Second-Hand Computers Pose Identity Theft Threat

Jan 30, 2006
Computer connected to the internet

A new identity theft study conducted by leading University of Leicester criminologist, Professor Martin Gill found that second-hand computers - which account for one in 12 computers in use worldwide - can be a potential treasure trove of personal information - putting users at risk of fraud and identity theft. The study urges personal and business computer users to ensure that all data is removed from their computers prior to disposing of them.

During his study, Second-Hand Computers and Identity Fraud, Professor Gill and his team purchased six computers through a mixture of second hand channels. They then conducted a forensic data analysis on each one, using a widely available software programme.

Half of the computers had in fact not been securely wiped. In one case there had been no attempt to wipe the contents whatsoever. Worryingly, data retrieved from two of the computers contained information that could be used by an identity thief.

Professor Gill, commented: "The fact that we found so much personal information through a focused study indicates that the potential for fraud and identity theft from the second hand PC market is huge. More and more of us use PCs to conduct our personal business. We must all be careful not to overlook the virtual information trail that we leave behind us."

He continued: "Simply re-formatting a hard drive is not enough to make data irretrievable. Anyone disposing of a personal computer must ensure that all data is securely wiped using specialist software to wipe over every sector of the hard drive."

Computer one

Data retrieved included: bank account details; correspondence with a bank noting change of email address; membership details for a DVD website including username and password; details of a CV outlining qualifications and where the person studied.

Alarmingly this computer was bought via an internet auction. The seller not only said that the computer had been re-formatted but he also noted that 20 more of his clients' old computers were shortly going to be made available for auction.

On this evidence, Professor Gill believes that internet auction sites represent a good opportunity for identity fraudsters to obtain previously used computers. Indeed, based on the results of a search conducted across one popular auction website on 24th January 2006 as many as 13,000 second hand or refurbished laptops and PCs are up for auction at any given time.

Computer two

Computer two contained data on: Full name and details (sort code and account numbers) for eight separate accounts with a major high street bank; username and password for an ISP account; an e-mail from a travel firm confirming details of a new online account - including password; letters of correspondence confirming the user's address.

Interestingly computer two also appears to have been used for business purposes and contained sensitive information. There was a spreadsheet which contained details of creditors, payroll, the income tax due, the bank overdraft and the VAT due. There were also lists of around 250 names and addresses of past and present customers.

But it's not just those that sell their unwanted computers that are under threat. The reports' sponsor Capital One, which offers free identity theft and fraud protection and assistance services, points out that disposing of a PC is just as dangerous. One only has to visit a local refuse centre to find discarded computers and hard drives that can be picked up for free - or for a small charge.

Justin Basini of Capital One, commented:

"To date most of the advice surrounding protecting oneself against fraud and identity theft has centred around looking after personal, paper-based documentation. But that won't account for the digital fingerprints that we leave behind on our PCs. We hope that our study will alert people to the dangers and encourage them to thoroughly cleanse computers before letting them out of their possession."

Identity theft occurs when criminals steal and use your personal information, such as your social security number and date of birth, to assume your identity and make telephone or online purchases or open up credit card accounts and other lines of credit in your name.

These crimes are facilitated by the relative ease with which offenders can gain information and personal documentation about people. According to research published by CIFAS2, there were approximately 60,000 victims of identity theft in 2005 (a 14 per cent increase over 2004) and APACS3 reports that 7 per cent of all plastic fraud is related to identify fraud, costing approximately £37 million last year alone.

Basic advice for wiping data from a PC

1. Remember that the delete function does not securely wipe/erase the data. Much of it will be retrievable.

2. Reformatting the hard drive does not wipe/erase the data.

3. Always wipe the whole hard drive using a specialist software application before disposing of the computer. For this study Professor Gill and his team wiped all the data from the computers afterwards using a software programme called Encase Version 4.22.

4. If in doubt, seek professional advice before letting the PC out of your possession.

Source: University of Leicester

Explore further: Microsoft beefs up security protection in Windows 10

add to favorites email to friend print save as pdf

Related Stories

Apple sees iCloud attacks; China hack reported

12 hours ago

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

Atomic trigger shatters mystery of how glass deforms

Oct 18, 2014

Throw a rock through a window made of silica glass, and the brittle, insulating oxide pane shatters. But whack a golf ball with a club made of metallic glass—a resilient conductor that looks like metal—and the glass not ...

Banks harvest callers' voiceprints to fight fraud

Oct 13, 2014

(AP)—The caller said her home had burned down and her husband had been badly hurt in the blaze. On the telephone with her bank, she pleaded for a replacement credit card at her new address.

Hackers leap from dark basements to world stage

Oct 10, 2014

Hackers are shaking off their reputations as nerdy, loner basement dwellers and rebranding themselves on the world stage as members of Internet age tribes with offbeat codes of conduct and capricious goals.

JPMorgan breach heightens data security doubts

Oct 03, 2014

New details on a cyberattack against JPMorgan Chase & Co.'s computer servers this summer add to increasing doubts over the security of consumer data kept by lenders, retailers and others.

Recommended for you

Microsoft beefs up security protection in Windows 10

15 hours ago

What Microsoft users in business care deeply about—-a system architecture that supports efforts to get their work done efficiently; a work-centric menu to quickly access projects rather than weather readings ...

US official: Auto safety agency under review

Oct 24, 2014

Transportation officials are reviewing the "safety culture" of the U.S. agency that oversees auto recalls, a senior Obama administration official said Friday. The National Highway Traffic Safety Administration has been criticized ...

Out-of-patience investors sell off Amazon

Oct 24, 2014

Amazon has long acted like an ideal customer on its own website: a freewheeling big spender with no worries about balancing a checkbook. Investors confident in founder and CEO Jeff Bezos' invest-and-expand ...

Ebola.com domain sold for big payout

Oct 24, 2014

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Hacker gets prison for cyberattack stealing $9.4M

Oct 24, 2014

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Magic Leap moves beyond older lines of VR

Oct 24, 2014

Two messages from Magic Leap: Most of us know that a world with dragons and unicorns, elves and fairies is just a better world. The other message: Technology can be mindboggingly awesome. When the two ...

User comments : 0