Security·4,733 discussions

Data on old hard drives

Locked

Do you think sensitive data left on old hard drives is a prevalent problem for organizations? How does your company handle this issue when getting rid of hardware? Tell us what you think about Jonathan Yarden’s advice concerning this issue, as featured in the Feb. 10 Internet Security e-newsletter.

Topic

Post a copy of the e-newsletter

In reply to Data on old hard drives

If you want a greater number of informed responses, post a copy of the newsletter somewhere so those who don’t subscribe can read it.

My take on the hard disk problem is that you need to at least do the DoD formatting where everything is written over with null values. That would put recovery of sensitive data beyond the reach of most people.

If the data is really sensitive because of privary or security reasons, go for the higher levels of cleaning or consider destroying the drive in a way that the data can’t be retrieved.

Yes.

In reply to Data on old hard drives

It is our responsibility to make sure that all data is securely removed. Granted the only 100% way I know of would be to physically destroy the drives, but using a DOD wipe should work enough for most places.

I am usually the one that wipes the drives in this company. I run a low level format on them first, and from there, I use a DoD compliant program and run a 7 or 35 wipe set of instructions depending on the nature of the data.

I believe you can NEVER be too careful. If it’s a hard drive that I am seriously worried about, I will just remove the platters themselves, rest a magnet on top and then carve my initials into them;)

As for Jonathon Yarden’s advice, I didn’t read the article, so I can’t comment on what he said. Although if you post it here, I will definately read it and comment on it.

Mrafrohead

Getting rid of hardware???

In reply to Data on old hard drives

Surely not?!!!

Pass it down the line maybe….but NOTHING leaves our premises unless it has ceased functioning and has been destroyed beyond recovery.

All our old hard drives get the platters removed and then cut in two with a disc cutter. Thebodies are broken up for scrap aluminium and the controller cards are chemically stripped to recover the gold and copper!

Waste not, want not!!! We recycle 80% of our paper waste and not even a 1Mb 30 pin Simm leaves the company. We never know when we will need one!!

I have a couple of 286’s for sale if anyone is interested….no hard disk (it’s been recycled) but has twin 5.25″ FDD’s (1.2Mb)…guaranteed no sensitive data…unless anyone wants to use an electron micrograph on the 1Mb of d-ram to see if there are any residual patterns left in the memory since it was last used!

To discard or not to discard?

In reply to Getting rid of hardware???

As usual, member GuruOfDos has something sensible and useful to say. My posting has NOTHING to do with major corporations or networks, but is quite a fascinating tale.
At a church fete I purchased a Hard Drive for $5. On inserting it in a computer,I found that it had belonged to a doctor and ALL his software including personal data was intact. It even had his and his wife’s CVs.
So I wrote to the former owner of the HD and received a phone call from his wife. She was very curious as to how Ihad come by the HD as it appeared to have come from one of two laptop computers which had been stolen from their car. She was most anxious to recover a copy of her CV, which I was happy to do.
I would also like to mention that I get some great software off old computers. I have acquired an annoyingly clever Scrabble program, written in 1990 for MS-DOS. I have only ever encountered one version of Scrabble written for Windows (and that only very recently)and it is hard to come by. There is a readily available Mac Scrabble game if anyone is interested.

I’ve said this before…but

In reply to To discard or not to discard?

I was called in to a client to sort out a ‘sick’ computer. They had taken it into a local shop and was told 2 weeks later it was dead. They had been sold a ‘refurbished computer’ and were ripped off. The client wanted a second opinion and I asked her to get the dead machine back from the shop. They were reluctant, but when she threatened them with legal action, they relented.

So I, in her full view, opened up her old computer to discover it had been stripped of the hard disk and ram chips. As it was an IBM, all the remaining parts had IBM labels on all the components. The mobo had burn marks on it, and a closer look revealed that the PSU connectors had been fitted backwards.

The new machine (a clone) was then opened up to reveal a bunch of IBM ram chips and the IBM’s drive as well as a 2nd hdd. Booting the machine revealed that the secondary drive wasn’t regognised by Windows as it hadn’t even been set up correctly in the BIOS.

On setting up the drive as the primary and detecting it in BIOS, it revealed a lot of very sensitive information! It had once belonged to a school and had been used in the secretary’s office. It had names, addresses and phone numbers for all the children in the school, contact details and names oftheir parents and other data of great interest to any paedophile!!

The old IBM was a 486 DX2-66 with 16Mb of RAM and the new PC had the same CPU. The new pc had 20Mb of RAM (4 original and 16Mb ‘stolen’ from the IBM) and the IBM 540Mb HDD and a 1.2GB drive it didn’t even recognise!

They had been asked to pay 8 hours labour to attempt a repair on the old machine and ?160 (US$240) for the ‘new’ PC. Total bill was in excess of ?300 (US$450) when I could have built them a brand new P200MMX (this was in 1998) for about half that.

