Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data

samzenpus posted more than 2 years ago | from the sharing-secrets dept.

Government 111

Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."

cancel ×

111 comments

Sorry! There are no comments related to the filter you selected.

Whoopdie-doo (5, Insightful)

timeOday (582209) | more than 2 years ago | (#39813851)

Who is going to bother with a time-consuming forensic-analysis style attack with a 10% chance of success when you can break into some company and get thousands of credit card numbers and/or SSNs? Sheesh, if you want credit card numbers, just get a job at any restaurant as a waiter.

Re:Whoopdie-doo (4, Insightful)

YodasEvilTwin (2014446) | more than 2 years ago | (#39813899)

This figure actually seems extremely low. 90% of people know how to properly wipe their drives? Yeah right. And there's essential 0 risk in stealing data off a drive you legitimately own or find in the garbage -- not so for screwing around at work.

Re:Whoopdie-doo (1)

thepyro1 (994578) | more than 2 years ago | (#39815361)

But how many of the people that buy new HDD's to put in their computers know how to wipe them? I know a lot of people who can't even open the case, so the sample is going to be of more "Tech savvy" people.

Re:Whoopdie-doo (2)

CFD339 (795926) | more than 2 years ago | (#39815897)

How many Apple "Genii" (Genuses?) will bother to do a drive wipe? What about Geek Squad types? The red shirt guys (now there's a good name) in Staples? Even the ones who know -- will they wait the hour+ while the drive wipe happens?

If I still did stuff like that for a living (thank FSM I don't and haven't in 20 years) I'd b pulling the drives as untouched as possible until I new the data transfer worked as well as possible. Then I'm done -- would I have the discipline to then waste and hour more wiping a drive? Probably not when I was that age.

Re:Whoopdie-doo (4, Funny)

greg1104 (461138) | more than 2 years ago | (#39816171)

I tried running an in-home computer cleanup firm under the name of the Red Shirt Guys, but every time one of the consultants went on-site they died.

Re:Whoopdie-doo (3, Interesting)

hairyfeet (841228) | more than 2 years ago | (#39816441)

Well I can only answer that with an anecdote, but from a friend that worked for awhile at a GS to get some extra cash the answer to that question would depend on this one...is there any porn on the drives? MP3? Movies? how about pics of your GF? because he said that roughly half the guys he worked with had USB HDDs that had batch files that looked for anything they might want to snatch, which would explain why you always here of the CP guys getting busted by GS, they trip over the files looking for stuff to snatch.

While I haven't done this personally, in fact i pride myself on not knowing a damned thing about what is on a customer's PC as i don't snoop I just do my job, I can say i have seen this behavior at other shops in the past I even had a creepy coworker that used to brag about how large his MP3 and porn video collection was because he snatched any chance he got. Just one more reason to ask around and find out the rep of the shop you are going to AND to use encryption, hell even something as simple as a password protected zip or rar file would block most of these guys because they are looking for easy targets.

Personally after seeing that the transfer went fine I ask what the customer wants done with the drive and if they don't want it it gets boot and nuked and stuff in the spare drawer and since I keep an old machine in the corner just for that job it isn't a hardship. Many of the newer minitowers can't hold but a single drive at a time so I often end up with a pile of 80Gb-300Gb drives that i then use on refurbed machines for the poor, but it really creeps me out to think there are guys snooping around people's computers just looking for stuff to snatch, its too much like going through someone's underwear drawer...yuck.

Exactly (2)

CFD339 (795926) | more than 2 years ago | (#39815903)

I'd have guessed 9/10 would have data on them. Higher than that if you could real serious forensics and not just dripping the used drive in a reader.

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39816787)

So I guess the used PC market is going to dry up pretty quick....

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39817409)

9 in 10 probably moved the files to recycle bin. 1 in 10 forgot to do so.

Re:Whoopdie-doo (1)

hey_popey (1285712) | more than 2 years ago | (#39817621)

Maybe 90% of people who sell their old drives before they stop working know how to properly wipe them... Do you sell your drives that still work?

Re:Whoopdie-doo (1)

agm (467017) | more than 2 years ago | (#39813959)

Sheesh, if you want credit card numbers, just get a job at any restaurant as a waiter.

I don't understand this comment - I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

Re:Whoopdie-doo (2)

Anonymous Coward | more than 2 years ago | (#39814017)

Yes, you put the credit card in the payment book, then they take it away and run it. When they come back you sign the slip.

Re:Whoopdie-doo (3)

Anonymous Coward | more than 2 years ago | (#39814185)

He also always does this (when he goes to a restaurant). And yet he also always never has it leave his sight. Hint: he doesn't leave his parent's basement; this is slashdot.

