Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Security Hardware

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data 111

Posted by samzenpus
from the sharing-secrets dept.
Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."
This discussion has been archived. No new comments can be posted.

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data

Comments Filter:
  • Whoopdie-doo (Score:5, Insightful)

    by timeOday (582209) on Thursday April 26, 2012 @05:59PM (#39813851)
    Who is going to bother with a time-consuming forensic-analysis style attack with a 10% chance of success when you can break into some company and get thousands of credit card numbers and/or SSNs? Sheesh, if you want credit card numbers, just get a job at any restaurant as a waiter.
    • Re:Whoopdie-doo (Score:5, Insightful)

      by YodasEvilTwin (2014446) on Thursday April 26, 2012 @06:02PM (#39813899) Homepage
      This figure actually seems extremely low. 90% of people know how to properly wipe their drives? Yeah right. And there's essential 0 risk in stealing data off a drive you legitimately own or find in the garbage -- not so for screwing around at work.
      • by thepyro1 (994578)
        But how many of the people that buy new HDD's to put in their computers know how to wipe them? I know a lot of people who can't even open the case, so the sample is going to be of more "Tech savvy" people.
        • by CFD339 (795926)

          How many Apple "Genii" (Genuses?) will bother to do a drive wipe? What about Geek Squad types? The red shirt guys (now there's a good name) in Staples? Even the ones who know -- will they wait the hour+ while the drive wipe happens?

          If I still did stuff like that for a living (thank FSM I don't and haven't in 20 years) I'd b pulling the drives as untouched as possible until I new the data transfer worked as well as possible. Then I'm done -- would I have the discipline to then waste and hour more wiping

          • by greg1104 (461138) <gsmith@gregsmith.com> on Thursday April 26, 2012 @09:26PM (#39816171) Homepage

            I tried running an in-home computer cleanup firm under the name of the Red Shirt Guys, but every time one of the consultants went on-site they died.

          • Re:Whoopdie-doo (Score:4, Interesting)

            by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Thursday April 26, 2012 @09:53PM (#39816441) Journal

            Well I can only answer that with an anecdote, but from a friend that worked for awhile at a GS to get some extra cash the answer to that question would depend on this one...is there any porn on the drives? MP3? Movies? how about pics of your GF? because he said that roughly half the guys he worked with had USB HDDs that had batch files that looked for anything they might want to snatch, which would explain why you always here of the CP guys getting busted by GS, they trip over the files looking for stuff to snatch.

            While I haven't done this personally, in fact i pride myself on not knowing a damned thing about what is on a customer's PC as i don't snoop I just do my job, I can say i have seen this behavior at other shops in the past I even had a creepy coworker that used to brag about how large his MP3 and porn video collection was because he snatched any chance he got. Just one more reason to ask around and find out the rep of the shop you are going to AND to use encryption, hell even something as simple as a password protected zip or rar file would block most of these guys because they are looking for easy targets.

            Personally after seeing that the transfer went fine I ask what the customer wants done with the drive and if they don't want it it gets boot and nuked and stuff in the spare drawer and since I keep an old machine in the corner just for that job it isn't a hardship. Many of the newer minitowers can't hold but a single drive at a time so I often end up with a pile of 80Gb-300Gb drives that i then use on refurbed machines for the poor, but it really creeps me out to think there are guys snooping around people's computers just looking for stuff to snatch, its too much like going through someone's underwear drawer...yuck.

      • I'd have guessed 9/10 would have data on them. Higher than that if you could real serious forensics and not just dripping the used drive in a reader.

      • Maybe 90% of people who sell their old drives before they stop working know how to properly wipe them... Do you sell your drives that still work?
    • by agm (467017)

      Sheesh, if you want credit card numbers, just get a job at any restaurant as a waiter.

      I don't understand this comment - I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

      • by Anonymous Coward

        Yes, you put the credit card in the payment book, then they take it away and run it. When they come back you sign the slip.

        • by Anonymous Coward

          He also always does this (when he goes to a restaurant). And yet he also always never has it leave his sight. Hint: he doesn't leave his parent's basement; this is slashdot.

          • Re: (Score:3, Informative)

            by icebraining (1313345)

            Or maybe (s)he lives in a country like mine, where GSM-connected portable card readers (with keypads for PINs) are ubiquitous? I know you're used to your broken payment systems, but you shouldn't assume everyone is.

          • by agm (467017)

            I have not been to a restaurant that does this, and I eat out a lot. I always pay on my way out, and I do this by inserting my card into the little machine and entering my details. My card never leaves my possession (and nor should it). You're not assuming I live where you do are you?

            • by tbird81 (946205)

              I'm from NZ. We tend to do what you do, pay at the door as we leave.

              When I've dined in the States I've felt obliged to leave the card in their little leather book thing. I think they do it that way to make tipping easier with cash. (You'd just add your tip, then round up, leaving the notes)

              Fortunately in NZ we don't have to tip, so the waiters don't help to make an artificial situation where your credit card is at risk of being stolen by restaurant staff.

        • by rnturn (11092)

          Not at McDonald's.

          (I don't consider that a ``restaurant'', though. I'm guessing the grandparent poster does.)

      • by whoever57 (658626)

        - I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

        In the USA, yes. That's what normally happens.

        • by agm (467017)

          In the USA, yes. That's what normally happens.

          Damn, that's just asking for trouble. There's no way I would let anyone take my credit or debit card out of my sight. The majority of times I do the actual inserting of the card into the machine before entering my pin - the retailer never get their hands on it.

          • Not so long ago, it was like how he's describing it everywhere else in the world.

            As with any new technology, the more densely populated areas are the first to get it. Here in Ottawa, Canada, we've had the cellular and wireless card readers for years, and they're pretty much everywhere. Hell, even my pizza delivery guy has a cellular credit card reader. But if I get more than 100km from the city core, the chances of finding a wireless card reader drop off significantly. When you get out into the sticks, the

            • I live in Phoenix, AZ. Over 5 million in the metro area so we are not a rural area by any stretch yet wireless card readers are amazingly rare. When I ran my small business I tried to get a wireless card terminal, it was almost impossible. For some reason the banks had no problem with me having a normal wired terminal, yet they wanted all kinds of extra checks, deposits, and payments for a wireless one. It was nuts.

      • by drsmithy (35869)

        I don't understand this comment - I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

        Yes. Completely normal in Australia [for restaurants that have table service].

        Also par for the course in other places I've lived and/or spent any significant amount of time - UK, Switzerland, France, USA.

    • by Anonymous Coward

      how many card numbers do you think you can get working as a waiter before fraud detection homes in on you and sends your ass to felonyland?

    • Re:Whoopdie-doo (Score:5, Insightful)

      by hairyfeet (841228) <bassbeast1968 AT gmail DOT com> on Thursday April 26, 2012 @09:30PM (#39816217) Journal

      Or just keep an eye out by the dumpsters. You'd be amazed how many time companies would just sit computers out without even bothering to wipe squat. I've gotten to be friends with the handyman for my apt building and since he works also at some of the city buildings as well as a few businesses and he picks up any machines they are tossing because he knows i refurb PCs for poor folks and it just blows my mind how many times I've found CC numbers, tax forms, you name it on these machines.

      Hell he called me once to bring out my truck because one of the local telecos were tossing their old towers when they upgraded. i got nearly 40 towers with nothing but the windows password between me and ALL their data. Of course being an honest man I simply nuked the drives and did clean installs but if I'd have been a bad guy the amount of data I'd have would have been insane. So think about that when you are giving your data to some company, you never know if they just sit their old machines on a curb somewhere.

      But I have yet to see anyone recover data from a 3 pass DoD (sure a single zero out will do it, but I've found more companies will hand me machines if I tell them i'll DoD the machine) so please don't go for that insane "hey we'll shoot the drive!" kinda crap as there are a LOT of poor folks hurting in this economy and those old PCs can really help folks. So please just wipe and freecycle, its better for the environment and better for the poor folks around you.

      • by ckaminski (82854)
        If they weren't encrypted, you wouldn't even need that. Boot up Knoppix and mount the disks and have it at. I used to use Knoppix as a cheap version of Ghost and data recovery tool for years when I was doing helldesk.
      • by mcgrew (92797) *

        Hell he called me once to bring out my truck because one of the local telecos were tossing their old towers when they upgraded. i got nearly 40 towers with nothing but the windows password between me and ALL their data.

        The Windows password doesn't protect shit. Just put a Linux install CD in, run it in the "test this out to see if you like it mode" and all those data are there for you to take.

        All the Windows pasword does is protect Microsoft.

  • by Anonymous Coward

    Take them out, smash it with a sledgehammer and toss the scraps.

