Study: 78% of Resold Drives Still Contain Readable Personal or Business Data

itwbennett writes: Blancco Technology Group, which specializes in data erasure, bought 200 secondhand PC storage drives (PDF) from eBay and Craigslist to see if they could recover any of the old data saved inside. Their findings: 78 percent of the drives contained residual data that could be recovered, 67 percent still held personal files, such as photos with location indicators, resumes and financial data, and 11 percent of the drives also contained company data, such as emails, spreadsheets and customer information. Only 10 percent had all the data securely wiped, Blancco said. The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results." As for why so many of the drives contain unwanted information, the report says it has to do with the difference between "deleting" data and "erasing" data. Your files aren't actually deleted when you drag them to the Trash or Recycle Bin, or by using the delete key -- shocking, I know. You can format a drive to erase the data, but you have to be careful of the format commands being used. A quick format, which was used on 40% of the drives in the sample, still leaves some residual data on the drive for someone to possibly access. A full format, which was used on 14% of the drives, will do a better job in removing unwanted files, but it too may still miss some crucial information. The solution Blancco recommends: buy a tool to perform complete data erasure.

Encrypt your drives.

Delete the block containing the keys.

For this threat model, this is the perfect answer (if you trust the encryption, that is).

No need for some "secure erase" snake oil.

Re:Simple under linux

[gweihir]

Was about to post that. For a nice progress indicator, use

dd_rescue -w /dev/zero /dev/target

Apparently, a single zero-overwrite is entirely enough for modern disks (say, newer than 15 years or so), as these are used close enough to the surface data density limit that even magnetic force microscopy can recover a few scattered bits at best after a zero-wipe.

I think the main problem here is that to do something like this under Windows, you have to jump through some hoops. And the other main problem is (of course) that people do not understand how disk storage works in the first place.

Simple solution

[GrumpySteen]

1) Use one of the many freely available utilities to overwrite the entire drive

2) Use a script to fill the drive with randomly named copies of goatse, tubgirl and other such wonderful images. Throw some of them into other document formats as well, just to keep things interesting. For added fun, make sure all the MS office documents are infected with macro viruses. Bonus points if the random names are made using a list of enticing words like "password", "private", "taxes", "accounts", etc.

3) Delete all the files and sell the drive.

Anyone who recovers the files and looks at them will immediately regret it.

Re:Simple under linux

[Bert64]

Interestingly a few organisations have been bitten in the past, for instance by dos-based commercial disk wiping software which only wiped the first 8GB of any drive. I've even encountered a company that wanted to continue using such software because it was "much quicker at wiping large drives" which isn't surprising given that it doesn't wipe the whole drive.

Re: 78% of Crapdot stories are worse now

This story bugs me in part because there's a pretty blatant conflict of interest.

The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results."

There's every reason to want the results to seem as severe as possible because that drives sales. While not necessarily invalidating the results, it's like trusting Coca-Cola to impartially study the effects of sugary drinks on health, ExxonMobil to study the impacts of burning fossil fuels on climate change, or the makers of any dietary/weight loss supplement to study the health effects of their product. There are always ways to tweak the methodology to get the desired outcome. With this study, the obvious way to bias the results is to buy hard drives from people who might appear to be more or less technically skilled based on the content of their listing and profile.

I'm not saying that there's such a bias here but the possibility has to be considered. That's the problem with these types of studies. And when it's linked to a product like that, it reads very much like a Slashvertisement. I don't actually think Slashdot received any money for this story or any others, but I don't think it's good journalism.

The editing is bad, but the modding is worse.

I've not been impressed with the editing, as well, but I find the moderation to be much more disruptive these days. I've had to start browsing at -1 all of the time just to see perfectly fine comments that are at -1 for some reason. It defeats the purpose of having a mod system if I have to disable it all the time, ya know? Once a good comment ends up at -1 it's like it never gets seen by the mods again, so it will likely remain at -1. I think that anyone with mod points should automatically be shown the -1 threshold view so that they see all comments. At least that allows for the comment to possibly be modded up to its rightful score. Otherwise some other way is needed to get wrongly -1 comments back up. Maybe any comment that's at -1 ends up at 0 again after 10 minutes for instance. Well regardless of how it's fixed this is a problem that needs to be fixed. Most submissions here get well under 100 comments, and nearly all are below 200. It's not 2001 any longer, when many submissions here would easily get 500 or more comments. Comments are scarcer now, so their value is higher. That's why a badly modded comment is a serious problem now. We need to see good content, not have it suppressed.

Re:The editing is bad, but the modding is worse.

[jenningsthecat]

I've been coming here for 7 years, and I've always browsed at -1. Comments modded down for inappropriate reasons has always been a problem, at least during my time here, but I agree that it's become much worse in the last few years. When I have points I always mod such comments back up. I also mod up comments which I don't agree with, and which I may consider assholish, but which I feel are well thought out and/or important to the overall discussion.

I love your point about the scarcity of comments, and I agree that the mod system needs to be tweaked. Doing so might even start to raise the level of discourse again and bring back some worthwhile voices that have left in frustration at Slashdot's downward slide. While we're on the (off-topic) subject, I think people need to back off from slagging the editors so much. They're doing a difficult job, trying to balance the desires of a very cranky, picky membership with the need to keep the site financially viable. Yes, we still need to call them out on obvious Slashvertisements - but beyond that, they're doing a pretty good job. We need to be careful here - otherwise the ghost of Timothy will come back to haunt us; or, worse yet, Slashdot will cease to exist.

Feed /dev/zero into a CBC cipher with OpenSSL

[tepples]

Some SSDs use lossless data compression (analogous to gzip) to pack more sectors into fewer physical pages so that they don't have to spend quite as much time erasing pages. To avoid this possibility, you might want to use a cipher to generate noise that the drive's firmware cannot compress.

1. TRIM the entire drive.
2. Feed /dev/zero into a CBC cipher with openssl enc .
3. Perform a "Secure Erase".