General discussion

Locked

UK bank details sold in Nigeria

By milal ·
According to BBC, fraudsters have been selling personal information of Britons that was stored on recycled hard drives.
http://news.bbc.co.uk/1/hi/business/4790293.stm

Owen Roberts, an anti-fraud expert, was quoted saying that deleting files isn't enough.
What about encrypting sensitive data - and keeping it encrypted after you "delete" the file, so it will remain inaccessible for life?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

meta data

by marileev In reply to UK bank details sold in N ...

Resold computers, stolen laptops - it all boils down to companies not being careful with their data http://www.essentialsecurity.com/Documents/article12.htm C'mon it's a digital world bits and bytes of metadata even creeps into simple files like word docs.

If companies care about their reputations they need to see computer recycling projects through to fruition - which includes either encrypting important files or wiping those drives.

Collapse -

How to protect yourself

by TechExec2 In reply to UK bank details sold in N ...

Encryption is a good step. But, it's really not a problem to securely erase your HDD after you are done with it. Securely erasing involves writing a varying sequence of bytes over all portions of drive. The objective is to make it impossible to extract data from the magnetic platter even though it has been overwritten by some other data.

If you merely delete the file, the data is still there but the pointer to it in the directory has been removed. This is completely unsafe.

Overwriting the file with some other data is not enough either. This is because of the magnetic properties of the HDD platter. With the right equipment, you can actually recover bits that have been overwritten with other bits.

A secure erase will take care of it: Overwriting the bytes a sufficient number of times with varying byte values makes it impossible to recover the original data.

Collapse -

HIPPA Requirement

by Tig2 In reply to How to protect yourself

When I was doing desktop support for a healthcare organisation we were required to run a disk killer on any drive that we replaced with new. The old one got hooked into a burn system and the HDD overwritten in two passes- the first pass laid down ones, the second pass overwrote the ones with zeros.

While I can write the requirement into a project plan, I can also almost guarentee that someone will ask why that step is being taken. In a healthcare environment it is easily validated- HIPPA compliance is a major issue. Unfortunately, the compliance requirements in the Financial world are not yet as robust. Sure, we know that NPI data has to be protected but no one has set the bar on what that means. So data gets out.

And we continually fight the "Everyone but Me" battle- compliance is always meant for someone else to manage to.


Edit typo

Collapse -

UK electronic data

by marileev In reply to HIPPA Requirement

While HIPPA regulates our U.S. healthcare EPHI, I'm not sure that the UK has this in place with their national healthcare system. Anyone know how the UK hadles this when they recycle their machines?

Collapse -

To my limited knowledge...

by Tig2 In reply to UK electronic data

In a similar manner.

It is an interesting question. GG! Can you help?

Collapse -

Remove hard drive

by Tony Hopkinson In reply to UK bank details sold in N ...

from system unit.
Take hammer, hit repeatedly until a fine powder starts leaking from the seams.
It's a way to be sure.

Collapse -

You can do one of three things to secure your data...

by sdcphoneguy In reply to UK bank details sold in N ...

1) Smash the hard drive platters as suggested.

2) Encrypt all the data on the hard drive before disposal. However, this may still leave previously deleted data recoverable.

3) Use programs such as Eraser (it is free too) to write over data multiple times.

Option 3 is good for people who want to use their drives for other purposes such as donating them to non-profit organizations, or auctions and the like.

Collapse -

More on this....

by mroonie In reply to UK bank details sold in N ...

A similar story can also be found here:

http://www.darkreading.com/document.asp?doc_id=101264&WT.svl=news1_6

Coming from a business perspective, this could be extremely detrimental for a company if not handled correctly. Companies could be sued for huge amounts of money if old hardware is donated or recycled and valuable information is found. Even now, companies are not taking precautions in securing the data that is on their computers this very moment, so it's almost impossible to assume that they're going to do so when throwing out the darn things.

Collapse -

Nuke the disk!

by george.hickey In reply to UK bank details sold in N ...

There are a number of free secure eraser utilities that will allow you to create a boot & nuke disk (floppy or CD) - you can boot from it and use the utility to overwrite every block on your hard disk with random data. Depending on the utility, it might not work with a machine that has a RAID controller (hardare or software).

If you have a live linux boot CD, you can get to the command line, then use the following set of commands:
DevList=`fdisk -l | awk '{print $1}'| grep dev`
for Device in $DevList
do
i=1
while [ $i -le 5 ]
do
dd bs=1024 if=/dev/random of=$Device
i=`expr $i + 1`
done
done

This will wipe every disk device on your machine, including any attached USB devices, so be warned!

To be safe, you should do multiple passes - the script above will do 5 passes on every disk partition which should be more than enough to make it safe from anyone, excepting maybe the NSA.

Of course the best way to be totally sure is to take the HDD out of the machine before you give it away and physically destroy it - if you're giving the machine to a charity, you can pick up a hard drive for ~?50...

Back to Desktop Forum
9 total posts (Page 1 of 1)  

Hardware Forums