Jump to content
The Highlander

'I JUST BOUGHT YOUR HARD DRIVE'

Recommended Posts

And they say your data is safe at PC servicing companies.... well read this , it may change the way you have your computer fixed again...

 

'I JUST BOUGHT YOUR HARD DRIVE'

 

One year ago, Hank Gerbus had his hard drive replaced at a Best Buy store in Cincinnati. Six months ago, he received one of the most disturbing phone calls of his life.

"Mr. Gerbus," Gerbus recalls a stranger named Ed telling him. "I just bought your hard drive in Chicago."

 

Gerbus, a 77-year-old retiree, was alarmed. He knew the old hard drive was loaded with his personal information -- his Social Security number, account numbers and details of his retirement investments. But that's not all. The computer also included data on his wife, Roma, and their children and grandchildren, including some of their Social Security numbers.

In June 2005, when Gerbus took his computer to Best Buy for repairs after a hard drive crash, he knew the drive was a potential hot potato. So when a clerk there told him it had to be replaced, he asked for the damaged hardware back.

No dice. The replacement was done for free, under warranty, and Gerbus was told the old drive had to be sent to a repair center in Chicago to fulfill warranty terms.

"I asked in the store on two or three occasions. ... I was very concerned," he said. "But they said 'we can't give you the old one because it's under warranty.'"

Gerbus said he was assured that, after verifying the warranty, workers in Chicago would drill holes through the drive and make it unusable.

 

Hank Gerbus, 77, says he has no idea who might have had access to the drive containing a trove of his family’s personal information. Photo: WLWT-TV

 

Tracked down in Florida

Gerbus' hard drive did make it to Chicago. But instead of being destroyed, it landed in Ed’s hands. In January, Ed tracked down the Gerbus family at the couple's winter home in Florida, and placed that disturbing call.

"The only way he would have had my Florida number was if he had my hard drive," Henry Gerbus said.

Ed told Mr. Gerbus he'd purchased the drive at a flea market for $25, Hank Gerbus recalls. The two made arrangements to return the hardware to its rightful owner. But Gerbus has no idea who else might have seen the personal information in the interim.

"From June (2005) to January, I don't know where it was," he said. "That's why I am so concerned."

A Best Buy spokeswoman didn't dispute the details of Gerbus' story, but wouldn't answer questions about the incident.

"The allegations are very disturbing, as they are inconsistent with our standard procedures for disposing used hard drives," the company said in a statement said. "The allegations, if true, would be intolerable. ... We are vigorously investigating."

That vigorous investigation, however, apparently didn't begin in February when Gerbus said he called Best Buy to complain. It seems to have begun just last week, when Gerbus' story was first told by reporter Tom Sussi of WLWT-TV, a Cincinnati-based NBC affiliate.

Gerbus has asked Best Buy to pay for identity theft insurance for him and his family. He says the firm so far has offered him only a $250 Best Buy gift card as compensation.

 

Hard drives not properly trashed

It's not clear why the drive wasn't destroyed, and how it apparently ended up on the resale market. But Gerbus' tale of the nemesis of old hard drives is no isolated incident. There have been several celebrated cases of researchers buying hard drives at used equipment stores and discovering critical data on them.

In the most dramatic example, in 2002-2003 MIT researcher Simson Garfinkel examined 129 used hard drives purchased from a variety of outlets. Only 12 had been completely cleared of data. The other drives contained thousands of documents with critical information -- one had 3,722 credit card numbers on it. Another had been used to power an ATM machine and contained sensitive bank data.

To retrieve some of that data, Garfinkel and colleague Abhi Shelat had to use advanced techniques -- but their demonstration showed old hard drives are often disposed of improperly. Simple deletion of data is not enough, as there are a variety of techniques that can be used to recover it. And data can be retrieved even from drives that have crashed, like Gerbus', using similar techniques.

On the other hand, drilling holes through a hard drive -- and specifically the platter inside -- is quite effective.

Too bad in Gerbus' case that wasn't done.

What's the lesson here? Perhaps when you bring in a computer for service, it wouldn't be a bad idea to bring your own drill. Just in case.

 

Full artical here

Share this post


Link to post
Share on other sites

Yeah. That was posted on the local Linux list. Whenever anyone works on my computer, I hover until it's done. And in case something goes wrong, I create an image of my HD with Acronis before the case gets cracked open. Acronis has saved me more than once.

Share this post


Link to post
Share on other sites

YIKES!

