Is it time to smash up your hard drive?
A British consumer group has warned computer users that destroying their hard drives is the only way to be sure of maintaining security when disposing of an old machine. It made the claim after recovering 22,000 ‘deleted’ files from computers bought on eBay.
The Consumers Association issued the advice in its magazine Which? Computing. It began investigating the issue after a reader received an e-mail from a man claiming to be from Latvia. He attached a photo showing he had the hard drive from the reader’s old machine and had accessed personal data; the crook demanded £100 (approximately US$150) to return the disk with the data intact.
The magazine says identity thieves are targeting local authority waste dumps to salvage hard drives from old machines in the hope of uncovering financial data.
The writers then purchased eight machines from eBay and managed to uncover 22,000 files which were theoretically deleted. Many of these were relatively harmless files such as music, but it shows how easily a criminal could get identity data (for example through a resume or bank reference stored in a word processing document).
A British university carried out a similar study last year looking at 317 second-hard drives. It found that 5 percent of those which came from business users had accessible files with sensitive company information.
Which? found that some commercial software, including Tune-Up, is effective at completely wiping data from an unwanted drive. However, the magazine urged readers to exercise maximum caution, saying, “If you want to be sure that no one will ever access data on your hard drive, destroy it. Hit it with a hammer, drive a large nail through it, or smash it with an axe.”
That’s caused criticism from several angles. Data security firm Acronis said the advice undermines the proven success of disk cleaning software and argued that the magazine was unnecessarily deterring readers from recycling drives through second-hand sales or donating to charity.
There’s also a risk that destroying a hard drive in this way could produce environmentally harmful fragments.
Meanwhile ZDNet’s editor told the BBC that the claims of criminals rummaging through waste tips weren’t financially credible. He pointed out that with stolen credit card numbers available online for as little as $15, it’s not worth the time and effort for fraudsters to try to recover data from old drives.
Related Posts:
January 9th, 2009
I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html –
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.
January 10th, 2009
There are free utilities to wipe drives by zeroing out sectors. You can do a quick wipe if there isn’t much important info or you can have it run doing multiple wipes/writes that meet NSA standards.