I have posted before about the need for good data destruction. Remember my story about the discovered affair on a corporate PC I was using in the lab? Remember this cool picture from the CeBIT? It is enough to make anyone who owns a laptop shudder to see a big box full of electromagnets sitting out in the open like that. (Insert laptop, close door, push button, goodbye data!)
There are two stories this week that merited inclusion in the Data Protection Weekly newsletter. The first deals with data mining of re-cycled PCs in Nigeria. This BBC report:
discovered that fraudsters in Nigeria were able to find internet banking data stored on recycled PCs sent from the UK to Africa.
This goes beyond the casual discovery of critical information. Cyber thieves are well equipped to use forensic tools to recover deleted files. In this case they were capturing bank account information and selling credentials for $30-40.
The second is from a study that BT did about data destruction. No surprises here.
The BT-funded research, carried out by the University of Glamorgan in Wales, analyzed 317 hard drives purchased second-hand in the U.K., Australia, Germany and the U.S.This new level of attack against old PCs induces me to raise my recommendation for disposing of old PCs: totally destroy the hard drives. Hard drives are one of the cheapest components of a PC and could easily be replaced with a higher capacity, faster, disk if the computer is to be re-used. Remove the disks and crush the cases, making sure that you break or bend the actual platters. Use a hammer. Wear safety glasses. (And yes, you paranoid geeks, I know that the NSA can recover data from such a disk. But it would cost a lot more than $40 to do that and I do not expect cybercriminals in Nigeria to be going to those extents anytime soon.) Make sure to send the mangled hard drives to a suitable recycling facility!
About 35% to 40% of these turned out to come from businesses, 23% of which contained enough information to identify the specific company that had owned them using only off-the-shelf analysis tools. A shocking 5% held sensitive business information.