Selling a Used Computer and Identity Theft
Identity Theft is the fastest growing crime over the last few years. The amount of data stored on computer systems is an ideal repository for criminals to attempt identity theft. When someone either discards or sells a used computer system, hard drive, or external storage device most people do not appropriately sanitize the media, but rather delete or format a disk falsely believing all the data is gone.
A friend of mine recently bought a new fancy rig costing $2,000 or so. When I asked him what he did with his old system, he said he sold it on craigslist for $550 to help fund the new purchase. “Did you put in a new hard drive?" “No, but I reformatted it. "
There is a misconception among those unfamiliar with the inner workings of computers that deleting files and formatting hard drives removes data completely. Think back and try to remember all the files you deleted over the past 10 years. Did you ever delete financial data, such as accounting spreadsheets, bank numbers, credit card data, or personal information? How about scanned documents, such as mortgage paperwork, driver's licenses, birth certificates, or pay stubs? What happened to those computers or hard drives with which you think you deleted those files from? Did you sell the PC like my friend, donate it to an organization, or just throw it away? Who has used that computer since, and what may they have found? These are all important and scary questions.
I recall a thesis paper written by some graduate students from the Massachusetts Institute of Technology that outlined this very threat. They had purchased 150 or so used hard drives from eBay to study how much personal data was left on old systems. They reportedly found medical records, email correspondence, corporate financial data, illicit personal photographs, thousands of credit card numbers, and even an ATM drive with numerous bank accounts. This is a very real concern for every computer owner, especially my friend now that the system is out of his possession.
What Deleting and Formatting Really Does
I proceeded to give my friend a little education on how computers store information and what deleting and formatting actually does. Basically, the hard drive is broken down into sectors in which the data is stored. In the figure below, suppose File A is a Tax return for 2007. 2008 comes around and you delete 2007's record and the file appears gone. All that has happened is the Operating System (OS) has marked those sectors as available and removed it from the user's view. It is still easily recoverable through a variety of software. The file still exists and is in just as good of shape as before you deleted it.
See Hard Drive Sectors Image
When space is needed the Operating System will then overwrite the sector with a new file. Perhaps, 2008's Tax return isn't as large as 2007's, and the OS decides to use Sector 1 and 2 to store the data. 2007 (File A) has now been overwritten, but part of Sector 2 was not needed. This extra space is called “Slack Space, " and still retains part of the deleted file. Again, this information is recoverable.
Because my friend decided to format the drive, he figured all the information on the drive was inaccessible regardless. In reality, formatting only redefines the hard drives characteristics to store information. The data is still physically embedded on the media and recoverable with simple tools. This software even allows for the overwrite sanitization technique I explain below.
How to Really Erase Hard Drives
What needs to happen to totally remove the data yet keep the drive functioning is repetitive overwriting. This should be done multiple times. As an analogy, say your child writes his name with permanent marker on the living room wall. You take some left over paint and coat the area, but after it dries the writing is still visible. This is called residual data. The same applies with overwriting as a technique to sanitize your computer drives. You'll need multiple coats or overwrites to sufficiently mask what was originally written. Some Tools will overwrite all addressable sectors with random characters eliminating the slack space and the residual data.
If you are going to donate, sell, or dispose of your computer be sure to appropriately safeguard your private information by using some sort of sanitization method. You don't want to be a victim to evil folks whom actually purchased used computers for just this purpose.
If you need some recommendations for erasing hard drives visit my Computer Security Blog at SecurePuter.com