AOH :: ISN-2803.HTM

Computer sale heightens LANL security concerns

Computer sale heightens LANL security concerns
Computer sale heightens LANL security concerns 

The New Mexican
August 1, 2006

Los Alamos National Laboratory employees auctioned off a surplus computer 
last year without wiping lab documents off the laptop's hard drive, 
government investigators said.

No classified information was on the computer, but the lab didn't follow 
its own rules or U.S. Department of Energy rules, the department's Office 
of Inspector General wrote in a report released Monday.

"This resulted in the unauthorized release of a computer hard drive 
containing laboratory documents on matters such as budget, time and 
attendance, and unclassified procedures for transmitting classified 
information," the inspector general's report reads.

The report said the handling of the documents on the hard drive, which 
were from a lab-training facility, raise serious concerns about security 
at the lab, where scientists manage the nation's nuclear-weapons 

The lab has since developed new guidelines to "sanitize" salvaged 
computers of information or to remove their hard drives altogether, said 
an official with the National Nuclear Security Administration, which 
oversees the lab.
"Since this particular incident, we have had no similar occurrences," lab 
spokesman Steve Sandoval said.

Random inspections of the new program since last October have shown the 
program is working, Michael C. Kane of the NNSA wrote in a response to the 

The report was made public the same month that Energy Secretary Samuel 
Bodman reprimanded a senior official because 1,502 nuclear-weapons workers 
were not told for nearly

10 months that their Social Security numbers and other information had 
   been stolen by a computer hacker from a National Nuclear Security 
   Administration service center in Albuquerque.

"Recent events concerning the loss of personal information by government 
agencies have highlighted the need to protect sensitive information and 
take timely follow-up actions when that information may have been 
compromised," Inspector General Gregory Friedman wrote in a letter 
accompanying the report dated July 26.

The report had three recommendations: First, that all surplus computers 
are "sanitized," or wiped clean of all information; that all hard drives 
are removed before the computers are sold; and that the lab maintain an 
accurate inventory of its surplus equipment. The report also said those 
recommendations are applicable across the department.

The computer, an Apple MAC G4, was sold to an employee of KOB-TV on Aug. 
13, 2005, at an Albuquerque auction house. The television station ran a 
report on Aug. 25. That spurred the inspector general's report as well as 
a lab investigation.

The subcontractor that sold the surplus computer at the auction had that 
authority taken away until new procedures were established. Seven 
computers had already been sold and were not available for inspection. The 
new owners were contacted, and they said there were no hard drives.

An inspection of a sample of other computers at the auction house found 
they did not have hard drives in them, according to the report.

Los Alamos has a history of computer-related security problems, including 
several instances in which computer disks containing nuclear secrets went 
missing or were misplaced in recent years.

After a run of embarrassing financial and security lapses, the Energy 
Department put the lab's management contract up for bid. The lab had been 
run for more than 60 years by the University of California. The new team, 
which took over in June, includes UC and several corporate partners.

The Associated Press contributed to this report.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches. 

Site design & layout copyright © 1986-2014 CodeGods