In today’s blog, I’m going to be looking at an important topic in the field of keeping your data safe. Did you know that data you’ve deleted can be recovered by hackers? This represents a huge security risk and yet many people naturally assume that once files have been deleted, they are gone for good. Unfortunately, this isn’t the case – especially if that data has not been disposed of correctly – and I’m here to help bring you up to speed on the dos, the don’ts, and how you can keep your data safe (and safely deleted!).
Let’s get started!
Recovered Files from Online Hard Drives: A Wake-up Call on Data Disposal
As I mentioned at the top, today’s blog is a wakeup call on data disposal. I’ve seen my share of alarm data incidents as an IT professional with over 25 years of experience, but one of the most disconcerting trends is the lack of proper data disposal. This was brought into sharp focus recently when Secure Data Recovery, a leading data recovery specialist, managed to retrieve millions of deleted files from hard drives purchased online.
Secure Data Recovery acquired a random selection of 100 hard drives for their experiment. They omitted damaged or encrypted secure drives from the study and focused on traditional spinning drives rather than hybrid ones or solid-state drives. The results were striking.
They successfully recovered data from 35 drives. In total, they salvaged more than 5.7 million files, a number skewed by a single hard drive that contained over 3.1 million files. Among the drives, the oldest was a Western Digital model from 2004.
So how is data stored and why can it be recovered?
The study brings to light a very worrying reality. A significant number of people are disposing of their hard drives with all of their data still saved on the device, with others going as far as deleting files, but only the smallest minority (1% in this study) going the necessary extra mile to encrypt the drive.
Hard drives that were disposed of without removing any data could be simply copied with no restriction to access it. If someone deleted their files and you connect such a hard drive to another computer, you will initially see just an empty drive. However, this would deter or stop an IT expert or cybercriminal.
If they run recovery tools, those will show all the data (files and folders structure) that were deleted and from there they can recover the data. There is a big chance all the data can be restored. Finally, there are encrypted drives. These are the hardest to recover but as the study highlights only 1% of the drives were encrypted, which means 99% of hard drives (in theory) are easy targets.
But to better understand how recovery works, I should explain how files are saved and stored on your hard drive.
Imagine your hard drive is a massive spreadsheet of cells, with an address for each cell (same as in Excel) horizontally we would have letters from A-Z and vertical numbers from 1-100. As you can see this creates a matrix. If we now want to save a Word file, it will ask the Operating System (OS) for the required space. The OS will return a range of addresses where Word can save the file. For example, let’s use cells from a1 to a100. If you create another file and you want to save it, the OS will not permit you to save anything in the range a1-a100 as it is marked in the index that this space is occupied, so it will find another free slot and provide you with the range.
So, what happens when you delete a file? Well, as we constantly want more speed, the OS will not remove files from the hard drive as could take a very long time. Instead, the OS marks the range that belonged to the saved file as free space.
When we try to recover such a file, all we have to do is find the space, which in our example was sector a1 and find the last sector which was a100. But what happens if the file is fully or partly overwritten? That is a good question. As the range of our file was marked as free another program potentially could have used part or all of that space. Our recovery software can have a bit of a harder time, but it still might be possible to recover the data. A good example would be if you wrote something on a piece of paper with a pencil then rubbed it out and wrote something else. Even with new text on top, you could potentially find out what was written previously.
What happens with encrypted data? Can it be recovered?
This is much harder. There are two potential ways to encrypt data. The first is encrypting separate files and the second is encrypting entire hard drives. In years past, it was more popular to just encrypt confidential files, but that proved to be less effective from a security point of view. However, if you want to recover the data, it is much easier to recover smaller files than an entire hard drive. With fully encrypted drives the situation is this:
1. They are much safer from a security point of view as if a hacker tries to recover the data, they have to deal with a whole hard drive.
2. They are much harder to recover as you can only access the full hard drive partition.
Murphy Law in life works well in data recovery!
