Beware the skeletons in your reformatted hard drive

[Guest Beware]

 

Beware the skeletons in your reformatted hard drive

Passport details, credit card information and even nude pictures were found by the programme Trash Trail on second-hand hard drives sold at Sim Lim Square.

By Desmond Ng Posted 19 Feb 2017 16:53 Updated 19 Feb 2017 17:34

Compromising photos were among the data recovered from reformatted hard drives sold at tech stores.

 

SINGAPORE: Delete all personal information on computer - check. Reformat hard drive - check. Send hard drive to IT shop to clean it again - check.

After all those preventive steps, you would think that all your personal data including private pictures, bank and credit cards details would be wiped and safe from prying eyes.

 

Well, think again.

Channel NewsAsia documentary The Trash Trail investigated and discovered nude pictures, passport details and even blueprints from a marine engineering company on hard drives that had been reformatted and declared ‘clean’, before being re-sold to consumers.

The documentary also surveyed 1,000 Singaporeans to find out what they did to their electronic devices such as computers and tablets before discarding them - and surprisingly, about 24 per cent of them did nothing, while 37 per cent only reformatted it once.

The episode airs on Monday, Feb 20, at 8pm (SG/HK).

To find out if one’s information is truly deleted from used hard drives, Trash Trail producers bought nine used hard drives from different shops at Sim Lim Square. All the shops said the hard drives had been reformatted, with all information erased.

WATCH: The investigation (2:41)

 

 

 

One salesman said: “(Sometimes) the users’ computer is not able to start up, so they cannot clean it up. When we purchase it, we will use our software to clean it up, to make sure it’s empty before we sell it second-hand.”

The nine hard drives were handed over to Associate Professor Biplab Sikdar from the department of Electrical and Computer Engineering at the National University of Singapore to evaluate. He specialises in how data can be safely transferred, stored and accessed.

The results were shocking. Dr Sikdar found personal information on five of the hard drives, and three had compromising personal photos on them.

They included nude pictures of someone who had presumably gone for plastic surgery. “Personally, I was very shocked to find these kind of … embarrassing and compromising pictures,” he said. “If it went to the wrong person, they might easily blackmail you.”

He also found the passport details of a person with his date of birth, medical records and another person’s bank details - all of which could be used to steal someone’s identity.

And he retrieved sensitive corporate materials from two hard-drives which once belonged to a big offshore marine engineering firm.

“They make ships. And what surprised me was that I found blueprints for the ships here.

“I would have thought that an industry, when they’re disposing of their older laptops, they would be more careful in cleaning up their stuff,” he said, adding that the information could potentially be used for fraud or corporate espionage.

While Dr Sikdar verified that all the nine hard drives had been reformatted, he was able to use software that is easily found online to extract the information.

“Think of your disk like a library… When you delete or format your disk, what happens is that the catalogue is gone. But the books are still there,” he said.

There are several ways to completely destroy your data on a hard drive, he said.

This includes degaussing the hard drive with a powerful magnet at a computer centre to wipe them clean, using software to overwrite all the info, or smashing the hard drive to bits.

CAN'T DELETE PERSONAL DATA ON E-COMMERCE SITES

But there is personal data floating around online that is even trickier or impossible to get rid of - particularly on e-commerce websites.

Many consumers typically provide their personal details such as phone numbers, credit card details and addresses when signing up at such websites. But deleting their accounts is not so simple.

Singapore online shopping site Ezbuy’s co-founder Wendy Liu said that it is not possible for consumers to completely delete their account. Deleting the app on one’s mobile device only gets rid of the app and some temporary data stored.

“But when you install it again, everything from your payment to your order history will still be there.

We have to make sure (these) are kept in our database safely for five years. It is a legal requirement,” she said.

Ms Liu assured Trash Trail that all the data is safeguarded in a database server which has limited access and is equipped with firewalls and encryption. Credit card information is usually stored with a third party.

With more organisations collecting personal data, the Personal Data Protection Act (PDPA) was enacted in Singapore in 2012 which regulates how one’s personal data can be collected, used, disclosed and maintained by organisations.

Christopher Chan, head of legal and government affairs at online grocer RedMart, said that under the PDPA, companies are allowed to keep their data on a consumer for legal purposes or account purposes for a certain number of years.

This is so that if there’s an investigation against the company or customers, or of financial fraud, they need to keep that information accessible so that they can report to the authorities.

He said: “So it doesn’t actually get deleted, but it gets held back with restricted access to it.

“It’s almost impossible to delete all your information online. There’s always going to be some remnant or trace of it.”

Watch more on The Trash Trail on Monday, Feb 20, 8pm (SG/HK).

- CNA/yv

[upshot]

Heheh good article but I think this article is a bit on the scare-mongering side.. But again it depends on how IT savvy you are. You want to hold dangerous files on your devices? then you need to know how to prevent it from being compromised. There are many ways around them but only if you are willing it. But if you are old fashion person who only know the simple man way of using devices and you want to keep naughty things on your system, you are playing with fire. It is too easy to hack or expose your systems.

 

Be afraid. Be very afraid heheheh.

 

Maybe we should list out the ways to prevent that as much as possible and actually some of them has nothing to do with your device per say but how you as a human go about your sexual prowling and collecting your sexual files

Edited February 19, 2017 by upshot

[upshot]

Btw.. do those who post photos here... depending on what you did with the photo, you know they might contain information on you after you upload which if I download to examine might reveal. So GUEST MODE did not always mean you might really be hidden if you slip up and reveal something about yourself.

Edited February 19, 2017 by upshot

[Kenzz]

For me if my PC/tablet/hp etc,if beyond repair to play safe I will crush/remove parts n crush it too beyond recognition instead of selling or disposing it.so everything is safe for me and even my smartphone I will not sell it to others and will do the same.