    • by pkinetics (549289)
      I prefer the ballistic solution. The reflective coating makes them a little easier to follow with open sights...
  • Require vendors to accept HDDs back for wiping, the same way they are required to accept batteries back for recycling. When you are done with your PC you can take it back to where you bought it for secure erasure, or optionally they could just send you a CD (or why not just include it in the box) that wipes the HDD and maybe puts it back to factory settings.

    • So it will be the vendor or its employees selling your data instead. Or perhaps the government will force them to scan for any terrorist plots you might have been concocting before forcing them to wipe the drives.
    • Used HDDs are not worth reselling due to the MTBF rate being met or exceeded. So you want secure your data by recycling your drive? Shred them [youtube.com]!

      • by allo (1728082)

        i think you do not understand statistics. MTBF does not mean, your drive will fail at the MTBF date.

        • I never said it did. But like an odometer, S.M.A.R.T. Power_On_Hours gives a good indication whether or not you're getting closer to the end of a theoretical lifespan.

    • by couchslug (175151)

      That would increase what I pay for hard disks.

      A shot with a hammer is cheaper than postage. Boom, done.

    • Put your data on a raid5 or 6 array. Every once in a while one fails, but you won't have to fear anybody can recover the data on it. For that, they would need the other disks as well.

      Simple!

      • by allo (1728082)

        this is not true.

        on a raid5, you can have the disks arranged like:
        disk1: data, AS IS
        disk2: more data, AS IS ...
        diskN: disk1 XOR disk2 XOR ... XOR diskN-1

        diskN is quite useless to get the data, but the other disks contain the data the way it is.

  • And won't until this worrying trend of not including magnets in hard drives catches up to me.
    • You obviously have no idea how a harddrive works...
      • You obviously have no idea how a solid state drive works....

        • I suggest both you and the OP take a good look at the ATA-specification's part called 'Secure Erase': https://en.wikipedia.org/wiki/Write_amplification#Secure_erase [wikipedia.org]

          The ATA Secure Erase - feature is a process where the hard-drive itself re-initializes all its content, including the spare sectors - area, thereby erasing more than you can regularly access via an operating system and as the whole process is handled by the drive itself it does not consume any other resources from the host except power. More imp

          • Interesting but not really necessary for me. The point of my joke/ completely truthful comment is that I've never owned an SSD and I've never sold a HDD. I have owned several 10 gig etc worthless (to me) harddrives which I've, without exception, torn to bits to get at the magical rare earth toys they contained. Oh and word to the wise, wear eye protection when unwrapping your magnets, those platters can shatter.
          • by allo (1728082)

            you really trust the drive vendor not to fuck up / implement backdoors? They could just implement the wipe by storing in the controller firmware "return only 0s for blocks not written since 'secure erase'", so i.e. some TLA-Agency could still recover data by using another firmware.

          • Interesting reading, but what does it have to do with the presence or absence of magnets in an SSD? :)

            The OP commented that he was fine simply removing the magnets from hard drives, leaving them unusable (which isn't exactly true, because you can still read the information if it's on the platter and the platter hasn't been destroyed), and that this would continue to work until the trend of there not being magnets in hard drives (meaning SSD's) caught up with him. The person he replied to said that this clea

            • The OP commented that he was fine simply removing the magnets from hard drives, leaving them unusable (which isn't exactly true, because you can still read the information if it's on the platter and the platter hasn't been destroyed)

              That was kind of my point: removing magnets from the drive does not make the data there unreadable, it only makes it a tad bit more difficult. Ie. if he is removing magnets as a means of trying to make the data inaccessible he should rather do a Secure Erase first. Of course, if he doesn't care about that and just wants the magnets to toy with then I got no complaints :)

              I pass them through DBAN before taking them to the computer recyclers.

              With DBAN one must make certain to use the ATA-6 wipe method to also clear out remapped sectors, something it doesn't do by default. And DB

  • Anecdote (Score:5, Interesting)

    by PPH (736903) on Thursday April 26, 2012 @06:11PM (#39814019)

    A few years back, I happened to visit my dentist's office just after he had all of his workstations upgraded. By the medical/dental s/w maintenance vendor's technician. While the tech was standing there, I asked my dentist what he was going to do with all his old PC's. Donate them to a local school, he said. I asked if there was any patient data on them. He told me that the vendor's tech had reformatted the hard drives, so that wouldn't be a problem. I asked him (within earshot of that tech) if he had ever heard of the 'unformat' command. I then suggested that he have the vendor investigate DBAN [dban.org] before letting these machines off the property.

    I don't know who is responsible for the loss of patent data under HIPAA [wikipedia.org] regulations. But I'd hope that vendors specializing in medical IT support would.

    • A "quick" format does not erase the data on the drive. A full format would, however (the drawback being a quick format is extremely fast and does not scale in time based on the drive size).

      A full format should be enough to keep most people from recovering the data without cracking the drive open and examining the physical platters.

    • I don't know who is responsible for the loss of patent data under HIPAA [wikipedia.org] regulations

      Your dentist is. They can transfer or share that responsibility with the IT vendor through a business partner agreement, but there's no magic claim of "Oh, I thought the IT vendor would know what to do!"

      That said, pretty much nobody gets fined under HIPAA. The first fine wasn't that long ago:

      http://threatpost.com/en_us/blogs/hipaa-bares-its-teeth-43m-fine-privacy-violation-022311 [threatpost.com]

  • Only 1 in 10? (Score:4, Insightful)

    by hahn (101816) on Thursday April 26, 2012 @06:12PM (#39814037) Homepage
    I would venture to guess that most people don't realize that deleting a file doesn't completely wipe it. The bigger question is, how many people who buy or receive those second hand-drives are looking to recover the data, and what % of them would do something with it that would NOT be okay with the original owner. I'd like to think not that many. But then again, I wouldn't be surprised if there were scammers who look to buy cheap used drives to see if they can dig up some useful info on it. Seems to me that would be higher yield than trying to phish for it with spam, and easier than trying hack websites.
  • I don't go over handwritten documents with a fucking eraser to re-use the paper.

    Take a hammer (nearly everyone has one of those) and smash the hard disk to destroy the platters. Hard disks are cheap enough to be expendable if they have "classified" or confidential information on them.

    HIPAA should mandate drive destruction when the drive is no longer needed.

    • by Gordonjcp (186804) on Thursday April 26, 2012 @06:35PM (#39814347) Homepage

      Taking a hammer to them is too much effort. A single pass of "dd if=/dev/zero of=/dev/sd" will utterly destroy all the data beyond any hope of recovery.

      • by greg1104 (461138)

        Let's say a typical drive is 100GB and writes at 100MB/s. That will average over 15 minutes to write zeros to every sector on the drive. The destructive throughput of a hammer is pretty fast compared to that.

        • by tunapez (1161697)
          Bonus benefit, free neodymium super-magnets to amaze your friends! If it's a platter device, anyway.
        • by Gordonjcp (186804)

          Yeah, but you actually have to *do* it, as opposed to typing a single command and then going and doing something more fun for 15 minutes.

          And at the end of it, you've got a working totally blank hard disk, or it shows up incipient failing sectors.

        • by 1u3hr (530656)

          Let's say a typical drive is 100GB and writes at 100MB/s. That will average over 15 minutes to write zeros to every sector on the drive. The destructive throughput of a hammer is pretty fast compared to that.

          Depends whether you value you own time more than the computer's.

          It's a lot more time and effort to open the case and take out the drive, get a hammer, get a bag or something to wrap the drive in, dispose of the pieces of the drive, close the case, put the hammer back in the shed, than to insert a nuke boot CD and do something useful while it chugs away.

      • by couchslug (175151)

        More people own hammers than know Unix.

        The problem is not a geek problem.

      • by careysub (976506)

        Taking a hammer to them is too much effort. A single pass of "dd if=/dev/zero of=/dev/sd" will utterly destroy all the data beyond any hope of recovery.

        This does not cover the case though of the hard drive being taken out of service due to flaky behavior developing with age. In that case you cannot assume that the drive ill erase itself properly (or at all if is fails out right). Now such a drive is not likely to be ever resold or reused, and it might require a malefactor to actually fix the drive in some way before recovering data from it, but the platter is still readable and a security risk.

        Besides whacking with a hammer is fun. Get a big hammer! (But w

      • by ckaminski (82854)
        For the average Joe, yes. But writing zeroes introduces a pattern, and high-tech equipment can pick up "leakage". Better to use if=/dev/urandom instead.

        Still not enough to protect you from industrial tools, but enough to protect you from Joe Hacker who also has access to dd.
        • by Gordonjcp (186804)

          No, there is no "leakage" to speak of, and no way to separate out the old data that may have left residue. Once a bit is overwritten, it's *gone*.

