Used hard drives are treasure for bad guys

MP3iTunes

A study conducted by computer forensics firm Kessler International found four in ten used hard drives for sale on eBay contain sensitive information.

Also mentioned on today’s show:

Why More Megapixels Isn’t Always Better (Gizmodo)

30+ Websites To Visit When You’re Laid Off (Mashable)

8 Responses to “Used hard drives are treasure for bad guys”

  1. Phil S. says:

    Good Morning,

    After hearing your hard disk story this morning I had to laugh… how much does a used smashed drive sell for? Who paid Kesslers study, hopefully not tax payers.

    Anyone who’s had a computer sevice biz coulda told you this info. I had the account for old pc’s from the Fed. Res. Bank and the story’s I could tell (from formula’s to interofc. romance)… but where’s the software fix for this issue? There are several $40-$60 fixes that would keep most Kesslers busy for hours trying to recover each drive. Most bad guys are lazy bottom feeders who wouldn’t spend the time.

    Keep up the good (if dramatic but surfacy) work.

  2. Jon Gordon says:

    No tax payer money involved in the Kessler study.

    Sure, any computer repair biz knows about people leaving data on their machines. However, Future Tense isn’t meant only for insiders — and clearly most of us don’t stop to think about what happens to our data when we resell or discard our old computers. That’s the audience I had in mind.

    Regarding your point that there are easier ways to get sensitive data, I tend to agree with you there and that’s why I asked Kessler about that very point.

    Thanks for taking the time to comment …

    -Jon Gordon

  3. Christopher S says:

    Working for a large non-profit, I find it hard to convince the powers that be to spend money/time on scrubbing or destroying hard drives in discarded computers and servers. I am tempted to forward to them your story on the Kessler study!

    I suppose none but the most information sensitive organizations think it necessary – “Who would want our data?” is most likely the prevailing attitude.

    Thanks, John.

  4. Jon Gordon says:

    Christopher,

    Yes, send them a link to the report along, along with a gift-wrapped sledgehammer.

    -Jon Gordon

  5. David says:

    A sledge hammer is not a responsible method. There are software programs out there to deal with this need. What about the potential to reuse these things, not sending more crap to the landfill? Also, a hammer will result in face and hand injuries. This is just plain bad information.

  6. Jon Gordon says:

    David,

    It’s true of course that there is good software for overwriting drives. But physically destroying drives is the best method if one really, really wants to make sure no sensitive data is discovered. The re-use argument is a solid point, but it’s not like there isn’t plentiful used equipment already for sale. Plus, a destroyed drive can still be recycled — it doesn’t have to end up in a landfill. Thanks for taking the time to comment…

    -Jon Gordon

  7. Don G says:

    I have to agree that the sledge hammer is not the responsible method for protecting the information on a hard drive that is disposed. It is far better to use Darik’s Boot And Nuke, a free open source program, to sanitize the disk. This program has a variety of wiping algorithms, including two different DoD standards. If this program is properly used, even our friends at the NSA would not be able to recover the data.

    Additionally, there is a misconception that the data on a physically damaged drive is unrecoverable. Ontrack Data Recovery is one company that able to recover the information. I first learn of this company when they worked a IBM PS/2 fell out of an airplane luggage compartment over WI in the early 90s. The computer was in pieces and the hard drive was severely damaged. All of the data from that drive was recovered. Albeit, the expense of recover the data is too large for random harvesting of data as mention in this article. However, if one knows the true riches of the information contained on the drive, it would be a minor investment.

  8. Ken Burns Effect says:

    Mac OS X built in Disk Utility has a 7- and 35-pass erase option!

    Seven would cover most attempts recovering data and 35 also the NSA.