Skip to comments.
'Cleaned' hard drives reveal secrets
New Scientist ^
| 14:32 16 January 03
| Will Knight
Posted on 01/16/2003 7:33:41 AM PST by vannrox
|
|
|
|
'Cleaned' hard drives reveal secrets |
|
14:32 16 January 03 |
Will Knight |
|
Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.
Simson Garfinkel and Abhi Shelat, graduate students at the Massachusetts Institute of Technology, analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers, as well as email messages and pornographic images.
The pair wrote a program to scour the disk drives for any trace of credit card information. They found card numbers on 42 drives of the drives they bought.
One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page.
Privacy failure
Much of the information the researchers found had been "deleted" before the disks were sold. But simply deleting a file with most computer operating systems does not remove it from the hard drive, it only removes a tag pointing to the file.
Furthermore, even re-formatting the disk does not properly remove the contents of files.
"Most techniques that people use to assure information privacy fail when data storage equipment is sold onto the secondary market," the researchers write in an article to appear in the IEEE magazine Security and Privacy. "The results of even this limited initial analysis indicate that there are no standard practices in the industry [for sanitizing disks]."
Data remembrance
The study, entitled Remembrance of data passed: a study of disk sanitization practices, concludes that overwriting disks with random data, preferably more than once, should be sufficient to wipe them clean. But only 12 per cent of the drives they bought had been cleaned in this way.
They also note that it may be possible to recover information even when it has been overwritten with random data. This would require the use of magnetic force microscopy to measure the subtle magnetic changes that occur during each overwrite.
Finally, the researchers add that cryptographic file systems would improve hard drive security by requiring authentication before revealing data. But they say this type of system is very rarely used. |
|
14:32 16 January 03 |
|
|
Return to news story |
|
© Copyright Reed Business Information Ltd. |
|
TOPICS: Business/Economy; Constitution/Conservatism; Crime/Corruption; Culture/Society; Extended News; Government; News/Current Events; Technical
KEYWORDS: 1984; bigbrother; card; clean; computer; credit; drive; hand; hard; information; nwo; pc; privacy; second; secrets; security
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 141-154 next last
Hum...Even totally erased hard drives! Hum.
1
posted on
01/16/2003 7:33:42 AM PST
by
vannrox
To: All
2
posted on
01/16/2003 7:34:40 AM PST
by
Support Free Republic
(Your support keeps Free Republic going strong!)
To: vannrox
analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers
Hmmm. Each hard drive averaged 38 credit card numbers. If this is true, these hard drives where from some servers of some sort. I really don't buy into the notion that the average joe stores that many credit card numbers into his computer.
To: vannrox
I doubt it the memory should revert to default setting if the hard drives were formatted.
4
posted on
01/16/2003 7:41:03 AM PST
by
weikel
To: vannrox
There are cryptographic programs available that "secure delete" a file. They overwrite with all 1's and then do the normal delete. This feature is usually a utility that comes with crypto programs for no addiitional cost.
It can be used on a day to day basis to delete one file at a time, not a whole disk.
To: vannrox
Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.They sure can, but not when you smash them into little pieces with a heavy duty hammer, which is what happens to all my hard-drives when I have no further use for them.
6
posted on
01/16/2003 7:42:14 AM PST
by
AntiGuv
(™)
To: Support Free Republic
she needs a hard drive....or just had one
To: vannrox
Simson Garfinkel? Is that a real name? Or is it along the lines of Heidi Salami and Lydia Bestpot?
8
posted on
01/16/2003 7:45:17 AM PST
by
Xenalyte
(aka A. Nicholas Fivepennies)
To: vannrox
This is no surprise. Deleting a file doesn't remove it from the drive, it just removes the reference to it that enables the operating system to retrieve it. That has been common information for years. A deleted file will remain there, accessible for recovery by a computer expert, until some other file happens to overwrite it, or part of it.
There are programs available for overwriting deleted files. I haven't looked recently, but they certainly used to be easily available. They may or may not remove deleted files completely, but they are said to be effective.
Frankly, unless you sell a used hard drive to a criminal hacker or unless you belong to the Mafia or are a secret agent for a foreign power, must people really don't need to worry about this kind of thing.
9
posted on
01/16/2003 7:45:47 AM PST
by
Cicero
To: usastandsunited
Hmmm. Each hard drive averaged 38 credit card numbers. If this is true, these hard drives where from some servers of some sort. Read it again, chief. One of the drives came from an ATM machine, and the vast majority of card numbers came from that drive.
10
posted on
01/16/2003 7:46:03 AM PST
by
Oberon
To: AntiGuv
I wonder what the US Gov does to dispose of "classified" hard drives? I sort of imagine it involves fire, or some equivalent of your heavy duty hammer. Financial institutions should treat their old drives the same way.
To: usastandsunited
I really don't buy into the notion that the average joe stores that many credit card numbers into his computer.
I'm not sure the average joe even HAS 38 credit cards. I'd say 20 max, including gas and department-store cards.
12
posted on
01/16/2003 7:46:44 AM PST
by
Xenalyte
To: usastandsunited
It says that one of the drives came from an ATM. Probably most of the credit card numbers were on that one drive. Now that is one kind of drive that really does need to be wiped, or hammered with a sledgehammer. A bank should know better than just to toss it in the trash or sell it.
13
posted on
01/16/2003 7:47:30 AM PST
by
Cicero
To: usastandsunited
Hmmm. Each hard drive averaged 38 credit card numbers.Just an FYI. You overlooked this bit of the article:
"One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page."
14
posted on
01/16/2003 7:48:43 AM PST
by
AntiGuv
(™)
To: vannrox
Simson Garfinkle....I was his camp counselor in the mid 70's. The kid brough a computer to camp when nobody knew what it was. He behaved like your worst nightmare kid in need of a ritalin fix. His mind never stopped.
His dad is a Philadelphia lawyer who is the nicest, most patient man around.
Simson is a walking statement of why not to drug your kids. He could disrupt a pet rock sleeping. He never shut up. He did really wierd stuff like count the number of steps he took in a day, multiplied them out by the number of kids, adjusted for age/stride length, and figured collectively how far we had all walked in one day. He was eight years old!
It's good to hear his name crop up once in a while. Better world with people like him around.
15
posted on
01/16/2003 7:52:30 AM PST
by
blackdog
To: vannrox
I always copy multiple copies of the US Constitution onto my hard drives, to consume all available space, before I consider them to be cleaned. Bitmapped graphics of the document are good for this. Also, I found a horrendously large Acrobat .PDF file of the Constutution that is good for this too. After I get a "DISK FULL" statement, I top it off with .TXT versions until it is really full. Then I de-frag it, and top it off again. Then I delete all of that, and I have a clean drive.
Total elapsed time, 20 minutes.
If you buy used drives, always do something like this when you first get them. There is a lot of stuff out there that you do not want on your computer. Ask Pete Townsend about that!
16
posted on
01/16/2003 7:52:55 AM PST
by
gridlock
(Blocking the box since 1999)
To: usastandsunited
Hmmm. Each hard drive averaged 38 credit card numbers. If this is true, these hard drives where from some servers of some sort. I really don't buy into the notion that the average joe stores that many credit card numbers into his computer.Did you read the part where just one, from an ATM, had 2800+ numbers? Hmmmmmmm.
To: vannrox
The principal used in obtaining these files that have been erased goes past that of simply the pointer to the file being removed. Though we think of hard drives as digital devices that store a magnetic charge in each bit, in reality a magnetic charge is more like an analog device. By carefully studying the flucuations in the charges, it can be ascertained what bits were stored there in the past. This technique only works so far back in the past, but it well proven to retrieve data that has already been destroyed once, perhaps twice. Beyond that it becomes difficult to chart which state the bit has been in.
What this means is that if you desire data security, you need to use something like this professional degausser which generates a strong electomagnet field to completely erase everything on a tape or disk. The other way to completely scrub your hard drive is to format it over and over again. There are some utilities which can write alternating patterns of ones and zeros in order to test a drive's these work, too, but in either case you must make many passes. One time will not do.
18
posted on
01/16/2003 7:58:11 AM PST
by
Liberal Classic
(Quemadmoeum gladis nemeinum occidit, occidentis telum est.)
To: Cicero
The latest version of Norton Utilities no longer has "wipe info" which I used for years with the slow, but supposedly effective "government wipe" setting.
19
posted on
01/16/2003 7:59:02 AM PST
by
CatoRenasci
(who would rather be sailing, anytime)
To: CatoRenasci
I didn't know it had been removed. Interesting grist for the conspiricy mill, there.
20
posted on
01/16/2003 8:01:45 AM PST
by
Liberal Classic
(Quemadmoeum gladis nemeinum occidit, occidentis telum est.)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 141-154 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson