Over the past 15 years, the increasingly rapid evolution of technology has resulted in new computers or mobile phones becoming outdated in a matter of one or two years. Chances are, you've gone through no less than ten digital devices in the past decade, if not more. It has become standard practice to upgrade to a newer device and often sell, donate, or discard the old one. Or you've received a new computer or mobile phone for a holiday gift and need to get rid of the old one.
What did you do with all of your old devices? Some may be in your basement, others were given away, and you might have hocked a few on eBay or Craigslist. Did you know it is very likely that you inadvertently put all of your digital data in someone else's hands if you no longer have the device?
I recently bought 20 laptops, desktops, netbooks, notebooks, tablets, Macs, and mobiles through Craigslist, all from sellers located within 90 minutes of my home. Of the 20, three of them had never been wiped, meaning that I bought the devices exactly as they once sat on someone's desk. The original owners had made no effort to clean out the data, which meant that I was able to access the records of their entire digital lives. Seventeen of the devices had been wiped, meaning that the seller took the time to reformat or reinstall the operating system. Of the 17 wiped drives, seven contained remnants of the previous users' digital lives. Despite the effort made to reformat or reinstall the operating systems, there were partitions and leftover data on the drives.
After having spent the past few months working with a forensics expert, I've come to the conclusion that even if you wipe and reformat a hard drive, you may still miss something. IT professionals tasked with data destruction use "wiping" software, and you can too. But after what I've seen, more needs to be done. This means external and internal drives, thumb drives, SD cards, and anything else that stores data really should be destroyed.
So whether you destroy an unwanted drive with a sledgehammer, or use a drill press to turn it into Swiss cheese, or use a hack saw to chop it into pieces, and then drop those pieces into a bucket of salt water for, oh, say a year, just to be safe, for your own good, don't sell it on eBay or Craigslist.
Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube. (Disclosures)
Follow Robert Siciliano on Twitter: www.twitter.com/RobertSiciliano
root@machine:-name:# dd if=/dev/zero of=/dev/sda bs=16M
( You could also throw urandom in there for extra measure. )
I personally physically destroy the hard drives by tossing them into a drive shredder. End of story. No one gets my drives.
Here's a secret: computers have been getting outdated in under a year since forever. Phones have, too.
The only difference is that the features are now out of the solely "early adopter" or "geek" realm (to a large extent) so people can get away with lazy writing like this.
You should also routinely encrypt all your drives. TrueCrypt is free and works well.