Needless to say, our findings resulted in the shop ceasing to trade and the owner spending time in jail contemplating his actions!

Repairs, rip-offs and rogues …

In reply to I’ve said this before…but

Thank you GuruOfDos, for your fascinating tale about the repair rip-off. I, too have encountered some amazing examples of “technical” work. Perhaps the worst was a computer with two hard drives, with the primary HD held in place with sticky tape, and padded with plastic bubble-wrap to keep it from bumping around too much.

I think I know that repair person…

In reply to Repairs, rip-offs and rogues …

“Perhaps the worst was a computer with two hard drives, with the primary HD held in place with sticky tape, and padded with plastic bubble-wrap to keep it from bumping around too much.”

I once spoke with a local computer repair shop during a fruitless search for drive rails (an older machine with no spare parts available). The repair shop in question told me to just do what he did when faced with that problem, which was to keep hard drives in place using hot wax.

You should see

In reply to Getting rid of hardware???

What I am donating to a local charity, 6 laptops 4 are 486s 2 are pent. 1, .A bag of memory sticks pent and below about 100 or so. There are 3 sticks that went into a special wood case computer from north wind or some thing like that. I normaly low level format any drive that I get ride of.

Sledgehammer enough?

In reply to Data on old hard drives

Hi,
in my opinion the best (and only?) way to make sensitive data unreadable is to actually “overwrite” it with some kind of DOD Wipe-program.

For an example have the company below restored data from disks that have had glue between the disks, been in a fire and so on.

IBAS
http://www.ibasuk.com/datarecovery/index.htm
http://www.ibasuk.com/dataerasure/index.htm

True destruction

In reply to Sledgehammer enough?

the only real way to ensure the drives are destroyed is to dissolve the magnetic substrate – this isn’t as hard as it sounds – drill a hole in the drive, fill with some solvent, leave to work.

There are a few choices of solvent – glue removers are good, as are a mix of hot water and some detergents. simple test – get a floppy (or magnetic tape) and dip it in the candidate solution for a minute or so then rinse. if it cleans off the magnetic surface (leaving a clean carrier) then you can probably trust it to do the same inside the drive. You *can* use an acid, but it isn’t needful and causes disposal problems.

False sense of security.

In reply to Sledgehammer enough?

Mika,

Just so you know. The DOD wipe works to a point.

If you use a DOD program and wipe 7 or more times, you will remove the chances of a regular joe recovering the data.

The problem though is this. To TRULY remove the chance of the datafrom being recovered you have to PHYSICALLY destroy the disk. Along the lines of what GuruOfDos was stating or I posted above.

With a DOD wipe, you can still recover the data using a device that senses the harmonic changes of the disks themselves. I read about this long ago when I learned about wiping disks. So please don’t get mad at me if I leave out a detail or it’s not quite right, but I know for a fact the general idea.

Basically, what is done is you remove the platters from the casing. Once that is done, they are thinly coated with a special liquid material that I can’t remember the name of or the composition of it. After they have been wet down, they are run through a machine that will record the harmonic changes in the disk and it can actually recover EACH layer of data.

That basically mean, you buy the HD. You set it up for the first time. YOu don’t like it so you change it. YOu do that many times. EACH instance can be restored.

I know it sounds wierd, but it’s true and it’s VERY expensive. And I mean VERY expensive. This type of thing would only be used in extreme circumstances. Most people use the software recovery option where a DOD wipe will fix it and make the disk unreadable to those.

Butjust so you know. Other than a physical destruction of the disk, data can still be read.

Mrafrohead

Old Hard Drives

In reply to Data on old hard drives

Once upon a time I was involved with a Government Department who held personal health records on their computers when it came time to change these computers I not only dismalated the Hard Drives I also broke the platters. I then fitted a new blank Hard Drive to the computers to be sold off. This went well for several years until some highly placed public servant saw me destroying a Hard Drive and went balistic, claiming that I was costing them large amounts of money and all the rest. I refused to deactivate any other computers and left that job. In the same shiptment the Department sold two hundred computers and only used FDISK to wipe the Hard Drives. Quite nicely someone who bought one of these computers reconstructed the data on the hard drive and began selling the personal medical records and addresses to to who ever was listed on this particular computers hard drive. This resulted in a very large court action against the particular department which cost them several million dollars. If I had of been allowed to continue this could never have happened and would only have cost about 1 thousand dollars. It just goes to show the false economy that these people pratice.

