Slashdot Mirror
Is Your Banking Information Accidentally On Ebay?
GraWil writes "The Toronto Star is reporting how two Bank of Montreal computers containing thousands, of sensitive customer files were sold to a student who fixes up machines and then resells them on eBay. It seems that the company responsible for scrubbing the disks (Rider Computer Services Ltd.) misfiled the machines in their warehouse and it was assumed they had been erased." It's not the first time this sort of thing has happened.
Personally I have always been a big fan of physically shredding hard drives which have contained sensitive data. Although the risks associated with re-assembling and recovering wiped data from, say, a RAID 0+1 array is pretty minute, the cost in terms of loss of corporate image outweighs the few hundred bucks made by trading in used disks.
Seems like this event makes the case for encrypted HDs -- schemes that render data unretrievable without the proper passwords/biometric signatures/magic hardware dongles. The idea that all our personal records are stored in clear text on thousands of HDs and backup tapes at a myriad of institutions is not too pleasant.
As a purchaser/fixer/collector of old computers, I have seen many a file that some prior owner would probably have prefered I not. Although I, personally, have seen nothing of a criminal nature (or of a nature that would allow me to perpetrate a crime) I know others who have found strange files on old computers. Psychotic diary entries that advocated violence, financial records, proprietary engineering data, etc. all have an odd way of being left on HDs of obsolete machines. If a old machine stops working, few people make the effort to fix it in order to erase data. Systems that automatically make the data inaccessible in all but valid/authorized machine states would ensure the protection of the data.
Although any encryption system can be broken, by social engineering at the very least, it would be better if there were at least some barriers between sensitive data and potentially prying eyes.
Two wrongs don't make a right, but three lefts do.
While its fine to scrub hard disk clean of their data when they are working fine, what do you do when the hard disk has bad sectors?
That happened to me 2 years back. A Maxtor HDD went bad. Sent it back to Maxtor, got another one. The replacement turned out to be bad too.
Had to send that one back and got the 3rd HDD.
There was a lot of data on the 1st HDD I sent back to Maxtor.
I checked the Maxtor website for any statements as to what they do with their data but couldn't find anything.
Many people(unless they have 2 computers and know how to deal with IDE pins) will just send the disk to their manufacturers, whether it contains data or not. Scrubbing a disk clean with bad sectors requires you to isolate the bad sectors by partitioning.
Most companies who's machines hold sensitive data do retain/destroy the hard drives. You can find plenty of machines on ebay, sold stating 'without hard drive' or 'just requires hard drive'.
If it was law, rather than just good practice, maybe we'd feel a lot safer.
If you look at the article no one appears willing to take the blame for it, from the bank itself to its two subcontractors tasked with verifying that data is indeed gone from hard drives.
I find it appalling that the 'computer security team' sent to this guy's house were told to 'seize' the drives when clearly he was doing them a favour. Though they thanked him later and gave him replacement (presumably blank) drives, fuckups like these should have proper ramifications. Along the lines of dismissals.
Figures it was the Bank of Montreal. Those idiots can't do anything right, from paying their then-CEO too much to stupid online banking to hypocritical ad campaigns in 1996. Losers!
In Googling I came across this, which lists voluntary sector computing activities in Canada supported by the banks. Just think what interesting fundraising activities could have been made possible by this kind of donation...
========================================
Death will come, and will have your eyes
-- Pavese
Do you think your money is safe there?
l
http://www.ananova.com/news/story/sm_817915.htm
I'm too stupid to preview.
I once picked up a PC from a council tip (dump) and that contained full patient record, drug charts, names, addresses, even patient photographs. It was from a local mental institution apparently. In order to prevent this material becoming public they had taken the well thought out step of unplugging the IDE cable. Marvellous. That got formatted and ended up on Ebay. Seems the person responsible was doubley stupid as it seem he was throwing away a high end P2 (this was a fair few years back folks) because the HDD was full. Hey ho!
Point at the person who's job description says that they are responsible for ensuring that physical hard drives don't leave the bank's premises.
Easy, it's the IT director. Um, except that because it's physical, perhaps it's the non-IT security director. Maybe it's the branch manager. Possibly it's none of the above. Possibly it's all of them.
See the problem?
If you were blocking sigs, you wouldn't have to read this.
Physical destruction of used disk drives is not necessary and could in fact engender a false sense of security. Think about it ..... a "secure disposal company" could bake a drive at curie temperature for 24 hours in an alternating magnetic field of varying frequency, strap a hand-grenade to it and drop it down a disused mineshaft, but how can you be sure it's the same drive, or that they haven't made a backup of its contents? If you wanted to get hold of stuff people wanted rid of, what would be a better front for getting it?
..... there are a lot of things they thought were impossible ..... what if someone finds a way ..... Hell, sooner or later someone is going to come up with a scheme for disposing of the air from meeting rooms where secret conversations have been held. The simple scientific fact is that it takes only one overwrite cycle to make data unreadable. You can prove this to yourself using a disk sector editor, but it should be obvious anyway. If the drive could tell a "1 that used to be a 0" from a "1 that has always been a 1", or a "0 that has always been a 0" from a "0 that used to be a 1" with any degree of reliability, someone would already have used that as a capacity-doubling mechanism! It's possible that there might be some difference detectable with a sensitive analogue circuit, since there is a hysteresis loop and there really are the four states I described above. Two overwrites of opposite polarity will force the magnetic media into a known state. Even so, just one overwrite will give someone a massive headache trying to recover the data, because the "used-to-be" data has an inherently high error rate. It's already hard to tell "X that used to be !X" from "X that always has been X" and if the overwriting data is random enough, then it's hard to work out what was ever meant to be what.
