Tales from the toolroom - cautionary about binning hard drives

[AlbertLionheart]

For some time now I have been making sure that all hard drives are removed from machines being taken to the local tip (not sure what you would call in in the USA but maybe community recycling point?). The story has been that any machine dropped off there for recycling is stripped of components instead of what is supposed to happen which is that it is refurbished before being sent off to countries where even the old stuff is useful.
These components are either sold to metal recovery experts (there's gold in them thar bits) or in the case of hard drives, shipped off to places in West Africe where the contents are checked for any useful data such as bank account details, passwords and so on. Having worked there I can believe it.
Today I heard from a new client who was wondering how someone had succeeded in hacking into an old bank account and was using it for money laundering. After some discussion I found out that he had thrown an old laptop away and had taken the trouble to deliver this to the local tip for recycling, and we came to the conclusion that this was the most likely leak - unproven but because it was an old account the most likely.
Interestingly, the 'new' user of the account had not changed any of the details so the 'proper' owner of the account was able to close it after changing the password and telling the bank what had happened.
Someone somewhere is going to be very angry - not telling how much was in there when the lid slammed down but it was nearly into 5 figures.
Moral - take your hard drives out and keep them in the attic!

 

[Spyder_1386]

haha, classic tale of taking from the rich and giving to the poor! Good one.

Spyder_1386

 

[NetCablesPlus]

I have heard recommendations that the only safe way to dispose of a hard drive is to physically shred it.

 

[AlbertLionheart]

Probably right - but not many of use have a hard drive shredder I think!

 

[bobcat]

Here’s my alternative suggestion in 5 easy steps. When you discard a hard drive:

1. Change all your bank and other account logins.
2. Stick a label on the HDD with the name and logo (get it from the web) of a large international bank and the description: “Big Curstomers’ Accounts”.
3. Shred the HDD with a standard software shredder, but don’t overdo it.
4. Bang the HDD with a hammer to just bend it, again not excessively.
5. Drop it in a conspicuous place at a major tip where it would not be easily covered and hidden.

That’s it!

Now let those West African or what have you crooks spend the rest of their lives trying to recover the info on it.

 

[SNGX1275]

I've only tossed 1 hard drive where I didn't first open it up and remove the magnets. Its going to take some dedication for someone to remove the platters or refit magnets to get at the data on the drive... I suppose its not too much more effort to take a hammer to the platters after pulling the magnets, thats about as safe as any other physical destruction method.

 

[AlbertLionheart]

@ bobcat - I like that idea. I might just take the platters out first, though!

 

[bobcat]

I don’t think you’ve got the idea. The objective is not to make them give up before they start. On the contrary, they should keep hoping and trying. That’s why I said that the disc should not be shredded and damaged excessively.

Ideally, in the end they should manage to recover a fair part of the disc content, but only after much time, effort and money. Then they would meet the disappointment of their lives as they discover that the hard earned content is useless.

 

[DelJo63]

If I can't reformat the device (which is marginal at best) --

I take my hammer to the thing and use the 'ball end' to be sure to crush the platter(s).

 

[AlbertLionheart]

@ boibcat - I go the idea OK - and what I meant in my reply was to take the platters out and then put the cover back on again.

 

[werepossum]

Assuming the drive is running:
1) Delete all sensitive data.
2) Format the disk.
3) Make copies of useless data until the hard drive is full.
4) Soak it in rubbing alcohol for a few hours.
5) Slam it to the pavement a few times.
6) Wrap it in old newspaper with some scraps, then place it in a baggy.
7) Throw it in the dumpster or trash just before it is picked up.

Really, any two of these will solve all your problems. Throwing away the hard drive inside the computer is where things get really dangerous. My cousin bought an old computer at a yard sale which turned out to be loaded with data from a local accounting firm (no idea if the data was sensitive or not.) Luckily I knew one of the firm's principals and was able to warn him not to throw away computers with functional hard drives, but it's unfortunately really common.