Just for the record

In reply to Old Hard Drives

I now use IBM’s Wipe program which I downloaded from their Hard Drive Site when it was still there. I would imagine Hatichi Global Storage has the same programe on their site although I have not looked. So far it has proved effective as it writes 0’s to every section of the drive including the FAT or whatever depending on what OS you are using. However as I still believe that the most precious thing on any computer is the stored data I do not completly trust any way of completly deleting the original data on any Hard Drive. On the Drives where I actually use wipe these are recycled into computers that I personally use or are sent to people who I know are incapable of reconstructing the data that was originally on these drives and I replacethese Drives with new ones as any IDE drive is really cheep nowdays. We no longer think if we are paying $1.00 per Meg it is good value. It all boils down to what is the best way of destroying data as even a drive struck with a sledge hammer can be reclamed if you are willing to pay the price. That is why we have companies who specelise in recovering data from faulty Hard Drives and even Seagate will accept a drive for warrantiee if they have docqumantation from a company who recovered the datafrom the drive. As long as the platters are intact the data is recoverable no matter what other damage the drive has suffered. Do not believe me go look it up on the Drive manfacturers sites under warantiee. The only surte way of destroying data is to destroy the platters on the drives concerned and this is quite a lot cheeper that a law suit if the data was to get out.

I Do more than wipe

In reply to Just for the record

I not only use Wipe from IBM when the drive is wiped I then Install some form of LInux a complete installation or as much as the drive will take, then wipe again, then one of the NT versions I really don’t care which one what ever comes to hand first, then wipe again. Even then I do not completly trust the deleting of files on the drive and it is for thsi reason alone that I give these drives away to people who I know are incapable of recovering any data. I also install these drives into their computers and load them. Sure it takes a lot of my time but unfortantly trust is in very short supply here so it is worth the effort to do this or the other alternative is to destroy the platters of the drive which if the drive did contain delicate data I always do and it is even easier with the IBM Glass Platter drives as the platters break easily. All the rest have a oxy torch taken to them and this proves effective but this is only on the very sensitive drives. All the rest go to people who Iwork with not in the IT Department and they are really happy as they think they are getting something for nothing which I suspose they are but then again I hate waste where possible. I naturally trust all my staff but we have already exhausted theirneeds and why would they need to reconstruct data when they could steal it if they wanted to do so quite easily? I still believe that it is prefable to remaove Hard Drives from computer we are going to dispose of and replace them with new ones whitout even running any utilities on them they are just clean new drives that go out with all our secondhand computers and after explaining why I do this to the CEO I have no problems from that area as he is more scared of a Law Suite than less than $100for each peice of junk we dispose of “His Words”

Secure wipe

In reply to Data on old hard drives

If you really want to make sure a machine is clean before it leaves, there is a cheap (free!) solution.
Download the disk image from [ http://dban.sourceforge.net/ ] and make a floppy from it. at the appropriate time, boot that floppy in the machine to be cleaned and hit enter when asked. *Don’t* do this on a machine you want though, as everything on that machine’s hard drive will be wiped beyond recovery…..

Reply To: Data on old hard drives

In reply to Data on old hard drives

Old PC and the data it contains will eventually end up in other people’s possession whether the PC is being donated, recycled or transferred to another user.

Sensitive Data such as corporate trade secrets, business plans, personal files, confidential letters or general information about your products, customers, prices or stock can become an open knowledge and could seriously damage a business operation or put the clients at risk.

It can also put a company in difficult situation with software manufacturers, if system licenses were not transferable.

So ,… Yes … “data left on old hard drives” can be “a prevalent problem for organizations”

Standard formatting or erasing of data storage devices does NOT permanently erase diskdata (or other write-able media) beyond recovery. Also, the method of drive partition removal will also leave content information on the device that can be easily restored by using readily available disk utilities.

On the other hand, many companies have a policy of destroying all reduntant PCs when they upgrade their hardware. This policy permanently prevents any unauthorised access to sensitive data stored on the hard drives of the obsolete PCs. Unfortunately, this policy prevents the re-use of the PCs, and is a terrible waste of resources, especially when there are ways to permanently destroy the data on the hard drives and floppy disks, without damaging the hardware.

Right now, there exist too many utilities and softwares which will permenantly erase data in storage devices by overwriting every byte of data insuring that data cannot be recovered by the use of current software or any hardware-based recovery tools…. My company usues one of the best.

Data on old drives

In reply to Data on old hard drives

I’ve been studying a program called Encase. This program can bring back even the smallest of information on a hard drive in great detail. It is used primarily by police departments for forensic investigations.

Encase

In reply to Data on old drives

Yes, Encase is supposedly one of the premier Forensic software tools on the market. Even DC Government has purchased this software for Forensic work.

Data Erasure

In reply to Encase

I have a recycling company based in the U.K. We use machinery to erase the Data on tape-floppy-h.d.d. Etc. To give our customers piece of mind we supply on site data erasure if requested by the customer.Once this process has been carried out the components are stripped down and sent back into manufacturing. Not many companies offer this service if any at all,we also offer an open shop policy where our clients, can walk into our premises without prior warning to ourselves, and run a check on thier components and the tracking to make sure everything is above board. If you know of any parties interested in our services please give them my email address.

