Thanks Thanks:  0
Likes Likes:  0
Dislikes Dislikes:  0
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: HDD hacking

  1. #1
    Service Manager 1,000+ Posts bilyahn's Avatar
    Join Date
    Dec 2006
    Location
    Quincy, CA
    Posts
    1,432
    Rep Power
    54

    HDD hacking

    Everyone is talking about sensitive info being retrieved off of the hard drive of a machine that has been recycled or just thrown away. Does anyone know the actual likelyhood of something like this happening? Should I really be concerned about a machine that has been recycled having info removed fron the HDD?

  2. #2
    IT Technician 100+ Posts fausto1981's Avatar
    Join Date
    Dec 2007
    Location
    NYC
    Posts
    146
    Rep Power
    34
    Most of the machines come with an option called Data "Over Write" which is NOT Free.... There are other options.. customers can ask for the HDD and buy a new or put a new hdd on the machine that is going away... another option is to have your IT dept reformat the HDD or use one of those open source programs that will write a bunch of random 1s and 0s....

  3. #3
    OMD-227
    Guest
    Most of the HDD's are standard computer hard drives, easily accessable and can be quickly installed into a PC.

    Our return machines have a software program run over the HDD which scrambles everything, as well as a full format done. The option is also there to give the client back their HDD if they are concerned at all. A certificate of data destruction is used and has been widely accepted here. You just never know what might happen in the future... better to be safe than sorry.
    I did see the American 60 minutes report on this subject, and it has been discussed here as well.

  4. #4
    Self Employed 1,000+ Posts D_L_P's Avatar
    Join Date
    Oct 2009
    Location
    Canton, Ohio
    Posts
    1,196
    Rep Power
    53
    Quote Originally Posted by bilyahn View Post
    Does anyone know the actual likelyhood of something like this happening?
    There's the rub, just how likely is it? Probably not very likely at all, like getting struck by lightning but if it did happen would not be good. I will say it's as easy as plugging the HDD as a 2nd drive and scanning it with an undelete utility like the one included with Norton System works, or google a free one. I'd imagine they had to go through hundreds of HDD's just to find the sensational info for that story though since not all copiers use the HDD the same way or at all depending on what your doing.
    I think if I had a business I might look for a cheaper alternative, like scanning 100+ pages of garbage text to every Mailbox/Doc Server to fill it up and then deleting it over and over. That might not be DOD compliant but I would think that would scramble the data enough to defeat any undelete utility. There are ways to get data off HDD that have been in fires, damaged, or formatted, but if you run into someone willing to go to that much trouble to hack your info your screwed anyway.

  5. #5
    Senior member of CRS 2,500+ Posts
    HDD hacking

    ZOOTECH's Avatar
    Join Date
    Jul 2007
    Location
    Insane Diego, CA
    Posts
    3,366
    Rep Power
    102
    We do a lot of refurb on lease returned machines and re-sell. I have seen and printed many not password protected files that included mortgage lease documents, tax returns, and medical records. All these documents included sensitive information that a more devious person might use for identity theft, or blackmail. These documents are removed and the HDD reformatted (image area) of course before we send the machine out.
    Last edited by ZOOTECH; 05-25-2010 at 09:54 PM.
    "You can't trust your eyes, if your mind is out of focus" --

  6. #6
    How'd ya manage that? 1,000+ Posts
    Join Date
    Dec 2009
    Location
    NoneOfYoiurBusinessVille
    Posts
    1,026
    Rep Power
    60
    So, in light of recent security concerns, my question is has anyone tried to recover anything off an MFP's hard disk? Even just for interest sake? We as technicians often have access to the HDD's. I've personally not attempted it. Maybe the next time one comes my way I'll give it a try...

  7. #7
    Field Supervisor 500+ Posts Vulkor's Avatar
    Join Date
    Jun 2009
    Posts
    942
    Rep Power
    40
    I have often wondered about retrieving data just for the giggles. Sure there is stuff in the Doc Server, but in retrospect of old print jobs. Not so sure. Ricoh seems to be pretty confident on their security.

