( Back to Able Information Security homepage)
WAVY TV 10 asked Able Information Security to assist in the analysis of computers that were purchased at local thrift stores. What did we find? A lot more than we should have. We found a company's complete purchasing system with 19 million dollars of invoices, their distributor list, and a sales person list with their home addresses, phone numbers, and commission information. Even more amazing was the application that was used to manage this information was still installed and provided an ability to write letters and merge the name lists.
Also found was email from a local business to potential clients which provided very specific information regarding the client's name, military rank, financial information, phone numbers, and details that could be used compromise the physical safety of family members.
Though Able Information Security has specialized tools that can "undelete" files, directories, and partitions, none were required to access the information in this investigation.
So what do you do before discarding your PC? Well, this depends on the sensitivity of the information on the computer. The British government supposedly requires that storage media used in the handling of classified information be ground up and the dust held for 12 years! ( more )
Some less aggressive steps would include:
1) Actually delete all information from the computer! (Then empty the Recycle Bin.) Sounds fairly simple but 100% of the computers purchased by WAVY had all of their applications still installed.
2) Install and use an electronic "shredder" which will wipe (overwrite erased files) by making several passes over the deleted information. Most of the "shredder" type applications allow you to select the number of times that the deleted file is overwritten by random 1's or 0's.
3) Format the hard drive before giving the system away. Formatting is a relatively simple process of wiping the information from the media. This information can be retrieved by professionals with specialized tools, but formatting is a great first step.
4) Encrypt your hard drive - this protects data on the system even if it the computer is stolen or discarded. You can purchase a utility to secure your system from a variety of vendors.
Able Information Security specializes in Information Technology assessment, protection, management, and education. For more information on firewalls, intrusion detection, corporate anti-virus, URL filtering, data analysis tools and services, security audits, and Check Point training, visit our website: www.WeAreAble.com or email us at: info@WeAreAble.com.
Additional information:
The Unintentional Disclosure of Digital Data
Do You Know What's Left On Your Disk? "Data Remanence"
Jack
LeGrand
President Able Information Security
President InfraGard Virginia
FBI National InfraGard Executive Board
(757) 499-3000
jack@WeAreAble.com
Back to Able Information Security homepage