eBay shows us another example of why passwords and encryption are important.
According to the New York Times, a decades-old Petium III laptop, which was recently purchased by German cybersecurity firm G Data CyberDefense from eBay, contained confidential information on a surface-to-air missile system that Germany’s air force still uses.
The information on the missile system, which comprised a confidential user manual and schematics, was accessed without encryption and password protection. Specifically, the information relates to software for “a surface-to-air rocket, the Ozelot,” a weapon used to protect ground troops from air attacks.
Germany’s defense ministry is investigating how the laptop was sold in the first place, with its hard drive intact and so easy to access. “How the computer ended up on eBay is currently unclear,” Nadine Krüger, a spokeswoman for Germany’s defense ministry, told the New York Times.
Luckily, the systems on the laptop, which was “built at the turn of the millennium,” can’t be used to control or launch any missiles.
The New York Times calls the purchase “embarrassing,” and says that it reinforces the personnel and equipment problems that have “plagued” Germany’s armed forces.
G Data CyberDefense says that it bought the laptop for $100 “purely out of curiosity” in late 2019. It was only recently that an employee found the classified information sans password or encryption. While the information isn’t exactly usable, the fact that it was so easily accessible is a problem. Why wasn’t the hard drive wiped clean before it was put up for sale? Why wasn’t the information guarded with a password or encryption? If this piece of equipment was still being used for military purposes and not protected, who knows what trouble the German forces could have run into.
Even more concerning: these types of “noncompatible and outdated computer” are still used today to control modern weapons systems, and aren’t upgraded as frequently as commercially available computers, the New York Times says. Does that mean that data protection on these devices are noncompatible and outdated, too? That might mean cybercriminals can snatch up sensitive data without a problem, maybe even without getting caught. If this happens, it could be detrimental to the armed forces who depend on those systems to do their jobs, and to keep citizens safe