Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Data Mining Used Hard Drives

timothy posted more than 11 years ago | from the but-sircam-does-this-for-me-already dept.

Privacy 695

linuxwrangler writes "One hopes the /. crowd knows the perils of discarding storage with sensitive data but this article drives home the point. Two MIT grad students bought used drives from eBay and secondhand computer stores. Among the data found on the 158 drives were 5,000 credit-card numbers, porn, love-letters and medical information."

cancel ×

695 comments

Sorry! There are no comments related to the filter you selected.

Guess those pop up ads were right (5, Funny)

Anonymous Coward | more than 11 years ago | (#5091581)

There IS pornography on your computer!

Re:Guess those pop up ads were right (5, Funny)

Anonymous Coward | more than 11 years ago | (#5091679)

Fill a directory with goatse pics, so if your hd is data mined, whoever's doing it will have an unpleasant experience. :)

Oh, man. Hear it comes. (1, Offtopic)

bmetz (523) | more than 11 years ago | (#5091586)

I smell some seriously interesting anecdotes coming in from slashdot readers. :)

Re:Oh, man. Hear it comes. (2)

bsharitt (580506) | more than 11 years ago | (#5091763)

I once got a 286 from my school, that they had gotten from Redstone Arsenal. The hard drive wasn't even erased on it. There wasn't any important information, most stuff contracts regarding missile building contracts. There were some that had stickers on them say they were cleared for processing classified material, but their hard drives were empty. Maybe I should take a second look at those drives, the military may not have known how to completely erase them back then. I've probably already said to much.

Wait, were did those black helicopter come from? Uh oh.

fp? (-1, Offtopic)

devleopard (317515) | more than 11 years ago | (#5091588)

maybe....

DPA (5, Informative)

kylegordon (159137) | more than 11 years ago | (#5091592)

Another reason to securely erase your data. In the end, _you_ are responsible for data under the Data Protection Act (in the UK anyway)

2nd Post? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5091593)

w00t

Luckily for me, my Ebay'd hard drives are safe (5, Funny)

ObviousGuy (578567) | more than 11 years ago | (#5091594)

I only sell broken ones.

Re:Luckily for me, my Ebay'd hard drives are safe (3, Insightful)

Filik (578890) | more than 11 years ago | (#5091620)

Nope, even broken ones can be read with the right equipment.

Re:Luckily for me, my Ebay'd hard drives are safe (0)

Anonymous Coward | more than 11 years ago | (#5091757)

not if i've cracked them open and cum/shit/bled on the platters after perforating them with an awl

Re:Luckily for me, my Ebay'd hard drives are safe (5, Informative)

norton_I (64015) | more than 11 years ago | (#5091648)

Even broken hard drives can be recovered, though it takes some rather expensive equipment to do so. However, with a little creativity and some equipment you would likely find in a EE department, much of it could be recovered.

Thats pretty cool (2, Interesting)

madsenj37 (612413) | more than 11 years ago | (#5091596)

Sounds like a gold mine to me. Maybe, just maybe, it will teach people to be more secure.

MIT Grad students (5, Funny)

Anonymous Coward | more than 11 years ago | (#5091597)

Two MIT grad students bought used drives from eBay and secondhand computer stores.

Don't I feel inferior. I've done the same with used HD's in the past and I only have a HS edumacation.

Re:MIT Grad students (5, Funny)

unicron (20286) | more than 11 years ago | (#5091744)

The "From MIT" precursor voids any legal engtanglements. Now it's a class project!

just shoot the drive (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5091598)

I prefer to shoot my old computers.

And why the hell would only 158 drives have 5000 CCs?

Re:just shoot the drive (2, Interesting)

mike_stay (631250) | more than 11 years ago | (#5091641)

And why the hell would only 158 drives have 5000 CCs?

Because it's businesses selling the drives with their customer lists still on them, which are probably worth more in many cases than the CC#'s.

Re:just shoot the drive (5, Informative)

The Notorious ASP (628859) | more than 11 years ago | (#5091662)

And why the hell would only 158 drives have 5000 CCs?

Becuase these, at least for the most part weren't personal drives, but drives companies had thrown away.
From the article:

"As it turned out, most of the hard drives acquired by the MIT students came from businesses that apparently had a misplaced confidence in their ability to "sanitize" old drives."

Scary.

How many credit cards per hard disk??? (1, Interesting)

kenthorvath (225950) | more than 11 years ago | (#5091599)

5000 divied up between say 200 disks is 25 cards per disk, are these retail discarded drives? Perhaps this should be regulated.

Re:How many credit cards per hard disk??? (1)

ActiveSX (301342) | more than 11 years ago | (#5091617)

Actually, there were 158 drives, so the average comes out to about 31 cards per disk.

Re:How many credit cards per hard disk??? (1)

ActiveSX (301342) | more than 11 years ago | (#5091636)

I hate to reply to myself, but:

"Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information" -- medical correspondence, love letters, pornography and 5,000 credit card numbers."

So I suppose they're saying there were 102 cards/drive. Sounds fishy to me.

Re:How many credit cards per hard disk??? (2)

LostCluster (625375) | more than 11 years ago | (#5091677)

Sounds like one of the drives belonged to a business that left something like QuickBooks on their drive, and that accounts 98% of the card numbers found, with there being one or two on each of the remaining drives.

Re:How many credit cards per hard disk??? (1)

ObviousGuy (578567) | more than 11 years ago | (#5091626)

Perhaps this story isn't so much a warning to hard drive discarders than it is a indictment of the American revolving credit infatuation/problem.

These previous users had a problem.

Re:How many credit cards per hard disk??? (2, Insightful)

ZzzzSleep (606571) | more than 11 years ago | (#5091642)

I think it's much more likely that there were only a few of these retail drives with CC numbers on them, but the ones that did have the numbers on them would have had a shitload of numbers.

Re:How many credit cards per hard disk??? (5, Funny)

DAldredge (2353) | more than 11 years ago | (#5091652)

They are using the NEW, IMPROVED RIAA/MPAA counting system.

Re:How many credit cards per hard disk??? (2)

Jason1729 (561790) | more than 11 years ago | (#5091721)

Among the data found on the 158 drives were 5,000 credit-card numbers

The RIAA/MPAA system recognizes that each digit is a number taken by itself. Since credit cards have 16 digit numbers, 31 numbers/person sounds about right, it's an average of just under 2 cards/person.

Jason
ProfQuotes [profquotes.com]

I don't beleave it (0, Troll)

Niadh (468443) | more than 11 years ago | (#5091655)

Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information"

thats 5000 cc numbers on 49 drives?
102 credit cards numbers per drive?!

i smell bullshit...

maybe one of theose drives belonged to scripted kiddie with a cc# generator..

Neather do I (0)

Anonymous Coward | more than 11 years ago | (#5091663)

eom

Re:I don't beleave it (1)

Filik (578890) | more than 11 years ago | (#5091682)

Nah, no bullshit. Just imagine, with 158 drives, wouldn't one of them have a high probability of coming from some CC cracker? CC's are common "hacker" currency...

RTFA (4, Insightful)

commodoresloat (172735) | more than 11 years ago | (#5091756)

If you read the article you'll notice that many of the drives belonged to businesses; the CC#s were probably in customer lists. Now why was the parent modded "+5 insightful" rather than "-1 didn't RTFA"?

Full Article Text (2, Informative)

Anonymous Coward | more than 11 years ago | (#5091601)

Discarded computer hard drives prove a trove of personal info

JUSTIN POPE, AP Business Writer Wednesday, January 15, 2003

(01-15) 13:17 PST CAMBRIDGE, Mass. (AP) --

So, you think you cleaned all your personal files from that old computer you got rid of?

Two MIT graduate students suggest you think again.