Ancient History

In reply to Data on old hard drives

I remember a long time ago when a buddy of mine acquired some old machines, 8088 based machines that had made the rounds after being discarded by IBM (they were IBM brand XT similiar with a 20 meg hard drive).After undeleting it I skimmed across thehard drive and found deleted memos about employee reviews at IBM etc. Even back then the information being there after the machines had been who knows where made me nervous.So it has been a problem for a very long time even with larger companies.

One way to ensure it is NOT readable

In reply to Ancient History

I have only heard of one way that ensures that the data on an old hard rive is NOT readbale after disposal.

A system set up with all data stored on a 9 hard drive RAID system with only one bit of each byte on each drive. Even if it is wiped the info available does not make any readable sense. just dont dump all 9 drives at the one place.

The next best method is to do write a pattern, its opposite, the pattern again, then to physically drill holes through the case and platter. The heat of the drilling heats the metal anbd causes major distortion around the holes as well as making sure the hdd will not spin up.

How about server data?

In reply to Data on old hard drives

All of our servers are configured with RAID5. If you delete the RAID configuration, does this ensure the data can’t be recovered?

How about warranty HDs ?

In reply to How about server data?

How do you hadle the problem of returning HDs that have “failed” so you can’t wipe them and want to return for warranty? Any suggestions other than full destruction and live with the cost? Also, anyone know what tool is used for what appears to be special heads on the screws in the case?

Warantie Cases

In reply to How about warranty HDs ?

In busines there are no warantiee cases involved if there is comercial data on a drive that fails. It is simply to dangerious to expect that the data will not be recovered and used against what ever company you work for. Warintiee is only an issue with home computers and by that I mean computers used by the kids to play games, surf the net or write the ocasional school report. This data is not sensitive and you could justify sending a drive to God only knows where and to whom for repair/replacment. On the other side of the coin however the big drive manafactures could not hope to recover data on every drive that fails and they get back for repair. Unfortantly however they replace your drive and then repair if possible and then send out therepaired drive to some one else THIS IS WHERE THE PROBLEM IS AS YOU NEVER KNOW WHERE A DRIVE WILL END UP.

As far as the tools required to dismantle a Hard Drive I see you live in the USA so try Snap On they have a good range of these type of tools.

Raid

In reply to How about server data?

NO. I have consistently recovered entire drives from all types of servers ranging from a basic IDE to a top line SCSI arrays which have been acidently deleted. The only safe way to totaly remove sentive data is to totally destroy the drives, or recycle them into a position where you know that no attempt will ever be made to recover the data. With IDE this is not much of a problem as a trusted employe can have the drive however it is far more diffictual with SCSI drives as not too many personal computers have a SCSI interface in them so if you can’t use them yourself trash the platters of the drives once this is done the rest is just usless junk. Tell your boss to hell with the expence it is far cheeper than the legal bills you will face orfor that matter the loss of the business that could accure when all its scrests are out. It is a matter of prioteries what is more important the business or a few dollars for some secondhand bits of plastic and silicon.

Ones and zeros

In reply to Data on old hard drives

Software that came with the drive should be enough to wipe old data. By writing ones and zeros to the drive all data will be overwritten, and user can do it several times to be sure of data wipe. I don’t know how it compares with other such programsbut i think it is effitient anough to clean those dirty secrets.

ATM hard drives

In reply to Ones and zeros

Sometimes you have to wonder when a vendor replaces a hard drive on a ATM (Automated Teller Machine) he isn’t taking it home. There are a lot of senitive data in them. I think we should have the right to our hard drives and vendors can’t take them.

Regarding ATM Hard Drives

In reply to ATM hard drives

Well I can’t talk about what happens in America but here in Australia we replace all these drives inhouse I know as I manage a banks IT Division. It is these type of drives that I take a lot of trouble to destroy totally and to my knolledge there isno way of recovering data once the magentic material on the platters has been burnt off with an oxy torch. There simply is nothing left to recover. As there is nothing there to recover from. These are not the only drive applications that fall into this catagory and I destroy quite a lot of drives in this way with the exception of if one of my staff require a drive then they usually manage to get it as it is pointless destroying a drive when they have ready access to the information anyway. In my area of responsibility there is very little trust particuarly where software writters are concerned but I do implicity trust my own staff as I could not function without this trust as they almost to a person have the ability to gain access to any data that they may want to. It is true I trust very few outside my department and there is a very large amount of Paronia involved you do actually have to draw the line somewhere or we could never get any work done.