Re:Whoopdie-doo (2, Informative)

icebraining (1313345) | more than 2 years ago | (#39815099)

Or maybe (s)he lives in a country like mine, where GSM-connected portable card readers (with keypads for PINs) are ubiquitous? I know you're used to your broken payment systems, but you shouldn't assume everyone is.

Re:Whoopdie-doo (1)

agm (467017) | more than 2 years ago | (#39816343)

I have not been to a restaurant that does this, and I eat out a lot. I always pay on my way out, and I do this by inserting my card into the little machine and entering my details. My card never leaves my possession (and nor should it). You're not assuming I live where you do are you?

Re:Whoopdie-doo (1)

tbird81 (946205) | more than 2 years ago | (#39817565)

I'm from NZ. We tend to do what you do, pay at the door as we leave.

When I've dined in the States I've felt obliged to leave the card in their little leather book thing. I think they do it that way to make tipping easier with cash. (You'd just add your tip, then round up, leaving the notes)

Fortunately in NZ we don't have to tip, so the waiters don't help to make an artificial situation where your credit card is at risk of being stolen by restaurant staff.

Re:Whoopdie-doo (1)

rnturn (11092) | more than 2 years ago | (#39823475)

Not at McDonald's.

(I don't consider that a ``restaurant'', though. I'm guessing the grandparent poster does.)

Re:Whoopdie-doo (2)

whoever57 (658626) | more than 2 years ago | (#39814051)

- I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

In the USA, yes. That's what normally happens.

Re:Whoopdie-doo (2)

agm (467017) | more than 2 years ago | (#39814831)

In the USA, yes. That's what normally happens.

Damn, that's just asking for trouble. There's no way I would let anyone take my credit or debit card out of my sight. The majority of times I do the actual inserting of the card into the machine before entering my pin - the retailer never get their hands on it.

Re:Whoopdie-doo (1)

realityimpaired (1668397) | more than 2 years ago | (#39815471)

Not so long ago, it was like how he's describing it everywhere else in the world.

As with any new technology, the more densely populated areas are the first to get it. Here in Ottawa, Canada, we've had the cellular and wireless card readers for years, and they're pretty much everywhere. Hell, even my pizza delivery guy has a cellular credit card reader. But if I get more than 100km from the city core, the chances of finding a wireless card reader drop off significantly. When you get out into the sticks, the chances are virtually nil. They're expensive, and more rural areas don't move enough money to make it worth upgrading until the previous device dies.

Heck in some parts of the world they're still using the mechanical imprint devices that use carbon paper and hand-written prices.

Re:Whoopdie-doo (1)

slippyblade (962288) | more than 2 years ago | (#39815623)

I live in Phoenix, AZ. Over 5 million in the metro area so we are not a rural area by any stretch yet wireless card readers are amazingly rare. When I ran my small business I tried to get a wireless card terminal, it was almost impossible. For some reason the banks had no problem with me having a normal wired terminal, yet they wanted all kinds of extra checks, deposits, and payments for a wireless one. It was nuts.

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39814053)

Um, I'm assuming you don't live in the US, or are new to credit cards. Roughly 80% of the restaurants I've eaten in take your card with them to their register, swipe it, and then return it to you. Pretty common.

Re:Whoopdie-doo (2)

agm (467017) | more than 2 years ago | (#39816379)

Um, I'm assuming you don't live in the US, or are new to credit cards. Roughly 80% of the restaurants I've eaten in take your card with them to their register, swipe it, and then return it to you. Pretty common.

I live in New Zealand. Paying by "plastic" is pretty much the norm here, and increasingly so the retailer never gets their hands on our cards. The vast majority of restaurants here have you pay on your way out at the counter.

Re:Whoopdie-doo (2)

advocate_one (662832) | more than 2 years ago | (#39818419)

UK, they bring the portable reader to you for you to enter the PIN to authorise the transaction... manual swiping is very rare...

Re:Whoopdie-doo (1)

drsmithy (35869) | more than 2 years ago | (#39821983)

I don't understand this comment - I have never been to a restaurant where my credit card (or debit card) leaves my possession. And I always pay by either one of them. You actually give someone else your credit card and they then leave your sight with it?

Yes. Completely normal in Australia [for restaurants that have table service].

Also par for the course in other places I've lived and/or spent any significant amount of time - UK, Switzerland, France, USA.

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39814581)

Forensic-analysis? I don't think it's very difficult or time-consuming at all.

