Discarded computers, even those with "erased" disk drives, may harbor confidential information such as credit card numbers and medical records, two MIT graduate students found.
Scavenging through the data inadvertently left on 158 used disk drives, the students at the Laboratory for Computer Science found more than 5,000 credit card numbers, detailed personal and corporate financial records, numerous medical records, gigabytes of personal e-mail and pornography.
The disk drives were purchased for less than $1,000 from eBay and other sources of used computer hardware. Only 12 were properly sanitized.
"There are many stories in which somebody has bought a used computer and found confidential information on it, but nobody has ever quantified the scale of the problem," said Simson Garfinkel, one of the students. "So we decided to find out."
Results from the study, which Garfinkel performed with Abhi Shelat, are being published in the January/February 2003 issue of IEEE Security and Privacy. The research suggests that the secondary market is awash with confidential information, although work needs to be done to get more accurate statistics. More than 150 million disk drives were retired from primary service in 2002.
Of the 158 disk drives acquired, 129 were functional. Of these, Garfinkel and Shelat found 28 disk drives in which little or no attempt had been made to erase any information. One of these drives, Shelat says, had apparently come from an automatic teller machine in Illinois and contained a year's worth of financial transactions.
Attempts to erase information from the drives were usually ineffectual. On many disks, files that would typically be found in the "My Documents" folder had been deleted, but they could be recovered using a simple "undelete" utility. Undelete programs work because deleting a file does not actually overwrite the blocks on the computer's disk that are used to hold the file's information.
Roughly 60 percent of the disks were formatted before they were sold, but even formatting did not properly sanitize a disk because the Windows "format" command doesn't actually overwrite every block--"the format command just reads every block to make sure that they still work," Garfinkel said. "To properly sanitize the hard drive, you need to overwrite every block."
On one of the "formatted" disks, Shelat found more than 5,000 credit card numbers.
Roughly 45 percent of the disks contained no files at all and the disks could not be mounted on the computer. Yet the data could still be retrieved by reading each block of the disk using special tools.
A version of this article appeared in MIT Tech Talk on January 29, 2003.