Fabrice Tourre, The Fabulous Fab, Offers Cautionary Tale: Data Never Dies
Fabrice Tourre (a.k.a. the "Fabulous Fab"), the Goldman Sachs mortgage trader who has become synonymous with Wall Street shenanigans, has now become synonymous with something else: the worst possible way to dispose of an old computer.
Among the more titillating passages in a front-page New York Times expose about Tourre's private correspondence with his lawyers is a disclaimer that the newspaper obtained his e-mails via a computer someone found "discarded in a garbage area in a downtown apartment building."
The computer was then passed on to someone else, who noticed that it continued to pull down fresh e-mails -- messages sent to someone with Tourre's name, a name suddenly in the news. The e-mails, correspondence between the trader and his lawyers, discussed how to handle accusations that he and his employer, Goldman Sachs, had played a key role in engineering a near-financial apocalypse.
Most of us have more mundane matters taking up space on our computer hard drives, yet we would still rather avoid giving the world easy access to our private messages, be they fragments of past romantic associations, candid assessments of coworkers or mere reviews of the food at our friends' dinner parties. We would surely prefer to keep our personal finances and legal correspondence clear of the public eye and away from scam artists.
The Fabulous Fab was reckless, it seems, leaving his e-mail client program intact and not password protected, making it vulnerable to people with designs on finding a way in. Yet that recklessness provokes a question that resonates far from Wall Street and into every home office: How do you keep computer data truly private? And how do you put files in the trash, beyond prying eyes, in the digital age?
The Tourre case serves as a warning that without careful digital document shredding, data -- even on devices discarded in the trash and forgotten -- never really dies. The banker's casual approach to managing files on his computer underscores the need for greater vigilance among all owners of electronics, and in particular, the imperative to fully destroy documents on abandoned devices.
As Tourre would no doubt agree, the cost of losing the data on a cellphone or laptop can be far greater than the price of the hardware itself. Security experts warn that information stored on a computer can put someone at risk for identity theft and fraud, or even turn colleagues, cousins and colleges friend into targets for nefarious scammers and hackers.
With the information on your computer, someone "can almost take over your life," said Chet Wisniewski, a security expert with Naked Security, a blog run by anti-virus software company Sophos. "They can basically communicate to your friends, log into your accounts, and impersonate you because so many of us use the Internet as a primary communication mechanism for relationships, whether it's with the power company or with a person."
One of the greatest dangers is that on a computer or cellphone, "delete" doesn't necessarily do what it says. Erasing a file on a laptop essentially removes the arrow pointing to the data, but not the data itself. Wisniewski likened file deletion to erasing an entry in a book's table of contents; it removes a note telling readers that a piece of information is on page 200 of the book, while leaving page 200, and the information on it, intact.
Safely discarding a device essentially requires rewiring its brain, the hard drive, to induce amnesia.
To ensure photos, bank statements and love letters on a laptop, tablet or phone have been properly gutted, users must wipe the hard drive using the machine's Secure Erase tool, which offers the equivalent of "a loaded gun aimed right at your data." The feature acts as an e-shredder that overwrites all the tracks on a hard drive to destroy every last byte and bit of information that's ever been stored.
Using a blunt object also works. The most surefire way to discard of data is to physically destroy the hard drive itself, experts say.
Before his wife threw away her old hard drive, Phil Blank, an analyst with Javelin Strategy & Research, said that he "took a hammer to it, gave it a good whack" and "that was the end of that."
But users can't always plan for their devices' departure. The glitzy, pricy gadgets from the likes of Apple, Google, Sony and Samsung are vulnerable to theft, and experts say it's all but inevitable that these stores of personal and professional information will be lost or stolen at some point.
The growing memory of our gadgets and their portability has made it easier than ever to put data on these devices and then lose them, often without recourse.
"Now thousands of file cabinets worth of company data can be put on something that slips into your pocket," said Wisniewski. "The risk of data loss is much larger, whether it's intentional or accidental, because employees, for convenience, are able to carry around large quantities of data on something the size of my fingernail."
Experts suggest that users, at the very least, put passwords on their devices to prevent a thief from easily logging in. They also recommend encrypting the data, a process that turns the information on the gadget into gibberish to anyone that doesn't have the proper passcode required to unlock it. Encryption software can be purchased from companies like Norton, downloaded for free from open-source providers like TrueCrypt, or found as an optional setting on some gadgets, such as Apple's iPhone, that users can set up at their convenience.
Yet even the best data defenses can potentially fall to determined attackers.
"Fraud often trumps security," said Blank. "Security guys think in square boxes, and fraudsters think outside the box."