Cold hard drive facts
- 11 March, 2003 07:30
Better think twice before you give your hard drive away. According to a new study by two Massachusetts Institute of Technology grad students, companies are frequently selling or giving away old computer disk drives with sensitive information still on them.
The study, detailed in the report, A Remembrance of Data Passed: A Study of Disk Sanitisation Practices, analysed 158 disk drives bought through eBay, at computer stores and salvage companies.
The data retrieved included detailed personal and corporate financial records, medical records, and personal email, according to MIT grad student, Simson Garfinkel, who conducted the study with Abhi Shelat.
Financial log files on one drive yielded what appeared to be 2868 credit card numbers in addition to bank account numbers, dates of transactions and balances. The students think the drive came from an ATM in Illinois and that no effort was made to remove the financial information prior to resale.
The recovered data problem stems from failures on the part of computer vendors and consumers alike.
Companies such as Microsoft were guilty of misrepresenting their products' "file delete" and "disk format" features, Garfinkel said.
Casual computer users often assume that such features permanently delete the data stored in a file from the disk drive. Instead, most simply change the data to indicate that the file has been deleted, then mark the areas of the hard disk that contain the "deleted" data as being available for reuse by other programs.
Assuming that data was not overwritten, it remained and could be retrieved using simple Unix commands or free commercial forensic software tools, Garfinkel said.
Operating system vendors should include software-based tools that securely delete files and sanitise the disk space they leave behind, the report said. The manufacturers of disk drives should also embrace existing technologies such as cryptographic subsystems that encrypt information using a secret key as it is written to the hard disk and decrypt it when it needs to be viewed.