Over two years, Simson Garfinkel and Abhi Shelat bought 158 used hard drives at secondhand computer stores and on eBay. Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information" -- medical correspondence, love letters, pornography and 5,000 credit card numbers. One even had a year's worth of transactions with account numbers from a cash machine in Illinois.

About 150,000 hard drives were "retired" last year, according to the research firm Gartner Dataquest. Many end up in the trash, but many also find their way back onto the market.

Over the years, stories have surfaced about personal information turning up on used hard drives, raising concerns about privacy and the danger of identity theft.

Last spring, Pennsylvania sold used computers that contained information about state employees. In 1997, a Nevada woman bought a used computer and discovered it contained prescription records on 2,000 customers of an Arizona pharmacy.

Garfinkel and Shelat, who reported their findings in an article to be published Friday in the journal IEEE Security & Privacy, said they believe they are the first to take a more comprehensive -- though not exactly scientific -- look at the problem.

On common operating systems such as Microsoft's Windows, simply deleting a file, or even following that up by emptying the "trash" folder, does not necessarily make the information irretrievable. Those commands generally delete a file's name from the directory. But the information itself can live on until it is overwritten by new files.

Even reformatting a drive, or preparing the hard drive all over again to store files, may not do it. Fifty-one of the 129 working drives in the MIT study had been reformatted, and 19 of them still contained recoverable data.

The hard-to-erase quality of hard drives is seen as a good thing by some. Many users like believing that, in a pinch, an expert could recover their deleted files. Law enforcement officers can examine a computer and lift incriminating e-mails or porno images from the hard drive.

The only sure way to erase a hard drive is to "squeeze" it: writing over the old information with new data -- all zeros, for instance -- at least once, but preferably several times. A one-line command will do that for Unix users, and for others, inexpensive software from companies such as AccessData works well.

But few people go to the trouble. Many ordinary computer users toss their old drives into the closet, or take a sledgehammer to it.

As it turned out, most of the hard drives acquired by the MIT students came from businesses that apparently had a misplaced confidence in their ability to "sanitize" old drives.

Tom Aleman, who heads the analytic and forensic technology group at the accounting firm Deloitte & Touche, often encounters companies that get burned by failing to fully sanitize, say, the laptop of an employee who leaves the company for a job with a competitor.

"People will think they have deleted the file, they can't find the file themselves and that the file is gone when, in fact, forensically you may be able to retrieve it," he said.

Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father. His father was able to read his personal journal.

Re:Full Article Text (1)

Filik (578890) | more than 11 years ago | (#5091667)

Nope, writing over it with all zeros doesn't make it safe at all. You need to use random numbers, or tricks of magnetism makes it possible to see what other values than 0 has been stored recently.

A lesson is "fully sanitizing your drive" (2)

cscx (541332) | more than 11 years ago | (#5091750)

Always use one of these [oakforest.com] when installing a hard drive. That's sure to keep it sanitary.

fuck the white man! (0, Insightful)

Anonymous Coward | more than 11 years ago | (#5091603)

death to whitey!

porno on ebay'd hard drives... (0)

Anonymous Coward | more than 11 years ago | (#5091604)

cool - cheap porn.

HD Abuse (3, Funny)

helix400 (558178) | more than 11 years ago | (#5091608)

I have some fun with my old drives.

Take them outside, and throw them as high into the air as possible. Then watch them land on concrete.

I think that render the drive useless. =)

Re:HD Abuse (1)

mpcooke3 (306161) | more than 11 years ago | (#5091629)

Probably.

But I doubt it destroys much of the data.

Matt.

Re:HD Abuse (0)

Anonymous Coward | more than 11 years ago | (#5091678)

Let's refine the technique a bit:

Open the case, throw the drive platter stack into the air, watch/listen with satisfaction as the platters hit the concrete and are bent well past the ability to unbend them and use them with any current drive head kit.

Yes, someone with the right magnetic scanning gear can still get at the data, but it's certainly no longer usable with ordinary disk drive hardware.

