Selling a Used Computer and Identity Theft
Identity Theft is the fastest growing crime over the last few years. The amount of data stored on computer systems is an ideal repository for criminals to attempt identity theft. When someone either discards or sells a used computer system, hard drive, or external storage device most people do not appropriately sanitize the media, but rather delete or format a disk falsely believing all the data is gone.
A friend of mine recently bought a new fancy rig costing $2,000 or so. When I asked him what he did with his old system, he said he sold it on craigslist for $550 to help fund the new purchase. "Did you put in a new hard drive?" "No, but I reformatted it."
There is a misconception among those unfamiliar with the inner workings of computers that deleting files and formatting hard drives removes data completely. Think back and try to remember all the files you deleted over the past 10 years. Did you ever delete financial data, such as accounting spreadsheets, bank numbers, credit card data, or personal information? How about scanned documents, such as mortgage paperwork, driver's licenses, birth certificates, or pay stubs? What happened to those computers or hard drives with which you think you deleted those files from? Did you sell the PC like my friend, donate it to an organization, or just throw it away? Who has used that computer since, and what may they have found? These are all important and scary questions.
I recall a thesis paper written by some graduate students from the Massachusetts Institute of Technology that outlined this very threat. They had purchased 150 or so used hard drives from eBay to study how much personal data was left on old systems. They reportedly found medical records, email correspondence, corporate financial data, illicit personal photographs, thousands of credit card numbers, and even an ATM drive with numerous bank accounts. This is a very real concern for every computer owner, especially my friend now that the system is out of his possession.
What Deleting and Formatting Really Does
I proceeded to give my friend a little education on how computers store information and what deleting and formatting actually does. Basically, the hard drive is broken down into sectors in which the data is stored. In the figure below, suppose File A is a Tax return for 2007. 2008 comes around and you delete 2007's record and the file appears gone. All that has happened is the Operating System (OS) has marked those sectors as available and removed it from the user's view. It is still easily recoverable through a variety of software. The file still exists and is in just as good of shape as before you deleted it.
Posts
0 comments:
Post a Comment