Your Hard Drive and Identity Theft
Your identity
What is the most valuable
property you have? Your money? Your house? Your inheritance? No, it is your
identity! If your identity is stolen, criminals may get access to everything,
which rightfully belongs to you.
How your identity can be
stolen? Criminals can get access to your personal data in multiple ways. While
you are unable to control most of the paths of the personal data leaks, some
people decide to do what they can – eliminate any individual data leaks from
them and from their household.
Identity theft starts with
the misuse of your personally identifying information such as your name and
Social Security number, credit card numbers, or other financial account
information. For identity thieves, this information is as good as gold.
Skilled identity thieves may use a variety of methods to get hold of your information, including:
- Dumpster
Diving. They
rummage through trash looking for bills or other paper with your personal
information on it.
- Skimming. They steal credit/debit card numbers by using
a special storage device when processing your card.
- Phishing. They pretend to be financial institutions or
companies and send spam or pop-up messages to get you to reveal your
personal information.
- Changing
Your Address. They
divert your billing statements to another location by completing a change
of address form.
- Old-Fashioned
Stealing. They
steal wallets and purses; mail, including bank and credit card statements;
pre-approved credit offers; and new checks or tax information. They steal
personnel records, or bribe employees who have access.
- Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources.
I personally think that are
just being paranoid on shredding everything, since in the modern society it is
much easier to steal multiple people information from central locations, like
banks, insurance companies, HR, and so on, than to dig in the garbage cans in
hope that you have not shredded your sensitive documents. There is even undercover
online market for the stolen identities, so one criminal can buy your identity
from another criminal, like any other product.
Hard
drive as security breach
While identity theft is a topic for entire blog, in
this post, we will just review a small aspect, related to the topic from our
computer perspectives – in particular, on how to remove the sensitive data from
your Hard Drive, before you dispose or sell it on eBay for any reasons.
A study by Simson
Garfinkel, author of Database Nation,
found that drives purchased on eBay routinely contain sensitive or confidential
data. Garfinkel was able to purchase an old ATM machine hard drive on eBay that
contained 827 unique account PIN numbers. He purchased another drive on eBay
that had previously been owned by a medical center. That drive contained
information on 31,000 credit card numbers.
Before you get rid
of an old hard drive or computer, you need to make sure the data on the drive
is impossible to recover. Frankly, data is almost always recoverable to some degree,
but with the proper precautions you can at least make sure that Joe Shmoe who
bought your hard drive from your garage sale can't access your Quicken
financial information.
Simply erasing all
the data on your hard drive and formatting it is not enough security. You can
spend hours going through your hard drive and deleting all the files and
documents you want, but using the delete key on your keyboard in Windows will
only remove the shortcuts to the files making them invisible to users. Deleted
files still reside on the hard drive and a quick Google search will show many
options for system recovery software will allow anyone to reinstate that data.
When you erase/delete a file from your computer,
it's not really gone until the areas of the disk it used are overwritten by new
information. If you use the normal Windows delete function, the
"deleted" file is sent to the Recycle Bin until the space it uses is
required by other files. If you use Shift-Delete to bypass the Recycle Bin, the
space occupied by the file is marked as available for other files. However, the
file could be recovered days or even weeks later with third-party data recovery
software. As long as the operating system does not reuse the space occupied by
a file with another file, the "deleted" file can be recovered.
With SSDs, the erased file situation is even more
complex. SSDs store data in blocks rather than in sectors as with magnetic
storage. Overwriting a block was previously used involves copying the contents
of the block to cache, wiping the block's contents, delete the block to be
overwritten from cache, writing the new data to cache, and rewriting the block
with the new data. As an SSD is used with files that are deleted or changed
frequently, the performance can drop unless the drive (and operating system)
support a technology called TRIM that wipes out deleted data blocks as soon as the
file using the blocks is deleted. TRIM is supported by Windows 7 and by some
late model SSDs, but not by older Windows versions.
Formatting the hard
drive is a bit more secure than simply erasing the files. Formatting a disk
does not erase the data on the disk, only the address tables. It makes it much
more difficult to recover the files. However a computer specialist would be
able to recover most or all the data that was on the disk before the reformat.
For those who
accidentally reformat a hard disk, being able to recover most or all the data
that was on the disk is a good thing. However, if you're preparing a system for
retirement to charity or any other organization, this obviously makes you more
vulnerable to data theft.
For some businesses
and individual users, a disk format may be something you consider secure
enough, depending, of course, on the type of data and information you saved to
your computer. As long as people understand that formatting is not a 100
percent secure way to completely remove all data from your computer, then they
are able to make the choice between formatting and even more secure methods. If
you have decided a disk format is a good choice, at the very least to do a full
format rather than a quick format.
Therefore, to be
sure that your data is removed beyond all practical ability to recover it, you
should use a special wiping or erasing utility. These tools overwrite every
sector of the hard drive with binary 1's and 0's. Those that meet government
security standards even overwrite each sector multiple times for added
protection.
We will review several wiping utilities later in the
software section of the blog, but there is indeed one secure method, you can
apply without computer knowledge, additional utilities, or even understanding
how the hard drive works at all.
Physical
Destruction
One of the surest
ways to achieve data elimination forever is just physical destruction of the
hard drive. Clearly, this is only an
option if you are going to dispose of the drive afterwards.
There are a few
ways to go about this. You could get some high powered magnets and wipe the drive a few times with them.
This scrambles all the data that is written magnetically on the disk.
Another option is
to wail on the drive a few times with a hammer. Please remember to
wear proper safety accessories such as safety glasses when using tools.
Finally, you can
always take the drive apart to make sure the disk gets completely
demolished. To do this though, you will probably need a special T9 torx
screwdriver. Or, you can try to simply pry the thing apart, but please,
as before, use proper safety measures.
On top of making
sure you completely confident your information is gone, this can work out to be
a good stress reliever.
Sources
and Additional Information:
Posts