Re:HD Abuse (2, Informative)

Xeo2 (301694) | more than 11 years ago | (#5091660)

Take them outside, and throw them as high into the air as possible. Then watch them land on concrete.

I think that render the drive useless. =)


Probably not. Most commercial harddrives are rated for at least 50gs of acceleration. My Deskstar is good for up to 100. You might dent the outer case, but it'll probably still work.

Re:HD Abuse (1)

Coke in a Can (577836) | more than 11 years ago | (#5091675)

BAH! That's the lazy way. The proper way is to wire it up to an old 386 (not inside the case, get a long cable and put it a foot or 2 away), do something intensive on it (i.e. zeroing the whole drive), and then take your sledge, and BAM! I've always wondered what would happen if you did that.

(I happen to have a 6.4GB drive sitting in my computer right now. I can't wait till the day I get a new HD and move the currently-primary 20GB down to backup duty, and SMASH that old Fireball)

Re:HD Abuse (1)

phyrestang (638793) | more than 11 years ago | (#5091683)

I use my old harddrives to practice using my dremel tool... Not much use after that..

Re:HD Abuse (1)

kg4ghn (631230) | more than 11 years ago | (#5091729)

i wonder if they would last after a session with my Glock... Mike

redundant? (0)

Anonymous Coward | more than 11 years ago | (#5091609)

redundant... redundant.... redundant... redundant...

yeah, i've seen this whole "buy hds off people, find porn" thing before

its not new, who cares?

So... (0)

cpuenvy (544708) | more than 11 years ago | (#5091610)

The moral of the story is: Purchase drives from EBay, harvest credit card numbers, get rich, then rule the world.

I got it all figured out now...

Geez, I hate to do it but.... (1)

The Notorious ASP (628859) | more than 11 years ago | (#5091707)

1. Buy hard drives off ebay
2. Datamine CC numbers off old drives
3. ???
4. Profit!

Wait a second, I just found the missing step...

Sweet.

Data worth more than the computer (5, Interesting)

blamanj (253811) | more than 11 years ago | (#5091611)

It's long been know that laptop theives are often more interested in the data than the computer.

Some computers sold on eBay are sold for the data [ebay.com] .

yes (2)

Stanley Feinbaum (622232) | more than 11 years ago | (#5091612)

nowadays most companies do not sell used systems anymore.. Since a simple format is not enough to protect sensitive data.

Where I work we generally destroy then throw away the entire computer when we no longer need it, the only thing part we keep is the monitor.

It's the safest way to go!

Re:yes (3, Interesting)

silas_moeckel (234313) | more than 11 years ago | (#5091665)

That was the Policy at the IBM facility I worked at in the early 90's. I tossed piles of computers into this big ugly compacting trailor once that was done with it I doubt you could recover anything. Funny thing about that is employies took piles of "compacted" parts home with them well I guess if they wanted the data in the first place they could have gotten it anyway in building security was light network wise untill you hit big iron.

Unfortunate (2, Insightful)

Kourino (206616) | more than 11 years ago | (#5091717)

Since the only thing that's going to retain data is the hard drive ... what a waste. Come on, companies should sell the rest of the computer! Where do you think poor college students are going to get their "used to be high end hardware half a decade a go" supplies, huh? ;_;

I mean, I agree, don't let the drive itself slip out, but ...

Re:yes (4, Interesting)

cbuskirk (99904) | more than 11 years ago | (#5091719)

Why not remove the hard drive and donate the computer to a local school. Even at a couple of years old the computer is still useful for students and the school would be more than happy to pick up a new hard drive for it.

Re:yes (0)

Anonymous Coward | more than 11 years ago | (#5091751)


Safest for who ? For your company certainly, but not really for the environment (which mean all of us).
I'm not saying that selling them would be safer for the environment in the long run, but it can't be worse, unless your company follows a serious policy regarding broken computer parts.
There are certainly good algorithms to erase a HD safely (I'm thinking random overwriting several time, or perhaps writing the bitwise complement of the data before several random passes).

