The Curmudgeony Librarian writes “A recent study from the Information Security Research Group (ISRG) of the University of Glamorganin, Pontypridd Wales has revealed serious computer security breaches arising from used computer disk drives, purchased from various public sources. The study finds that many of these drives have not been wiped at all. Further, they found that of those disk wiped, the university was able to recover data from them through the most basic methods of data recovery; methods which are commonly know in the computing world. Among the data found, were sensitive business record, personal identity information, and children’s school records including psychological information.
People should be reminded that almost all electronic information could be recovered from old computers. It is only a matter of the tools used and the skill or desire of the salvager. The only true way to secure a hard drive is to remove it; smash the old drive with a hammer, making sure to shatter the disk wafers within; then burning said wafers.”
recycle bin
“The only true way to secure a hard drive is to remove it; smash the old drive with a hammer, making sure to shatter the disk wafers within; then burning said wafers.”
I teach a class on basic Windows at the library and this is part of my standard spiel when discussing the Recycle Bin. After I explain that simply putting it in the Recycle Bin doesn’t really delete it either, you have to at least empty it. (there’s a big learning curve out there)
I do distinguish between a personal computer and a small business computer. I don’t think the time and energy in retrieving info off a personal computer would justify going to the extreme of hammering out the harddrive. There are so many other ways people track down financial info in larger amounts.
Maybe outside CONUS…
United States government hard drives are theoretically never supposed to be excessed out with data on them. Such things are supposed to be wiped thoroughly. The Department of Defense has always had one marvelous program or another for doing this (which is known openly as it was talked about often in Ziff-Davis published trade rags). Outside the United States Government standards can be much, much, much lower in terms of security for excessed materiel of course. This is a case where the federal standard for how things should be done might actually be a good idea to adopt.
Of course, since my father (a “computer specialist”) plays with this sort of stuff at work and more often than not has to apply “The Thor Hammer” to recalcitrant hard drives that won’t wipe, I will pass the article on to him for his amusement.
Re:Maybe outside CONUS…
I support the rigorous standard, but then again, if the Alphabet soup agencies FBI, NSA, MI6… *really* want that data, I’m betting the secure government standard is *almost* enough to wipe the data.
then again I do tend to somewhat paranoid.