  8. #8
    Technician AKSturb01's Avatar
    Join Date
    Jul 2009
    Location
    Massachusetts, USA
    Posts
    27
    Rep Power
    30
    Nondestructive Department of Defense requirements (meaning you don't destroy the drive) require the entire volume to be rewritten with alternating patterns of 0s and 1s several times (I believe 5).

    The reason for this dates back to the 1960s and the emergence of the Winchester disk drive when it was discovered that even a disk that has been completely reformatted can be "read" by a controller with sufficient sensitivity to pick up the latent coercivity in the magnetic elements of the disk drive. That's why IBM used to ball-peen their sensitive disk packs upon disposal, and some companies still advise complete destruction of a drive that has ever contained sensitive data. This used to cost a lot of money but the price is coming down because more people are doing it.

    For most people, 99.99998% of the time, unless you have someone at the NSA that is going to try to forensically read the disk, using a good program that wipes the disk several times by writing alternating patterns a couple of times will prevent anyone from reading anything that used to be on it. If you're a terrorist and your laptop is seized and you only had the chance to format the drive, expect a visit from the Special Forces.
    Last edited by AKSturb01; 06-04-2010 at 08:10 PM.

  9. #9
    Field Supervisor 500+ Posts Fearless V K's Avatar
    Join Date
    May 2007
    Location
    Redding, California
    Posts
    621
    Rep Power
    41
    If you plug a Ricoh HDD into a computer, there is no format or image files recognizable to the PC. Image data stored is raw on the drive, so unless you had some manufacturer program which could read and decipher the data based on their proprietary format, it's gonna be pretty tough to get something from it. Now if there is stuff stored in the document server that has not been deleted, then yes, you could print it out right from the machine.

    If your customer is concerned, leave the drive with them for destruction, or return it to the leasing company (if possible) for them to destroy it. As far as new machines going into sensitive environments, I would recommend the data overwrite security for the HDD.
    Don't take that toner with me!

  10. #10
    All things Konica Minolta 1,000+ Posts Stirton.M's Avatar
    Join Date
    Oct 2009
    Location
    Calgary
    Posts
    1,813
    Rep Power
    52
    Quote Originally Posted by zed255 View Post
    So, in light of recent security concerns, my question is has anyone tried to recover anything off an MFP's hard disk? Even just for interest sake? We as technicians often have access to the HDD's. I've personally not attempted it. Maybe the next time one comes my way I'll give it a try...
    As Fearless mentioned on Ricoh, Konica Minolta drives, the print data parsed on the drive during printing is readable only by the printer. KM hardware also can store scanned or printed or faxed data to the hard disk. As I understand it, this is also readable by the printer. A creative hacker could extract the information however and figure out how to reproduce an image on a pc. Can't say for other brands, but the KMs I've worked on all have encryption kits available, based on Kerberos 128 bit or something like that. The kind of encryption the NSA/CIA would use. These encryption kits are keyed specifically to the machine serial number and a few other hardware markers to keep it from being given to another machine and have the data extracted there. Lawyers and prosecutors offices typically are prime recommendations for such things.

    Without encryption, even data overwritten a couple times, can be extracted off of a drive. It requires some pretty serious hardware and a lot of time to extract the data. Forensics labs in the CIA/NSA have the tools...average hacker, not bloody likely.

    Some quick methods I have seen to erase a drive from even rudimentary hacking involve simply destroying the hard disk platters. Sledge hammer, heavy duty metal shredder, oxyacetylene torch, industrial electromagnet to name a few.
    "Many years ago I chased a woman for almost two years, only to discover that her tastes were exactly like mine: we both were crazy about girls."
    ---Groucho Marx


    Please do not PM me for questions related to Konica Minolta hardware.
    I will not answer requests or questions there.
    Please ask in the KM forum for the benefit of others to see the question and give their input.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here