Aftenposten (-1)

Trolling Thunder (639121) | more than 11 years ago | (#5091613)

Imagine a beowulf cluster of naked, petrified old ikes found dead in their maine homes with hot grits down their pants whilest *BSD is dying.

That my friends, would truly be an amerikkkan icon.

last post! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5091614)

goatsex! [goatse.cx]

Gary Glitter (3, Funny)

cornjchob (514035) | more than 11 years ago | (#5091618)

If only he had but known...

formatting (0)

banka (464527) | more than 11 years ago | (#5091619)

so does formatting the harddrive not eliminate all past date? because i've read stories of how the fbi recovered sensitive material even on formatted drives

Re:formatting (1)

andih8u (639841) | more than 11 years ago | (#5091748)

yeah, formatting just wipes out the MBR (master boot record) so all your data is still there.

scary (2, Interesting)

Anonymous Coward | more than 11 years ago | (#5091622)

It's one thing to make sure you securely wipe any drive of your own you get rid of, but you can't do anything about old drives or paper files that a company or hospital might discard containing sensitive info about you.

Occasionally there are new reports about someone finding a stack of files by a dumpster containing sensitive medical or financial information about a lot of people. The same surely holds true for old drives or computers disposed of by careless companies.

I can relate (5, Interesting)

l33t-gu3lph1t3 (567059) | more than 11 years ago | (#5091624)

Picked 6 or 7 old 4gig HDDs from my father's company a few years ago, found their company credit line information, personal (and some very erotic) email, and a surprisingly large collection of nudie photoshopped Gillian Anderson photos. Oh yeah, and like 100 different (and I must say, very well-done) quake2 "crackwhore" models and skins lol. I love the people who don't clear their HDDs, it's like treasure chests, you never know what you're gonna get.

Re:I can relate (0)

Anonymous Coward | more than 11 years ago | (#5091699)

It's almost as much fun as browsing through the personal files that get e-mailed to me everyday with peoples first attempt at a game or some cute japanese girls screen saver.

Re:I can relate (2)

wideBlueSkies (618979) | more than 11 years ago | (#5091730)

Do you have an FTP site for those Quake models?

This is news? (-1, Troll)

Bowie J. Poag (16898) | more than 11 years ago | (#5091632)



Welcome to 1979.

One of my personal favorites: I got my hands on a 50MB external Sun SCSI enclosure at the local University's surplus auction... Hooked it up to my Linux box, had a look at it with hexedit. It used to belong to some sort of Asian Students Club. The contents of the drive were about 10% emails written in broken Engrish, and 90% of it was uuencoded porn.

Your tax dollars at work...yeesh.

Re:This is news? (2, Offtopic)

yellowstone (62484) | more than 11 years ago | (#5091725)

Welcome to 1979 [...] a 50MB external Sun SCSI enclosure [...] hooked it up to my Linux box,
Sun Microsystems was founded in 1982. And Linus didn't start Linux until 1991. What year was that again?

Re:This is news? (2)

unicron (20286) | more than 11 years ago | (#5091765)

What's sad is he didn't even HAVE to post a date, just say "there was this time".

Homer: An F turns into a B so easily, you just got greedy.

Your wayback machine is broken (5, Funny)

Anonymous Coward | more than 11 years ago | (#5091742)

1979? I was there, home skillet.

50 MB? Try 5 MB.
SCSI? Not in production.
Sun? Sure...
Linux? Try CP/M.
hexedit? Try debug.
Asian Students? First wave Vietnamese refugees, maybe.
E-mails? If you were working on ARPA.
Porn? Maybe PG rated adventure games...

Tax dollars at work? In 1979, we had to walk
10 miles up hill (both ways) to pay our taxes, and they only accepted krugerrands and virgins without
herpes, both of which were in even shorter supply
and higher demand than they are now.

