General discussion
-
CreatorTopic
-
August 14, 2006 at 5:52 pm #2257696
UK bank details sold in Nigeria
Lockedby milal9 · about 17 years, 8 months ago
According to BBC, fraudsters have been selling personal information of Britons that was stored on recycled hard drives.
http://news.bbc.co.uk/1/hi/business/4790293.stmOwen Roberts, an anti-fraud expert, was quoted saying that deleting files isn’t enough.
What about encrypting sensitive data – and keeping it encrypted after you “delete” the file, so it will remain inaccessible for life?Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 14, 2006 at 6:02 pm #3212554
meta data
by marileev9 · about 17 years, 8 months ago
In reply to UK bank details sold in Nigeria
Resold computers, stolen laptops – it all boils down to companies not being careful with their data http://www.essentialsecurity.com/Documents/article12.htm C’mon it’s a digital world bits and bytes of metadata even creeps into simple files like word docs.
If companies care about their reputations they need to see computer recycling projects through to fruition – which includes either encrypting important files or wiping those drives.
-
August 14, 2006 at 8:59 pm #3212468
How to protect yourself
by techexec2 · about 17 years, 8 months ago
In reply to UK bank details sold in Nigeria
Encryption is a good step. But, it’s really not a problem to securely erase your HDD after you are done with it. Securely erasing involves writing a varying sequence of bytes over all portions of drive. The objective is to make it impossible to extract data from the magnetic platter even though it has been overwritten by some other data.
If you merely delete the file, the data is still there but the pointer to it in the directory has been removed. This is completely unsafe.
Overwriting the file with some other data is not enough either. This is because of the magnetic properties of the HDD platter. With the right equipment, you can actually recover bits that have been overwritten with other bits.
A secure erase will take care of it: Overwriting the bytes a sufficient number of times with varying byte values makes it impossible to recover the original data.
-
August 15, 2006 at 6:17 am #3231354
HIPPA Requirement
by tig2 · about 17 years, 8 months ago
In reply to How to protect yourself
When I was doing desktop support for a healthcare organisation we were required to run a disk killer on any drive that we replaced with new. The old one got hooked into a burn system and the HDD overwritten in two passes- the first pass laid down ones, the second pass overwrote the ones with zeros.
While I can write the requirement into a project plan, I can also almost guarentee that someone will ask why that step is being taken. In a healthcare environment it is easily validated- HIPPA compliance is a major issue. Unfortunately, the compliance requirements in the Financial world are not yet as robust. Sure, we know that NPI data has to be protected but no one has set the bar on what that means. So data gets out.
And we continually fight the “Everyone but Me” battle- compliance is always meant for someone else to manage to.
Edit typo
-
August 15, 2006 at 1:32 pm #3202282
UK electronic data
by marileev9 · about 17 years, 8 months ago
In reply to HIPPA Requirement
While HIPPA regulates our U.S. healthcare EPHI, I’m not sure that the UK has this in place with their national healthcare system. Anyone know how the UK hadles this when they recycle their machines?
-
August 16, 2006 at 9:41 am #3199441
To my limited knowledge…
by tig2 · about 17 years, 8 months ago
In reply to UK electronic data
In a similar manner.
It is an interesting question. GG! Can you help?
-
-
-
August 15, 2006 at 2:26 am #3212387
Remove hard drive
by tony hopkinson · about 17 years, 8 months ago
In reply to UK bank details sold in Nigeria
from system unit.
Take hammer, hit repeatedly until a fine powder starts leaking from the seams.
It’s a way to be sure. -
August 15, 2006 at 6:01 am #3231362
You can do one of three things to secure your data…
by lathan_devers · about 17 years, 8 months ago
In reply to UK bank details sold in Nigeria
1) Smash the hard drive platters as suggested.
2) Encrypt all the data on the hard drive before disposal. However, this may still leave previously deleted data recoverable.
3) Use programs such as Eraser (it is free too) to write over data multiple times.
Option 3 is good for people who want to use their drives for other purposes such as donating them to non-profit organizations, or auctions and the like.
-
August 15, 2006 at 1:21 pm #3202291
More on this….
by mroonie · about 17 years, 8 months ago
In reply to UK bank details sold in Nigeria
A similar story can also be found here:
http://www.darkreading.com/document.asp?doc_id=101264&WT.svl=news1_6
Coming from a business perspective, this could be extremely detrimental for a company if not handled correctly. Companies could be sued for huge amounts of money if old hardware is donated or recycled and valuable information is found. Even now, companies are not taking precautions in securing the data that is on their computers this very moment, so it’s almost impossible to assume that they’re going to do so when throwing out the darn things.
-
June 23, 2009 at 2:14 am #2957127
Nuke the disk!
by ghickey591 · about 14 years, 10 months ago
In reply to UK bank details sold in Nigeria
There are a number of free secure eraser utilities that will allow you to create a boot & nuke disk (floppy or CD) – you can boot from it and use the utility to overwrite every block on your hard disk with random data. Depending on the utility, it might not work with a machine that has a RAID controller (hardare or software).
If you have a live linux boot CD, you can get to the command line, then use the following set of commands:
DevList=`fdisk -l | awk ‘{print $1}’| grep dev`
for Device in $DevList
do
i=1
while [ $i -le 5 ]
do
dd bs=1024 if=/dev/random of=$Device
i=`expr $i + 1`
done
doneThis will wipe every disk device on your machine, including any attached USB devices, so be warned!
To be safe, you should do multiple passes – the script above will do 5 passes on every disk partition which should be more than enough to make it safe from anyone, excepting maybe the NSA.
Of course the best way to be totally sure is to take the HDD out of the machine before you give it away and physically destroy it – if you’re giving the machine to a charity, you can pick up a hard drive for ~?50…
-
-
AuthorReplies