They're looking for drives that haven't been wiped clean and contain valuable data.
By Gregg Keizer
TechWeb News
Posted on 01/31/2006 3:10:34 PM PST by Lokibob
Buyers on eBay troll the online auction site for used drives in the hope that the platters haven't been wiped clean and contain valuable data, including credit card numbers, a researcher said Monday.
Simson Garfinkel, a postdoctoral fellow at the Harvard's Center for Research on Computation and Society, has been buying used hard drives on eBay since 2001, then analyzing the data he finds on some of the devices.
Of the 236 drives Garfinkel bought, 7 contained more than 300 recoverable credit card numbers; one from had more than 11,000 unique account numbers that he could retrieve.
That's because only 19 percent of drives he acquired had been wiped clean. The majority of previous owners had either not touched the drives or had only run the DOS commands FDISK and FORMAT, which actually leave data on the drive so users with simple diagnostic tools can read the information.
Some eBay buyers are sniffing for such drives. "I think that many drives sell for more than their market value," on eBay, Garfinkel said in an e-mail interview with TechWeb. The only explanation: they're playing the possibilities, and expect there's data on some of the drives they buy.
Garfinkel even tracked down the original owners of the 7 credit card-packed drives, using basic detective work such as analyzing the most common e-mail addresses on the platter and/or reviewing intact Word documents for clues.
The drive with 11,609 unique credit card numbers came from a medical center, which had also disposed of another drive with 81 additional numbers that Garfinkel purchased. Other drives came from an ATM (with 827 unique numbers), a supermarket (1,356 numbers), and an auto dealerships (498 numbers).
By Garfinkel's calculations, about 1,000 used drives are sold daily on eBay. Using his findings -- 3 percent of the drives he purchased contained more than 300 recoverable credit card numbers -- about 30 of those devices have confidential financial information.
Best way to clean a hard drive is with a 5 lb sledgehammer.
Would a bonfire work?
ping
Yeah, but after the sledgehammer reformat you don't get as much on eBay for it.
My old hard drives are removed from the machine prior to disposal of the machine. The drive is then burned in a fire.
Then it goes into the trash after I have smashed it with a sledge hammer.
Agreed. Although you might want to use an overwrite program first.
That's a long way from "Parsley, Sage, Rosemary, and Thyme." Is he the short one or the one with the kinky hair?
Hmmmm... that just gave me a brain storm to unload a bunch of paperweight old scsi drives.
"Used drives from credit card validation and processing server. Drives have been pulled without being wiped."
LOL!
Simson Garfinkel, computer geek.
Ya' just know the other kids made fun of him. ;-)
Stick a big speaker magnet to it.
I was thinking the same thing--I used to work in the drive biz and have a lot of old "paperweights" sitting in boxes.
A company donated some computers to an old folks center.
The hard drive were erased on all of the working computers.
On the two that had problems (power supplies) the hard drives were not erased. Both had full info on their customers.
Instead of calling the company to ask what to do with their data, I did a low level format of the drives.
FYI...tech ping.
Are people really that dumb?
Why would anybody sell a used hard drive? And (aside from criminals) why would anybody buy one?
Use SpinRite to recover data off the drives you buy :)
Use Gateways GWSCAN.exe to write zeroes to a drive before you either sell or format it.
I don't understand the market for used hard drives, at least not for consumer-level machines. Most consumer-level hard drives have a finite useful lifetime, and newer hard drives keep getting bigger and bigger. Why would anyone (other than someone hoping for some illicit data) be willing to pay enough for a year-old hard drive to make it worth selling?
The very next day he sent an e-mail complaining about two "defects" and then says it will cost $80 to fix it (he only paid $118 for the camera -- dirt cheap), but it was a minor problem so he would settle for a $40 refund. After e-mail discussion, he now will settle for $30 (ha ha) as he found the point focus magnetic contact button and installed it himself. I've suggested he leave feedback for me first and then I'll send the "funds" but he is demanding the funds be sent first....Mexican standoff. How is it that these guys are so hard core?
I believe I'll just take my negative (only my second one) and let it go having learned a hard lesson. This fellow is Chinese and I knew better than to trust him. I am deeply disappointed in the lack of character of some people I have to deal with these days. Any suggestions? It would be nice to have a little help from a Freeper in Atlanta.
Hard to find new ata 66 scsi drives for new from dealers; I got one off ebay not long ago for a few bucks, was in perfect condition.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.