Re:This is news? (0)

Anonymous Coward | more than 11 years ago | (#5091755)

I keep hoping for a moderation option like, "-1: Bitching about newsworthiness". Maybe this could be subsumed with a few other ideas into "-1: Whiner". :)

Must have been.... (1)

vasqzr (619165) | more than 11 years ago | (#5091639)



Kevin Mitnick's laptop hard drive from eBay. He had stolen a couple thousand credit card numbers, didn't he?

A legitimate reason for having 5,000 CC #'s on 158 drives could be, maybe one of the drives was a web server for an e-commerce site?

Data Layers (1)

Artana Niveus Corvum (460604) | more than 11 years ago | (#5091640)

I wonder how many previous owners these drives had? If so, I wonder if they're using some sort of low level disk analysis software like the FBI does that can effectively peel back layers of data that were on there in the past. Theoretically anything that has previously been on the drive should be recoverable through such methods.

everyone knows this (0)

erax0r (626272) | more than 11 years ago | (#5091653)

well not to be a troll but oh well.. anyone that reads /. most likely already knows about this technology. data recovery has been around for ages...nothing new here.

Your old HD is safe. (5, Funny)

missing000 (602285) | more than 11 years ago | (#5091654)

I can get creditcard numbers faster on kazaa.

Not so bad. (5, Interesting)

Annatar2 (558541) | more than 11 years ago | (#5091656)

Thats not so bad. My dad happens to be a garbage man and often brings along an occasional system he's scavanged from the dumpsters along his route. Currently I have in my possession an old IBM Aptiva with some guys bank account information on it (He did his checking and stuff with it apparently), but worst of all I have what appears to be an old Gateway tower used to store Medical information for a major hospital in the area my father works. I have over 2 gigs of peoples medical history, including what they were put in the hospital for, insurance information, release dates ect.

I should really do the honost thing and reformat it but its always fun to flip the thing on and just page through stuff.

PGP! (5, Informative)

wirelessbuzzers (552513) | more than 11 years ago | (#5091657)

PGP (for windows or mac, ie not GPG) has two commands related to this: wipe file and wipe free space. They overwrite the appropriate sectors of the disk with several patterns designed to ensure that no matter what (common) encoding scheme the hard disk uses, every bit will have been set at least once, zeroed at least once, and overwritten with pseudorandom data at least once. If you set in on a lot of passes, it does an even better job. This would be a cheap (free, except for time and bandwidth to download it) way to make sure your sensitive data doesn't get out.

That said, experts would tell you that the only reliable way to make sure sensitive data doesn't get out is to thermite your drive.

Also, what's the one-line unix command (running MacOS X here).

Re:PGP! (1, Informative)

Anonymous Coward | more than 11 years ago | (#5091710)

dd, probably: dd if=/dev/zero of=/drive/to/zero

works well with a few 'dd if=/dev/urandom of=/drive/to/random'

Re:PGP! (2, Informative)

sam the lurker (209655) | more than 11 years ago | (#5091737)

$ dd if=/dev/zero of=/dev/hda

Note: This is a "Linux-centric" answer to the question since /dev/hda is usually the name give to the first IDE hard drive under Linux.

You may also want to fill the hard drive with (semi)random data.

$ dd if=/dev/urandom of=/dev/hda

If you do this for a couple of weeks you should be fine :)

Re:PGP! (5, Informative)

delta407 (518868) | more than 11 years ago | (#5091738)

what's the one-line unix command
Easy.
# dd if=/dev/zero of=/dev/hda
...being sure, of course, to make 'hda' the actual drive you want to zero. (You could blank individual partitions by using the appropriate names, of course.) Also, you could use '/dev/urandom' instead to fill your disk with random data.

Ah, the joys of *nix.

Re:PGP! (1)

Kourino (206616) | more than 11 years ago | (#5091758)

for N in 1 2 3 4 5 ; do dd if=/dev/zero of=/dev/hda1 ; done

That's assuming the partition in question is /dev/hda1. Yours probably isn't, but you can find out what it is by using the 'mount' command. Also, this will do it five times, which is theoretically more secure.