Overwriting the drive using software is more verifiable. You de-network the machine, boot it up from a CD, and can analyse the drive contents before starting a wipe cycle. You switch off and back on to prove there is no cheating. Then you can analyse the drive contents again and be sure they are different. The drive never left the machine, but you can be sure the data left the drive.
Whatever anyone may say, remember these "secure disposal companies" are after your money and don't mind playing on your most groundless fears to get hold of it
dd if=/dev/audio of=/dev/hda might conceivably do a good job on a used drive, if you make sure the gain is turned up nice and high and there is nothing plugged into the sound card. Filtered static and power hum are the nearest you're going to get to true randomness.
My drives are invariably thrashed for as long as they work, then get the magnets removed for use in experiments {and wiped a few times across the platters for good measure}.
Je fume. Tu fumes. Nous fûmes!
A couple years ago, after one of my company's bigger layoffs, the company had a free raffle for old workstations. I won one of the machines. It happened to be the old billing server. The IT folks were supposed to have wiped it clean, but they didn't.
I wiped it clean myself and destroyed the info, but not everyone would have done that.
And more importantly, why do the bank trust a third party (Ecosys) with the "scrubbing", rather than doing it themselves?
My take on this is that even if the procedure had said "destroy hard drives", the actual work of removing the hard drives and destroying them would still have been subcontracted, and the same "warehouse" error might still have occurred ("is this a machine which still has its original drives, or is it one which already has new drives, ready for resale?")
Sorry, you are all wrong...
a) you have disks silent errors (because error-correcting codes corrected them) that will copy sector data to a reserve sector without notice, that makes your old data inaccessible at software level but readable at controler level
b) you can use high resolution magnetic imagery to recover several rewrites of the same track
c) in my books, a hum is very far from random, it's predictable !!!
Physical destruction is the only reasonably secure solution.
No it seems to be plain old piss poor proceedures to me, it's not that hard to fix either. The machine is physical so someone has to physicaly remove it from the bank branch/dept;
1 so that person unplugs the ethernet, pops in a linux cd, turns on the computer, boots into linus and shreds all of the harddrives on the machine.
2 turns off the machine, and signs a line on the frome that the machine has been shredded; and wittnessed by the branch/dept manager. Places a sticker on the machine that states it is shredded; with both signatures.
3 removes the machine physicaly, has the branch manager sign that the machine is physical removed on the form, and the branch/dept manager has the removal tech sign for the property removed.
4 on recieving the completed form, accounting moves the property from the inventory of capital assets to the salvage account.
then its sent to salvage where they again shred it like they didn't do in the story and recycle. Not real hard to do and it fitts into normal business methods without any real changes.
Apocalypse Cancelled, Sorry, No Ticket Refunds
-jls
Techno-pagan
I was consulting at a community bank last spring, helping them getting ready for an IT audit by the FDIC. They were replacing some machines, and I persuaded them to donate the old ones to a local computer group who refurbishes them and places them in schools and non-profits. I could see that their IT policy manual contained nothing about even wiping drives let alone destroying them.
As soon as I got them to my office, I invited the CEO in to see how much customer info his IT department had "donated." He was, of course, shocked. The sad thing is, probably 30 people were involved in that transfer and not one of them had the slightest clue. Another said thing is that the donation fiasco was just one of hundreds of examples of failure to adequately protect the privacy of customer information.
The good news is that the FDIC is taking customer data security very serious and is coming down hard on breaches and potential problems during their IT audits and their Safety and Soundness audits. So maybe it will get better. Except we are talking about humans...
computerlady - a brand new Slash-daughter - alone, but no longer invisible, in the
Has anybody stopped to thank the kid that let the bank know? It is comforting to know that there are still a handful of people out there who are still honest.
Just my humble opinion,
SirLantos
The flying hamster of DOOM rains coconuts on your pitiful city.
We used to destroy HHD by letting the techs(me) go apeshit on them with a hammer, then some sandpapaer, then my supervisor would litereally wake someof them home for target practice with his .45.
THey now require the disks to be physically shredded, but i think we came pretty damn close.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
And I get paid under $20K/year to wipe the drives for a major U.S. bank. The guy before me let hundreds of machines full of customer and bank info out to various schools, when I found out I had to travel all over the state wiping out computers, but who knows what made it out before I got to them.
When it boils down to it, these are ancient machines (mostly P166s and wiping a drive takes HOURS on them, and it ain't pretty work, it's dirty warehouse work and lots of heavy lifting. Nobody want's to pay professsionals $75/hr to wipe machines that stopped returning-on-investment years ago.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
sometimes it ends up on there from individual users' stupidity too. A friend of mine just bought a 17" powerbook off ebay a few weeks back. I was playing with it and saw that it had this guy's quicken files dating back to like 1997. It had U of Maine school/financial aid records. It had all kinds of personal documents on there. It would be SO easy to steal this guy's identity. There were SSN, DL #, bank account numbers, credit card numbers, addresses, phone numbers, EVERYTHING in one convenient location.
It just boggled my mind that someone could be so stupid as to leave that kind of thing on their computer when they sold it.
I guess there is a reason why my company destroys every computer - Cheaper than deleting the hard disk. They send it thru a smashing machine that produces bits and pieces of the machine on the other end.
The PHB at the small office where I work bought about 20-30 old Pentium 133 machines at auction. I bought/traded for two of them, since we weren't going to use them all at work. They still had their installs of Win95 with a NetWare client and a few company documents. Nothing very interesting, though. I still have a backup of one of them; maybe I'll look through it some more and see what I can find.
It's an operating system, not a religion.