 

I'm glad when mine died that there was nothing compromising on it. It's something few of us (well, me at least) think about...thanks for the lesson. I'll remember it.

 

now where'd I put that drill? lol

Share this post


Link to post
Share on other sites
YIKES!

 

I'm glad when mine died that there was nothing compromising on it. It's something few of us (well, me at least) think about...thanks for the lesson. I'll remember it.

 

now where'd I put that drill? lol

 

Made me think of the last 15 years as a hardware tech on were the warrantied drives we pulled out of laptops and PC's went to? did they end up back on the market somewere.... hummmmmm makes you a bit paranoid over service techs and PC companies now days....

 

Also harddrives that did fail when i was doing this stuff were send back to the suppliers in Asia ( Seagate, Maxtor ect ect) and we got new replacement units, but at the same time they did offer warranty fixed units to us, and the question is ? did these still have data on them when they came back into the country????

love to find out one day.

Share this post


Link to post
Share on other sites
YIKES!

 

I'm glad when mine died that there was nothing compromising on it. It's something few of us (well, me at least) think about...thanks for the lesson. I'll remember it.

 

now where'd I put that drill? lol

One of the areas in the plant I'm in has a "recycling" center for IT equipment, which includes destroying hard drives. The old method was a guy with a 22oz ball-peen hammer smashing at them. Our engineering/build shop got the job of designing a machine to do the job, and I did the small bit of programming for it. Basically, it's an indexing table where the operator places a drive on a platform, where a laser pointer indicates where the "crusher" will hit, so they can ensure that the platters will be pierced. The table indexes every 10 seconds or so, and the drives wind up under the punch, just a hardened, pointed piece of steel driven by an air cylinder that runs the drive through. The glass platters are the best as you can hear them shatter. :) Then as the table keeps indexing, the drives are swept off into a "discard" box. They can do several hundred an hour with that machine, and a lot less forearm workout!

 

Hard to get much data off a drive that's been run through like that!

Share this post


Link to post
Share on other sites
It's not clear why the drive wasn't destroyed, and how it apparently ended up on the resale market.

 

Simson Garfinkel examined 129 used hard drives purchased from a variety of outlets. Only 12 had been completely cleared of data. The other drives contained thousands of documents with critical information -- one had 3,722 credit card numbers on it. Another had been used to power an ATM machine and contained sensitive bank data.

To retrieve some of that data, Garfinkel and colleague Abhi Shelat had to use advanced techniques -- but their demonstration showed old hard drives are often disposed of improperly. Simple deletion of data is not enough, as there are a variety of techniques that can be used to recover it. And data can be retrieved even from drives that have crashed, like Gerbus', using similar techniques.

 

Ed told Mr. Gerbus he'd purchased the drive at a flea market for $25, Hank Gerbus recalls.

 

I hate to be the skeptic here!

I have had HD crash where you can hear the heads hitting the platter. I can't get a system to even boot with such a drive. To actually fix this drive so data could be read, then remarket it for $25 with the data still intact seems a bit far fetched to me! Has anyone priced data recovery for crashed HD?

 

I don't think " it landed in Ed’s hands" in the crashed state from Best Buy and Ed fixed it, or some how he was able to access the data. $25 for a used HD. When Best Buy has been selling a Seagate 160 for $59.

 

I could believe there was nothing wrong with the HD and the GEEK boys replaced it, while trouble shooting the pc fixed it and just left the new HD in it. There remove and replace trouble shooters.

 

The $25 for a used no warranty HD still smells fishy!

 

cdanteek

Share this post


Link to post
Share on other sites
I hate to be the skeptic here!

I have had HD crash where you can hear the heads hitting the platter. I can't get a system to even boot with such a drive. To actually fix this drive so data could be read, then remarket it for $25 with the data still intact seems a bit far fetched to me! Has anyone priced data recovery for crashed HD?

 

I don't think " it landed in Ed’s hands" in the crashed state from Best Buy and Ed fixed it, or some how he was able to access the data. $25 for a used HD. When Best Buy has been selling a Seagate 160 for $59.

 

I could believe there was nothing wrong with the HD and the GEEK boys replaced it, while trouble shooting the pc fixed it and just left the new HD in it. There remove and replace trouble shooters.

 

The $25 for a used no warranty HD still smells fishy!

