Binned PCs were stuffed with MoD and Sun staffers' privates Security researchers have found personal records of Sun newspaper and MoD staff on the hard drives of discarded or resold computers. The study, The ghosts from the machines: A history of 10 years of carelessly discarded data, found that both businesses and consumers are getting rid of old PCs without wiping them clean. …
Just take out the hard drive, drive a masonry nail through the platter, and try and read it now. Just ware a mask when your doing this.
Who wants these old disks anyway, when storage needs are increasing (just look at any commercial bloatware and you just know that there has to collusion between software companies and dism manufacturers).
I do the same, punch a hole through it with a nail, chip off/bend all the pins and snap any visible circuit boards. To answer who wants them, I'm sure I read somewhere the other day that ID thieves are paying a huge price for stolen mobile phones, something like £40 or £50 for models that are 5 years old just because the data on them can be so valuable, I'd guess buying up hard drives could bring in a similar price.
Hard drives contain some wickedly strong magnets. About 2 minutes with a screwdriver will have you inside the innards of the beast, extract the magnets. Once its been open like that, its unlikely to be able to recover any data from it, unless you work for the NSA.
Hit it with a hammer, and even they will have a hard time getting much off there.
Also, you end up with loads of magnets. Magnets are fun.
Think again, if "The Man" really wants your data:
a) They probably have it before you dispose of the HDD
b) Even hitting it with a hammer after opening it up, you can get a lot of data from it.
If you want some PI or ID thefting scrote not to get it, that will do the trick, but far better to shred it if you can.
A colleague thought it would be a good idea to drill holes through broken hard drives, much to our amusement as the hard disk he had "secured" to his desk slipped out of the clutches of his g-clamp as he was drilling into it. As the hole was off centre it span quite uncontrollably towards his crown jewels while he, in a panic, was unable to switch off the drill. At this point, I pulled out the plug, saving his future offspring. There was much pointing and laughing. We went back to using the lump hammer.
Incidentally, laptop drives are very fragile. You only have to bend them slightly and the entire platter will shatter like glass...
The amount of hardware that is wasted by this sort of thinking is ridiculous! It is a simple job to erase data with easily available propriety tools allowing second hand hardware to filter down to people who would be more than happy to use it for some time or until the end of it's life. Stop nailing hard drives and just erase them correctly and stop this waste.
I gave my hard disk and various small screwdrivers to my eight year old lad. Then asked him how many parts does it have?
Solid state storage? Hammer. I had considered poaching them in boiling water for while (disrupts the eproms without releasing harmful fumes), but in the end the hammer won the day.
It does reduce their secondhand value a bit though, they're not much good on eBay after that.
I'd guess just their misunderstanding of the word encrypted.
"But all our Windows machines require a password to log in to them" may have been a more accurate statement.
The BS-o-meter was triggered by the subsequent statement of how they securely erase them afterwards too - you'd think option 1 or option 2 would be enough for only mildly sensitive data.
... admit it, this attitude is common place.
We are living in a hyper-connected digital age, what could possibly go wrong!
My guess is that maybe as many as 2% of the worlds population actually consider a thorough wipe or physical destruction of data / disks in such / any cases.
It's an added cost, who wants it any way - WAKE UP YOU NUMPTIES !
Give me some goggles, a mask, some masonry nails and a large hammer and I'll do it for you for c. £8.00 per hour.
This post has been deleted by its author
Given that some were resold without clearing would make them legal and open the company reselling to legal recourse from the previous owners. Now ones obtained via dumpstering is it is known, would be opening the companies going thru and publicly outing such data open to legal recourse of what is known as stealing.
Personaly dumpstering ex-MOD kit would not be wise on many levels, heck one day those storage modules for milatary could very well have tampering explosives in which if connected to a normal controller would cause the storage module to explode. Not that I'm aware of such items, but they are certainly not beyond the realms of reality in some MOD situations.
Most companies have a policey that dictates any ex-storage media that has been used by a company be destroyed without exceptions. This would also include routers with backup memory/firmware stored profiles, which covers pretty much all of them.
But there again a companies securty is only as good as the weakest link and if you recycle hardware, then you are expossed to such issues down the line. Indeed the costs involved to properly secure ex kit from leaked information due to the time and effort involved and indipendant verfication does make the option of having it destroyed and raw material recycled a much cheaper option.
Personaly I'd load up a HD with a lot of false information and dump that in the skip for laughs and giggles, but thats just me and my humour showing.
"Personaly dumpstering ex-MOD kit would not be wise on many levels, heck one day those storage modules for milatary could very well have tampering explosives in which if connected to a normal controller would cause the storage module to explode. Not that I'm aware of such items, but they are certainly not beyond the realms of reality in some MOD situations."
You've seen too many movies, I think. Data storage devices are taken out of the machines and send to the shredder, the rest is recycled or junked.