Variations on this include using 'if=/dev/urandom' instead, which overwrites the partition with random data instead of zeroes. Also, if your shell doesn't like the above (not sure if it works under tcsh, but bash will accept it), just use 'dd if=/dev/zero of=/dev/hda1'.

Re:PGP! (3, Interesting)

jnik (1733) | more than 11 years ago | (#5091764)

Also, what's the one-line unix command (running MacOS X here).
for i in 1 2 3 4; dd if=/dev/zero of=filename bs=1 count=filesize; sync; dd if=/dev/random of=filename bs=1 count=filesize; sync; done
Roughly speaking that'll do it. I'm sure there's nice trickery you can do to, say, get the equivalent of /dev/true (opposite of /dev/zero) and get the size from the file, etc. etc. Note the sync's so it actually hits disc rather than buffer. Technically there should be a sleep or two in there in case of a journalled filesystem....

On par for Ebay.. (3, Interesting)

nolife (233813) | more than 11 years ago | (#5091658)

bought 158 used hard drives at secondhand computer stores and on eBay. Of the 129 drives that functioned

Everyone knows that HD's contain data.. I would be more impressed if they broke down the numbers of where the BAD drives came from. That would make a much more informative story. I've bought as-is before in person but never online.

Old news or not... (5, Funny)

Ironica (124657) | more than 11 years ago | (#5091666)

People still don't get it. My old boss wondered why I was "wasting my time" doing stuff like writing all zeros to drives of computers we were giving to charity. "I only told you to format them!"

I tried to explain the concept to her, but for an IT manager, she was woefully bad at technology.

Actually, come to think of it, she was about average...

Above average. (3, Funny)

NoMoreNicksLeft (516230) | more than 11 years ago | (#5091726)

Most of mine never knew what "format" was...

Re:Old news or not... (0)

Anonymous Coward | more than 11 years ago | (#5091759)

, but for an IT manager, she was woefully bad at technology.

Say no more.

5,000 credit card numbers? (-1)

YourMissionForToday (556292) | more than 11 years ago | (#5091668)

Sack my dirk, you muddy funster!

start an extortion & blackmail company.. (5, Funny)

netnerd.caffinated (473121) | more than 11 years ago | (#5091671)

or do like this guy did...
icanstilltellyourwifebill.com [icanstillt...febill.com]
he brought a hard drive, found all this cool stuff on it.. & put it to DVD for the masses

Speaking of data recovery (4, Interesting)

bdigit (132070) | more than 11 years ago | (#5091674)

Anyone happen to know any share/freeware programs out there for Windows 2k that will recover deleted files. I am intrested in running it on my computer to actually see what I can recover and see how well PGP's disk wipe function works.

You don't need any external software! (2, Funny)

ObviousGuy (578567) | more than 11 years ago | (#5091706)

Right inside your Recycle Bin there's the option to recover any program that you've deleted.

It's like magic!

Re:You don't need any external software! (-1, Troll)

cookiepus (154655) | more than 11 years ago | (#5091745)

on Linux you need to recompile the kernel and use regular expressions in perl to recover accidentally deleted data. which is ok because it's open source.

This isn't exactly news... (5, Insightful)

japhar81 (640163) | more than 11 years ago | (#5091681)

But the CC info bothers me. Presumably, this is a corporate drive that got resold (Unless you know of 170 ppl with 25 credit cards a piece, in which case it's time to re-evaluate the financial system in this country).

Personally, I have a standing policy in my department to take apart every HDD, take a magnet to each platter, and send the platters to Iron Mountain for destruction. Then again, we deal with large financial institutions, so we have to be extreme and obsessive-compulsive, which brings me to my actual point;

This stuff should be regulated. If you store personal info on an HDD for business purposes, you should have a legal responsibility (i.e. one that comes with repricussions if not met) to ensure that even after a drive is retired, the data is safe.