And it could be an individual looking to benefit off of it. They needn't have thousands of targets.

Re:Whoopdie-doo (1)

Anonymous Coward | more than 2 years ago | (#39815203)

how many card numbers do you think you can get working as a waiter before fraud detection homes in on you and sends your ass to felonyland?

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39815621)

Always shoot my hard drives with 9mm hollow point before disposing them. Good luck recovering my files. Really, I can't understand why people don't think something so obvious as the need to shoot some holes in your hard drives before disposing them.

Re:Whoopdie-doo (1)

BluBrick (1924) | more than 2 years ago | (#39816449)

Always shoot my hard drives with 9mm hollow point before disposing them. Good luck recovering my files. Really, I can't understand why people don't think something so obvious as the need to shoot some holes in your hard drives before disposing them.

Wrong tool for the job.

A couple of decent blows with a hammer or the back of an axe will do the same job. There's no need to break out the firearms.

Re:Whoopdie-doo (1)

tlhIngan (30335) | more than 2 years ago | (#39821923)

Always shoot my hard drives with 9mm hollow point before disposing them. Good luck recovering my files. Really, I can't understand why people don't think something so obvious as the need to shoot some holes in your hard drives before disposing them.

Wrong tool for the job.

A couple of decent blows with a hammer or the back of an axe will do the same job. There's no need to break out the firearms.

Obviously not from the US, I take it. Sure there's no need to use a firearm to destroy hard drives, but damn, if you have the weapon, the time and opportunity, why not?

Hammers work, yes, but still.

Re:Whoopdie-doo (1)

Rick17JJ (744063) | more than 2 years ago | (#39817061)

I could start by inserting the free Darik’s Boot and Nuke self booting CD, and wiping then hard drive. Then just to be extra thorough, I could shoot it several times with my .357 magnum. After that, I could take it back home and drop it off of a nearby hundred foot high cliff a couple of times. That should be more than adequate.

As BluBrick mentions, there are various alternatives to using a gun. After wiping the hard drive with Darik's boot and Nuke, I suppose I could just whack it repeatedly with the pointed end of our thick, heavy, 7 foot long steel digging bar, that I occasionally use for prying loose large rocks when digging by hand. The long, heavy steel bar, is an alternative to using a pick, when inserted into a crack, and prying loose large rocks.

A few blows with a sledge hammer would probably also smash the hard drive adequately.

Here is the link for getting the free Darik's Boot and Nuke self booting CD:

http://www.dban.org/ [dban.org]

Re:Whoopdie-doo (2)

ckaminski (82854) | more than 2 years ago | (#39820739)

I used to have this 10 pound industrial rare earth magnet. This thing was so tough I could put it on an i-beam and suspend 300+ pounds from it. I put it on a monitor once and fucked it all up for eternity.

That's what I used to use to wipe my hard drives. A trip through the tumbler with that thing and GOOD FUCKING LUCK getting anything useful.

Now I just use thermite and turn it into slag.

Re:Whoopdie-doo (4, Insightful)

hairyfeet (841228) | more than 2 years ago | (#39816217)

Or just keep an eye out by the dumpsters. You'd be amazed how many time companies would just sit computers out without even bothering to wipe squat. I've gotten to be friends with the handyman for my apt building and since he works also at some of the city buildings as well as a few businesses and he picks up any machines they are tossing because he knows i refurb PCs for poor folks and it just blows my mind how many times I've found CC numbers, tax forms, you name it on these machines.

Hell he called me once to bring out my truck because one of the local telecos were tossing their old towers when they upgraded. i got nearly 40 towers with nothing but the windows password between me and ALL their data. Of course being an honest man I simply nuked the drives and did clean installs but if I'd have been a bad guy the amount of data I'd have would have been insane. So think about that when you are giving your data to some company, you never know if they just sit their old machines on a curb somewhere.

But I have yet to see anyone recover data from a 3 pass DoD (sure a single zero out will do it, but I've found more companies will hand me machines if I tell them i'll DoD the machine) so please don't go for that insane "hey we'll shoot the drive!" kinda crap as there are a LOT of poor folks hurting in this economy and those old PCs can really help folks. So please just wipe and freecycle, its better for the environment and better for the poor folks around you.

Re:Whoopdie-doo (1)

ckaminski (82854) | more than 2 years ago | (#39820843)

If they weren't encrypted, you wouldn't even need that. Boot up Knoppix and mount the disks and have it at. I used to use Knoppix as a cheap version of Ghost and data recovery tool for years when I was doing helldesk.