 

cdanteek

A "crashed" hard drive in this case could be anything from a physical crash such as you described, or a viral infection that wiped out Windows, or just few bad sectors that kept it from booting. In which case, under warranty, the drive may simply be replaced without regard to whether or not any of the data could be accessed with easily available tools. A physical crash would likely render the drive mostly completly useless, but a software "crash" would likely leave 99% of the data recoverable. Your typical "volume" store doesn't care about that. It won't boot... replace the drive and send the old one back for warranty.

 

Tools like SpinRite could recover a lot of the data if the disc was still spinning.

Share this post


Link to post
Share on other sites

I'm not sure that the old "hammer it to pieces" caper is really worth all that trouble. They have programs now that will place thousands of 1's and 0's across a HD, numerous times, so no other file information could ever be detected. And it doesn't take that much time to complete the task. The old hammer trick would definitely be effective, but if there's a laser around, why not just destroy the silly HD using it ?

 

Some time ago, I had some of my business information on a HD that went bad and called to see what it would cost to have it retrieved. And Neil is so right about the cost of recovery. It's rediculus how much they get for that service and even then they won't garrantee they will retrieve everything.

 

Frank....

Share this post


Link to post
Share on other sites
Guest mlpasley

The moral of the story?

 

IMHO..... try to keep as little personal information on the hard drive as possible and learn how to replace the hard drive yourself.

 

Even if you had to pay $250 for a new hard drive, you'd be safer than Identity theft insurance which is much more limited than it's name implies.

Share this post


Link to post
Share on other sites
The moral of the story?

 

IMHO..... try to keep as little personal information on the hard drive as possible and learn how to replace the hard drive yourself.

 

Even if you had to pay $250 for a new hard drive, you'd be safer than Identity theft insurance which is much more limited than it's name implies.

I agree. It's just too easy to replace a drive. If you can't do it, find a friendly geek next door to help. Then, submerse it in water that is filled with mosquito larvae, heat it up to boiling, melt all the innerds then, take a thick awl and beat it into that sucker until it's dead.

Thanks, I feel much better now.

Share this post


Link to post
Share on other sites
I agree. It's just too easy to replace a drive. If you can't do it, find a friendly geek next door to help. Then, submerse it in water that is filled with mosquito larvae, heat it up to boiling, melt all the innerds then, take a thick awl and beat it into that sucker until it's dead.

Thanks, I feel much better now.

 

You are advocating "doing in" the friendly geek? :):huh::D

Share this post


Link to post
Share on other sites
You are advocating "doing in" the friendly geek? :):huh::D

It figures an engineer would read between the lines but I know a few geeks I'd like to 'do in'. I'm funnier than I even thought. :D:D:D

Share this post


Link to post
Share on other sites
I agree. It's just too easy to replace a drive. If you can't do it, find a friendly geek next door to help. Then, submerse it in water that is filled with mosquito larvae, heat it up to boiling, melt all the innerds then, take a thick awl and beat it into that sucker until it's dead.

Thanks, I feel much better now.

Do I read between the lines that you suggest leaving the Hard Drive out in a hurricane?

 

Lynn

Share this post


Link to post
Share on other sites
It figures an engineer would read between the lines but I know a few geeks I'd like to 'do in'. I'm funnier than I even thought. :D:huh::)

 

LOLLOL!

Share this post


Link to post
Share on other sites
Do I read between the lines that you suggest leaving the Hard Drive out in a hurricane?

 

Lynn

As a matter of fact, yes, it works. I lost 4 systems in the hurricane and 1 was asking for death. I took the hard drives out and actually tried 2 to see what would happen. You know that answer.

Just to be safe, I did the extra step of actually unscrewing the pieces and taking out a good deal of stress by banging these with a rather large mallet. I might have been more damaged then they were when through but I'm confident there's nothing in there anyone wanted.

Plus, they smelled pretty bad (think sewer backup). :)

Share this post


Link to post
Share on other sites

Just to add to the other comments here, most of the issues with the harddrives (even so called platter slapping) were mainly caused by the controller circuit board under the hard drive unit them selves, related to power delivery and the likes, so even though it sounded like a head slap, dead unit , when the drives went back to Singapore, they replaced the controller card on the underside and the units returned to a normal running unit.... (not all but most)

Also here at my work we do a fair bit of data forensic work , and recover data of dead, wiped , formated, Norton data shredded, and we can 9 times out of 10 get most of the data back...

so a hole in the platter is really the only way to stop this...

Share this post


Link to post
Share on other sites
so a hole in the platter is really the only way to stop this...

I should have kept my Glock when I retired! LOL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×