Laptops Desktops Monitors & LCDs Graphics Cards Handhelds Phones Software Networks Printers More »
search
AnchorDesk

Robert Vamosi
Ready to toss that old PC? Read this first

Robert Vamosi
Senior Editor, Reviews
Monday, January 27, 2003
TalkBack!Add your opinion
Back in the day, hackers rooted through companies' dumpsters in search of Wide Area Telephone System (WATS) numbers, which they could use to make free phone calls. Nowadays, those dumpsters contain something far more valuable: hard drives. In fact, modern snoops can skip the dumpster diving. They can simply buy second-hand, dirt-cheap drives on eBay.

Recently, MIT graduate students Simson Garfinkel and Abhi Shalat made headlines when they discovered just how vulnerable your old hard disks could be.

The pair purchased 158 second-hand drives. On the 129 drives that were still working, they found thousands of active credit card numbers, along with pharmaceutical records, legal correspondence, corporate memoranda, and, of course, pornography. In addition, 66 of the drives had more than five e-mail messages; one had over 9,500 messages. Only 12 had been properly and thoroughly cleansed of recoverable data.

While few thieves would likely carry out a recovery effort as extensive as Garfinkel and Shalat's, it is still foolish to think that data on your discarded hard drive can't be read by someone else. In fact, doing so isn't always illegal. The U.S. Supreme Court ruled in California vs. Greenwood that discarded materials confer no right to privacy, giving individuals the right to whatever they find on second-hand drives.

SO WHAT CAN YOU DO? Simply reformatting your drive is not enough. Of the working drives, Garfinkel and Shalat found that 51 had been freshly formatted; 19 of those still held recoverable data. As long as it's not overwritten by new data, old data can still be recovered by others. Another factor: As I've written before, Windows makes copies of all your date and stores it in multiple places, so it's sometimes possible to reconstruct deleted files.

Garfinkel and Shalat identify three ways to sanitize your old hard drive. To be completely safe, you could always physically destroy the drive by smashing it to pieces. If that's too extreme, you can demagnetize the drive with a Type I or Type II degauss tool. Or--and this is the most practical--you could overwrite all the data with a utility called a disk sanitizer. There are dozens of these programs available for download.

It would be nice if hardware vendors helped, too. The authors say every hard drive should come with sanitizing tools. In addition Garfinkel and Shalat say that a hard drive should automatically encrypt every block of data written to it and decrypt every block read from it. This would allow you to render the drive unreadable by removing the encryption keys with a manual self-destruct procedure.

UNTIL THAT HAPPENS, I suggest you start using PGP to encrypt all your e-mail. You should also encrypt your Microsoft Word, Excel, and other sensitive documents with programs such as PKZip or CuteZip. Finally, delete files you want to keep private on a regular basis using a sanitizing program such as Eraser.

One other way you can protect yourself, too: Don't automatically throw your old hard drive in a dumpster or hock it on eBay. Consider using it as a second drive on your new machine--you can always use extra storage space. If you do decide to discard or give away the old drive, be sure to install Eraser on the new drive and overwrite the old one several times.

Don't let someone steal your private data. If you follow the suggestions I've laid out, you're less likely to become a victim.

Are you concerned about your personal data being stolen from your old hard drives? Do you sanitize your drives? If so, how? TalkBack to me!

Previous Story   

Special sponsor stores

Social Networking

advertisement
Click Here