Re:Whoopdie-doo (1)

mcgrew (92797) | more than 2 years ago | (#39821877)

Hell he called me once to bring out my truck because one of the local telecos were tossing their old towers when they upgraded. i got nearly 40 towers with nothing but the windows password between me and ALL their data.

The Windows password doesn't protect shit. Just put a Linux install CD in, run it in the "test this out to see if you like it mode" and all those data are there for you to take.

All the Windows pasword does is protect Microsoft.

Re:Whoopdie-doo (0)

Anonymous Coward | more than 2 years ago | (#39828347)

I think he knows that.

Don't sell hard drives! (1)

Anonymous Coward | more than 2 years ago | (#39813857)

Take them out, smash it with a sledgehammer and toss the scraps.

Re:Don't sell hard drives! (0)

Anonymous Coward | more than 2 years ago | (#39814177)

All the hard drives I've purchased, beginning around the 2TB mark, are self-destructing in about 2 years, anyway. Who needs a sledge hammer?

Re:Don't sell hard drives! (1)

pkinetics (549289) | more than 2 years ago | (#39815529)

I prefer the ballistic solution. The reflective coating makes them a little easier to follow with open sights...

Simple solution (1)

AmiMoJo (196126) | more than 2 years ago | (#39813881)

Require vendors to accept HDDs back for wiping, the same way they are required to accept batteries back for recycling. When you are done with your PC you can take it back to where you bought it for secure erasure, or optionally they could just send you a CD (or why not just include it in the box) that wipes the HDD and maybe puts it back to factory settings.

Re:Simple solution (2)

YodasEvilTwin (2014446) | more than 2 years ago | (#39813921)

So it will be the vendor or its employees selling your data instead. Or perhaps the government will force them to scan for any terrorist plots you might have been concocting before forcing them to wipe the drives.

Re:Simple solution (1)

DigiShaman (671371) | more than 2 years ago | (#39813981)

Used HDDs are not worth reselling due to the MTBF rate being met or exceeded. So you want secure your data by recycling your drive? Shred them [youtube.com] !

Re:Simple solution (1)

allo (1728082) | more than 2 years ago | (#39818587)

i think you do not understand statistics. MTBF does not mean, your drive will fail at the MTBF date.

Re:Simple solution (1)

DigiShaman (671371) | more than 2 years ago | (#39819607)

I never said it did. But like an odometer, S.M.A.R.T. Power_On_Hours gives a good indication whether or not you're getting closer to the end of a theoretical lifespan.

Re:Simple solution (2)

couchslug (175151) | more than 2 years ago | (#39814275)

That would increase what I pay for hard disks.

A shot with a hammer is cheaper than postage. Boom, done.

Re:Simple solution (1)

carnivore302 (708545) | more than 2 years ago | (#39818289)

Put your data on a raid5 or 6 array. Every once in a while one fails, but you won't have to fear anybody can recover the data on it. For that, they would need the other disks as well.

Simple!

Re:Simple solution (2)

allo (1728082) | more than 2 years ago | (#39818597)

this is not true.

on a raid5, you can have the disks arranged like:
disk1: data, AS IS
disk2: more data, AS IS ...
diskN: disk1 XOR disk2 XOR ... XOR diskN-1

diskN is quite useless to get the data, but the other disks contain the data the way it is.

Re:Simple solution (1)

carnivore302 (708545) | more than 2 years ago | (#39818829)

well, let them have my porn then.

Re:Simple solution (0)

Anonymous Coward | more than 2 years ago | (#39828355)

they could just send you a CD (or why not just include it in the box) that wipes the HDD and maybe puts it back to factory settings

I see what you did there.

I've never sold a working harddrive in my life (2)

CubicleView (910143) | more than 2 years ago | (#39813941)

And won't until this worrying trend of not including magnets in hard drives catches up to me.

Re:I've never sold a working harddrive in my life (1)

DarwinSurvivor (1752106) | more than 2 years ago | (#39814407)

You obviously have no idea how a harddrive works...

Re:I've never sold a working harddrive in my life (1)

realityimpaired (1668397) | more than 2 years ago | (#39815493)

You obviously have no idea how a solid state drive works....

Re:I've never sold a working harddrive in my life (1)

Gaygirlie (1657131) | more than 2 years ago | (#39817079)

I suggest both you and the OP take a good look at the ATA-specification's part called 'Secure Erase': https://en.wikipedia.org/wiki/Write_amplification#Secure_erase [wikipedia.org]

The ATA Secure Erase - feature is a process where the hard-drive itself re-initializes all its content, including the spare sectors - area, thereby erasing more than you can regularly access via an operating system and as the whole process is handled by the drive itself it does not consume any other resources from the host except power. More importantly, ATA Secure Erase is supported by SSDs, too.

