BreachExchange mailing list archives
German military laptop with classified data sold on Ebay
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 18 Mar 2020 09:26:15 -0500
https://www.dw.com/en/german-military-laptop-with-classified-data-sold-on-ebay/a-52791809 German security researchers discovered easily accessible, classified military information on a laptop sold on eBay. Security specialists from G Data, based in the western city of Bochum, bought a used Bundeswehr laptop for €90 ($100). On the computer were a series of documents, including instructions on how to destroy the LeFlaSys Ozelot air defence system. The LeFlaSys Ozelot is a mobile air defense missile system first deployed in 2001 and still in use today. The surface-to-air system is used to quickly react against air threats, protecting command centers and troops on the move. The files were marked "VS-Nur für den Dienstgebrauch" — the lowest level of secret classification. Unsecured system G Data security expert Tim Berghoff told DW the rugged, splash-proof computer weighed 5 kilograms (11 pounds) and was designed for field use. Berghoff said the device was probably made in the early 2000s and still ran well. "The notebook PC we acquired contains extensive technical information on the LeFlaSys system, including step-by-step instructions for operation as well as maintenance. Information on how to operate the target acquisition system, as well as the weapons platform itself, can be found on there, and, of course, instructions on how to destroy the entire system to prevent its use by enemy forces," Berghoff told DW. He and Alexandra Stehr, a developer in G Data's threat analysis team, created a bit-by-bit copy of the hard drive. "It was easy to access the information. The Windows login required no password. The login for the program that contained the documentation of the weapons system was protected with a very easy-to-guess password. From then on, you could freely browse through the documentation." The device was sold by a recycling firm from Bingen. Read more: German Defense Ministry 'illegally' wiped phone data of Ursula von der Leyen BUNDESWEHR STRUGGLES WITH FAULTY DEFENSE EQUIPMENT Faulty tanks and grounded helicopters — today in the German military Frustrated soldiers and a defense system struggling to repair its way into a fully functioning military. And a new defense minister who will have to regain confidence from army representatives. Data should have been destroyed The Defense Ministry told German news magazine Der Spiegel, who first reported on the case, that the recycling firm was responsible for destroying the data. "The old computers used for LeFlaSys have all been decommissioned and sent for recycling with orders to erase or render existing storage media unusable," a spokeswoman told the news magazine. "It can be assumed that an error occurred during the recycling of the computer in question." It said the information recovered was not a serious data breach and did not give potential enemies critical information. The military is legally obligated to destroy all data before selling IT equipment. In 2019, a forest ranger from Upper Bavaria found classified instructions for the Mars mobile rocket artillery when he bought four laptops from an auction run by federal authorities. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- German military laptop with classified data sold on Ebay Destry Winant (Mar 18)