Dusty open-air markets near Pakistan's Peshawar, or Nigeria and China are some of the places where one acquire computer hard drives that are bought second-hand containing sensitive and highly classified data on US defence systems, company business information or personal information, revals a research report from the Faculty of Advanced Technology at the University of Glamorgan.
Highly sensitive and classified details of the US military missile air defence system called THAAD were found on a second-hand hard drive bought on eBay, according to researchers from the university'd research team.
A disk bought on eBay by the research team, revealed details of test launch procedures for the THAAD (terminal high altitude area defence) ground to air missile defence system, used to shoot down Scud missiles in the 1991 US-Iraq war.
The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin – who designed and built the system.
The THAAD project was sanctioned by the then US President Ronald Reagan as part of the "Star Wars" Strategic Defence Initiative in the 1980s.
A spokesman for Lockheed Martin, the maker of the THADD launch system, said that the company was not aware of any compromise of related data and no government agency had asked it about any related data theft or loss.
The hard disk drive is now with the FBI.
University of Glamorgan researchers found that a significant number of computer hard drives that are bought second-hand still contain sensitive company and personal information.
The 5-year survey, now in its fourth year, was commissioned by BT, and conducted on over 300 computer hard disks bought from the UK, America, Germany, France and Australia through computer auctions, computer fairs and eBay.
The purpose of the survey is to enlighten the public on the grave risk of disposing of computer equipment without properly erasing personal and commercial data.
Researchers found that 34 per cent of the disks examined bought by the researchers contained a wide range of information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, job descriptions and even clasified defence information.
The research was carried out by BT's Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith CowanUniversity in Australia and LongwoodUniversity in the US.
The researchers say that a ''surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.''
Confidential material including network data and security logs from the German Embassy in Paris were discovered on a disk from France.
One disk from a US bank revealed account numbers and details of proposals for a $50-billion currency exchange through Spain. There also appeared details of business dealings originating in the US with organisations in Venezuala, Tunisia and Nigeria.
Personal correspondence was also found from a member of the Federal Reserve Board suggesting one of the deals, already under scrutiny by the European Central Bank, looked suspicious.
A number of disks contained data from a well known UK-based fashion company, including information relating to trading performance, budgets, discount codes and customer names and addresses.
Another contained what appeared to be corporate data from a major motor manufacturing company, including references to design and engineering for vehicle interiors.
In Australia, one disk from a nursing home, had contained photographs of patients with their wounds.
Professor Andrew Blyth who led the research at the University of Glamorgan commented, ''Of significant concern is the number of large organisations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data.''
Dr Andy Jones, head of information security research at BT said, ''This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks. For a very large proportion of the disks we looked at, we found enough information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail and identity theft. Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly.''
In August last year, Andrew Chapman, an IT manager at the University of Oxford, found personal details of more than a million people on a second-hand laptop computer he had bought on eBay.
The laptop contained information of peoples personal data related to their bank accounts, mobile phone numbers, dates of birth, e-mail addresses and signatures of customers of the Royal Bank of Scotland, NatWest bank and American Express.
Nigeria is the home for second-hand BlackBerries containing data, which are often sold for a premium in Nigerian street markets.
China buys all disk drives from second-hand computers, where most of the information is still intact.
In the industrial area of Peshawar in Pakistan, stolen US military equipment and computers are sold openly in the market.
A reporter for Military.com bought a US military laptop for $650, from a small shop at the Sitara Market near the border of Peshawar in February.
The US military marking and rugged laptop had US military serial numbers and contained classified military information, as well as software for military platforms.
Crucially, the laptop also had the identities of many military personnel and details of the weaknesses and flaws in American military vehicles, which were deployed in the Afghanistan war front.
In April, 2006, the Los Angeles Times reported that miniature hard drives containing sensitive military information were being sold in markets, which is a mere two hundred yards from the US Bagram air base in Afghanistan.