bit-tech.net

ICO warns of second-hand data leaks

ICO warns of second-hand data leaks

ICO's advice on securely erasing data from second-hand equipment is good, but using Darik's Boot and Nuke is better.

The Information Commissioner's Office (ICO) has released a report urging consumers to take more care of old computing equipment, following an investigation into data on second-hand hard drives.

To analyse the risk from the sale of second-hand computing equipment, ICO drafted in computing forensic company NCC Group to buy around 200 hard drives, 20 memory sticks and 10 mobile phones from internet auction sites and computer fairs back in 2010.

Once the hardware was in NCC's sticky hands, the company ran readily-available undelete software across the devices and found that 48 per cent still contained recoverable data. In total, 11 per cent of the devices held data the company rated as 'personal.'

That personal data - amounting some 34,000 individual files - was in some cases enough, the company claimed, to enable a ne'er-do-well to steal the previous owner's identity. Documents found during the process included bank statements, scanned passport images, details of driving offences and medical information. A further four hard drives were found to contain information about employees and clients of businesses which had previously owned the hardware, including health and financial details.

'We live in a world where personal and company information is a highly valuable commodity. It is important that people do everything they can to stop their details from falling into the wrong hands,' warned information commissioner Christopher Graham of the report. 'Today's findings show that people are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.

'Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered. The ICO has published guidance to help individuals securely delete information stored on their old devices. We hope this publication will help people to take better control of their personal data.
'

The ICO's advice on securely erasing drives can be red on the official website, although we'd suggest learning to use Darik's Boot and Nuke is a better use of your time.

21 Comments

Discuss in the forums Reply
PingCrosby 26th April 2012, 13:21 Quote
Bloody ne'er-do-well's
Pookie 26th April 2012, 14:56 Quote
I always dismantle a customers (faulty) drive and smash the platters to be sure there is no chance of it being recovered.
Dewi 26th April 2012, 15:03 Quote
It does seem ironic that the one time I was ever asked by a family member to retrieve deleted data, the computer had actually managed to wipe it permanently!

In my first year of Uni, I was housed in halls with a block of Computer Science students and one of the things they used to demonstrate was retrieving data from damaged or wiped hard disk drives. Since then I've always insisted on removing the drives from any old computers family and friends are disposing of.

In the end, what we used to do at Uni was actually remove the hard disk platters and use them as coasters on our desks. Over time the heat from mugs of coffees warped the data and rendered it unreadable...

...at least that was the theory!
BlackRaven 26th April 2012, 15:23 Quote
I used to use a heavy crowbar to smash the hell out of the drives we used. Done the same on with my own old ones.
Fizzban 26th April 2012, 15:52 Quote
There was a thing on Bang Goes The Theory about this quite recently. Showing some of the more..physical ways of erasing data, or not, depending on what they tried. Didn't tell me anything I didn't already know, but it was interesting none the less.

It's still up on bbc iplayer if anyone is interested. Here.
Hustler 26th April 2012, 15:53 Quote
Dban was great...until Hard Drives got so big, now even with the fastest (which is the least secure) wipe, it can take soooooooooo long to wipe Hdrives that are TB's in size.

..Choose the most secure method, and your talking literally days to wipe a disc.
yougotkicked 26th April 2012, 19:59 Quote
And that kiddies is why you never sell an old hard drive, they are rarely worth enough to justify it. if it still works, add it to a backup array, if it's broken, why are you selling it?

Though those not tech-savvy enough to know how to properly wipe a hard drive are at risk.
Fizzban 26th April 2012, 20:28 Quote
Quote:
Originally Posted by yougotkicked
And that kiddies is why you never sell an old hard drive, they are rarely worth enough to justify it. if it still works, add it to a backup array, if it's broken, why are you selling it?

Though those not tech-savvy enough to know how to properly wipe a hard drive are at risk.

Thing that gets me is hard drives cost MORE in Africa if they have data on them! Shocking. Get a good wipe program guys and turn those informations into zeros...or ones..w/e. Just wipe that ****. More user friendly than grabbing your local blow-torch and melting that baby.
OdDBaLL_MoD 26th April 2012, 22:53 Quote
Quote:
Originally Posted by Fizzban

Thing that gets me is hard drives cost MORE in Africa if they have data on them! Shocking. Get a good wipe program guys and turn those informations into zeros...or ones..w/e. Just wipe that ****. More user friendly than grabbing your local blow-torch and melting that baby.

Maybe more user friendly, but not as user fun! With proper PPE ofc... :P
Omnituens 27th April 2012, 09:40 Quote
In the words of Jamie Hyneman; When in doubt, C4.
Gareth Halfacree 27th April 2012, 09:48 Quote
Quote:
Originally Posted by Omnituens
In the words of Jamie Hyneman; When in doubt, C4.
Thermite: s'cheaper, doesn't go 'bang' and have SO19 knocking on your door, and is *very* pretty when it burns. It's also incredibly easy to make.

