Don't leave information on old hard drives
Takeaway: Organizations replace computers for all kinds of reasons, and they often donate or sell the old hardware. However, many fail to effectively erase the data on the old hard drives. Jonathan Yarden examines this growing threat to data security, and he offers tips for making sure you safely get rid of old hardware.
It doesn't surprise me that many people fail to understand the basic workings of computer systems, and yet they can still use them effectively every day. But it does disturb me that there are so many people using complex machinery that they know nothing about—or even care to learn.
I've generally found that computer users fall into two general categories: Those who are aware of the components of a computer system, and those who don't want to know the details. Of course, knowing the details of computer systems can mean the difference between a potential issue and a disaster.
We're all painfully aware of how many people fall into the "don't care" category—those are typically the folks that get hacked systems, virus or worm infestations, or botched software installations. But this isn't the only result of such ambivalence. Another potential issue is information left on old hard drives.
I've avoided selling my old hard drives for this reason. But I thought most companies were aware of the risks and already used a data-erasure program such as MediaWiper. If the old data was really sensitive, I assumed companies would take steps to physically destroy the old hard drives.
I thought everyone knew that deleting a file doesn't erase the file data. Of course, we all know that old saying about making assumptions.
After reading a number of articles about the presence of sensitive data on old hard drives, I decided that I would investigate the matter myself. I found an older machine with a working IDE hard drive and installed it into another system as the secondary drive. Then, using the WinHex program, I started browsing around the drive.
I decided to visit data sectors in the middle of the hard drive, and sure enough, I found a lot of information. The hard drive was part of a computer used by a former employee—and I found enough damaging information that would have led to this employee's termination long before he quit on his own.
After looking around for a bit more, I decided I had seen enough. That was all it took to convince me that there really is a serious security issue with old hard drives. How serious depends on what's on the hard drive itself, but I would say that the majority of companies don't sufficiently address this risk.
Organizations replace computers for all kinds of reasons, and the machines often end up in yard sales, auctions, or local computer resellers' shops. Identity theft and misuse of personal information is often an unexpected consequence of failing to effectively erase the data on old hard drives. Although this may sound unlikely, it's even feasible to continue to read the "signature" of old hard drive data after someone has overwritten it.
There are a number of free data-wiping utilities on the Internet. One of the most ingenious programs I've found is Darik's Boot and Nuke (DBAN).
This is a complete, self-contained Linux boot floppy that does exactly what it says: It erases the data on any hard drive connected to the system you boot it on. After returning the hard drive that I had inspected with WinHex to its computer, I booted DBAN, and away it went.
The bottom line: Before you relegate that old system to the storage room, donate your old home computer to charity, or sell it, use a data-erasure program to wipe that hard drive clean. If you really want to destroy the data, you'd be amazed how flat you can pound an IDE hard drive with a sledgehammer. Haven't you always wanted to do that just once? If you have an old hard drive, now is the perfect time.
Miss an issue?
Check out the Internet Security Focus Archive, and catch up on the most recent editions of Jonathan Yarden's column.
Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.
Print/View all Posts Comments on this article
 Low Levelwwood@... | 01/27/06 |
 and ...stress junkie | 01/27/06 |
| great utilityBeilstwh | 01/30/06 |
| DoD Secure Erasure AlgorithmDaniel.Muzrall | 02/01/06 |
| Missing the Point with this FREE Creative Solutiondonaldcoe@... | 02/09/06 |
| cleaning hard drivetf585@... | 03/01/07 |
 You obviously mis-read somethingw2ktechman | 03/01/07 |
| Machine ShopPalmetto | 03/02/07 |
| Nice -- have they made any HDD Art yet?w2ktechman | 03/02/07 |
| window washerprince2browser@... | 03/02/07 |
| Shred them!techproguild@... | 06/15/07 |
| DBANChoppit | 01/27/06 |
| DBAN Rocks!!!dlauer@... | 01/30/06 |
| I have found some problems with SCSI Drivesdlauer@... | 02/08/06 |
| great tool - policies lacking!seyffu@... | 02/07/06 |
| Dude, I am going to try that....faradhi | 01/27/06 |
| AgreedNeil Higgins | 01/28/06 |
 Well..Andrew06 | 01/30/06 |
| Information on magnetic mediaNeil Higgins | 01/30/06 |
| It wasn't the Commies, it was IranBrokenEagle | 01/30/06 |
| A little paranoia is goodcjoel.harrison@... | 02/09/06 |
| Failed drive?straightshooter | 01/30/06 |
| Old often = failedrosearch@... | 01/30/06 |
| Failed drive data redoveryJimTheEngineer | 03/01/07 |
| Shredding those "Bits"r.pooler@... | 03/01/07 |
| data removal methodfastpaw@... | 01/30/06 |
| Another wayyahbblack | 01/30/06 |
| That's how theyDr Dij | 01/30/06 |
| Sounds likegregk@... | 01/30/06 |
| Drop it into the oceanneildsouza | 01/30/06 |
| Things found in rivers...compguy | 01/30/06 |
| Think environmental friendlyth7711 | 01/31/06 |
| We use cyberCide for data erasureba@... | 01/30/06 |
| Levels of data removalgshollingsworth | 01/30/06 |
| Like locking your carmdhealy@... | 03/01/07 |
| How to Destroy a HDD in 15 easy stepschristopher@... | 02/01/06 |
| One question.faradhi | 02/02/06 |
| I think I know what #14 is.....dlauer@... | 02/02/06 |
| Step 14 was left outchristopher@... | 02/02/06 |
| OWWWW!jcerise@... | 02/09/06 |
| thoroughgshollingsworth | 02/10/06 |
| FUN, but here's an easier and more THOUROUGH waybtljooz | 03/01/07 |
| But you lose having the funw2ktechman | 03/02/07 |
| old hard drivesBluron | 02/09/06 |
| My experiencecustomsunlimited@... | 03/01/07 |
| HDD Speakerdcrandell@... | 03/01/07 |
SponsoredWhite Papers, Webcasts, and Downloads
- New Release - Diskeeper 2008 with InvisiTasking: It's Smart. It's Transparent. It Will Take Your PC from Zero to Sixty--Automatically! Diskeeper
- Economist Intelligence Unit whitepaper: "Enterprise Knowledge Workers: Understanding Risks and Opportunities" SAP
- Live Webcast: Optimized Virtualization ZDNet
- The Shortcut Guide to Managing Disk Fragmentation - Chapter 1 Diskeeper
- Streamline IT Operations and Drive Innovation Across Your Company SAP
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
