Slashdot Mirror
Data Still Left on Storage Devices for Sale
cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."
I've found some interesting stuff on hard drives purchased second hand including tax forms from apparently a CPA, medical records, patent applications, and most interestingly, a fair bit of data that I will not talk about on a NeXT cube off eBay that was originally purchased from a government auction. I was surprised as it was the only cube I had seen with it's hard drive intact. (All hard drives were erased or physically destroyed, because I am a nice guy).
The interesting thing is that protocols for the destruction of data have existed for magnetic media since before the hard drive. With the advent of the hard drive and higher density media, other protocols have come into place, but the solution is not a technical one. It is the hardest of all solutions...... Behavioral change.
Visit Jonesblog and say hello.
I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.
By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.
Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.
Both of these cases were 1 year+ after 9/11 too. People don't change.
DAMN YOU OCTODOG! DAMN YOU TO HELL!
Actually, check if local schools or other non-profit organisations take old hardware donations.
My mother is the computer teacher at a local gradeschool. She HATES when people say they have a computer to give her. Invariably, it's some 7-year-old PC that runs Win95 or some old Mac that just doesn't fit in with her network.
Students and teachers in schools want crappy computers as much as you do. (This being Slashdot, probably less than you do.)
If you can find someone that genuinely wants the machine because they collect them or because they're a budding nerd, fine. But don't dump these pieces of junk on some organization that will then have a huge collection of PCs that are all unalike. If you're lucky, you live near a place like SWACO that has periodic computer recycling drives. Drop the machines off and they go someplace to be disposed of properly (we hope).
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
Once place I worked had enough buying clout that driving nails through the drives would not void the warranty. It was actually in the contract.
For drives that have held secret information, the government requires that the drive be shredded to the point where it fits through a 1mm seive. Both approaches are probably overkill for personal boxes.
Socialism: a lie told by totalitarians and believed by fools.
Last year a public prosecutor discarded his virus-infected PC at the curbside, and it was picked up by a cabdriver who sold it to someone running a tv show.
Lots of interesting data was extraced from the drive. Documents about legal cases, account information of his personal e-mail account, kiddieporn, the works.
Of course he had to step down.
That's right, just a single-pass overwrite with zeros will do.
Um...no. Not to be argumentative here, but I have personally been able to recover data from a hard drive after being zeroed. This is why the DoD standard is a bit more stringent than simply zeroing.
____
~ |rip/\/\aster /\/\onkey
Tell your friends that you will take care of their old boxes. Bring a Mepis or Damn Small Linux CD with you and blow away their hard drive. Show them how easy it is to give a new virus-free life to that old box. If they don't want that old box after it is Mepisized, put it up for give-away on Craigslist or DIYparts.org. People have a much easier time understanding how good open source software is when they see it in action.
Taking a sledgehammer to the box might be more fun, but then that box is headed for the landfill, where the metals in it will leach into the water table. Ick.
DIYparts.org is working to help the Katrina victims, so rather than have the box go into landfill, it can go to somewhone who needs it if you list it on DIYparts.org. DIYparts.org is free as in beer.
I was in a similar situation recently when my laptop hard drive died. The manufacturer would only provide a replacement if I returned the original drive. I tried to argue that I couldn't do that, as it had all our company's source coude and NDA documents on it, but the hotline guy was intractable - new drives only for old.
I considered nuking it in the microwave, but I wasn't sure whether that wouldn't destroy the microwave, and not the drive. (or why else have I always heard that you shouldn't put metal objects into microwaves?)
So I unscrewed the drive and tried to remove the shiny, smooth platters. Unfortunately, I couldn't loosen the screw holding them down, so I tried to bend them by levering the screwdriver under the platter.
It was then that I learnt that the platters aren't some metal alloy, but a more brittle plastic and/or glass composite, as the sudden explosion of silvery shards, while looking very impressive, nearly blinded me. Once I knew what I was dealing with, however, I soon made short work of the rest of the platters. There's no way anyone's going to get information off them now!
I screwed the case together, and you couldn't tell it was empty; it still felt just as heavy as before. So exchanged my empty drive with the delivery guy for the new one.
I just hope the OEM to which the drive was returned doesn't try to run the drive in another laptop, or open it up, or is able to trace the drive back to me. That's probably wishful thinking, but no-one's crapped on me just yet, and here's hoping they never will...
There was an article about a year ago (can't find it now) saying essentially the same thing about Macs. Most places just have the tools to hack a Windows PC for files. First, the Mac won't run their tools, and then, even if they yank the drive and put it in another housing, its not formatted in a way their software can access.
Now, as said above, if you were a really big fish, they have ways, but its not a typical forensics op.
...so get yerself a big glass or porcelain pot or container big enough to hold the drive completely submerged under liquid. After shooting your old hard drive full of holes at the range, take what's left of it and put it into the glass or porcelain container and cover completely with concentrated muriatic acid (hydrochloric acid) you can buy in the swimming pool section of Lowes/Home Depot/WalMart/etc. Wear proper eye and skin protection and don't let any of the liquid splash on you. In a short while, there won't be much left of the drive except for some black goo.
For extra credit, you can also try out a little bit of "Having Fun With Hydrogen".
You're either:
1) Talking about recovery from an old drive, pre-1997, OR;
2) You're full of shit. Yes, a liar.
So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.
I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.
I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.
So prove me wrong.
It's been said before, but I'll repeat the point here: there are enough surprising scientific discoveries that most people cannot distinguish between wacky-sounding-but-true statements and wacky-sounding-but-false statements.
This is why people keep propagating the myth that you can recover overwritten data from current generations of hard drives. It USED to be true, with older drives, and it's just spooky-sounding enough to be intriguing, so people want to believe it.
But it's still bullshit. Seriously, I would encourage anybody who thinks I grandstanding to do their own research and let me know. My email username is rlynch, domain is bway.net.
>You need far stronger static magnetic fields to
>damage a drive without opening it than you can buy.
Mod parent up. He's spot-on here.
Actually just misguided. Static magnetic fields won't do shit to most magnetic media. It's the magnetic flux (change in magnetic polarity) that puts the bits there in the first place, and it's the magnetic flux that will scramble them faster than a tornado through a chicken farm.
I haven't tried it myself but I am willing to bet that a standard tape bulk eraser will render most hard drives inoperable, as it will not only zap the data but also the zone markers that are magnetically placed on the media by the drive's low-level format. That aluminum cover ain't magnetic so there's no magnetic "short circuit" around the platters and the flux lines that the bulk eraser's generating will penetrate deep and the rapid flux change it imposes on the media will make gone any order in the magnetic patterns that were there.
Consequently that's why the rare-earth magnets in hard drives don't do much to the platters -- it's a magnetically closed circuit, and there are no stray flux lines to cross and cause a flux change on the platter. The only stray flux lines are the ones very specifically put there by the GMR heads.
Density. Gradually. Therefore physical redundancy.
I also bought a second hand computer, from an auction from a company that had gone into receivership, I got it home, turned it on, it wouldn't boot... I fiddled with the internals a bit and low and behold it booted and came up into Windows XP... well, I don't know the passwords, so I then just boot of a Knoppix Live CD and have free reign to look over the entire hard drive, of what turned out to be a PA's computer, complete with photos of the vehicle parts machine plants they were building right up until they went under...
The saddest part was looking through the 'Recent Documents' list.
Letter x, letter y for boss, travel iteneries etc... then... typing tests... job guides, and finally the resume...
So sad... I wiped it good and proper before I gave it to who it was intended.