14 DAY TRIAL // In a new research, carried out by computer experts from BT's Security Research Center and the University of Glamorgan, in the UK, more than 34 percent of second-hand hard disk drives (HDD) proved to still contain sensitive information, even after being disposed of. The study focused on 300 such units, which had been bought at random from computer fairs, or from online market sites such as eBay. The disks came from the UK, the US, Germany, France and Australia, and contained bank account numbers, social security numbers, medical records, private e-mails, classified military data of top-secret projects, as well as other information.
Professor Andrew Blythe, a computer forensics expert and principal lecturer at the university, said that the HDDs found containing sensitive information were either directly disposed of, without the former users taking any precautionary measures of protecting their privacy and their documents, or subjected only to surface deletion procedures, which were not, by a long shot, enough to rid them of their contents. The expert also added that most people and businesses were still unaware of the high volume of data that could be stored on an HDD, and that this data required special steps to be permanently made unavailable.
The study, which will appear in the upcoming issue of the Journal of International Commercial Law and Technology, also shows that firms and people that inappropriately dispose of HDDS subject themselves to the risk of having their identity stolen, or to losing sensitive company data. The latter can cause severe damage to any enterprise, especially if it's one dealing with very important projects. For example, on one of the disks that were recovered, the experts found classified details of THAAD missile test launch procedures.
The THAAD (Terminal High Altitude Area Defense) system is being developed by the United States Army, and is meant as a deterrent to ballistic missiles that could be launched by “rogue” nations, such as Iran and North Korea. The weapon is able to hit targets even outside the atmosphere, and the intricate details of the launching operations were up for grabs on one of the disks, bought from eBay. “It's not rocket science. I could probably take somebody who is 14 or 15 years old and in a day have them doing this,” Blythe said of the procedure he used to recover the data.
He also cautioned companies such as the Lockheed Martin US defense group, of which classified data were also found on the hard drives, that they needed to take extra steps to ensure their privacy from terminated equipment. “It is clear that a majority of organizations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks. Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly,” the BT Information Security Research Head, Dr. Andy Jones, added, as quoted by BBC News.