Hard-drive Disposal and Identity Fraud

Abstract. A personal computer is often used to store personal information about the user. This information may be intentionally kept by the user or information maybe automatically stored as the result of the user's activities. In this paper we investigate whether it is possible for identity fraud to occur as a result of post-disposal access to the residual data stored on a personal computer's hard drive. We provide indicative types of information required to commit an identify fraud and examine the personal information contained in a series of second-hand personal computer hard disk drives, purchased as part of a wider research study

Oops they did it again: The 2007 Australian study of remnant data contained on 2nd hand hard disks

The 2007 study used a biased selection process where the primary focus was the purchase of high-speed SCSI drives and drive packs, in addition 2.5 inch laptop drives were targeted. Conventional IDE based hard drives were also examined in the study. A total of 84 drives were examined this year, 23 yielded data that represented significant and in some cases profound exposure if data. Encouragingly more hard disks were erased in this study than in previous studies. However, there is still a significant gap in erasure procedures in organisations, which is particularly concerning given that the drives were from large corporations

The changing nature of U.S. card payment fraud: industry and public policy options

As credit and debit card payments have become the primary payment instrument in retail transactions, awareness of identity theft and concerns over the safety of payments has increased. Traditional forms of card payment fraud are still an important threat, but fraud resulting from unauthorized access to payment data appears to be rising, and we are only beginning to get a sense of the dimensions of the problem. ; Thus far, the role of public policy has been to encourage the card payment industry to limit fraud by developing its own standards and procedures. Whether this policy stance is sufficient depends on the effectiveness of industry efforts to limit fraud in light of the dramatic shift toward card payments. ; Sullivan provides an overview of card payment fraud in the United States. He develops a preliminary estimate of the rate of U.S. card payment fraud and suggests that such fraud is higher than in several other countries for which data are available. The U.S. payment industry is taking steps to combat payment fraud, but progress has been slowed by conflicts of interest, inadequate incentives, and lack of coordination. Thus, policymakers should monitor the card payment industry to see if it better coordinates security efforts, and if not, consider actions to help overcome barriers to effective development of security.

Survey on remnant data research: the artefacts recovered and the implications in a cyber security conscious world

The prevalence of remnant data in second hand storage media is well documented. Since 2004 there have been ten separate papers released through Edith Cowan University alone. Despite numerous government agencies providing advice on securing personal and corporate information, and news articles highlighting the need for data security, the availability of personal and confidential data on second hand storage devices is continuing, indicating a systemic laissez faire attitude to data security, even in our supposedly cyber security conscious world. The research continues, but there seems to be a lack of correlation of these studies to identify trends or common themes amongst the results. The fact that this type of research continues to be conducted highlights the deficiencies in the methods used to advertise warnings publicised by Government departments and industry experts. Major media organisations seem reluctant to broadcast these warnings, unless there is a bigger story behind the issue. This paper highlights the ongoing issues and provides insight to the factors contributing to this growing trend

Sony, Cyber Security, and Free Speech: Preserving the First Amendment in the Modern World

Reprinted from 16 U.C. Davis Bus. L.J. 309 (2016). This paper explores the Sony hack in 2014 allegedly launched by the North Korean government in retaliation over Sony’s production of The Interview and considers the hack’s chilling impact on speech in technology. One of the most devastating cyber attacks in history, the hack exposed approximately thirty- eight million files of sensitive data, including over 170,000 employee emails, thousands of employee social security numbers and unreleased footage of upcoming movies. The hack caused Sony to censor the film and prompted members of the entertainment industry at large to tailor their communication and conform storylines to societal standards. Such censorship cuts the First Amendment at its core and exemplifies the danger cyber terror poses to freedom of speech by compromising Americans’ privacy in digital mediums. This paper critiques the current methods for combatting cyber terror, which consist of unwieldy federal criminal laws and controversial information sharing policies, while proposing more promising solutions that unleash the competitive power of the free market with limited government regulation. It also recommends legal, affordable and user-friendly tools anyone can use to secure their technology, recapture their privacy and exercise their freedom of speech online without fear of surreptitious surveillance or retaliatory exposure

Who is Reading the Data on Your Old Computer?

Researchers at Rits Information Security performed a study in how the Irish population disposes of their old computers. How would you dispose of your old computer, or how would the company you work for dispose of their old computers? The majority of Irish homeowners, would bring their old computers to local civic amenity centres, give it away to a relative or sell it on to another party. Some organisations would give their old equipment to a staff member, as a gift gesture, others may simply discard in the local civic amenity site. What is wrong with the methods currently being used for discarding of our old PCs? With this question in mind, Rits Information Security embarked on a study to highlight the problems home users, and corporate users face when discarding retired PCs. In this paper, Rits Information Security describes research in which a number of hard disks were taken from computers after they had been released for resale on Irish online auction sites. The research that was undertaken involved an analysis of the disks to determine if any information remained on these disks, and whether the information could be easily recovered using commonly available tools and techniques. From this analysis, a number of disks could be traced to specific organisations, including large financial institutions, various consultancy firms, numerous small trade organisation, auctioneers, and insurance brokers. In addition to these, a number of computers were found to have originated from the home environment. The results indicate that careless disposal of computers and storage media in the Republic of Ireland is a significant problem. Very few of the disks tested had undergone a thorough or efficient cleansing process. The level of information that could be recovered from the majority of the disks tested would have proven useful for corporate espionage, identity theft, blackmail, and fraud

A UK and Australian Study of Hard Disk Disposal

Recent studies in Australia and the United Kingdom indicate that a broad cross-section of organisations are failing to adequately protect or erase confidential data stored on hard disk drives before subsequent disposal. Over 90% of hard disks that were examined as a result of the two Independent studies were in an easily recoverable state with some drives simply requiring a boot. This paper will give an overview and comparison of the two studies conducted. Then an examination of possible factors responsible for the inadequate erasure of hard disk devices will be undertaken. Furthermore, possible future research directions will also be explore

System and Data Capture Framework Insights into Breach Data toward Improved Feedback

A secure information infrastructure is required to sustain competitive advantage. Despite creditable efforts, there are visible failures of Information Security (IS). Breach data offers necessary relatively unbiased and robust feedback to reveal what is overlooked for apt countermeasures and improved IS decisions. None of the previous works done analyzing breach data critically examine the process of breach data capture and reporting system, and breach data capture frameworks from a holistic perspective for improved substantive feedback, which this work addressed. A model of breach data capture and reporting system was proposed through argumentation and a fluid iterative cycle of awareness, suggestion, development, evaluation and conclusion. A breach data capture framework was proposed through argumentation and examination of existing related frameworks, employing the fluid iterative cycle, while fostering acceptability. The framework was evaluated in comparison with existing breach data capture frameworks. The proposed model and framework are complimentary efforts for substantive feedback toward apt countermeasures and improved IS decisions. Keywords: Model, data capture framework, breach data system, breach data capture, framework

Oops they did it again: The 2007 Australian study of remnant data contained on 2nd hand hard disks

The 2007 study used a biased selection process where the primary focus was the purchase of high-speed SCSI drives and drive packs, in addition 2.5 inch laptop drives were targeted. Conventional IDE based hard drives were also examined in the study. A total of 84 drives were examined this year, 23 yielded data that represented significant and in some cases profound exposure if data. Encouragingly more hard disks were erased in this study than in previous studies. However, there is still a significant gap in erasure procedures in organisations, which is particularly concerning given that the drives were from large corporations