Sorry you are sadly misguided

In reply to Ones and zeros

1&0’s are how a hard drive stores information it is all binary and people make a very nice living thankyou very much recovering data on hard drives. reformat a hard drive then use Norton’s recover it will reconstruct the entire contents of the driveand probable make it bootable as well. A simple format even if run 500 times only writes to every third sector and no matter howmany times you run Format it still writes to the same sectors, the other two sectors retain data. Even reloading a drive with an Operating System and all its software you can recover the original contents admitedly it might not be bootable but then again what is to stop someone from fitting it as a slave drive and reading the data. If the drive belongs to a personal computer {that is a home computer that is only used for games} then no problems as there is nothing sentisive to protect. However any business computer HAS to be protected as nobody knows excatly what is contained on the drive and no business wants anyof its details to get to the competition or worse in the public domain as it would cause severe damage to the business if it where to survive at all. It all depends on what the business does if there is any details which idenify clients it is imperative to remove the drive and replace it with a new one this is quite cheep {less than 15 minutes with a lawer} and any legal action costs quite a lot more than those few minutes. If however there is detailed private information of various persons it is best to destroy the drive and that means dismantling the drive and destroying the platters not just pulling it to bits. Once the platters are gone either cut up, broken or attacked with a blow torch that destroys the magentic layer only then is the data safely destroyed. If you have any of this type of data it is far cheeper to destroy the drive and fit a new one I personally would do no more than set the drive in BIOS.

Security formatting

In reply to Sorry you are sadly misguided

‘Simple’ reformatting won’t do the job.

But there is software that does what I would call Department of Defense formatting. It goes through the process of writing all 1’s and all 0’s to the hard drive a repeated number of times. In theory this software cleans things up so that Norton can’t recover it.

In fact, this software is part of Norton Systemworks 2002.

Of course if you are really paranoid, you would put the drives in a furnace and melt them down into slag. That would guarantee that everything is randomized and that you didn’t miss something when using the blow torch.

Thats true I suspose

In reply to Security formatting

But I use Nortons to recover information from drives treated in this way and anyway is it worth the small cost for the security? I work in the Banking indusatry now however I previously worked in decominisioning Government computers for resale aftertheir life had expired {Government words} I destroyed all the hard drives until some senior public servant saw what I was doing and hit the roof. I then declined to continue so they got someone else in to do the job and on that particular job lot of200 computers one person reconstructed a hard drives data and attempted to sell personal health information to the people listed it cost that particular government department several million dollars Australian to settle and that was without legal costs. Now which was more cost effective? My way or theirs?

the end result of that fiasco

In reply to Thats true I suspose

By the way the public servant responsible was promoted to a much higher position with a corrosponding pay increase and I was called as a wittness for the affeted people. Personally I don’t like courts I don’t like giving evidence particuarlly when Iam considered a hostile wittness by the Government Departmant trying to defend this stupity and I certianlly could not afford the three weeks it took fot the trial to pass I had to attend each and every day sitting outside the court room and it was only after my evidence that the department settled. I NEVER want to be placed into that position again! Of course they tried to blame me for what passed as I should have refused to stop destroying the hard drives even though the police where called and I was escorted off the premisis. It was still my fault in the departments eyes. Now would you like to try that one out for fun?

The only good thing to come from it was that was the closest thing to a holiday I have had in twenty years.

Just the final instalment

In reply to the end result of that fiasco

The person who reconstructed the hard drive was charged and I again was called as a wittness this time by the very same department who claimed I was responsible for the situation only this time I was their wittness. The person who they got to decommision these computers was a public servant too and from my understanding his only claim to fame was he knew how to use FDISK which is all that was done to the remaining computers. Anyway this trial only went for 6 days and the outcome was that the person in question had done no wrong. He had not attempted to sell information to anyperson other than the people listed and also only to the particular person in question. The Judge rulled that he was intitled to do whatever he wanted to with the secondhand computer that he legally bought and reconstructing the data was not illegial. I consider it a criminal offence what happened but then again I hold the department in question as responsible as the person charged any way he got of with costs awarded to him. I was the only one to lose out as when I was escorted off the premisis I was not allowed to take any of my equiptment as it may contain data. My equiptment consisted of the normal screwdrivers various diagnostic equiptment ranging from amultimeter to a CRO and 100 hard drives in their sealed antistatic packets. 4 months after the court hearings finnished my equiptment was returned or at least some of it was as almost all the hand tools where missing the CRO was broken {it had been dropped and was not econimical to repair} and all the hard drives had been opened and not handled correctly so they all had static damage. Now if you think I am a bit over the top what would you do in that situation?

DoD Security formatting recovery

In reply to Thats true I suspose

If Norton can recover from the DoD level security wipe, then there is something seriously wrong with the security wipe. I don’t think that the US government would give their ‘blessing’ on the security wipe if Norton could recover from it.

And I don’t think that Norton would want to risk their reputation by lying about the capabilities of the security wipe.

I would suspect that the information you recovered was from a drive that was claimed to have been DoD security wiped but wasn’t for some reason.

Another possibility would be that Norton varies from country to country. Of course that would also be a reputation breaker for Norton.

Of course, there is always a possibility of bootleg copies of Norton having the security wipe module disabled. If you think you’re running a solid copy, you wouldn’t know if you didn’t check each drive after the security wipe.

As Far as Software

In reply to DoD Security formatting recovery

Varing between countries. This is not a real problem for the software makers as they are regulated mainly by the US Government after all just read the MS EULA it claims that using their OS’s in certain countries breaches the EULA and even supplying these conntries is a breack of the aggrement. Of course the US wants the best for itself and the rest of us have to make do with whats available saying that however there are very few differences on the whole ithe main ones revolve around what is considered as necessary security issues at the time by the then current Government. I know this to be true as I once worked for your Government and I got much better software than what was ever available over here. The only trouble with this is as Governments change the ideas change as well so the ground is constantly shifting under our feet without our even knowing what is going on.

Levels of Data Security

In reply to Data on old hard drives

Making discarded HD data unavailable is a great issue, and must be taken seriously depending on the data the HD usefully held.
The use of “wiping” HD tools is a good recommendation, but for companies (all size) and home users, there are other problems -not depending only on the sector of the planet it happens- like stealing the hardware or the data by thieves or hackers (internally/externally). A security level based on passwords for individual users (even home multi-users or one-user PC), is important as investing on a good Intenet firewall and an updateable virus protection tool.
The word destroying has a loosing-money connotation as recycling has the obvious paying-bright-technician and sleep-aside-money connotations. Some businesses just can?t afford those luxuries, and the only recycling acceptable to them is to get something ?money worth? out of the discontinued material.
If data-privacy is so important and the company has money to throw away, I would suggest destroying the delicate material by cutting it off in small pieces, or whitening it out with any chemical that damages the magnetic sectors. At the end, I can be so ungrateful to this thought. I can imagine that if someone were really interested, he/she would take the time and patience to try to glue the shredded pieces together like for an important shredded sheet containing invaluable information that he/she could get his/her hands on. There are brighter people than us, out there.
It is obvious that the ?Wiping Tools? are only good if the owner of the HD decides, by himself, to get rid of it. With this method the owner assures that if there is a possible leak of info from the sold/donated material, he can always prosecute the ?Wiping Tool?-developer and/or the family or employee that received the material in the first place. An auditoria procedure for disposal, must take effect before and after the ?Wiping Action?.

Stop thinking like

In reply to Levels of Data Security

An accountant. The most valuable part of any computer system is the data on the storage devices. But Accountants do not consider this as an assett the bit of hardware is an asset but the data is not seeable therefore it can’t exist. Have you ever noticed that it is always accountants who have failed in their own business that end up in the corporate world continuning with their narrow mined ideas that sent them broke in the first place. By all means recycle the hardware just not the Hard Drives. I am not unreasonable I am just not prepared to sit in a court again giving evidence and I certianly am not interest in sending any company that I may do work for broke either so I prefer to do the right thing in reality hard drives are very cheep and a bigger one may actually improve what you get for the old computer so just by following basic security procedures you will at the very least gain some return for old equiptment at a very small cost and still maintain company security. Even the humble photocopier in some organisations has its drum changed before it is sold. It is advertised as an improvment but actually the companies are concerned that it may be possible to recover something from the old drum. So put a positive spin on things sure we have old computers but we are giving you new bigger hard drives so they are worth more. The best way around penny pinching is to claim you are improving the chances of selling the equiptment as well as improving the overall return. But actually you are protecting the company for its own stupity. Somewhere here someone sugggested I would only be satisfied by smealting old hard drives down to slag and they are right but only if I had unfettered access to the blast furnace and the drives in question never left my hands.

Well actually

In reply to Stop thinking like

With unlimited resources my first choice would be to vaporise these drives with a nuke. However here in the real world this is not possible. However techinically almost anything is possible for example it would be possible to rebuilt Columbia from the recovered parts and quite a few new spares. It would of course be cheeper to build a new one but it is techinically possible to rebuild the remains of the wreck. What is of primary concern is not that the resellers are corupt as most of them simply are not interested in wasting their time the problem only comes about because you lose control of the drives in question and the main point here is the control issue. Just imanage for a monent you have a person working for your company who is stealing things they are caught dismissed but they bear a grudge, they find out that the company they hate is selling off old computers and they go in and buy as many as possible then attempt to reconstruct the original drive data. Would you be concerned then? This is the whole problem once you lose control of the hard drives you have no idea where they are what they are being used for or exactly who has them. I one case in Australia a State Government sold off some old computers and a young person reconstructed the drive data there was not much of interest on the drive as it was never used for any real purpose where security was an issue. So what no harm done was there? Well not quite while there was not any real sensitave data there was however the address book and it did contain the States Premiers {for you Americans read Govener} public and personal e-mail address. Now while this is not as such a very real problem it does just go to show what a drive can contain even though it is considered as having no realy sensitive information after all it was only an address book!

