Destroy Old Hard Drives To Fend Off Data Thieves - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:59 PM

Destroy Old Hard Drives To Fend Off Data Thieves

What's the best way to protect data on old hard drives? Pound them into little pieces, according to one security analyst who says data crooks are buying--and mining--recycled hard drives.

Users should pound old hard drives before recycling the bits and pieces, a security analyst warned Monday.

"Remove the disks and crush the cases, making sure that you break or bend the actual platters. Use a hammer," said Richard Stiennon of IT-Harvest.

Stiennon's recommendation was prompted, by BBC reports that Nigerian fraudsters have been buying recycled hard drives from the U.K., then diving into the data in search of usernames and passwords for accessing online bank accounts. According the BBC, drives are sold in the West African country's commercial capital of Lagos for as little as 20 pounds ($37.87). Many of the drives the BBC found in Lagos came from U.K.-based recycling companies.

"This goes beyond the casual discovery of critical information," Stiennon said. "Cyber thieves are well-equipped to use forensic tools to recover deleted files."

Nigeria is notorious for harboring identity thieves, who typically run elaborate scams that involve supposedly dead or dying millionaires, money transfers, and pleading innocents. Dubbed "419" schemes for the section of the Nigerian criminal code they violate, the scams predate e-mail and the Internet, but have boomed because of both. In February, for example, Dutch authorities arrested a dozen Nigerians for operating a 419 ring and bilking North Americans out of $2 million.

Stiennon also cited a report issued last week by British Telecommunications (BT) done by researchers at the University of Glamorgan in Wales and Australia's Edith Cowan University which said a large number of second-hand hard disks contained "significant volumes of sensitive information."

The researchers -- who were repeating their 2005 study -- examined more than 300 drives obtained from the U.K., Australia, North America, and Germany via online auctions, flea markets, and computer fairs. Among the data recovered from the used drives were payroll information, cell phone numbers, invoices, employee names and photos, porn, and details of bank and credit card accounts.

"Companies and individuals need to take disposal of information stored on hard drives more seriously," said Andy Jones, BT's head of security research, in a statement last week when the report was released. "Just from looking at this random sample, it is obvious that there are hard drives on public sale that still contain highly confidential material."

"I'm raising my recommendation for disposing of old PCs because of this new level of attack," said Stiennon. "Totally destroy the hard drives."

It's not that other methods of destroying data -- such as zapping drives with massive electromagnets or running government-approved eraser programs -- don't do the job, he said.

"The whole managed control approach, where companies have a check-off process before a machine is retired, isn't enough," said Stiennon. "I'm confident in magnets and erasers, but I'm not confident in the process. [Erasing hard drives] just doesn't get done."

By physically removing and destroying the drives, businesses are adding another check to the system. "If a bunch of computers are on the shipping dock and someone notices that they still have their drives, then they'll know the machines aren't to leave. Or if the receiver sees that the drives are intact, he'll know to ask 'did you mean to ship these with hard drives?'" said Stiennon.

Erasing a drive with for-free or low-cost software -- Stiennon, who once worked for Webroot, recommended that company's $30 Window Washer -- does work in some situations. "If you're giving the PC to a friend or someone in the family, use software to clean it up," he advised.

But in every other instance, for businesses ranging from small to large, he repeated the bash-and-bang recommendation. "Hard drives cost next to nothing. They're one of the cheapest components of a PC and could easily be replaced with a higher capacity, faster disk."

So grab a hammer.

"But always wear safety glasses," Stiennon finished.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
CIOs Face Decisions on Remote Work for Post-Pandemic Future
Joao-Pierre S. Ruth, Senior Writer,  2/19/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
CRM Trends 2021: How the Pandemic Altered Customer Behavior Forever
Jessica Davis, Senior Editor, Enterprise Apps,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll