Connect with us

Technology

Western companies send old servers full of sensitive info to foreign countries

Published

on

[ad_1]

Servers for data storage are seen at Advania's Thor Data Center in Hafnarfjordur, Iceland August 7, 2015.  REUTERS/Sigtryggur Ari Servers at a data centre in Iceland.Thomson Reuters

  • Western companies routinely sell their old tech hardware to private companies in foreign countries, without wiping the sensitive data on them first.
  • A Business Insider source found a large database of the Dutch public health insurance system on old equipment abandoned after a hardware upgrade.
  • He also found the codes for controlling the traffic lights in multiple Spanish cities. 
  • It’s pointless worrying about hackers breaking into our systems if we’re giving away data to anyone with a credit card in the hardware refurbishing business, the source says.

Western companies routinely abandon confidential, sensitive, and personally identifying information to private companies in foreign countries when they upgrade their servers, workstations, and networking gear for new hardware, a source tells Business Insider.

The unprotected data is a goldmine for hackers.

The source, based in Romania, approached us after reading our December 22 article on whether hackers had the ability to take entire countries offline. The source runs an IT hardware refurbishment company that buys up old equipment from countries such as Spain, the Benelux area, and the UK, and sells it to customers who don’t need top-spec equipment. Typically he is buying truckloads of old servers, “stuff that is past its prime or out of warranty, but it is still perfectly usable. The procedure is simple: hardware comes in, gets evaluated, fixed, wiped, sold,” the source says.

The problem, our source says, is that even when the incoming hardware has been marked as being already wiped clean it often is not. 

A “mostly complete” directory of “passwords for a major European aerospace manufacturer”

“Over the last 3 years I have found a lot of crazy things,” the source says, including:

  • A mostly complete database of the Dutch public health insurance system, with social security data, billing, addresses, medical histories. “Imagine the social engineering scams you could do with this data,” the source says.
  • Codes, software and procedures for the traffic lights and railway signalling “for a few major Spanish cities.” “Imagine the potentially deadly effects of this getting where it shouldn’t,” he adds.
  • Customer credit card data including addresses and shopping habits for a major UK supermarket chain.
  • And, alarmingly, “a mostly complete (and as far as I could tell, still up to date and functional) employee directory with access codes / badges / smartcards / passwords for a major European aerospace manufacturer.”

Our source asked for anonymity because his company and its clients would be angered if their identities appeared in an article about lax security.

But two independent sources with industrial cybersecurity expertise — Nir Giller, the CTO of CyberX and Darktrace Director of Technology Andrew Tonschev — both confirmed to Business Insider that the Romanian source’s scenario was both common and plausible.

“Right now, I’m looking at the sensor listing, their IP’s and access data”

“Even now, I am processing the remains of a server farm that until a month or so ago, was part of a power company in France,” our source says. The buyer noted the ability of hackers to burn down factories simply by accessing unprotected systems which control things like temperature sensors that prevent equipment from burning out. “Guess what, data [from the French company] is still there,” the source claims. “Right now, I’m looking at the sensor listing, their IP’s and access data. Obviously, I’m sanitizing everything before passing it on, but it never should have gotten into my hands in the first place.”

The source says that sometimes the data he finds is so critical that he contacts the originating company to alert them to that they have a problem with security. “In most cases the reaction was one of disbelief, ‘no, it cannot happen to us, we’re well protected!'”

As more companies lease server space, fewer of them know what happens when those leases end

The problem exists because of the way server space is discarded by large corporations. Few companies want the bother of maintaining their own server farms. So they lease space from specialists. At the end of a lease, companies can walk away from their contracts — leaving the servers with the vendor, which is supposed to carefully destroy the data. Alternatively, when older servers reach the end of their warranty they are replaced in “forklift” upgrades, en masse. In both cases, the disused servers are supposed to be wiped by certified experts using special software and approved processes. In reality, it’s quicker to skip steps, or not do it properly, or let mistakes go. The result is that the original data is often accessible even when an old server has been certified clean. 

“The West is failing at an institutional level to keep their critical data safe,” the source says “No need for CSI-worthy hacking stories, just a credit card to buy up your used hardware – odds are the data will be still there, even if someone marked them as already wiped.”

[ad_2]

Source link

قالب وردپرس

Technology

More groups join in support of women in STEM program at Carleton

Published

on

By

OTTAWA — Major companies and government partners are lending their support to Carleton University’s newly established Women in Engineering and Information Technology Program.

The list of supporters includes Mississauga-based construction company EllisDon.

The latest to announce their support for the program also include BlackBerry QNX, CIRA (Canadian Internet Registration Authority), Ericsson, Nokia, Solace, Trend Micro, the Canadian Nuclear Safety Commission, CGI, Gastops, Leonardo DRS, Lockheed Martin Canada, Amdocs and Ross.

The program is officially set to launch this September.

It is being led by Carleton’s Faculty of Engineering and Design with the goal of establishing meaningful partnerships in support of women in STEM.  

The program will host events for women students to build relationships with industry and government partners, create mentorship opportunities, as well as establish a special fund to support allies at Carleton in meeting equity, diversity and inclusion goals.

Continue Reading

Technology

VR tech to revolutionize commercial driver training

Published

on

By

Serious Labs seems to have found a way from tragedy to triumph? The Edmonton-based firm designs and manufactures virtual reality simulators to standardize training programs for operators of heavy equipment such as aerial lifts, cranes, forklifts, and commercial trucks. These simulators enable operators to acquire and practice operational skills for the job safety and efficiency in a risk-free virtual environment so they can work more safely and efficiently.

The 2018 Humboldt bus catastrophe sent shock waves across the industry. The tragedy highlighted the need for standardized commercial driver training and testing. It also contributed to the acceleration of the federal government implementing a Mandatory Entry-Level Training (MELT) program for Class 1 & 2 drivers currently being adopted across Canada. MELT is a much more rigorous standard that promotes safety and in-depth practice for new drivers.

Enter Serious Labs. By proposing to harness the power of virtual reality (VR), Serious Labs has earned considerable funding to develop a VR commercial truck driving simulator.

The Government of Alberta has awarded $1 million, and Emissions Reduction Alberta (ERA) is contributing an additional $2 million for the simulator development. Commercial deployment is estimated to begin in 2024, with the simulator to be made available across Canada and the United States, and with the Alberta Motor Transport Association (AMTA) helping to provide simulator tests to certify that driver trainees have attained the appropriate standard. West Tech Report recently took the opportunity to chat with Serious Labs CEO, Jim Colvin, about the environmental and labour benefits of VR Driver Training, as well as the unique way that Colvin went from angel investor to CEO of the company.

Continue Reading

Technology

Next-Gen Tech Company Pops on New Cover Detection Test

Published

on

By

While the world comes out of the initial stages of the pandemic, COVID-19 will be continue to be a threat for some time to come. Companies, such as Zen Graphene, are working on ways to detect the virus and its variants and are on the forefronts of technology.

Nanotechnology firm ZEN Graphene Solutions Ltd. (TSX-Venture:ZEN) (OTCPK:ZENYF), is working to develop technology to help detect the COVID-19 virus and its variants. The firm signed an exclusive agreement with McMaster University to be the global commercializing partner for a newly developed aptamer-based, SARS-CoV-2 rapid detection technology.

This patent-pending technology uses clinical samples from patients and was funded by the Canadian Institutes of Health Research. The test is considered extremely accurate, scalable, saliva-based, affordable, and provides results in under 10 minutes.

Shares were trading up over 5% to $3.07 in early afternoon trade.

Continue Reading

Chat

Trending