Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Still Left on Storage Devices for Sale

Posted by Zonk on from the one-one-zero-one-zero-zero-one-one-zero-one dept.

cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."

11 of 403 comments (clear)

  1. Found data by BWJones · · Score: 4, Interesting

    I've found some interesting stuff on hard drives purchased second hand including tax forms from apparently a CPA, medical records, patent applications, and most interestingly, a fair bit of data that I will not talk about on a NeXT cube off eBay that was originally purchased from a government auction. I was surprised as it was the only cube I had seen with it's hard drive intact. (All hard drives were erased or physically destroyed, because I am a nice guy).

    The interesting thing is that protocols for the destruction of data have existed for magnetic media since before the hard drive. With the advent of the hard drive and higher density media, other protocols have come into place, but the solution is not a technical one. It is the hardest of all solutions...... Behavioral change.

    --
    Visit Jonesblog and say hello.
    1. Re:Found data by Stanistani · · Score: 4, Interesting

      >a fair bit of data that I will not talk about on a NeXT cube...

      Hmmm. The biggest customer of NEXT was the CIA IIRC...

      All aboard for Gitmo!

      --
      You can't talk about Wikipedia's flaws on Wikipedia
    2. Re:Found data by saha · · Score: 4, Interesting
      Finding old hardware in my department to go to property disposition is a pain when getting rid of data on old hardware. First I don't even know if some of the hardware that is ten years older will even start. Then I have to find a floppy or CD that will run on the specific hardware. The easy solution is to open up that computer and rip out that harddrive, then hammer it so the platters are broken. Problem solved.

      I do like the fact the on Mac OS X on any System Restore CD or OSX CD comes with Disk Utility.app, that does either seven or thirty-five random wipes of the disk. Plus the user could use Secure Empty Trash from the very beginning. Waiting for a 20GB to randomly write bits in every sector seven to thirty-five times is general too much of my time. The hammer is a lot quicker.

      Signed: The impatient and destructive systems administrator

    3. Re:Found data by bani · · Score: 4, Interesting

      I bought some used DLT tapes off ebay. Most of them were empty, but a few which were not empty had:

      o) accounting data
      o) sourcecode for web commerce backend for multibillion dollar corporation
      o) server backups, including email

    4. Re:Found data by pilgrim23 · · Score: 4, Interesting

      My hobby is retro computing. This means I have spent a bit of time at yard sales, Salvation Army and Goodwill. I have purchased cheap boxes of every description form Next Cubes to old Apple IIGS with a Vulcan drive inside the power supply, to early PCs. I have seen countless files, personal and public on machines for many many years. Being a good net citizen I reformat the drives and use them (unless I find a really hot app I wanted. :) -I would use apps I found (especially on old System 7 or earlier Macs, old Ataris, Amigas, and ProDOS based Apple II apps. Sometimes these boses were the ONLY sources of lost and needed applications (try finding a copy of raster Blaster these days ;). I would though: delete all files that were none of my business.

        In the course of this scrounging I learned something SlashDotters may not consider: There is an entire subculture in America of people who use second hand machines. These are poor folks who cannot afford the latest Alien ware or G5 iMac. People who just don't have the money for even cheap Celeron box. I am talkin' poor folks here. They get by on Windows 98 and Office 97, or even Mac OS 7.1 and MS Word 5.0 for their computer needs.
      They use a old Performa Mac or a Mac Classic II, or a 486 or Pentium 166mhz PC to do what they need to do.
        Tech support is supplied by a whole bunch of self taught techs who tinker. I know many of this sort.

      The size of this population of users might surprise folks. There are a lot of them.
      The problem with all the current talk of: "OH! I left Aunt Tillie's phone number in Outlook Express and all 26 of my credit card numbers in Quicken!" is the effect it has had on this catagory of user. They are not able to "upgrade" to a newer junker because everyone is afraid to dump their box for fear of the data being stolen. This means the bottom of the food chain looses. It also means there will ALWAYS be compromised Win 3.1/95/98 boxes on the net.

      BTW....if anyone out there has any older Conner or Western Digital (pre-Caviar) 20-40-120-240mb hard drives I am looking for a few to reformat as Vulcan Gold Drives....

      --
      - Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
  2. The Government is the Biggest Culprit... by Blue-Footed+Boobie · · Score: 5, Interesting
    I have my business card out there with many people for the purpose of snagging equipment that would otherwise get thrown out.

    I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.

    By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.

    Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.

    Both of these cases were 1 year+ after 9/11 too. People don't change.

    --
    DAMN YOU OCTODOG! DAMN YOU TO HELL!
  3. Re:Not only good drive but also bad drives by Jason1729 · · Score: 4, Interesting

    Once place I worked had enough buying clout that driving nails through the drives would not void the warranty. It was actually in the contract.

  4. Re:Not only good drive but also bad drives by TripMaster+Monkey · · Score: 4, Interesting


    That's right, just a single-pass overwrite with zeros will do.

    Um...no. Not to be argumentative here, but I have personally been able to recover data from a hard drive after being zeroed. This is why the DoD standard is a bit more stringent than simply zeroing.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  5. Re:Not only good drive but also bad drives by shotfeel · · Score: 3, Interesting

    There was an article about a year ago (can't find it now) saying essentially the same thing about Macs. Most places just have the tools to hack a Windows PC for files. First, the Mac won't run their tools, and then, even if they yank the drive and put it in another housing, its not formatted in a way their software can access.

    Now, as said above, if you were a really big fish, they have ways, but its not a typical forensics op.

  6. Re:Not only good drive but also bad drives by MoralHazard · · Score: 5, Interesting

    You're either:

    1) Talking about recovery from an old drive, pre-1997, OR;

    2) You're full of shit. Yes, a liar.

    So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.

    I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.

    I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.

    So prove me wrong.

  7. I also found data by spoco2 · · Score: 4, Interesting

    I also bought a second hand computer, from an auction from a company that had gone into receivership, I got it home, turned it on, it wouldn't boot... I fiddled with the internals a bit and low and behold it booted and came up into Windows XP... well, I don't know the passwords, so I then just boot of a Knoppix Live CD and have free reign to look over the entire hard drive, of what turned out to be a PA's computer, complete with photos of the vehicle parts machine plants they were building right up until they went under...

    The saddest part was looking through the 'Recent Documents' list.

    Letter x, letter y for boss, travel iteneries etc... then... typing tests... job guides, and finally the resume...

    So sad... I wiped it good and proper before I gave it to who it was intended.