Search Site.
Who is looking at your data?
If you are worried about hackers or the state
of your firewall, what about the data you willingly hand over to other
people?
Have you ever:
- Sold a personal computer or laptop?
- Given it to a relative?
- Donated it to a school or charity?
- Passed it down to an employee or colleague?
- Stored it away to deal with one day?
If this is the case and you have not had the data
professionally wiped from all the drives you could be storing up some of the
biggest problems you have ever faced. Your data is worth a great deal and
not necessarily just money; it could mean your reputation, your marriage,
family or business.
Data such as:
- Client details.
- Financial statements.
- Product development.
- Personal letters and photos.
- Employee records
- Sales/Marketing strategies.
- Passwords.
The list can go on and on and nothing you hold on
your computer would be illegal but can you say hand on heart that you would
want your best friend or client to know all about your life?
There was the case of the chap who sold a broken
laptop on the Internet much to the annoyance of the buyer. The laptop was
repaired and as vengeance the content of the hard drive was published on the
web; letters, photos, pornography.........
The University of Glamorgan purchased 100 personal
computers from eBay, over half had data from the original owners, most blue
chip companies, there to be read by anyone who wanted to.
If you would like to know the ins and outs of data
wiping read on but if you would just like our professional help call Free
Phone 0800 877 8443 now.
Certified data wiping to government standards...but more
importantly....peace of mind.
Click
here to see some of our clients.
Q. Do you know what happens to a file when you delete it on your PC? A. Nothing!
Whilst more criminals are becoming more technically competent, we are all storing more sensitive information on our PC’s. Now consider what you will do with your PC when it gets to the end of its life and you replace it. Deleting files merely changes an entry in the File Access Table, (FAT) on your hard drive, (HDD). The data is still there, and recoverable. You will need an IT professional to eradicate the information, and in extremely sensitive cases, the disk should be destroyed. You have an obligation under the data protection laws, not to mention the damage to your business if the information gets into the wrong hands.
Identity fraud uncovered.
Fraud is not a crime to the people who carry it out, it is a job. When one fraud door closes they find another to push open and find another ‘position’ to exploit you and your family. Whether it be your identity or your money, you are of no consequence to them.
Your computer holds so much data that they can use through Phishing, Pharming and especially all the data on your hard drive when you sell it or dump it at the council tip!
*Phishing, this is when you receive e-mails asking you to input personal information into a fake site such as eBay or any bank with an online presence.
**Pharming is when you inadvertently download a piece of software that records all of your keyboard strokes and allows them to be read and recreated by a crook. Prudent use of firewalls and anti-virus software will help protect you from this.
***If you don’t have your data wiped properly it could cost you a fortune and a criminal record! Business or domestic, your data is worth money, whether it be bank details, tax returns or skeletons in the cupboard.
Protecting yourself from identity fraud is possible, but the wisest approaches aren't always obvious.
Doing a thorough job means thinking about concepts like hard drive wiping, file system encryption phishing and Pharming detection--not everyday fare for many of us. To help you protect yourself from identity fraudsters, CJ Computing Ltd has compiled the following list of frequently asked questions and their answers.
How could identity fraudsters get my personal information in the first place?
It depends. Fraud artists can bribe employees of banks or credit card companies who have access to confidential records, or they can pose as an employer or landlord to get a copy of your credit report, or simply steal a wallet, purse or your mail. One of the most common ways that information is snatched is through lost credit cards. All of those techniques are more frequent than any methods using the Internet.
Once my information is nabbed by a crook, how is it typically used?
Plain-vanilla credit card fraud is the most common way information is used. It gets more serious when criminals use your information to open up new bank or credit card accounts, take out a loan or obtain mobile phone service. Often, you won't realize until much later that you have become a victim, because the criminals don't use your home address for statements.
A more worrisome technique involves someone posing as you in person: Obtaining a driver's license with your name but with their photograph and giving your name to the police during an arrest, for example. If you miss the court date, a warrant will be issued for your arrest.
How can I protect myself?
Remain vigilant. That means reviewing your credit reports at least once a year, and preferably every few months. If you have good reason to suspect mischief, you can subscribe to a credit-monitoring service (such as Experian's, at a few pounds a month) that sends e-mail alerts of changes to your accounts. Beware of the scam Web sites that can pop up when you search for "credit reports" or "credit monitoring" on Google and other engines.