Re:I've never sold a working harddrive in my life (1)

CubicleView (910143) | more than 2 years ago | (#39817637)

Interesting but not really necessary for me. The point of my joke/ completely truthful comment is that I've never owned an SSD and I've never sold a HDD. I have owned several 10 gig etc worthless (to me) harddrives which I've, without exception, torn to bits to get at the magical rare earth toys they contained. Oh and word to the wise, wear eye protection when unwrapping your magnets, those platters can shatter.

Re:I've never sold a working harddrive in my life (1)

allo (1728082) | more than 2 years ago | (#39818599)

you really trust the drive vendor not to fuck up / implement backdoors? They could just implement the wipe by storing in the controller firmware "return only 0s for blocks not written since 'secure erase'", so i.e. some TLA-Agency could still recover data by using another firmware.

Re:I've never sold a working harddrive in my life (1)

Gaygirlie (1657131) | more than 2 years ago | (#39818733)

Your tinfoil hat might be a tad bit too tight there, mate.

Re:I've never sold a working harddrive in my life (1)

realityimpaired (1668397) | more than 2 years ago | (#39818759)

Interesting reading, but what does it have to do with the presence or absence of magnets in an SSD? :)

The OP commented that he was fine simply removing the magnets from hard drives, leaving them unusable (which isn't exactly true, because you can still read the information if it's on the platter and the platter hasn't been destroyed), and that this would continue to work until the trend of there not being magnets in hard drives (meaning SSD's) caught up with him. The person he replied to said that this clearly meant he didn't understand how hard drives work (which is true... magnetic storage drives can still be read even without the magnet, but wasn't what the OP was talking about). Thus my reply, pointing out that there's no magnets in an SSD. :)

I usually hang on to hard drives for at least a year after removing them from computers, in case there's some information I missed when copying my data over. Even then, until I need the space, I still have old hard drives. And when I am ready to recycle them, I pass them through DBAN before taking them to the computer recyclers. That last bit is theoretical, though... I haven't actually tossed a hard drive in almost 10 years now.

Re:I've never sold a working harddrive in my life (1)

Gaygirlie (1657131) | more than 2 years ago | (#39820265)

The OP commented that he was fine simply removing the magnets from hard drives, leaving them unusable (which isn't exactly true, because you can still read the information if it's on the platter and the platter hasn't been destroyed)

That was kind of my point: removing magnets from the drive does not make the data there unreadable, it only makes it a tad bit more difficult. Ie. if he is removing magnets as a means of trying to make the data inaccessible he should rather do a Secure Erase first. Of course, if he doesn't care about that and just wants the magnets to toy with then I got no complaints :)

I pass them through DBAN before taking them to the computer recyclers.

With DBAN one must make certain to use the ATA-6 wipe method to also clear out remapped sectors, something it doesn't do by default. And DBAN apparently does not support wiping out HPA at all. How important it is to wipe out remapped sectors and HPA is certainly an entirely different matter and for most regular users is irrelevant because of how difficult it is to access those, but with today's drives having multiple gigabytes -- even tens of gigabytes -- of sectors reserved for remapping it is entirely possible for passwords and other important bits to end up there and thus it would likely make sense to be properly prepared and clear those out, too.

Anecdote (4, Interesting)

PPH (736903) | more than 2 years ago | (#39814019)

A few years back, I happened to visit my dentist's office just after he had all of his workstations upgraded. By the medical/dental s/w maintenance vendor's technician. While the tech was standing there, I asked my dentist what he was going to do with all his old PC's. Donate them to a local school, he said. I asked if there was any patient data on them. He told me that the vendor's tech had reformatted the hard drives, so that wouldn't be a problem. I asked him (within earshot of that tech) if he had ever heard of the 'unformat' command. I then suggested that he have the vendor investigate DBAN [dban.org] before letting these machines off the property.

I don't know who is responsible for the loss of patent data under HIPAA [wikipedia.org] regulations. But I'd hope that vendors specializing in medical IT support would.

Re:Anecdote (1)

The MAZZTer (911996) | more than 2 years ago | (#39814835)

A "quick" format does not erase the data on the drive. A full format would, however (the drawback being a quick format is extremely fast and does not scale in time based on the drive size).

A full format should be enough to keep most people from recovering the data without cracking the drive open and examining the physical platters.

