Best Buy Learns That Data Protection Can Be A Customer Issue
Written by Evan SchumanWhen a Cincinnati man brought his hard-drive to Best Buy to be repaired, he was told that he couldn’t have his old hard-drive back. But fear not, he was told: the drive would be made useless by having holes drilled in it.
A few months later, the fully intact drive is purchased at a flea market in Chicago for $25. This story isn’t apocryphal. The hard-drive owner’s name is Hank Gerbus and the story was first reported by a Cincinnati TV station.
The lesson for retailers is that data security is not merely an internal issue to be dealt with by IT. It needs to be dealt with seriously if customers are going to trust that retailer.
Security issues today are getting more difficult to deal with, as the bad guys get more clever. Almost all of the shredders being used by small businesses and consumers turn out pieces of paper that can easily be re-assembled. Here’s a great lab test from Popular Mechanics where they showed how easily shredder output can be de-Humpty-Dumptied.
But the biggest fear is how to deal with data-intensive CDs, DVDs and hard-disks. Some of the same shredders that fare so poorly with regular paper also slash away at CDs and DVDs. Surely that will prevent them from being read? According to one security expert, it depends on how badly you want that data.
Roger Hutchison is president of Digital Data Destruction Inc. and he argues that few IT execs “realize the ease with which media can be put back together. Very imminently, someone is going to publish the recipe for an electronic data dumpster diver.”
The methods Hutchison says crooks may use sounds a bit complicated, but he argues that as technology improves over the next year or so, the reconstruction efforts will get a lot easier. Today, though, the technique involves photographing the CD or DVD with an optical microscope and “then you calculate the zeros and ones and you look it up. You photograph and then run it through a filter to decode the binary information,” he said.
“It takes about $10,000 for a computer pirate to put together the entire suite of tools,” Hutchison said. “A 14-year-old in Taiwan with the equipment can easily do it.”
The methodology that Hutchison prefers involves grinding the information layer “smaller than the retrievable alphanumeric size, which is about 250 microns.”
-Dan Stiel
June 17th, 2006 at 6:35 am
Seems biased, since we work in this field, but we have seen the evidence to support this. Scary stuff. An officer at DHS coined the term Digital Pearl Harbor. While this was in a different context, it seem to be an accurate description of what might occur if an adversary of the US used this technique to attack, say, the US banking system. Who’s in charge of this security matter and how do we get the word out?