I Found Your Data on that Used Device You Sold...

Wednesday, March 14, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

Over the past 15 years, the increasingly rapid evolution of technology has resulted in new computers or mobile phones becoming outdated in a matter of one or two years.

Chances are, you’ve gone through no less than ten digital devices in the past decade, if not more. It has become standard practice to upgrade to a newer device and often sell, donate, or discard the old one.

Or you’ve received a new computer or mobile phone for a holiday gift and need to get rid of the old one.

What did you do with all of your old devices? Some may be in your basement, others were given away, and you might have hocked a few on eBay or Craigslist. Did you know it is very likely that you inadvertently put all of your digital data in someone else’s hands if you no longer have the device?

I recently bought 20 laptops, desktops, netbooks, notebooks, tablets, Macs, and mobiles through Craigslist, all from sellers located within 90 minutes of my home. Of the 20, three of them had never been wiped, meaning that I bought the devices exactly as they once sat on someone’s desk.

The original owners had made no effort to clean out the data, which meant that I was able to access the records of their entire digital lives. 17 of the devices had been wiped, meaning that the seller took the time to reformat or reinstall the operating system.

Of the 17 wiped drives, seven contained remnants of the previous users’ digital lives. Despite the effort made to reformat or reinstall the operating systems, there were partitions and leftover data on the drives.

After having spent the past few months working with a forensics expert, I’ve come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something.

IT professionals tasked with data destruction use “wiping” software, and you can too. But after what I’ve seen, more needs to be done. This means external and internal drives, thumb drives, SD cards, and anything else that stores data really should be destroyed.

So whether you destroy an unwanted drive with a sledgehammer, or use a drill press to turn it into Swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don’t sell it on eBay or Craigslist.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Possibly Related Articles:
7618
Security Awareness
Information Security
Data Loss Identity Theft data destruction Security Awareness Mobile Devices Smart Phone Computer Recycling Data Wiping
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.