Have a look at the Acount Books

In reply to Stop thinking like

Actually when a company sell off their computers they have already been depreciated down to nothing anyway. They are replacing them for TAX reasons only so they can continue to claim depreciation after all you can not claim on something already worth nothing can you?

The reality of companies who sell off their secondhand equiptment is they are simply trying to get something back when they have already written the bits down to nothing already. They want something from what is considered in alegal sence as already having no value {something for nothing}. Well I really don’t have a problem with this pratice as most times these computers are quite servicable and will last for many years to come however I have never seen a company who actually enclose the OS’s and software CD’s with these systems even though its a breach of MS EULA these companies want it all their own way! There fore as a radical left wing wacko if they are to tight to at the very least change the drives over they get excatly what they deserve and actually these companies should not remain in business as they bring all their problems on themselves!

Thanks for the time spent on this topic

In reply to Have a look at the Acount Books

The only point I make is that accounting is not really the issue. The good IS depreciated by then. My objective was to make the best of a depreciated hardware. Economically it represents almost nothing to a company, but in the social recognition andemployee’s faithfulness, the impact cannot be measured. The words “replace the HD for a new one and install OEM versions of commun software” would have had more acceptance than ‘destroy HD’ +-
Very nice article. Thank you.

Mind your own Business

In reply to Data on old hard drives

I want to make a reply to this article, not to the topic of the article, but to the first couple of paragraphs.
There is an old saying “Mind Your Own Business”. What that means is that if you have a sales person who must learn the ins and outs of how computers work, they are then loosing time selling. Not a good business habit. That is why there are IS employees.
If your sales team spends too much of their time learning about compters, your company would go out of business. So my mottto is let them do their job and I will have a back up system ready to go when they hit that wrong button.

smashing is the only way

In reply to Data on old hard drives

I work as a shipping clerk for a company that prints for Office Depot and Staples. Our chief IT guy used to hack so he knows what the right software can recover. Vinnie puts the old drives in a vise in the maintenance dept and beats them to pieces. New drives cost so little that it doesn’t make sense to gamble.

Actually, a drill press or chopsaw work

In reply to smashing is the only way

pretty well. 🙂

Data on old hardrives

In reply to Data on old hard drives

Well I’m one of those people that get those old hard drives. If you want to know a lot about a company. Then work at a school or community center. Some of the places where the old systems go. I have seen fanicail reports for that year as well as previous years, test reports on products, pron, personal chat notes, even pictures of the family. I’m just glad I’m one of the honest people. That don’t want to hurt people by using their personal information.
If computer companies would be so kind to put that little information tag telling the user how to clean their disk before donating it a lot of hacking and stolen id’s would be stopped.
This was a very good subject.

So many times

In reply to Data on old hard drives

I have this happen so many times. I buy used parts all the time building PCs for those that can’t afford them. Many times I can pick up a pallet of PCs from an auction or local reseller for pennies on the dollar. Sometimes I will have up to 100 drives. I am one of those people that is honest and don’t seek to hurt anyone with what I find. I used to just low-level format the drive and load it. That was until I bought a box of used hard drives. There were 73 3.2 gig hard drives. 65 of them installed into my test station booted. I had everything from WIN95 to WIN2000. 3 of the drive’s belonged to executive secretaries. One of the drives belonged to a woman and she had some very compromising pictures of her and some fellow right on the desktop. Stuff tabloids pay for! Well I started at that point calling the former owner’s of the drives or one of the contact numbers left on the drive and asked if they new the owner. When I contact the owner and tell them I have this drive, usually all thestuff hits the fan. The lady with the pictures on the drive was so shocked she would hardly even talk to me. I asked her if she wanted the drive back, she just asked me to make it go away. To date I have called about 400 people. I have yet to have someone say, “oh I don’t care”. Almost everyones first question is “how did you get that”? I know its a shock treatment but I can tell you there are 400 people out there that won’t let it happen again. Better to get shocked then give away your data. Iam not sure destroying the drive is nesscary in most case?s but at least a low-level format or WIPE in most cases would be adequate. I find it amazing everyone is screaming about companies collecting various personal data, but then people are foolish enough to give away an unformatted drive of information. Things that make you go hhhuuuummmm.

On the other hand!

