Do a quick inventory in your head: how many old computers, cellphones and smartphones do you have stashed in your basement or dumped in a desk drawer that you don’t intend to use because they’ve been replaced with the latest and greatest model?
Perhaps you haven’t gotten rid of these devices because you’re aware of the personal data is still enclosed within their hard-drives and memory cards. If you have sold, recycled or thrown away systems such as this, though, did you take the proper steps to remove this data?
There’s plenty of people who haven’t. And that poses a problem.
Your Data at Risk
It the type of story that shows up almost annually, a person buys a couple dozen devices on eBay, finds loads of personal information still on them and shocks the country with the details people carelessly threw away.
In fact, earlier this year Robert Siciliano, a personal security expert, did just this. He purchased 20 laptops, desktops, netbooks, notebooks, tablets, Macs, and mobiles through Craigslist. Of these, three had not been wiped at all. This means any personal information could be easily gleaned from the devices.
Data security expert Joshua Marpet, founder of the Delaware-based digital forensics company Guarded Risk who was once in law enforcement in Louisiana, said in an interview with TheBlaze that while the odds of becoming the victim of identity theft through these devices is not necessarily high, it’s not unheard of. You have to consider the severity of the losses if your data were to be maliciously obtained, he said.
From these devices, information such as your social security number, home address, preferred banking institution, mother’s maiden name, photos, personal correspondence, GPS location and more can be found. Combinations made from this information could lead to nefarious activities such as creating credit cards in your name or even robbing your physical home while you’re known to be away.
“I don’t think people realize exactly the kind of data that is on your hard drive and how people can recover it,” David Sun, founder of the D.C.-based SunBlock Systems, a computer forensics firm, told TheBlaze.
Sun said that through these devices criminals are marking their targets for identity theft using “very little time, effort and money.”
What You Can Do
You may not realize it, but it doesn’t take an IT expert to properly dispose of data and then get rid of your devices. Sun said cost is generally minimal and sometimes free.
Here are four things you need to understand about cleaning your system of data before you sell, recycle or donate your device:
- Deleting Is Not Erasing: As Mark Herschberg, an MIT graduate in cryptography who works for the tech consulting company FreelanceCTO, puts it “throwing out files form your filing cabinet into a dumpster may make them inaccessible to your filing system, but anyone who digs through your dumpster can put the pages back together and read your data.”
- Ditching the Hard Drive: When possible, you can remove the hard drive from your device completely. This will render the system unusable until a new hard drive is installed, but it does take care of the data issue. You can either destroy the hard drive or save it if some information is still valuable to you and worth maintaining.
- Shred Your Data: If you want the hard drive to remain intact and within the device, you can actually wipe the drive of your personal information that has accumulated over the years. One of the techniques Sun describes as a “Boot and Nuke,”such as Darik’s Boot ‘N Nuke, which is “somewhat easy” for the average user. Here’s essentially how it works: You download a program, burning it onto a CD. Booting up your computer with this program inserted, the software allows your computer to run off of its own operation system, instead of running on your hard drive. As Sun pointed out, if your hard drive were being used, you couldn’t wipe it. At this point, you follow the “nuke” steps to clear your hard drive of data. This final step could take hours to overnight depending on how much there is. This video shows how to use a program like this to wipe your hard drive:
- Cellphones and Smartphones: When it comes to smartphones, though, wiping data is a bit trickier. You can take out the phone’s SIM card, but there is still internal memory on the phone itself. Sun said that the smartphone industry has gotten smarter realizing the need for including a function that can clear phones of your personal information. Sun credits BlackBerry as being the first smartphone to allow for data wipes. Many smartphones also have functions that if your phone is stolen you can remotely clear the data. Some of these embedded and remote wiping functions conduct a factory reset.
There are always exceptions to the rule when it comes to wiping data, especially with cellphones and smartphones. For example, Siciliano says wiping Android devices might not eliminate all collected data, which he considers a “serious flaw.” But the extent to which a factory reset of a phone will wipe internal memory can be device specific, and even some providers, like T-Mobile, have said that users may need to specify the exact extent to which they want data deleted in these resets.
Even with these few exceptions where some amount of data could remain, most factory resets and wipes are “good enough” and would require forensic toolkits or highly specialized techniques to retrieve information. As for computers, as Sun points out, the “Boot and Nuke”-type wipes often overwrite hard drives seven times, which is the amount required by the Department of Defense for its devices.
If you have any more tips for clearing your devices of data before you get rid of them, share them in the comments below.
Featured image via Shutterstock.com.