Just my $.02

It's like Vegas (1)

john_is_war (310751) | more than 11 years ago | (#5091695)

But with better odds!

Stolen (0)

Anonymous Coward | more than 11 years ago | (#5091696)

Has it occurred to anyone that at least some of these drivers could come from stolen computers ?

On my HD i only have gayporn. (-1)

Anonymous Coward | more than 11 years ago | (#5091701)

Yep. True. Thats the best porn there is!

Shouldn't the title be... (3, Interesting)

NoMoreNicksLeft (516230) | more than 11 years ago | (#5091704)

Data Fishing? I mean, you never know if you'll catch anything.

This is the digital equivalent of trashing (1)

arikb (106153) | more than 11 years ago | (#5091705)

Instead of spending time in a dumpster, just find out who upgrade the target's computers, and grab those disks.

Re:This is the digital equivalent of trashing (1)

cookiepus (154655) | more than 11 years ago | (#5091722)

your plan is to exchange handjobs for data?

Re:This is the digital equivalent of trashing (1)

arikb (106153) | more than 11 years ago | (#5091723)

Meant dumpster-diving of course

CIA (5, Informative)

Eric_Cartman_South_P (594330) | more than 11 years ago | (#5091709)

Thinking back to a Discovery channel show on the CIA, they dispose of hard drives with a good data wipe then they drill holes in them. Drives that held Super Top-Secret stuff (MS source code?) also got burned in a furnace. All of this on-site.

In regards to Wiping data, do yourself a favor and check out http://www.heidi.ie/eraser/

Beyond the wonderfull wiping the program does, there is the option to make an emergency boot floppy that wipes the HD with DOD style 7-pass or a GutherSomething 36 pass! Niffty for the paranoid.

Re:CIA (1, Funny)

Anonymous Coward | more than 11 years ago | (#5091760)

Man, I should take one of those floppies into bestbuy...see if they have bios passwords set up.

we destroyed our harddrives right (3, Funny)

haa...jesus christ (576980) | more than 11 years ago | (#5091713)

my old company had the best method for destroying our sensitive data (like the gig of porn some asshat left on the XML server) - leave them in the old building! god bless those terrorists and their whacky flight skills.

btw, has anyone seen my old ti calculator? it was on the 21st floor of two.

Possible outcome of this: (1)

Johnny5000 (451029) | more than 11 years ago | (#5091724)

How much do you think sales of second-hand HDs are going to increase now?

Hmm... (0)

Anonymous Coward | more than 11 years ago | (#5091735)

porn

Is this not an asset that should increase the value of the used hard drive?

The MIT curriculum (0)

Anonymous Coward | more than 11 years ago | (#5091741)

Two MIT grad students bought used drives

(...)

Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father.

This school is cruel, in my opinion they should give people some sort of degree after a finite length of time. I've heard stories of people who actually never got out of the building!!!

HDs... (1, Redundant)

GearheadX (414240) | more than 11 years ago | (#5091746)

When you really want your privacy.. I know of only one way that really makes any old data on a drive more or less gone.

The physical destruction of the recording medium.

I sledge them! (3, Interesting)

callipygian-showsyst (631222) | more than 11 years ago | (#5091747)

We go through a large # of computers a year, and I try to donate the carcass, or at least make sure it's recycled properly. (Charitable organizations, unless specially equipped to handle PCs, are wary of junk computer donations.)

However, I *always* remove the hard disk drive, disassemble it, and give it the sledge hammer treatment. I just don't have the time to get them running again, and write the erase patterns to every track and sector.

Maybe if there's ever a good, transparent, drive-level PGP available, I'll rethink this strategy, but until then, I put on the safety glasses and hammer away, after opening the drive case to expose the platters.

Here's a sugesstion to drive manufacturers--make a convention where if certain pins on the IDE connector are jumpered together, and the drive powered up, it will do a low-level format automatically. Then I might choose to erase the disks, so long as I didn't have to hook them up to a computer and run a program.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>