[upshot]

Just now, Kenzz said:

For me if my PC/tablet/hp etc,if beyond repair to play safe I will crush/remove parts n crush it too beyond recognition instead of selling or disposing it.so everything is safe for me and even my smartphone I will not sell it to others and will do the same.

 

I rad the US military when they 'retire' a computer HDD.. they grind it to tiny bits heh.. Even if you snap a HDD disc into say one quarter piece, with a specialized tool it can still read whatever data is on it.  

 

The best way to ensure your HDD does not contain the files is to overwrite it entirely with new safe data. But to be sure, then add formatting, re-partition and then copy over it with normal data. You are pretty damn safe. Data are just Binary 1s and 0s. When you replace that same space with something new, it can NOT REVERSE itself back. This is not Hollywood movies heheh

[Kenzz]

40 minutes ago, upshot said:

 

I rad the US military when they 'retire' a computer HDD.. they grind it to tiny bits heh.. Even if you snap a HDD disc into say one quarter piece, with a specialized tool it can still read whatever data is on it.  

 

The best way to ensure your HDD does not contain the files is to overwrite it entirely with new safe data. But to be sure, then add formatting, re-partition and then copy over it with normal data. You are pretty damn safe. Data are just Binary 1s and 0s. When you replace that same space with something new, it can NOT REVERSE itself back. This is not Hollywood movies heheh

Thanks for the info, I I also dismantle into parts,crush it  and dispose it off in differrent bins on different days and pretty sure no info they get get it at all.

[upshot]

1 hour ago, Kenzz said:

Thanks for the info, I I also dismantle into parts,crush it  and dispose it off in differrent bins on different days and pretty sure no info they get get it at all.

 

This solution is not so much to throw away but to wipe a HDD clean if you intend to sell it or reuse your HDD in the office or on shared computers. This way, any one who come across your HDD using the device can not if he/she want to dig dirt on you by using special program to read deleted files  heheheh...

 

But if you are going to throw it away then best to dismantle the HDD, open it and break the set of discs inside and hammer them or use sand paper on them heh....I know it is wasting time but so is wasting time in JAIL if your naughty stuff are really hard cord shit.

 

NEVER EVER store your naughty stuff on the main C: drive directory but some external or secondary HDD that you can remove if you have to send your device out for repair so no one one can detect your notti stuff heheh. For sure high chance repair people will go thru your data after years of hearing stories of people keeping naughty stuff or private stuff in their devices. ( remember Edison from HK? )

 

I always believe in only OPERATIONAL DATA AND PROGRAM ON MY MAIN HDD. Keep all your personal stuff on external HDD under lock and key (removable HDD) or are encrypted with at least 128bit security.

[kaihuya]

Oh Yeah I watch that video clip today, pretty scary to known that other can still trace back your "deleted" data

[Kenzz]

19 hours ago, upshot said:

 

This solution is not so much to throw away but to wipe a HDD clean if you intend to sell it or reuse your HDD in the office or on shared computers. This way, any one who come across your HDD using the device can not if he/she want to dig dirt on you by using special program to read deleted files  heheheh...

 

But if you are going to throw it away then best to dismantle the HDD, open it and break the set of discs inside and hammer them or use sand paper on them heh....I know it is wasting time but so is wasting time in JAIL if your naughty stuff are really hard cord shit.

 

NEVER EVER store your naughty stuff on the main C: drive directory but some external or secondary HDD that you can remove if you have to send your device out for repair so no one one can detect your notti stuff heheh. For sure high chance repair people will go thru your data after years of hearing stories of people keeping naughty stuff or private stuff in their devices. ( remember Edison from HK? )

 

I always believe in only OPERATIONAL DATA AND PROGRAM ON MY MAIN HDD. Keep all your personal stuff on external HDD under lock and key (removable HDD) or are encrypted with at least 128bit security.

Noted with thanks

[upshot]

22 hours ago, kaihuya said:

Oh Yeah I watch that video clip today, pretty scary to known that other can still trace back your "deleted" data

 

Good you saw one of those kind of video. That's the problem with people who like to play with tech but not spend some productive time to learn how to use it and prevent abuse or spying in the case when you like to use those device to house what society would call illegal data.

 

A deleted file is still there when if you can see it once you press DELETE. The device simple CHANGE the first letter of the file from  sexpic.jpg to ?expic.jpg. This tells the device not to show that file anymore but it is STILL THERE for NOW. All a simple s/w that can find all files with that '?' and change it back to any letter not even 's' and wahlah!!.. it will show up that file once again in your file directory. So if you just format or erase a whole long of files and then the police bang down your door... don't smile so soon. They can still find all those information on it. heheheh

 

Unless on that same spot of that file, something NEW is overwritten and sitting on that same space in the HDD disc. But once something overwrite into that same physical spot on the harddrive, they it is unlikely to be retrieved. I say unlikely because, if the file is big like for example a 1gig movie. If you have other file to overwrite the 1gig movie, if it is smaller like say 500mb.. then the balance part of the movie is still on your physical HDD. With some s/w, people do not even need the beginning of the movie to detect a movie. They would have some way to recognize that it is a movie and they can play back whatever is left of the movie even if half is overwritten away permanently.

 

That is why I say if you want to completely wipe clean of all your notti stuff, you need to completely copy new things ENTIRELY OVER THE HDD's old data. When you do that, no s/w in the world can know what you had on it before. HDD is not so smart that it can "remember' what you had on it before you overwrite it heheh.. If you do, you have been watching too much TV spy show. A lot of spy tech on TV or movies are BS. heheh.