And, have none of you heard of DBAN? http://www.dban.org/
dban is great, IF you have the time to run it and then to verify it has cleared everything out. Most companies won't bother investing that level of time, and also assumes the drive still functions. you can have a drive die in a way were alot of the data is recoverable (though most people think data recovery is just about running a program).
Also can you honestly say there has never been a hd with inbuilt self-destruct outside of the movies, coz I can't, though caddies with electromagnets more likely for magnetic media. But flash storage does make things more colourful. But it only takes one person to print out 1 or two inventory labels more than is needed to cause enough panic for people to do such things to protect data.
But nomatter what you do if you have a human anywere in the equation then there is always the potentual for something to go wrong. You can also get more meaningful data from a human down the pub than some encrypted disc anyhow.
We have other technology today that can contain sensitive information.
For example last week I replaced my home phone system, replacing a base station and 4 hand sets. My wife was going to recycle the old equipment.
First we went to the garage and I destroyed the old equipment with a chipping hammer.
This may seem trivial, but those phones contained sensitive call records. The destruction was was fun and the data is destroyed.
We just bought a 2nd hand photocopier/network scanner/printer. While checking out the machine which had supposedly been fully refurbished before resale, I found some old scans on the internal hard drive. Out of curiosity I printed the first scan only to find a nice full colour copy of someone's driving license and National Insurance card.
The father in law picks up bits and pieces from the recycling area of the local dump. I helped him build a cheap PC to run linux on for simple stuff like email and web surfing. He wasn't after anything fancy like a quad core full on gaming machine by any means.
One of the drives he got hold of hadn't been wiped either. Unfortunately the previous owners who weren't either attractive or in their first flush of youth were into "Ahem" making their own movies.
That drive was destroyed pretty quickly, and another substituted that had had a re-install of XP before disposal. Much better
Its not exactly rocket science to either format the disk or do a re-install from the CD that came with the computer. For most purposes that 's good enough
I have used many inventive ways of destroying hard drives.
I call BS on the hammer on the platters method. You just get a frigging huge "WHANGGGG" with metal platters if you hit it with a hammer. When I tried that method at work, after the first strike I moved outside and repeatedly tried to smash the platters. Not only did it not work, the racket attracted the landlord who was wondering WTH was causing the noise penetrating his soundproofed office. After having it explained, he suggested another method.
I can certify that running over hard drive platters with a tank works acceptably well as a secure destruction method, however it's slow and requires access to machinery difficult to get hold of. Running over them with one of those press things that roadworks use also works pretty well, and a pack of beer can unlock the possibility of adding the mangled remains to the foundations of the road. Again though, difficult for some people and ultimately these measures are only really suitable for small scale disposals since dissembling the drives and affording the beer required is beyond most of us for several thousand drives.
The solution is a four phase process.
1) Multi layer writing random bits all over the drive. That alone should make life interesting for people trying to recover stuff from it.
2) individual degaussing of each drive to 4X the manufacturers guideline for utter destruction of the drive. However, there is some possibility that two bytes of data remain on the drive connected to each other, and you may be able to recover more with appropriate data recovery stuff. So...
3) Physical destruction, courtesy of an external supplier which reduces the drives to chunks of mangled scrap. That would mean you'd need a clean room environment to get anything off of the drives, and in combination with stages one and two, I think it's secure enough to let off site for the trip to...
4) Being melted down in a furnace. Apparently they contain a fair amount of valuable metal. Which is fair enough really, lots more aluminium in a HDD than a drink can and it's reasonably secure as destruction methods go.
I'm pretty confident that the drives I have dealt with are well beyond recovery, and won't be seen in the newspapers in these sort of stories! The worst case scenario is that the van gets hijacked after 3, and I think I could live with "only" the previous 3 levels of destruction.
It's worth mentioning that many SSDs on the market now have anti-wear leveling tech, so that the individual sectors of the "disk" are not in fixed locations in the SSD and are dynamically re-assigned in such a way that the SSD wear is level over all sectors. The OS can't see this, it appears like a fixed location on a standard disk, so even doing a 0s then random then 1s won't erase everything unless you do it a very large amount of times.
Some SSDs (and HDDs) have a low level secure erase function. Personally, for an SSD, if I really wanted to get rid of everything, I'd go for a drill bit through the chips.
One overwrite with almost-random data is all it takes, and every Linux distribution already has that built in.
My preferred solution would be to shift the responsibility onto the person who *acquires* a used storage device, not to disclose anything that they found on it to a third party nor make any decision based on anything they discovered on it (analogous to what the law already says about listening to radio signals not meant for you).
And beside which, it will all get overwritten during the full surface scan you run as a matter of course on any used HDD.
Just overwrite the drive once with zeroes using dd and it'll be fine for anything below top secret or the recipe for coca cola.
To get round that would require such a ludicrous amount of effort as to never be worth it - or to put it another way, it'd be a lot simpler and more reliable to stage a break in and steal the disks before you wipe them...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
