By Will Sturgeon, 15 September 2005 14:40
NEWS Companies and consumers are failing to take note of the importance of properly cleaning data off their hard drives before selling or discarding them.
And with a proliferation of removable storage media such as compact flash cards and SD cards falling in price the problem of sensitive data being discarded is getting worse.
Data recovery specialist Disklabs recently bought 100 second-hand hard drives and 50 used memory cards and found documents such as CVs and accounting spreadsheets with names and mobile phone numbers.
Even more worryingly the company found credit card numbers cached on temporary internet pages saved on the hard drives.
In a separate experiment the company also analysed 1,000 second-hand hard drives over the past 12 months and found 70 per cent contained pornographic material, which is worrying news for any parents who have bought their children a second hand PC in recent months.
The issue of safely disposing of hard drives has perennially tripped up companies, with similar experiments in the past throwing up equally worrying results.
In 2003, two US techies called Simson Garfinkel and Abhi Shelat found more than 5,000 credit card numbers on one of a number of hard disks they examined.
Earlier this year one forensics expert sparked concern among charities who provide reconditioned PCs to projects in the third world by saying the only way to be 100 per cent certain is to take a hammer and nails to the disk.
At the time, Computer Aid International assured companies who want to donate second hand PCs that their methods of cleaning data off hard drives meet the highest possible standards.
The incoming WEEE Directive also stipulates that computer equipment must not simply be discarded but rather consumers, businesses and vendors must ensure there are processes in place for the responsible recycling of such equipment.
Comments
There are 3 comments. Join the discussion
1. anonymous
It's very easy to completely wipe a disk using many commercial or open source tools like 'PGP Disk' and 'Eraser' respectively. They wipe disks to Gov't or even NSA standards if needed. People just need to devote a bit of time. The chance of anyone retrieving the data is negiligible - even if it was possible (unlikely) the cost is massive and how would you know which hard drive to spend the money on?
2. anonymous
With some of so-called disk cleaners actually adding more rubbish to your drive, what exactly is the best way of doing this?
3. anonymous
Users must first understand what they are trying to accomplish is to make the cost of retrieving any information from the drive much greater than the value of the information. With this knowledge, users can easily comprehend that the programs that perform multiple overwrites of the drive to meet the nations security requirements of many countries have made the cost for recovering any worthwhile information too expensive for all except those in the intelligence community. And if you're into things that the intelligence community is trying to discover, you likely have security procedures in place to address removing data from drives.