They're looking for drives that haven't been wiped clean and contain valuable data.
By Gregg Keizer
TechWeb News
Posted on 01/31/2006 3:10:34 PM PST by Lokibob
Buyers on eBay troll the online auction site for used drives in the hope that the platters haven't been wiped clean and contain valuable data, including credit card numbers, a researcher said Monday.
Simson Garfinkel, a postdoctoral fellow at the Harvard's Center for Research on Computation and Society, has been buying used hard drives on eBay since 2001, then analyzing the data he finds on some of the devices.
Of the 236 drives Garfinkel bought, 7 contained more than 300 recoverable credit card numbers; one from had more than 11,000 unique account numbers that he could retrieve.
That's because only 19 percent of drives he acquired had been wiped clean. The majority of previous owners had either not touched the drives or had only run the DOS commands FDISK and FORMAT, which actually leave data on the drive so users with simple diagnostic tools can read the information.
Some eBay buyers are sniffing for such drives. "I think that many drives sell for more than their market value," on eBay, Garfinkel said in an e-mail interview with TechWeb. The only explanation: they're playing the possibilities, and expect there's data on some of the drives they buy.
Garfinkel even tracked down the original owners of the 7 credit card-packed drives, using basic detective work such as analyzing the most common e-mail addresses on the platter and/or reviewing intact Word documents for clues.
The drive with 11,609 unique credit card numbers came from a medical center, which had also disposed of another drive with 81 additional numbers that Garfinkel purchased. Other drives came from an ATM (with 827 unique numbers), a supermarket (1,356 numbers), and an auto dealerships (498 numbers).
By Garfinkel's calculations, about 1,000 used drives are sold daily on eBay. Using his findings -- 3 percent of the drives he purchased contained more than 300 recoverable credit card numbers -- about 30 of those devices have confidential financial information.
No, ebay feedback cannot be changed or edited, once left.
Not all the time: http://www.pcmag.com/article2/0,1895,1911131,00.asp
Would a garden-variety fire safe be adequate to protect a normal hard drive? I know that floppies and such can become useless even when protected in such safes, but I would think hard drives could withstand higher temperatures.
A local, Raleigh, NC, company offers to run drives through a metal shredder.
Works for me.
Not really. My wife is a programer and paranoid about personal and financial data that we keep on the computer. She insists I smash it. I am not going to take the drive apart to make sure the disk is totally destroyed so it goes into the fire in the backyard when I burn all the damn credit card offers I get in the mail along with old bank statements etc. It takes longer to get the drive out than to smash and burn. I put it on the shelf until the next time I am burning paperwork and toss it in the fire.
Dumpster diving is one of the favorite methods of identity theft.
"Best way to clean a hard drive is with a 5 lb sledgehammer."
Either that or put it with Hillary's Rose Hill billing records, it would never be seen again.
You should see that PC Magaine link in post 57. It might be a good idea to run a good wiping program before the smash and burn.
Nope. Once it has been left it's as good as stone.
You can add follow ups and such but no edits allowed. At least none I've ever seen.
It sure would be nice to have that capabilty for say...10 minutes after hitting the button.
You gotta know, if it were any Rat politician at all, my name would be a "household word" here at FR!
Where do you sell the goodies after you recover them? That is
ifyou don't use the data yourself.
HNO3
Then I put a few .45 rounds through it.
L
If one had the time, a sting operation would be a fun thing to watch unfold... Some enterprising detectives could sell "used HD's" on e-bay with bogus data or account info. When dumbass thief goes to use said account or credit #, BAM, free handcuffs, courtesy of E-bay.
Damn, that would be funny as hell.
Thanks,
L
Okay, it must have been followups I was thinking of. I have had a buyer change their mind after buying and receiving the items and I allowed them to return it. I reposted the sale and when I did I left follow up (and they did too)
You got that right!
Sounds like Mr. Garfinkel is a real player with the ladies.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.