          No, the NSA do not have a big magic machine that can do it.

          • by swalve (1980968)
            I think that was theoretically possible on older drives (like the old MFM drives and maybe old mainframe drives), but certainly not any more. And even if they did, they wouldn't tell anyone. They would just use it to quietly gather information from unsuspecting targets, and then "git" them through some other method.
            • by Gordonjcp (186804)

              Exactly - old drives actually did use 0-to-1 and 1-to-0 transitions to mark bits. Modern drives use a technique more like QAM to pack many bits into a transition. Once it's gone, there's no picking apart a residual signal from what's there.

  • by Lord_of_the_nerf (895604) on Thursday April 26, 2012 @06:35PM (#39814343)
    I uncovered porn and tons of what's now 'abandonware'. Thanks, 16-year old boy from 1996 (I assume)!
  • by Anonymous Coward

    Wouldn't it have been quicker to say 50%?

  • by FudRucker (866063) on Thursday April 26, 2012 @06:49PM (#39814483)
    and then bury them in the back yard and water em real good with a water hose, by the time somebody finds those they'll be as rusty as a pre WW2 jalopy
    • by couchslug (175151)

      I harvest the sweet, sweet magnets and scatter them in handy spots around my shop.

      If you slide a couple of magnets inside a Zippo between the wadding and the inner case, your lighter will stick to your tool box, cabinet, etc.

      Don't pry the magnets off their keepers as they are brittle. Heat them slightly over a stove or lighter and the glue will loosen whereupon you can slide them off.

  • Only? (Score:5, Interesting)

    by Internetuser1248 (1787630) on Thursday April 26, 2012 @07:08PM (#39814687)
    Every 2nd hand hard disk I have ever acquired has had personal data on it. None of the previous owners had even attempted to delete the data all the filesystem pointers were intact. On the other hand none of them ever had any useful data on them, unless I wanted to embarrass the previous owner by sending their porn collection to their wife/parents.
    • to embarrass the previous owner by sending their porn collection to their wife/parents.

      Found some porn once on old harddrive it looked like his wife, the joke was on me.

  • My company donates quite a bit of good used computer equipment every year, but I am very careful to remove all drives and reformat them. With a drill bit.

    • My idea of a thorough reformatting tool is thermite.
      • by mcgrew (92797) *

        Saltpeter and sugar will do the job more safely and just as effectively. It'll burn damned near anything, you can even burn a hole in a cinderblock with it.

  • by dark grep (766587) on Friday April 27, 2012 @01:58AM (#39817655)

    A few years ago I resigned from a company on less than perfect terms. They took the laptop I had been using and sent it for forensic analysis (for some paranoid reason I can only guess). Anyway, the day before I left I had reformatted the drive and loaded Ubuntu to replace the Windows 2000 OS that was on there.

    The report from the (so called) forensic lab was that I had 'used powerful encryption to hide the contents of the hard drive'. Hell, I didn't even use a proper overwrite format, just the fast format option.

    So there you go. Either a 10 minute Linux install will beat a professional forensic investigation, or it's proof against fools. I favor the latter.

  • Some dodgy retailers in Australia have been re-shrink-wrapping used hard disks and selling them as new again.

    Typically this seems to be with resellers that offer a 7-day money back no-quibble guarantee.

  • My files don't have any buttons. Should I be worried?

  • I bought a USB drive from PC World last year. Sold as new. Got it home, found that my Windows PC wouldn't recognise the file system - it was formatted, and I could see the hardware, but the drive wasn't showing up. Out of curiosity I hooked it up to a Linux machine and had a nose. Turns out it was HFS formatted. Not only that but it had someone's time machine backup on it.

    So not only was the drive - probably illegally - sold as new when it was, in fact, second hand, but PC World hadn't even done a basic for

    • by bonehead (6382)

      Heh...

      Just yesterday I had to return a 1TB external drive to Best Buy that actually contained somebody's old 80GB drive in the enclosure.

      As if I wasn't pissed off enough at the hassle, and the fact that I believed I was buying a new drive and not a return, I also had to argue for 20 minutes and call in a store manager because they accused ME of being the one who made the swap.

      People are bastards.

  • This is why I keep a small quantity of thermite handy. The only proper disposal for my hard drives is complete and utter destruction.

Some people carve careers, others chisel them.

Working...