appearing in the next issue of the Journal of International Commercial Law and Technology (JICLT) 2009.

Print Sponsor

Hard drive destruction 'crucial'
12 Jan 09 |  Technology
Police data details found at dump
26 Dec 07 |  Devon
Warning on hard drives' security
17 Feb 05 |  Wales
Alarm sounded on second-hand kit
29 Sep 08 |  Technology
Dangers of second-hand PC market
14 Aug 06 |  Real Story
Mechanics of e-waste recycling
03 Jul 07 |  Science & Environment

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific