Data Mining Used Hard Drives

linuxwrangler writes "One hopes the /. crowd knows the perils of discarding storage with sensitive data but this article drives home the point. Two MIT grad students bought used drives from eBay and secondhand computer stores. Among the data found on the 158 drives were 5,000 credit-card numbers, porn, love-letters and medical information."

just shoot the drive

[Anonymous Coward]

I prefer to shoot my old computers.

And why the hell would only 158 drives have 5000 CCs?

fuck the white man!

[Anonymous Coward]

death to whitey!

Re:Luckily for me, my Ebay'd hard drives are safe

[Filik]

Nope, even broken ones can be read with the right equipment.

Re:How many credit cards per hard disk???

[ZzzzSleep]

I think it's much more likely that there were only a few of these retail drives with CC numbers on them, but the ones that did have the numbers on them would have had a shitload of numbers.

This isn't exactly news...

[japhar81]

But the CC info bothers me. Presumably, this is a corporate drive that got resold (Unless you know of 170 ppl with 25 credit cards a piece, in which case it's time to re-evaluate the financial system in this country).

Personally, I have a standing policy in my department to take apart every HDD, take a magnet to each platter, and send the platters to Iron Mountain for destruction. Then again, we deal with large financial institutions, so we have to be extreme and obsessive-compulsive, which brings me to my actual point;

This stuff should be regulated. If you store personal info on an HDD for business purposes, you should have a legal responsibility (i.e. one that comes with repricussions if not met) to ensure that even after a drive is retired, the data is safe.

Just my $.02

Unfortunate

[Kourino]

Since the only thing that's going to retain data is the hard drive ... what a waste. Come on, companies should sell the rest of the computer! Where do you think poor college students are going to get their "used to be high end hardware half a decade a go" supplies, huh? ;_;

I mean, I agree, don't let the drive itself slip out, but ...

RTFA

[commodoresloat]

If you read the article you'll notice that many of the drives belonged to businesses; the CC#s were probably in customer lists. Now why was the parent modded "+5 insightful" rather than "-1 didn't RTFA"?

Re:DPA

[shepd]

>In the end, _you_ are responsible for data under the Data Protection Act (in the UK anyway)

Unless it's encrypted, then it becomes the government's business.

Use encryption such as Linux Crypto API

[Tracy Reed]

Because I pretty much run my life by computer I end up with all kinds of info on my computer. And it is for this reason that I use the Linux Crypto API (formerly the international kernel patch). I have an encrypted volume (a big file which gets mounted on loopback fs) on my machine where I keep any sensitive information including all of my email once it has been read. Every so often I mount it, copy the stuff in, and unmount it. It works great and is so easy to use that I actually use it. The only chance someone has of catching sensitive information is if they get it before I copy it into the encrypted volume (passwords, keys, company private data, etc. all go straight in) or if they can somehow recover it from the raw device from when it was written in cleartext. My disk has enough activity and accidentally fills up often enough that I'm not too worried. It's not like I'm protecting national secrets or anything.

This is not data mining

[rev063]

Data mining is statistical analysis of structured or unstructured data to discover unknown relationships.

At best, this is voyeurism. At worst, it's espionage.

Re:Luckily for me, my Ebay'd hard drives are safe

[orthogonal]

[OP's hard drives won't be read, he claims] not if i've cracked them open and cum/shit/bled on the platters after perforating them with an awl

Well, in that case, first they'll read your DNA, have uncontestable proof you (or your identical twin) had had possesion of them, and then they'll read your data.

Some info found on Hard Drives .... interesting

[adzoox]

I once found out crucial recruiting info for a university sports team. Ended up there were recruiting violations and I could have ruined the athletic department with the evidence on the laptop I had. But technically, I "wasn't suppose to have seen that" - Also, it is illegal to view "known" private data. Even if in one's possesion. I think these "lookers" in this story should be prosecuted. They give people like myself who buy surplus a bad name and cause problems with buying surplus as MOST items require original hard drive data to function.

Re:we destroyed our harddrives right

[Anonymous Coward]

Maybe cause it isn't a joke about the WTC as much as it deals more to the "smart" IT people who really have no clue about some things... IE off site storage should be at least a mile away from the orginal data source.

Get Data Back

[Shanep]

I've tried lots of data restoration software, from shareware to super expensive. Almost all of them worked pretty badly. Except one, and I mention it here if it helps someone who is desperate and thinks there's no hope, to go down a potentially fruitfull track...

I've tried Get Data Back [runtime.org] for FAT and for NTFS on drives that were formatted, partially zeroed (both FAT's gone on a FAT drive) and new partitions partially used and they restored perfectly almost all files (luckily every file I needed). They cost money (frequently found on warez sites though) and the programs and web site don't look all that professional, but I've never found anything that worked as well. I rekon these guys deserve to be paid for this great software.

Re:shred(1) will securely delete files

[juhaz]

Why would I want to do it several times?

If someone is willing to toss millions of dollars into getting something out of my only-once-overwritten drive, then they are perfectly welcome to do so.

Indeed, if someone is willing to give out that kind of money, they are welcome to give it to me and I give them that drive in perfect working order and all data fully readable without special tools!

Re:Cryptonomicon

[Anonymous Coward]

If what you say is true, then that scene in Cryptonomicon where those lawyers seize that computer and it passes through the strong magnet in the doorway and then gets wiped, well, that wouldn't have happened that way, eh?