NOTE: Don't make it. It's fun, it's easy, but it's quite likely to result in a visit from the anti-terrorism squad - and while that sort of thing used to get you a slap on the wrist, these days the manufacturing of an "improvised explosive device" (what used to be known as "home-made fireworks") will likely get you a one-way ticket to Gitmo. Also, thermite is pretty vicious stuff - which is great for wrecking hard drives, but not so great for keeping fingers, toes and eyesight intact.
Omnituens 27th April 2012, 09:58 Quote
TBH, if I'm retiring a drive, hammer and nail does the job pretty well. No melty or boom, but a lot safer and much more legal.
bleeper 27th April 2012, 09:59 Quote
I always zero my drives, do a deep scan just in case, then securely delete if it found anything (it never does.)

The kind of people with the tools to get past a zero write and actually be able to do something with the information are not likely to be buying up drives off eBay for their nefarious purpose, so I am pretty confident I've nothing to worry about.

That said, at least most people at least attempt to delete the data.

I bought a PS3 hard drive that was clearly someone's porn storage device and even worse a Samsung Galaxy that spent a large amount of it's life producing amateur porn! I swiftly deleted it all after watching it.
MrJay 27th April 2012, 15:16 Quote
Quote:
Originally Posted by bleeper
Samsung Galaxy that spent a large amount of it's life producing amateur porn! I swiftly deleted it all after watching it.

Made me giggle!


Im currently using a Recuva to rescue some data from a formatted drive.

Takes an age to scan but once its finished its amazing what you can find.

This drive had been re-formatted re-partitioned and a fresh copy of windows and all his app installed.

id say I've found about 85% of the original content!
ArthurB 28th April 2012, 21:09 Quote
Quote:
Originally Posted by Hustler
Choose the most secure method, and your talking literally days to wipe a disc.
You only need to overwrite the data on your HDD with zeros to make it unrecoverable.

The hard drives own internal secure erase feature is also a lot quicker than the methods DBAN uses. IIRC, I wiped a 2TB drive in approx. 1 hour using HDDErase.
Harlequin 28th April 2012, 21:23 Quote
try googling for the swedish company that can recover data from any drive - they boast recovering data from hard drives that have been driven over by lorries , smashed to pieces and set on fire.

the US government approved method of destroying a data hard drive? dropping into acid till it melts. Overwriting xxx amount of times can still be read with enough effort.
DanaG 29th April 2012, 04:20 Quote
I usually use hdparm to erase drives. The only tricky thing: modern BIOSes tend to send the "freeze security state" command before handing control to the OS boot loader. You'll often either have to hotplug the drive (works fine for AHCI), or use a secondary SATA controller that doesn't send the "freeze" command.

Commands to run (using a random drive as an example, and replacing the serial number with "serialnumberhere"):
hdparm -I /dev/disk/by-id/ata-ST9500420AS_serialnumberhere
Capital i, not lowercase L. That will tell you something like this at the bottom:
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase
102min for SECURITY ERASE UNIT. 102min for ENHANCED SECURITY ERASE UNIT.

Then:
hdparm --security-set-pass SOMEPASSWORDHERE /dev/disk/by-id/ata-ST9500420AS_serialnumberhere
time hdparm --security-erase SOMEPASSWORDHERE /dev/disk/by-id/ata-ST9500420AS_serialnumberhere
You can instead do --security-erase-enhanced, if the drive supports it.

I run it through "time" -- if the thing takes way longer than it states it should, I'd imagine the drive is unhealthy. (One time I saw two different drives drives report a 30-minute erase, with me present, as taking 450 minutes -- likely due to clock changes.)

EDIT: Also, there is an hdparm for Windows, but nowadays Windows sends the "freeze" command to all drives, as well -- even on alternate SATA controllers, I believe. Hence, you need the Linux hdparm.
deadsea 30th April 2012, 01:50 Quote
Well, wouldn't it be easier to just encrypt the whole drive and be done with it? Set the key to be as long as possible and just bash away at the keyboard like Shakespeare's monkeys. If anyone's going to throw that much resources at recovering your data, you're screwed either way.
Bakes 1st May 2012, 22:05 Quote
Quote:
Originally Posted by deadsea
Well, wouldn't it be easier to just encrypt the whole drive and be done with it? Set the key to be as long as possible and just bash away at the keyboard like Shakespeare's monkeys. If anyone's going to throw that much resources at recovering your data, you're screwed either way.

If your operating system supports seamless encryption well (like OSX), then encryption is a good idea if you can stomach the performance loss.
Teelzebub 1st May 2012, 23:47 Quote
I find a 9in angle grinder erases data pretty well.
Neophyte4Life 2nd May 2012, 02:38 Quote
Quote:
Originally Posted by Teelzebub
I find a 9in angle grinder erases data pretty well.

Acetylene torch is more fun
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums