View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 18, 2020updated 20 Mar 2020 9:03am

A German Army Laptop Sold for €90 on eBay – With Military Secrets

Password: "guest".

By CBR Staff Writer

A decommissioned German army laptop sold on eBay for €90 contained classified military data, including ways to defeat a mobile air defense system in use today.

The laptop was bought from IT recycling firm Bingen by G Data, a prominent German software security firm, which detailed the incident in a March 16 blog.

Worryingly for the Bundeswehr, not only did it contain sensitive information, but administrative software was protected with the robust password “guest”. (The laptop itself, running the obsolete Windows 2000, was not password-protected).

As of 2019, it has apparently been strict policy that before any German military IT equipment is sold on, all non-volatile memory must be removed and destroyed.

(Computer Business Review dreads to think what was sold on prior to 2019. The incident is also a salutary reminder for CISOs that IT asset disposal protocols/partners matter; such incidents are not entirely uncommon, even if this data was unusual).

Wait, What?

The laptop contained detailed instructions about a tank currently in use that is equipped with a light anti-aircraft missile defence system known as the Ozelot.

This included detailed schematics and maintenance instructions for the anti-aircraft system, G Data found, in an incident reported this week by Der Spiegel.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

A spokesperson for the German Ministry of Defence told Der Spiegel: “The old computers for the LeFlaSys were all discarded and disposed of with the arrangement for deleting or rendering existing storage media unusable. It can be assumed that an error has occurred in the utilization of the computer in question.”

German MoD Laptop

The computer itself was a Roda with a massive 128 MB RAM and a Pentium III processor. On the side of the laptop the researchers from G-Data found a sticker with ‘Roda Rocky II + LeFlaSys data display device’ written on it.

German MoD

Credit: G-Data

When they scanned the data on the laptop they found maintenance instructions, schematic drawings and complete operating instructions.

At the top of each document is the German classification grade of VS which clearly marks it as sensitive material.

Tim Berghoff security researcher at G-Data wrote in a blog that on the event that: “The data contained in the Bundewehr (German MoD) computer are subject to only the lowest level of confidentiality.

“Nevertheless, those responsible should have removed the data carrier from the computer and destroyed it when it was retired.”

Justifying the acquisition, G Data noted: “As a machine for retro games, it is still good today – and it is also Soundblaster-compatible.”

See Also: Unauthorised Disclosures up FIVE-FOLD at the Ministry of Defence, While Device Losses Triple

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.