Re:Anecdote (0)

Anonymous Coward | more than 2 years ago | (#39820329)

> full format
I don't think that means what you think it means.
"Formatting" means writing data which is required for normal operation. That may include writing a partition table, root directory and FAT (high-level format), or it may involve writing sector headers (low-level format).
A high-level format won't erase sensitive data, and modern hard drives cannot perform a low-level format.

Re:Anecdote (1)

SecurityGuy (217807) | more than 2 years ago | (#39817297)

I don't know who is responsible for the loss of patent data under HIPAA [wikipedia.org] regulations

Your dentist is. They can transfer or share that responsibility with the IT vendor through a business partner agreement, but there's no magic claim of "Oh, I thought the IT vendor would know what to do!"

That said, pretty much nobody gets fined under HIPAA. The first fine wasn't that long ago:

http://threatpost.com/en_us/blogs/hipaa-bares-its-teeth-43m-fine-privacy-violation-022311 [threatpost.com]

Only 1 in 10? (3, Insightful)

hahn (101816) | more than 2 years ago | (#39814037)

I would venture to guess that most people don't realize that deleting a file doesn't completely wipe it. The bigger question is, how many people who buy or receive those second hand-drives are looking to recover the data, and what % of them would do something with it that would NOT be okay with the original owner. I'd like to think not that many. But then again, I wouldn't be surprised if there were scammers who look to buy cheap used drives to see if they can dig up some useful info on it. Seems to me that would be higher yield than trying to phish for it with spam, and easier than trying hack websites.

Stop saving hard drives. They aren't valuable. (1)

couchslug (175151) | more than 2 years ago | (#39814241)

I don't go over handwritten documents with a fucking eraser to re-use the paper.

Take a hammer (nearly everyone has one of those) and smash the hard disk to destroy the platters. Hard disks are cheap enough to be expendable if they have "classified" or confidential information on them.

HIPAA should mandate drive destruction when the drive is no longer needed.

Re:Stop saving hard drives. They aren't valuable. (3, Informative)

Gordonjcp (186804) | more than 2 years ago | (#39814347)

Taking a hammer to them is too much effort. A single pass of "dd if=/dev/zero of=/dev/sd" will utterly destroy all the data beyond any hope of recovery.

Re:Stop saving hard drives. They aren't valuable. (0)

Anonymous Coward | more than 2 years ago | (#39814935)

A hammer is more fun, and you might lose some weight.

Re:Stop saving hard drives. They aren't valuable. (1)

Trogre (513942) | more than 2 years ago | (#39816073)

Well the weight of an eye at least, if you happen to strike a drive with glass platters.

Re:Stop saving hard drives. They aren't valuable. (2)

greg1104 (461138) | more than 2 years ago | (#39816383)

Let's say a typical drive is 100GB and writes at 100MB/s. That will average over 15 minutes to write zeros to every sector on the drive. The destructive throughput of a hammer is pretty fast compared to that.

Re:Stop saving hard drives. They aren't valuable. (1)

tunapez (1161697) | more than 2 years ago | (#39817397)

Bonus benefit, free neodymium super-magnets to amaze your friends! If it's a platter device, anyway.

Re:Stop saving hard drives. They aren't valuable. (1)

Gordonjcp (186804) | more than 2 years ago | (#39817619)

Yeah, but you actually have to *do* it, as opposed to typing a single command and then going and doing something more fun for 15 minutes.

And at the end of it, you've got a working totally blank hard disk, or it shows up incipient failing sectors.

Re:Stop saving hard drives. They aren't valuable. (1)

1u3hr (530656) | more than 2 years ago | (#39817933)

Let's say a typical drive is 100GB and writes at 100MB/s. That will average over 15 minutes to write zeros to every sector on the drive. The destructive throughput of a hammer is pretty fast compared to that.

Depends whether you value you own time more than the computer's.

It's a lot more time and effort to open the case and take out the drive, get a hammer, get a bag or something to wrap the drive in, dispose of the pieces of the drive, close the case, put the hammer back in the shed, than to insert a nuke boot CD and do something useful while it chugs away.

Re:Stop saving hard drives. They aren't valuable. (1)

couchslug (175151) | more than 2 years ago | (#39819397)

More people own hammers than know Unix.

The problem is not a geek problem.

Re:Stop saving hard drives. They aren't valuable. (1)

careysub (976506) | more than 2 years ago | (#39820219)

Taking a hammer to them is too much effort. A single pass of "dd if=/dev/zero of=/dev/sd" will utterly destroy all the data beyond any hope of recovery.

