General discussion

  • Creator
    Topic
  • #2257696

    UK bank details sold in Nigeria

    Locked

    by milal9 ·

    According to BBC, fraudsters have been selling personal information of Britons that was stored on recycled hard drives.
    http://news.bbc.co.uk/1/hi/business/4790293.stm

    Owen Roberts, an anti-fraud expert, was quoted saying that deleting files isn’t enough.
    What about encrypting sensitive data – and keeping it encrypted after you “delete” the file, so it will remain inaccessible for life?

All Comments

  • Author
    Replies
    • #3212554

      meta data

      by marileev9 ·

      In reply to UK bank details sold in Nigeria

      Resold computers, stolen laptops – it all boils down to companies not being careful with their data http://www.essentialsecurity.com/Documents/article12.htm C’mon it’s a digital world bits and bytes of metadata even creeps into simple files like word docs.

      If companies care about their reputations they need to see computer recycling projects through to fruition – which includes either encrypting important files or wiping those drives.

    • #3212468

      How to protect yourself

      by techexec2 ·

      In reply to UK bank details sold in Nigeria

      Encryption is a good step. But, it’s really not a problem to securely erase your HDD after you are done with it. Securely erasing involves writing a varying sequence of bytes over all portions of drive. The objective is to make it impossible to extract data from the magnetic platter even though it has been overwritten by some other data.

      If you merely delete the file, the data is still there but the pointer to it in the directory has been removed. This is completely unsafe.

      Overwriting the file with some other data is not enough either. This is because of the magnetic properties of the HDD platter. With the right equipment, you can actually recover bits that have been overwritten with other bits.

      A secure erase will take care of it: Overwriting the bytes a sufficient number of times with varying byte values makes it impossible to recover the original data.

      • #3231354

        HIPPA Requirement

        by tig2 ·

        In reply to How to protect yourself

        When I was doing desktop support for a healthcare organisation we were required to run a disk killer on any drive that we replaced with new. The old one got hooked into a burn system and the HDD overwritten in two passes- the first pass laid down ones, the second pass overwrote the ones with zeros.

        While I can write the requirement into a project plan, I can also almost guarentee that someone will ask why that step is being taken. In a healthcare environment it is easily validated- HIPPA compliance is a major issue. Unfortunately, the compliance requirements in the Financial world are not yet as robust. Sure, we know that NPI data has to be protected but no one has set the bar on what that means. So data gets out.

        And we continually fight the “Everyone but Me” battle- compliance is always meant for someone else to manage to.

        Edit typo

        • #3202282

          UK electronic data

          by marileev9 ·

          In reply to HIPPA Requirement

          While HIPPA regulates our U.S. healthcare EPHI, I’m not sure that the UK has this in place with their national healthcare system. Anyone know how the UK hadles this when they recycle their machines?

        • #3199441

          To my limited knowledge…

          by tig2 ·

          In reply to UK electronic data

          In a similar manner.

          It is an interesting question. GG! Can you help?

    • #3212387

      Remove hard drive

      by tony hopkinson ·

      In reply to UK bank details sold in Nigeria

      from system unit.
      Take hammer, hit repeatedly until a fine powder starts leaking from the seams.
      It’s a way to be sure.

    • #3231362

      You can do one of three things to secure your data…

      by lathan_devers ·

      In reply to UK bank details sold in Nigeria

      1) Smash the hard drive platters as suggested.

      2) Encrypt all the data on the hard drive before disposal. However, this may still leave previously deleted data recoverable.

      3) Use programs such as Eraser (it is free too) to write over data multiple times.

      Option 3 is good for people who want to use their drives for other purposes such as donating them to non-profit organizations, or auctions and the like.

    • #3202291

      More on this….

      by mroonie ·

      In reply to UK bank details sold in Nigeria

      A similar story can also be found here:

      http://www.darkreading.com/document.asp?doc_id=101264&WT.svl=news1_6

      Coming from a business perspective, this could be extremely detrimental for a company if not handled correctly. Companies could be sued for huge amounts of money if old hardware is donated or recycled and valuable information is found. Even now, companies are not taking precautions in securing the data that is on their computers this very moment, so it’s almost impossible to assume that they’re going to do so when throwing out the darn things.

    • #2957127

      Nuke the disk!

      by ghickey591 ·

      In reply to UK bank details sold in Nigeria

      There are a number of free secure eraser utilities that will allow you to create a boot & nuke disk (floppy or CD) – you can boot from it and use the utility to overwrite every block on your hard disk with random data. Depending on the utility, it might not work with a machine that has a RAID controller (hardare or software).

      If you have a live linux boot CD, you can get to the command line, then use the following set of commands:
      DevList=`fdisk -l | awk ‘{print $1}’| grep dev`
      for Device in $DevList
      do
      i=1
      while [ $i -le 5 ]
      do
      dd bs=1024 if=/dev/random of=$Device
      i=`expr $i + 1`
      done
      done

      This will wipe every disk device on your machine, including any attached USB devices, so be warned!

      To be safe, you should do multiple passes – the script above will do 5 passes on every disk partition which should be more than enough to make it safe from anyone, excepting maybe the NSA.

      Of course the best way to be totally sure is to take the HDD out of the machine before you give it away and physically destroy it – if you’re giving the machine to a charity, you can pick up a hard drive for ~?50…

Viewing 5 reply threads