Be careful with the passwords for your bank, credit card and utility service accounts. When using online services, make sure to type in the correct URL for the site you want to visit. Never click on links in an e-mail or on a Web site that you don't know to be reliable. These could be part of a phishing scam, which typically use forged e-mails and faked Web sites that pretend to belong to trusted service providers like a bank.
Putting a lock on your mailbox and not placing outgoing mail in an unsecured mailbox is smart. So is buying a paper shredder--identity fraudsters have been known to rummage through domestic and business rubbish. Whilst there are no current figures for the UK with regard to ‘Rubbish Rummaging’ in the USA Dumpster Diving was linked to only 2.5 percent of identity fraud cases in 2004, and mailbox theft to 8 percent, according to research by Javelin Strategy & Research but this is on the increase.
Am I eligible to get a free copy of my credit report?
Almost certainly. You can get free trials from certain agencies such as Experian or for £1 or £2 from most credit agencies. Experts suggest ordering one from a different agency every four months. Check the number of open accounts on the report to make sure that the total agrees with what you would expect. You're also entitled to a free credit report when you have reason to suspect identity fraud.
What should I do if I think my identity has been misused?
Contact one of the two major credit bureaus (Experian, Equifax) to place what's known as a " fraud alert" on your credit report. You need to call only one of the companies; it in turn will contact the other two. An initial fraud alert stays in place for 90 days. If there is an alert on your record, businesses have to take extra steps to verify your identity when issuing credit. A credit card company could phone you, for example.
Once you've created the fraud alert, review copies of your credit report to make sure that all the accounts listed are yours. Close any that are unauthorized. The best way to do this is to fill out an ID theft affidavit.
Do I need to give out my National Insurance number?
Sometimes. Your employer and financial institutions have a legitimate reason to ask for it. But many other companies use the NI number as a convenient way to give you a unique ID number in a database. In those cases, you may not be required to divulge it.
I know I'm supposed to shred my rubbish, but what about my computer? What if I want to throw it away or give it away?
Don't even think about getting rid of it until that hard drive has been thoroughly wiped. A typical hard drive--complete with tax returns, e-mail, telephone numbers and cached Web pages--can be a treasure trove for identity fraudsters. We have never found a drive that has been effectively wiped of all data.
Deleting, wiping or formatting the disk does not erase the data, it just changes the way it is able to be accessed. With the right software or hardware tools your personal and business data can be recovered and used to others advantage..and to your cost!
How can I tell whether e-mail claiming to be from my bank or credit card company is actually a "phishing" scam?
There's often not an easy way: The current, insecure design of Internet e-mail permits scammers to pose as legitimate businesses. There are various tips to look at this problem which include questioning whether the e-mail's purported urgency really makes sense. Would your bank really ask you questions about your account by e-mail? How likely is it that Barclays would have lost all of your data but still have your e-mail address? If you are in any doubt, ring your bank and check!
Unless you're sure of their legitimacy, avoid clicking on links in e-mail that seem to be from banks or credit card companies. Instead, manually type in the Web site's address in your browser. Also, consider obtaining an e-mail address just for bank and other statements--that way, if you receive e-mail from a "financial institution" sent to your normal, public address, you'll know it's a scam.
There are tools that can help you detect phishing scams. U.K.-based Netcraft offers an anti-phishing tool that plugs into your Web browser; Netscape has protection built into its latest Web browser; and Microsoft also provides technology in its MSN toolbar.
What should I do to protect my computer from Trojan horses, viruses and worms that could be used to get into my personal files?
If your computer is running on Windows software, you've got some work to do. The latest version of Windows, Windows XP with Service Pack 2, is most secure. However, do check Microsoft's Windows Update site to make sure that your operating system isn't outdated and vulnerable and that you are automatically receiving security fixes.
Buy antivirus software from a vendor like McAfee or Symantec. Avoid clicking on attachments if the message text sounds odd. Perform regular backups. You should always make backups, of course, and keep your system software up-to-date. However, using Windows, Mac OS or Linux won't protect you against phishing scams, which require vigilance and common sense.
For further information please call us on Free
Phone 0800 877 8443.
Data Wiping, Deleting, Eradication & Elimination
Question: How difficult is it to permanently remove / erase / delete data from a hard disk so that it can not be recovered (even forensically)?
