Friday, April 18, 2003

Are There Secrets on Your Hard Drive?

Are There Secrets on Your Hard Drive?
Content written by Pamela Appea for KPTM-Fox 42
Originally posted April 18, 2003

You may have heard recent warnings about protecting your private information when either selling or dumping your computer. It could be as risky as throwing away your wallet, with all your credit cards and personal IDs inside.

Is there a foolproof way to make sure that data disappears? Your may have wanted to do this to your computer at one time or another. But it may actually be a good idea if you’re about to replace it with a bigger, better model.

“Your personal data is at risk when somebody resells a machine,” said Mark McLaughlin, an expert with Computer Forensics International.

Just ask Todd Baitsholts. He has an old computer he wants to give away to charity. First, he reformats the hard drive, and then he reinstalls Windows. “We hope to erase all the data. And not have it accessible to anyone,” Todd says.

That should do it, right?

To find out, Todd agrees to let computer expert Kevin Kranz take a look at the machine. Here’s what Kevin found.
“These are all the directories; I was able to get information from,” said Kevin. “These are old invoices, financial data, a treasure trove for someone who might have identity theft on their mind.

It took me about 35 to 40 minutes to get this data,” said Kranz. The list of recovered files takes up pages and pages.

“It is suprising that they were able to get this much information off of there,” said Todd. And Mark McLaughlin says, “Well, a file is never really deleted until it’s overwritten. And that’s a very fundamental issue in computer forensics.

Todd wasn’t the only one at risk.

McLaughlin tested eight hard drives purchased at a second hand store about the country, “We found some unbelievable things. Credit card numbers. Social security numbers of celebrities, of Oscar-winning actors,” said McLaughlin.

But, there is a way to give yourself peace of mind. One person to call is Jitendra Suthar. Suthar’s business takes in hundreds of old computers every month around Omaha. His technicians will get rid of all of your sensitive information for you. But he knows not all computer re-sellers will take time to do this, unless you’ve specifically told them to.

Suthar owns Computer Renaissance in Omaha. “Whoever you are giving it to, either take an agreement from them that they will do it, or like a lot of companies do, they will do it before they hand it off. And on an individual basis, like you know, my home computer or anything like that, I would do it myself before I let it go,” Suthar said.

Even as this graveyard for government computers, KPTM selected three discarded hard drives at random and had them tested. Guess what? There’s undeleted data galore. So how can you protect your data? Reformatting it doesn’t do it? It makes the file inactive. But the file contents are still there,” said Mark McLaughlin. And while erasing data magnetically helps scramble the files, even it is not foolproof.

“What they should do first, is wipe the drive,” said McLaughlin. You can buy software that scans the disc and bit by bit overwrites the old data. In other words, the program replaces the important stuff with frivolous numbers.

But, this process takes time, in fact it can take anywhere from three to 20 passes. “And when you overwrite it so many times, it’s unrecoverable,” said Mark. The software costs about $40. But the best method for making that data disappear, according to McLaughlin, is both free and easy.

“What I recommend is taking the drive out of the machine and taking a drill and running a drill through it several times,” said Mark. “You can use a drill or a hammer—whatever it takes to physically destroy the drive.”