This does not cover the case though of the hard drive being taken out of service due to flaky behavior developing with age. In that case you cannot assume that the drive ill erase itself properly (or at all if is fails out right). Now such a drive is not likely to be ever resold or reused, and it might require a malefactor to actually fix the drive in some way before recovering data from it, but the platter is still readable and a security risk.

Besides whacking with a hammer is fun. Get a big hammer! (But wear eye protection.)

Re:Stop saving hard drives. They aren't valuable. (1)

ckaminski (82854) | more than 2 years ago | (#39821017)

For the average Joe, yes. But writing zeroes introduces a pattern, and high-tech equipment can pick up "leakage". Better to use if=/dev/urandom instead.

Still not enough to protect you from industrial tools, but enough to protect you from Joe Hacker who also has access to dd.

Re:Stop saving hard drives. They aren't valuable. (1)

Gordonjcp (186804) | more than 2 years ago | (#39822099)

No, there is no "leakage" to speak of, and no way to separate out the old data that may have left residue. Once a bit is overwritten, it's *gone*.

No, the NSA do not have a big magic machine that can do it.

It's not all bad (5, Funny)

Lord_of_the_nerf (895604) | more than 2 years ago | (#39814343)

I uncovered porn and tons of what's now 'abandonware'. Thanks, 16-year old boy from 1996 (I assume)!

1 in 10? (1)

Anonymous Coward | more than 2 years ago | (#39814437)

Wouldn't it have been quicker to say 50%?

Re:1 in 10? (1)

Fireking300 (1852630) | more than 2 years ago | (#39814849)

1 in 10 is 10%

Re:1 in 10? (1)

Grygus (1143095) | more than 2 years ago | (#39815037)

To be fair, he didn't say it would be remotely accurate; only quicker.

Maybe he works for a news organization.

Re:1 in 10? (1)

houstonbofh (602064) | more than 2 years ago | (#39815533)

1 in 10 is 10%

Not in binary...

Re:1 in 10? (1)

tunapez (1161697) | more than 2 years ago | (#39817435)

110010% ?

Re:50% (1)

DocSavage64109 (799754) | more than 2 years ago | (#39825319)

Nice. The 0 mod shows how few understood the joke.

Re:50% (1)

mcgrew (92797) | more than 2 years ago | (#39826275)

It's siting at -1 now. Sad, there used to be a few nerds at slashdot who would appreciate a joke like that. But you know there are 10 kinds of people, those who know binary and those who don't.

I always smash my old drives with a hammer (2)

FudRucker (866063) | more than 2 years ago | (#39814483)

and then bury them in the back yard and water em real good with a water hose, by the time somebody finds those they'll be as rusty as a pre WW2 jalopy

Re:I always smash my old drives with a hammer (2)

couchslug (175151) | more than 2 years ago | (#39819443)

I harvest the sweet, sweet magnets and scatter them in handy spots around my shop.

If you slide a couple of magnets inside a Zippo between the wadding and the inner case, your lighter will stick to your tool box, cabinet, etc.

Don't pry the magnets off their keepers as they are brittle. Heat them slightly over a stove or lighter and the glue will loosen whereupon you can slide them off.

Re:I always smash my old drives with a hammer (0)

Anonymous Coward | more than 2 years ago | (#39822925)

Ditto this. Magnets are cool and if you find really old hard drives they are huge!

Only? (4, Interesting)

Internetuser1248 (1787630) | more than 2 years ago | (#39814687)

Every 2nd hand hard disk I have ever acquired has had personal data on it. None of the previous owners had even attempted to delete the data all the filesystem pointers were intact. On the other hand none of them ever had any useful data on them, unless I wanted to embarrass the previous owner by sending their porn collection to their wife/parents.

Re:Only? (2)

doesnothingwell (945891) | more than 2 years ago | (#39816673)

to embarrass the previous owner by sending their porn collection to their wife/parents.

Found some porn once on old harddrive it looked like his wife, the joke was on me.

Thorough reformatting tool (1)

wilson_c (322811) | more than 2 years ago | (#39815495)

My company donates quite a bit of good used computer equipment every year, but I am very careful to remove all drives and reformat them. With a drill bit.

Re:Thorough reformatting tool (1)

jdschulteis (689834) | more than 2 years ago | (#39817107)

My idea of a thorough reformatting tool is thermite.

Re:Thorough reformatting tool (1)

mcgrew (92797) | more than 2 years ago | (#39826167)

Saltpeter and sugar will do the job more safely and just as effectively. It'll burn damned near anything, you can even burn a hole in a cinderblock with it.

Sold hard drive with photos of my big dong (0)

Anonymous Coward | more than 2 years ago | (#39816445)

I sold a hard drive which I purposely left full of pictures of my big dong. I believe that the new owner would benefit very much from seeing the bigness of my dong!

