Think you deleted that sensitive data before selling your PC? Think again.
More than half of people who toss computers in the garbage or sell them are leaving sensitive data on their hard drives, making it possible that a snoop could steal their identities, according to a paper to be published early next year in the International Journal of Liability and Scientific Enquiry.
Despite the increasing use of personal computers, fewer people are effectively wiping the memory of their discarded PCs, according to the report, written by Andrew Jones, British Telecommunications's head of information security research, and Glenn Dardick of Longwood University, in Farmville, Va. Jones, Dardick and researchers from Edith Cowan University in western Australia and the U.K.'s University of Glamorgan found that only 33 percent of the disks they tested in 2007 had been properly wiped clean of sensitive data, compared with 45 percent in 2006. The researchers plan to have 2008 statistics ready by the end of the year.
Of the 133 disks obtained in the U.K. at computer auctions, computer fairs or through eBay.com, 59 (44 percent) were unreadable. Of the disks that could be read, 38 percent were totally blank and no data could be recovered from them. The rest, however, contained enough information to identify the computer's previous owner, whether a business or individual.
Another 167 disks were obtained in Australia, Germany and North America. The number of disks that were unreadable varied from 71 percent in Germany (where 42 disks were examined) to 8 percent in Australia (where 79 disks were examined). The 2006 figures were very similar. While the proportion of the disks wiped in the U.K., Germany and Australia ranged between 32 percent and 42 percent, only 19 percent of the 46 disks from North America were wiped.
Researchers found illegal material on 22 of the 300 hard disks they examined using open-source software tools downloaded for free from the Internet. This material included audio and video files as well as pornography. Researchers suspected they had found pedophilia on two of the disks and passed them onto law enforcement officials.
Some of the more interesting findings: Social Security numbers and the result of drug tests from a U.S. company that makes sprinkler systems; bank account, federal ID and Social Security numbers from a U.S. attorney's living and deceased clients; and a court document from the family court in New York's Duchess County regarding the sexual molestation of a minor.
The authors warn that the simple act of deleting a computer file—such as dragging it to the trash can on the computer screen and then emptying the trash—does not actually remove that file from the computer. It simply deletes a record of the file from the computer's hard drive directory.
As Clay Shields, a Georgetown University professor of computer science, explained in January 2005 in a Scientific American.com "Ask the Experts" column, a computer doesn’t actually "delete" the file until it needs the space the file sits in.
Given the amount of data stored on mobile phones and other wireless devices, this is not just an issue for PC users. The researchers recommend, among other things, encrypting data whenever possible or even removing and physically destroying the hard drive.
We’ve heard a hammer works quite well. Makes it hard to sell the computer, but it also makes it hard to sell your identity.
(Image courtesy of iStockphoto)