So how is it that hackers can recover confidential data from a drive that was disposed of yet when we need to recover some data of our own that we’ve accidentally deleted, we often can’t get it back? That is a very good question and one in which Murphy’s Law thrives.
Let me explain: If you use your data and accidentally delete an important file(s), the more you use the computer, and the more time that passes, the greater the chance that the “free space” where those files were located will be overwritten by other data. Sometimes, if we’re lucky we might only lose unimportant parts of the file such as formatting or a few pages that are corrupted, but other times we could lose all of the data.
But why can hackers recover the data when we frequently can’t?
Well, the hacker will try to recover any data they can find. Unlike you, they’re not searching for one accidentally deleted file, but for anything. In simple terms, looking for one thing in particular is much harder than looking for anything you can get your hands on, so the honest person has a much harder job. A hacker is also not just working on your hard drive for confidential and sensitive data. They go through many hard drives, and if they are lucky, they might find a drive where the data is fully intact (if it was left on the drive or just deleted and then no one has overwritten it) and recovery is very easy. However, if the hacker decides the recovery is too difficult, they will move to another hard drive without hesitation. It’s a numbers game and the odds are on their side rather than yours unfortunately.
As far as we know, there is no way to break through encryption, but this is not a fool proof solution. As I mentioned above, you could have encrypted your files, but not the hard drive itself. In order to open the file, you would have needed to provide a password. But there might be a chance to access the content of the file without this password. This was showcased by one of the world’s major law enforcement agencies recently. The suspected criminal was using encryption on files to hide illegal content, but when the law enforcement agency managed to prosecute that person, this caused a big stir in the IT security community. Breaking encryption – if that’s what had happened – would have been massive news. However, it turned out that the law enforcement agency didn’t break the encryption. What they did was search through the hard drive and found that one program had made a temporary copy of the encrypted files. After the program was closed, such temporary files should normally be deleted but sometimes they are left untouched, and this oversight allowed the authorities to find evidence and prosecute.
For that reason, the IT world generally shuns file encryption in favour of encrypting whole hard drives as there is way less chance such temporary files can be left behind and risk exposing confidential data. However, don’t forget the study we mentioned – in that encrypted hard drives were in the minority.
This lackadaisical approach towards data disposal underscores the fact that many of us are not taking potential threats seriously enough. After all, those old files sitting on your discarded hard drive could contain sensitive personal information, business data, financial records, and more – a treasure trove for any potential data thief.
Interestingly, a hard drive is defined as “sanitized” if no data is found or if it has been overwritten with a random pattern. In this study, Secure Data Recovery followed stringent data-handling practices and assured that no file contents were viewed, and the data was securely purged after the exercise.
So, how can you dispose of your hard drives safely?
Jake Reznik, Laboratory Operations Manager at Secure Data Recovery, suggests starting with a backup of important files to avoid data loss. Then you can choose your preferred destruction method.
Software erasure allows the hard drive to be reused but overwrites the original data with random patterns over multiple passes. Alternatively, physical destruction methods such as degaussing, shredding, or drilling the drive’s platters are more secure but render the drive unusable.
In light of this, I strongly urge you to rethink your data disposal methods. If you’re unsure about how to go about it, consider consulting a professional service or if you don’t know anyone then our team at Operum.Tech would be happy to assist you. [IT Support in London – Operum].
Our secure data removal service can assist you in wiping your data safely. Our service guarantees a secure data wipe, and we provide certificates for all hard drives as proof of the data’s destruction. Act now and ensure your obsolete drives aren’t potential security risks.
Visit https://operum.tech/contact-us/ to learn more about our secure data removal service. You never know, you could be preventing your data from becoming part of another shocking discovery like the study we’ve told you about in today’s blog.
Remember, in the age of information, data disposal isn’t just a routine task, it’s a necessity. Protect yourself, protect your data.
Sign up below to join the Operum newsletter