Friday 7 March 2008

A Hard Disk Shredding Story

These days most people think nothing of donating their old unwanted PCs to noble and worthy causes such as their local School, charities, or they do the “green thing” by sending their PCs to be recycled at their local rubbish tip or at the supermarket. This is all great and dandy, however I find more often than not personal data security is completely overlooked. So I’m going to explain these pitfalls in the form of a story…

Once upon a time there were three blokes, John, Colin and James who won a regional pub quiz championship sponsored by a major computer manufacturer, each of them won a powerful super quick Windows Vista PCs. The next day all three transferred their personal data from their old dilapidated PCs to their spanking new computers and then decided to do the “green thing” and drop off their old PCs at the local supermarket for recycling or charity donation if suitable.

John went through his old PC and very carefully deleted all his personal data files, and Email accounts, thinking it would be really useful to leave the Operating System intact so the PC could be instantly usable should it end up being picked up by a charity. Colin prided himself on being a bit of a techie, so decided to play it safe and formatted the hard drive. Meanwhile James not being so technically minded removed the hard drive from his old PC and smashed it into pieces with a sledgehammer, before dropping off the his PC at the supermarket computer recylcing container.

Several months had passed and all three had met up for their usual drink and quiz at their local pub. Colin asked how the other two were getting on with their new PCs. John always chocked on his pint and went to explain that he recently had fraud committed against his credit card, and was now really worried he could become an identity theft victim, all thanks to the new PC. It had transpired when he carefully removed his personal data files, he failed to remove his internet cache and history, so when his old PC ended up being used in a inner city youth hostel, the little angels were able to automatically log into several of his online accounts, and they attempted to purchase items and completely messed up his social networking site profiles. Colin smugly told John, “I told you should of formatted your hard drive”, before going on to laugh at James for being over the top with his hard disk smashing up.

Another month went by and all three met up at their local pub once again. But Colin wasn’t so smug this time, as he was in dispute with his bank after large sums of money had been removed from his account without his knowledge. It transpired his old PC was picked up by a charity and was sent to West Africa. While in West Africa fraudsters ran a data recovery tool against the formatted hard drive was able to recover 90% of Colin’s personal data files, which including his password document, which detailed the login details to Colin’s online banking. Needless to say James “the sledgehammer” got the rounds in and had the last laugh.

Taking a sledgehammer to a hard disk does do the job, but there is a less dramatic alternative to protecting your personal information before disposing of your old computer, which is to use a hard disk shredding tool. A hard disk shredding tool is a software application which can overwrite the entire hard disk with either 0s, 1s, or random characters. The number of times it overwrites the hard disk is know as a pass, the more passes it does, the less likely the original data can be recovered. The standard minimum is three passes, but most professional organisations will go with 7 passes which is the Department of Defence standard and in my view sufficient. But if you are really paranoid you can do as many passes as you like, or you could always breakout the sledgehammer like James.


There are many free hard disk shredding tools available, simply Googling “Free Hard Disk Shredding” should return plenty, such as http://www.fileshredder.org/. I also have a list of my own recommended free hard disk shredders on my main website.

So whatever method you plan to dispose of your old PC, just make sure you either run a hard disk shredding tool, or remove the hard disk, as there are people out there, especially in places like West Africa who make a living out of recovering personal information from donated computers from the West.

9 comments:

Anonymous said...

While a disk shredding tool may work, nothing is as satisfying as whacking the old drive with a sledge hammer a few times.

Rory McCune said...

Overwriting the disk once with a unix command like dd should work just fine. There's actually someone doing a challenge to data recovery firms on the basis that wiping multiple times is actually unnecessary on modern hard disks

http://16systems.com/zero/index.html

Anonymous said...

why not keep the hard disk for backup? its better than paying money for dvds and it wont scratch.

Anonymous said...

The story was told about three little home computer users No UNIX in the home usually so that is nice to know but I think its not very practical to the audience in this theater. But please rory keep us posted about the single pass and its effectiveness on modern hard disks.

Anonymous said...

DBAN - that is pretty much all you need. DBAN your drives before selling them on - and perhaps more importantly, when BUYING second hand drives. You have NO idea what might be on them, and no way to prove it wasn't you that put it on there once you have bought it and started using the drive - think about it.

Think the drive in the cheapo second hand laptop/desktop you just bought, what was it used for BEFORE you bought it etc etc.

I think DBAN does a read after write so performs a fairly good check that all your sectors are working / accessible, so two tasks in one.

Keep it up - iweua

Anonymous said...

I worked at a bank for a few months as a temp. We were updating PC's at their various locations. What they had done in the past was have the hard drives melted in a furnace into bars. They made great paperweights and the data was guaranteed not to be retrievable.

Anonymous said...

I've heard that you don't put a magnet next to a hard drive. It erases what is on the drive.

Does anyone know how large a magnet is necessary, and for how long?

How does a magnet compare to a Shredder program?

Anonymous said...

Just come across this interesting story !
I did it differently. I unscrewed all screws I found on the hard disk and so took out the disc plates. Then I gave away my old PC with the hard disk in pieces while keeping the plates.
So I have a couple of plates, like CDs, now in my store only.

Aspca said...

I very like Aspca stuff. I think your opinions are good.