Windows Vista will Wipe a Drive (0)

Anonymous Coward | more than 2 years ago | (#39816713)

Since Windows Vista a full format using the standard Windows format command will wipe a hard drive by writing 0x00 to every cluster before rebuilding the file system areas.

See: http://support.microsoft.com/kb/941961

A fool proof method (2)

dark grep (766587) | more than 2 years ago | (#39817655)

A few years ago I resigned from a company on less than perfect terms. They took the laptop I had been using and sent it for forensic analysis (for some paranoid reason I can only guess). Anyway, the day before I left I had reformatted the drive and loaded Ubuntu to replace the Windows 2000 OS that was on there.

The report from the (so called) forensic lab was that I had 'used powerful encryption to hide the contents of the hard drive'. Hell, I didn't even use a proper overwrite format, just the fast format option.

So there you go. Either a 10 minute Linux install will beat a professional forensic investigation, or it's proof against fools. I favor the latter.

What about 'New' drives (1)

crispi (131688) | more than 2 years ago | (#39817707)

Some dodgy retailers in Australia have been re-shrink-wrapping used hard disks and selling them as new again.

Typically this seems to be with resellers that offer a 7-day money back no-quibble guarantee.

Should I worry? (1)

Hognoxious (631665) | more than 2 years ago | (#39817995)

My files don't have any buttons. Should I be worried?

Or sold as new... (1)

Geeky (90998) | more than 2 years ago | (#39818249)

I bought a USB drive from PC World last year. Sold as new. Got it home, found that my Windows PC wouldn't recognise the file system - it was formatted, and I could see the hardware, but the drive wasn't showing up. Out of curiosity I hooked it up to a Linux machine and had a nose. Turns out it was HFS formatted. Not only that but it had someone's time machine backup on it.

So not only was the drive - probably illegally - sold as new when it was, in fact, second hand, but PC World hadn't even done a basic format of it.

Needless to say I returned it and gave the manager a bit of a hard time...

Re:Or sold as new... (1)

bonehead (6382) | more than 2 years ago | (#39820659)

Heh...

Just yesterday I had to return a 1TB external drive to Best Buy that actually contained somebody's old 80GB drive in the enclosure.

As if I wasn't pissed off enough at the hassle, and the fact that I believed I was buying a new drive and not a return, I also had to argue for 20 minutes and call in a store manager because they accused ME of being the one who made the swap.

People are bastards.

Well who is to blame? (0)

Anonymous Coward | more than 2 years ago | (#39818747)

One cannot argue with ignorance. One has to understand that most people are arrogant and do not understand. That is not your fault, but what beggars belief is how these drives ended up in the wrong hands in the first place and why would you resell the drives as new?

All you have to do is the following;

1, Gutmann pass http://en.wikipedia.org/wiki/Gutmann_method
2, Then if you are not paranoid enough overwrite the drive with Zeros and you can do this Hiren's Boot CD.

The only forensics left is the serial number of the Hard Drive which is embedded and ties MAC/Hardware codes together!

Normally at this stage you might as well have done a good job of taking a hammer to it and then throwing thing the thing into a blast furnace.

Whilst I am at it http://www.microsoft.com/industry/government/solutions/cofee/default.aspx

This is what is used;

arp.exe -a
at.exe
autorunsc.exe
getmac.exe
handle.exe -a
hostname.exe
ipconfig.exe /all
msinfo32.exe /report %OUTFILE%
nbtstat.exe -n
nbtstat.exe -A 127.0.0.1
nbtstat.exe -S
nbtstat.exe -c
net.exe share
net.exe use
net.exe file
net.exe user
net.exe accounts
net.exe view
net.exe start
net.exe Session
net.exe localgroup administrators /domain
net.exe localgroup
net.exe localgroup administrators
net.exe group
netdom.exe query DC
netstat.exe -ao
netstat.exe -no
openfiles.exe /query/v
psfile.exe
pslist.exe
pslist.exe -t
psloggedon.exe
psservice.exe
pstat.exe
psuptime.exe
quser.exe
route.exe print
sc.exe query
sc.exe queryex
sclist.exe
showgrps.exe
srvcheck \127.0.0.1
tasklist.exe /svc
whoami.exe

Easily defeated! But COFEE is for brain dead law enforcement!

Thermite (1)

ckaminski (82854) | more than 2 years ago | (#39820653)

This is why I keep a small quantity of thermite handy. The only proper disposal for my hard drives is complete and utter destruction.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?