Computer forensics, the discipline of recovering data from a hard disk drive or other digital medium, has become better known in recent years as highly sensitive data such as photos or personal details have been lifted by the authorities, researchers or criminals. Cyber crime and data misuse has become a real threat to individuals and corporations as their sensitive data is exposed whenever a hard disk drive is improperly disposed of.
In this most recent example of this issue, media reports featured an ongoing research project conducted by three universities – Longwood University in the USA, Glamorgan University in the UK and Edith Cowan University in Western Australia plus BT [British Telecom] and Sims Recycling Solutions.
The project is in its fourth year and the purpose is to create public attention as to the risk to personal and corporate data posed by carelessly discarded computer equipment which often contains massive amounts of unsecured personal and commercial data. The technicians involved in the study used applications and tools that are available from the internet and can be used by someone with simple knowledge of computers to recover the data left on the drives. The technicians often found that the data was readily readable as it had not even been deleted or wiped using basic instructions.
Probably the most startling result from the project was the retrieval of sensitive details of a US military missile air defence system located on a second-hand hard drive bought in an eBay auction. The data related to test launch procedures for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system, used to shoot down Scud missiles in Iraq. The same disk also apparently had security policies, blueprints of facilities and personnel information belonging to technology company Lockheed Martin – the company which designed and built the system.
The project analyzed data recovered from more than 300 hard disks bought at computer auctions, computer fairs and eBay. In addition to the missile plans, the project also uncovered other sensitive information including bank account details, personal medical records, confidential business plans, financial and accounting company data, personal PINs and job requirements. The disk drives were bought from the UK, USA, Germany, France and Australia.
The project found that just over a third of the hard disks scrutinised contained ‘information of either personal data that could be identified to an individual or commercial data identifying a company or organisation’. The project researchers commented that many of the disks examined contained sufficient information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail and identity theft. Many businesses were probably unaware that they could be acting illegally by not disposing of this kind of data properly.
According to a spokesperson for Sims [which runs the largest electrical recycling plant in Europe] around 90% of the PCs received by them for recycling have already had had their hard drives removed. However, there was uncertainty as to who had actually removed the disk drives, the original owner, the recycling agent or a third party. A worrying trend is the report that in Nigeria discarded phones now sell for 50% more if they have data left on them by the user.
Intellisec provides forensic investigation services for companies around the world. For more information visit Forensic Accounting.
