NewScientist.com – “Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.” — Wow, can we say that I’m not too shocked. Considering that the average person thinks that once they’re finished with their computer and they throw it away that all of their data is suddenly no more.
In fact, I’m almost shocked that there isn’t more of an uproar about this sort of thing. Think about it, this is almost as bad if not worse than identity theft. Just go rummaging through trash and find old harddrives or go to computer shows where “old” products are being sold and you’re guaranteed to find something that’s of worth. Whoever said that you can’t get anything for nothing is wrong in this case (though I guess with the time required to go through and attempt to recover dating and the software, there is some cost involved).
Overall, I have to admit that this story is pretty interesting, granted, I work in the information systems security world, so this is the stuff that I live for :o) If you ask me, whoever it was that just f-disked and formatted the harddrive that they then discarded from an ATM they should be fired or have their rights to touch computers taken away. What’s interesting to me is that these companies, banks, et al. don’t have some sort of standard operating procedure for discarding drives. If I’m getting rid of a harddrive, even if its brand new out of the box from Western Digital or some other fine producer of harddrives, and I’ve only loaded RedHat or some other flavor of Linux onto it before running f-disk and then formatting it, you’re darn right that I’m going to be running a wiping utility on the drive if not sticking it in between two rather large magnets to have it degaussed. Even if the drive is clicking I’ll try to use some utility like BCWipe to destroy anything on the disk. What people don’t realize is that with a simple hex editor, someone can take a drive that’s been “formatted” and thrown away and look at the data that’s there on the drive. Pretty neat huh?
So how do these wiping utilities work? Typically they work by writing some random hexdecimal characters all over the drives contents multiple times. What’s even cooler is that with some utilities you can “destroy” the engineering bit of the drive, there by rendering it useless unless it’s sent back to the manufacturer to be refurbished where upon some guy named Joe presses a button and reprograms a drive to know what it is again (ooo ahhh, fireworks appear here).
In closing, please do not attempt to wipe your drives by the way, unless of course you’re intending to get rid of it and sell it on e-bay or donate it to a church, otherwise you probably won’t be too happy with the results.