Answer: It's a lot more difficult than you think.
Method of permanent
data removal |
Can the data be retrieved? |
Deleting |
Yes |
Deleting from recycle bin |
Yes |
Format |
Yes |
Fdisk |
Yes |
Overwrite |
Sometimes* |
CJ Computing can erase your data by wiping its contents beyond recovery, destroying its name and dates and finally removing it from the hard disk. Our data deletion & elimination service meets and exceeds current standards for the permanent erasure of digital information (U.S. DOD 5220.22) and uses techniques that stop both software and hardware recovery tools from restoring the erased data.
Erasing of data will destroy any data from previously deleted files including those in the Windows Recycle Bin, unused areas of the disk, and the slack portions of existing files. We also remove folder structures (folders with all their subfolders and files), entire drives, "locked" Windows files, index.dat, the swap file, "cookies" that track your Internet history, compressed drives & encrypted drives.
The CJ Computing offer certifiable electronic data destruction services. We can guarantee that data destroyed using our processes stays destroyed, permanently.
What about unerase or forensic software? - Unerase software, forensic software or any kind of software will not be able to recover data that we have deleted.
Can data from a Ghosted (or 'imaged') drive be recovered? - Sometimes, for further details please refer to our Restoring and recovering ghosted data page.
Will organisations such as the police / forensic investigators be able to recover the data? - No, your data will be completely unrecoverable by any method.
What data can be securely deleted? - CJ Computing can wipe any type of data from any type of hard drive so that the data is never recoverable. We can remove all traces of files and data from a hard disk, and also the telltale traces or footprints that the data once existed on the drive.
|
CJ Computing's secure deletion of sensitive data service...
...makes any type of data recovery impossible
|
For further information please call us on Free
Phone 0800 877 8443.
Technical information
Formats & Overwrites versus security
DOS Format
No Security. A single DOS command could totally restore the drive. Although the drive would seemingly appear empty, the old content can be viewed with a disk editor (available freely on the Internet).
Format with 1 pass overwrite
High Security. After one overwrite, data is not recoverable by any method involving a Keyboard (no software solution). Theoretically, the original data could be recovered using an oscilloscope and some complex custom software. It is possible that a commercial data recovery company such as Vogon may be able to recover some data from the drive, however it would be extremely costly.
Depending on the size of the drive, either a random or repeated series of binary digits (01001001) are written to every sector on the drive.
Format with 1 pass overwrite
Total security. There is no known forensic software within the public or commercial domain that will recover data after a drive has been through this process. It is possible that data could be recovered using Magnetic force scanning microscopy (STM) but this process is considered available only to select government agencies.
One pass overwrite technique is carried out 3 times.
Assessing sensitivity of the original data
When assessing the sensitivity of the original data, it is important to be aware of what data could be present on the hard drives. As most large organisations operate a server-based system, the likelihood of sensitive data being stored on workstation hard drives is low. It is possible that during server failure, data may inadvertently be stored on the workstation hard drive.
Another security factor is the possible information that could be gleaned from the operating system configuration settings. Knowledge of these settings (IP addresses, domain and router names etc.) do provide an insight into the general working of the network.
Due to the Hard drive architecture it is theoretically possible to recover some data by scanning the minute traces of residual magnetisation left on the platters. However, techniques such as these are only be available to intelligence services as they require expensive laboratory equipment and are only practical for very small amounts of targeted data.
Please Note: The US Department of Defence DOD 5220.22-M7 is the defacto world-wide standard for assessing and combating risks to IT systems. Unfortunately in the UK, government guidelines are not available outside select agencies and thus cannot be included in this document.
A 3 stage over-wipe is the approved method as specified within this document for any reclassifying of Classified hard drives in secure Automated Information Systems, even those certified and accredited for Special Access Programs, but is not approved for purging disks at any level above Secret.
References:
Secure Deletion of Data from Magnetic and solid-state memory by Peter Gutmann.
This paper was first published in the Sixth USENIX Security symposium Proceedings, San Jose, California July 22-25, 1996.
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Waste Electrical and Electronic Equipment (WEEE)
DOD 5200.28-STD - DEPARTMENT OF DEFENCE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA.
For further information please call us on Free
Phone 0800 877 8443.
Click
here to see some of our clients.
Search Site.
|