In reply to So many times

I would imagine that most of us that read this are more competent then the average home user. Many companies have people that work for them that can’t think outside the box. DATA is an asset! The most important asset! Most people don’t see that. My position for my company allows me to have access to many government and military sites. Most of these sites if you take a drive in it will never leave. You can’t even leave with a diskette. That is there data asset control. Effective, but some of them have rooms full of drives that will eventually go to a smelter. There are a couple of places that have an actual “DATA ASSET” control policy. It controls how the physical hard drive gets handled but also has a specific policy for how the DATA on the drive gets handled/destroyed. It is very impressive. Every Drive is marked and recorded (tracked at the time of installation. When it is removed it follows a specific route and handling procedure to its end. Of course it is tracked all the way to its death. Much like a gun that has been impounded. The point being everyone understands the drive has data and that data is an ASSET, not personal property. Also everyone understands there is a policy for handling the drive from inception to death. If you asked 100 companies large and small what there policy is concerning “Electronic DATA Assets” and there handling (HARD DRIVES) you will be hard pressed to find one written much less one that everyone clearly knows and understands. The argument is not how to destroy it. That we can argue till were blue in the face. The point is that all data gets handled in the same way, whatever the “company” deems necessary and adequate for their level of sensitivity.

Very Good pratices

In reply to On the other hand!

Well outside any place I have ever worked I have not heard of this since I worked for the Miletary. When I take a new job the first thing I do is to instigate a data protection program and I often have issuses with the CEO’s but I point to a legal case that I was involved in about 8 years ago and the arguments simply go away. I have gotten this pratice up and running in about 10 companies who I have either worked for or been a consulant to. One small and I mean really small one man band an insurance broker thought I was just mad and ignored my advice, he sent a new HP in for repair as it was only a few months old {but then again I had suggested he through it out and replace it with a proper computer}. Anyway he sent it to a repairer and within two months he was out of business it seems that somehow the data was transfered to another company in the same field and area and with his complete client list they managed to undercut him. As this particular computer was not hooked to a networkor even a telephone line and he had a very good security system on the building I would surmise that the only way this data got out was at the repairer. It makes one question the integretery of some computer repaires but then again there are many ofthese people out there who think as they can build a HOME computer they are also in a position of constructing/selling business computers but lack the knolledge necessary to properly deal with business systems. My one belief is that the data is far more valuable than any computer in any business situation but this is often hard to get across particuarlly if you are supplying a $15,000.00 computer / software package. Acounts partically only look at the costs of the bits and NEVER take into acount the value of the data contained on any storage device. The storage devices have value but not the data as it can be easily replaced. I can not help but wonder just how many compan

another way

In reply to Data on old hard drives

I found out that drilling three 1/4 inch holes are better than a hammer!

I know this isn’t exactly

In reply to Data on old hard drives

Related to this topic however. Yesterday a friend of my wife called me up and asked could I come over and fit some new bits to their computer. Nothing nw there anyway this guy owns a tow truck and haas given me some free tows so I felt obligated so down I went only to find 1 LPT1 scanner {this was sold to them to save the expence of a USB one which would require a USB Card even thoug it is more expensive} and then from the same supplier a new USB printer that did require the USB card. Yes it was a cheep printer and certianly one that I would never have touched but it got worse as I had to return home for a power splitter & adaptor for the USB Card and screws Well that was allright anyway and then I found that the colour printer did not have a Black cartrage only a colour one and then it was very small by home standards. As by that time the shops had already shut and they really wanted these things I fitted them although I had to return home to get a USB AB lead long enough my 3 meter lead cost $4.50 AU while the lead that was sold to them being only 1 metre long cost $15.95 AU Now exactly who is making a killing here? they sell a more expensive scanner just on the excuse that you will not need a USB card and then turn around and sell a 4 port USB card for the printer and then telling them that they had brought all that they needed. Anyway if the ethics of a new parts seller are this low how can you expect anyone to trust a secondhand parts seller or for that matter who ever buys the secondhand part in the end?

Just for the record

In reply to I know this isn’t exactly

Only a few hours ago I went back over there to fit and set up the printer with its black cartrage and things got even worse. Firstly they had to pay for the cartrage even though the book claimed it was susposed to be enclosed. This is a case where you ignore the book and only look at the box there must be some form of logic there but I can’t see it. The black cartrage cost about 50% of the cost of the printer and is only about 3 times the size of the ones in my Cannon BJC 80 that I carry aroundsometimes but it was even worse as when I opened the box that the cartrage came in there was a note from the maker to download a new driver so that the black catridge will actually work. This is a typical example of where the product costs nothing and all the money is made on consumables. The seller also insisted on selling them special paper to use with this printer rather than the usuall freely available paper that only cost about half the price. Maybe I’m silly but I consider this as criminal activity and nothing more than a downright rippoff!

[Author]

Replies