Back to Previous Page
These days, you don't have to be a tech savvy hacker to pull sensitive information off of a corporate hard drive, according to Bob Knowles, CEO of Technology Recycling. Don't bother sweating the firewalls and passwords. Heck, just take $50 bucks or so to your local computer auction, and you can buy the old disk drives...and it's 100% legal.
GlobalPOV: What would you say to consumers who trust that corporations are safeguarding their information?
BK: I would tell them that they're sadly mistaken. Investco, Janus, Schwab…what do you think they do with their old equipment? They sell it. What do you think the IRS does with their equipment? They sell it. What do you think Safeway-who knows what kind of purchases you make and is moving into banking-does with their equipment? They sell it too.
And it gets worse...a lot of states-when they find obsolete equipment-they give it to the corrections departments to allow the inmates training on computers. More than once, they've had cases where prisoners are stalking employees of the companies.
GlobalPOV: Companies selling equipment with sensitive information? But it seems like such an obvious blunder...
BK: The people I'm talking about here are technically clueless…especially the government people. They couldn't even show you where the hard drive was. In their minds, it's like having used bricks…they think well, somebody out there must want to buy used bricks.
Or, they'll say oh, I re-formatted the disk drive. Well guess what? You can get software for free off of the Internet that will do an undelete or an unformat. Do you understand what formatting does? All it does is says is that the sectors on the disks are available to receive data. It does nothing to wipe the data out.
GlobalPOV: Who are the worst offenders?
BK: Financial institutions and the government.
GlobalPOV: How severe is this problem?
BK: Well, the IDC says 120-140 million units are sold every year. And a typical unit only lasts-before it becomes obsolete-anywhere from 24 to 36 months. I've seen estimates that somewhere in the billions of units need to be destroyed. That's a billion with a 'b.' But rather than proper disposal, studies are showing that 95% of all retired computers either end up in landfills or get shipped overseas. The same goes for the federal government. They put their old systems in what's called the surplus system - and anyone who wants to pay $5 or $10 can buy the pallet - in auctions across the United States.
Most people think that getting rid of old computer systems is a trash problem. I hope you see that it's way more than a trash problem. It's still not in the mainstream consciousness. People are clueless that their information is resident. Now, with the new forensic techniques-any information that goes into an electronic footprint and can be retrieved at any time. And I also would make the case that anybody who is doing any kind of computer recycling that doesn't involve the complete destruction of the unit is committing a crime…because if that information is used in the identity theft crime you're now complicit with that. That creates an incredible liability for a company.
And today's businesses - especially in certain financial and medical and other industries-have specific mandates from the government that they must protect data from the cradle to the grave. (Check out this link to learn more: http://www.techrecycle.com/environment.asp)
GlobalPOV: So where do you fit in?
BK: The reason why I got in this business was because I used to be a systems integrator. They kept asking me what we should do with the stuff that we couldn't upgrade. I determined that there was no place for proper disposal.
Now we're the US's largest [computer equipment] disposal firm.
To give you an idea of the size of our company…we're in 200 cities across the United States. We [recycled] more 300 tons of [computer equipment] last year…and we'll triple that this year. We not only do desktop stuff-we do mainframe, server and network stuff.
I destroy any piece of equipment that comes my way. I go beyond rendering it useless. I take it apart and then process the materials…in essence, melt it down. When I get done, the serial no longer exists, the hardware no longer exists, the software no longer exists, and the information no longer exists. It's impossible to get data from a melted blob of metal.
That's sold to be re-used in other systems. And it's not just the metals--it's the glass, it's the plastic…all the materials get re-used. Nothing ends up in a landfill.
GlobalPOV: How do you go about your day-to-day life as a consumer if you can't trust companies not to leak your personal info?
BK: I would limit my electronic transactions to an absolute minimum. I would not give out my information whenever possible…and when I did, I would ask them specifically how they're going to protect you...and to put it in writing. So that way you'd have a case and could sue them if it doesn't happen.
GlobalPOV: Is there software available to wipe data out?
BK: There is some…but not with 100% certainty. The way the disk drive and the disk manager work is they don't always overlap and cover the various sectors. So you can miss sectors.
GlobalPOV: How tech savvy do you have to be to look on a computer and find some sensitive information?
BK: Not at all. All you'd have to do is go on is the administrator. That bypasses all password protection, and you can restore anything. You can look at files and indexes and pull it up.
GlobalPOV: Why would you go through the trouble of getting someone's hard drive? Seems like there must be easier ways of getting to the data.
BK: No…that is the easiest way. You don't have to deal with firewalls…you don't have to hack. It's so easy. And it makes identity theft more accessible to an even wider group of non tech-savvy criminals.
GlobalPOV: What's it going to take for this problem to get more exposure?
BK: It's going to take some major corporations getting in trouble for it. Through 2001, 770,000 people were victims of identity theft- at a cost of 4.5 billion dollars. Can you imagine when it's 10 times that or 100 times that? And if the right terrorist got the right 10 or 15 or 20 computers, this country could be bankrupt. It's just that simple.
• Respond on the Message Board
• Back to Previous Page
|
