They're looking for drives that haven't been wiped clean and contain valuable data.
By Gregg Keizer
TechWeb News
Posted on 01/31/2006 3:10:34 PM PST by Lokibob
Buyers on eBay troll the online auction site for used drives in the hope that the platters haven't been wiped clean and contain valuable data, including credit card numbers, a researcher said Monday.
Simson Garfinkel, a postdoctoral fellow at the Harvard's Center for Research on Computation and Society, has been buying used hard drives on eBay since 2001, then analyzing the data he finds on some of the devices.
Of the 236 drives Garfinkel bought, 7 contained more than 300 recoverable credit card numbers; one from had more than 11,000 unique account numbers that he could retrieve.
That's because only 19 percent of drives he acquired had been wiped clean. The majority of previous owners had either not touched the drives or had only run the DOS commands FDISK and FORMAT, which actually leave data on the drive so users with simple diagnostic tools can read the information.
Some eBay buyers are sniffing for such drives. "I think that many drives sell for more than their market value," on eBay, Garfinkel said in an e-mail interview with TechWeb. The only explanation: they're playing the possibilities, and expect there's data on some of the drives they buy.
Garfinkel even tracked down the original owners of the 7 credit card-packed drives, using basic detective work such as analyzing the most common e-mail addresses on the platter and/or reviewing intact Word documents for clues.
The drive with 11,609 unique credit card numbers came from a medical center, which had also disposed of another drive with 81 additional numbers that Garfinkel purchased. Other drives came from an ATM (with 827 unique numbers), a supermarket (1,356 numbers), and an auto dealerships (498 numbers).
By Garfinkel's calculations, about 1,000 used drives are sold daily on eBay. Using his findings -- 3 percent of the drives he purchased contained more than 300 recoverable credit card numbers -- about 30 of those devices have confidential financial information.
To erase mine, I
1. Hire a blonde.
2. Give her a bottle of white-out
3. Have her erase on the screen anything she finds on the hard drive.
:-)
Once upon a time a government agency sent our company something they later wished they had not sent. The agency sent a team to oversee "cleanup" of a server disk drive and a couple of days of backup tapes.
"Cleanup" involved a 50 gallon drum, several gallons of diesel fuel, and a blowtorch.
"Cleanup" was complete when the ashes were raked out into the gravel of the parking lot.
Obviously, the agency was not the Environmental Protection Agency.
If you start it with a few pounds of thermite.
The best option is Darik's Boot and Nuke which will securely erase all data on a hard drive. It writes random data to every sector on the disk, so all data will be overwritten.
Cladera = Caldera
The eBay community forums/chat has a Q&A forum for members to help each other/share experiences.
That might be a good place to start.
http://chatboards.ebay.com/chat.jsp?forum=1&thread=21
Roger that. I've tried with bulk erasers and other magnets, no go. Just not strong enough.
I'm not positive, but I suspect it would be possible to demagnetize the drive motor without affecting the data on the drive. Recovery in that case would be difficult, but not necessarily impossible.
After hearing about some nutcase putting magnets in his pockets and allegedly damaging government files, I did some homebrew experiments. Pinning floppy to plate, between two magnets , like poles, opposite poles ... No noticeable effect. I did not run this for an extend length of time.
Now if you want some very nice magnets crack open some old 5¼ full heights.
I wouldn't advise selling a hard drive on EBay. It's not enough money to be worth the risk.
"The drive with 11,609 unique credit card numbers came from a medical center."
It should be a crime for any business - particularly medical - to sell computer equipment without first ensuring that all consumer data has been erased. A few days in jail for the good doctor would send the right message.
As for computer security, you are right about the sledgehammer. Data has been recovered from drives that have been submerged, i.e. tossed in the ocean, re-formatted, erased, etc. The only method that is 100% guaranteed is to obliterate the drive.
When I have a used up, worn out drive, I take it apart and make wind chimes out of the platters (after running a magnet accross them).
Understood that data recovery is possible...but difficult and/or time consuming.
In my case, it's not worth the trouble. I don't care about any data on the drive, and I have a box sitting in the corner containing about a dozen usable hard drives ranging in size from 10GB to 80GB. <?:^)
what would you do if the buyer gave you a neutral or negative feedback before you put yours in? Leave a negative feedback saying "this buyer gave me a negative feedback?"
Feedback withholding has always annoyed me, although I can see why you might.
</tangent>
Mrs VS
That puts a whole new meaning to the phrase "written in the wind".
And let me guess, you sell the wind chimes on ebay.
>>When I have a used up, worn out drive, I take it apart and make wind chimes out of the platters (after running a magnet accross them).
GRIN, I have one of those, the little funny shaped titanium thingies make neat sounds in the wind.
Yeah, I agree. Even degaussing I'm not 100% sold on to that extent. I pull the HDs and break them before I give my used PCs away. HDs are cheap now and if someone wants them, likely they'll want a newer, better HD anyway.
Why would anybody sell a used hard drive? And (aside from criminals) why would anybody buy one?
Precisely. This ain't '95 when HDs were expensive. They're cheap now.
That's a great idea. I have a spare that is practically unused that's almost as old as this one. I had one even older than this one, but I can't for the life of me remember what it was.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.