|
|
|
Your Old PC Can Be a Crook's Goldmine
Every PC in your office has
information on its hard drive that could be damaging if it falls into
the wrong hands. Confidential client information, taxation returns, bank
account details, HR records – the typical computer in an accounting firm
is a repository of secrets.
When criminals steal and use a person’s personal information – full
name, social security number, date of birth, home address, taxation
reference number, etc. - to assume that person’s identity, they can
apply for loans and credit cards, open bank accounts, and make purchases
in their name. Just try proving you didn’t make a purchase and you’ll
soon see why identity theft is such a problem.
When the time comes to retire an
old PC, what do you do to safeguard this information? Delete all the
files? Format the hard drive? Unfortunately, these steps are
insufficient to permanently remove this information and a skilled
professional will be able to recover all or most of it.
Second-hand Computers Studied
Identity theft is big business and there’s probably no better source of
details about a person’s identity than the contents of their
accountant’s PC. A team led by Professor Martin Gill of the University
of Leicester in the U.K. purchased six second-hand computers from a
variety of sources and performed a forensic data analysis on each one
using off-the-shelf computer software.
The results gave an indication of the extent of the problem. Half of the
six PCs had not been securely wiped. No attempts had been made at all to
wipe the contents of one computer, and the contents of the other two
were easily recovered.
Professor Gill’s 2006 study entitled ‘Second-Hand Computers and Identity
Fraud’ told how on one computer the team found bank account details,
correspondence with a bank noting change of email address and a previous
owner's CV.
Another computer had usernames and password for an online travel account
and a spreadsheet with a company's details of creditors, payroll and
income tax. As a bonus there was also a list of around 250 names and
addresses of past and present customers.
Reformatting Isn’t Enough
"Simply reformatting a hard drive is not enough to make data
irretrievable”, said Professor Gill. “Anyone disposing of a personal
computer must ensure that all data is securely wiped using specialist
software to wipe over every sector of the hard drive."
Think about this the next time you dispose of an old PC. Whether you
sell it on-line, auction it through an auctioneer, trade it in or just
put it out with the trash, it’s full of useful data for identity thieves
and even agents conducting industrial espionage.
Justin Basini of U.K. financial services company Capital One, tells us:
"To date most of the advice surrounding protecting oneself against fraud
and identity theft has centred around looking after personal,
paper-based documentation. But that won't account for the digital
fingerprints that we leave behind on our PCs.“
Microsoft recommend taking the following steps to completely wipe a
computer’s hard drive clean:
1. Reformat the Hard Drive and Re-install the Operating System
Reformatting a disk prepares it to accept a new operating system. It
also wipes out everything on the hard drive. When the reformat finishes,
put the Windows installation CD in the CD drive and re-install Windows.
Microsoft cautions: “Reformatting will keep most people out of your old
files. But specialised shareware exists to reclaim files after
reformatting. If you do not know who will get the computer — or you do
know and you don't trust them — stronger measures are required.”
2. Buy Software and Overwrite the Disk, Again and Again and Again
There are several programs that write gibberish to the hard drive.
Norton's SystemWorks includes an application called ‘Wipe Info’.
OnTrack's ‘DataEraser’ offers a similar feature, as does Jetico's ‘BCWipe’.
There are several other such applications including shareware available
on the Internet.
After conducting their ‘Second-Hand Computers and Identity Fraud’ study,
Professor Gill and his team wiped all the data from the test computers
using a software program called ‘Encase’.
Writing in USA Today, Jefferson Graham tells of another experiment
conducted in 2003 by privacy expert Simson Garfinkel and fellow MIT
student Abhi Shelat who purchased 158 old hard drives on eBay and found:
“More than 5,000 credit card numbers, financial and medical records,
personal e-mail and pornography were easily obtainable on the drives.”
To be absolutely certain that all the data on an old PC has been
removed, Graham recommends taking the hard drive to a professional
data-recovery service and ask them to sanitize it for you. Or there’s
always the ultimate solution: “Use a sledgehammer, because the only way
to really be sure is to destroy the disk.”
|
|
