I recently found a discarded desktop computer, a Dell Inspiron model, lingering by the dumpster. Anything left next to dumpsters signifies that the former owner wants you to take it. Whoever abandoned the computer wants to do someone a favor. Unfortunately, computer donators don’t really know what they’re actually giving away: Privacy, passwords, security and potentially a great deal of money.
After giving the discarded computer a quick teardown, I put it through a variety of security tests and found glaring problems – problems our readership may learn from.
Stealing someone’s identity doesn’t take a lot of intelligence or even a lot of effort. The bad guys only need you to trust them with your hard drive and a combination of bootable live disks, brute-force password crackers and recovery software can turn your financial and personal life into a living hell.
The computer itself had a great deal of dust inside of it – suggesting that the previous owner likely didn’t properly dispose of their data. Upon close inspection, the dust itself had a peculiar kind of texture to it. When hit with canned air, it didn’t immediately disperse the way most dust does. A sure sign that the owner smoked around his electronics.
For those who don’t know – smoking around computers is a big no-no. Smoke carries with it oil, which adheres dust to surfaces. You can tell the difference between dust from a smoke-free home and dust from a smoker’s. Just put your nose to the power supply exhaust and you can smell the difference.
Opening the computer up revealed a dust-choked, yet still intact computer. All the primary components were there – motherboard, CPU, DVD drive, RAM and the power supply. This shot was taken after blowing it out with canned air. Notice the dust’s persistence.
The component that caught my eye, the soul of the computer: a hard drive. Getting access to just the hard drive gives an attacker a tremendous amount of power. They don’t really need anything other than the hard drive to launch a penetrating assault into the darkest corners of your personal life. Just two kinds of software make it easier than stealing candy from a baby.
There are about a dozen easy ways to perform a password reset or password recovery on someone’s computer. Ophcrack is a Linux-based Live USB/CD that does just this without any understanding of computers required. Simply download and burn the image to a USB or CD/DVD and boot it on the target computer, just like an installation disk. By default it will attempt to solve up to 14-character long passwords using what’s referred to as a Rainbow Table.
While a brute-force attack attempts to guess the locked computer’s password, a Rainbow Table differs slightly in that it offers a variation on the brute force method, combining a pre-generated table. Here’s a great explanation of how Ophcrack works. In short, it can break passwords very rapidly. Considering that most users don’t use secure passwords, it oftentimes takes a few minutes to work. Actually, even secure passwords don’t last long against Ophcrack.
I want to demonstrate how easy it is for a data-thief to steal someone’s password; it’s not my intent to bypass any security measures. How easy is it? On my own computer (not the discarded computer) Ophcrack guessed the password in 0 hours, 0 minutes and 0 seconds. To put that in perspective, the password didn’t withstand a single second getting hammered with brute force. In short, you can’t rely on your login password to protect sensitive data on your computer, unless it’s longer than 14-characters.
On the positive side of things, Ophcrack can recover forgotten Windows passwords. Also, as a means of providing security audits, the software remains an absolutely invaluable service.
Recuva can undelete data that you’ve sent to the recycling bin, even after emptying it. It exploits a loop-hole in how operating systems erase data. In order to preserve performance, information isn’t deleted after you clear the recycling bin. Although the operating system marks “erased” data for deletion, it leaves it on the hard drive’s platter until it is eventually overwritten with new data. Here’s a shot of what Recuva looks like as it undeletes your data:
Data isn’t actually reliably destroyed until the portion of the hard drive it inhabits gets overwritten – several times. That’s why data destruction software oftentimes writes over data multiple times. For example, the Bush-Cheney administration used a special wipe process known as a “seven level” wipe. The method writes over erased data seven times, ensuring that not even data fragments could be recovered, even with techniques such as Magnetic Force Microscopy.
Unfortunately, judging from the exterior of the computer, the individual who generously gifted their computer probably didn’t take any precautions. A tell-tale indicator that someone hastily wiped their data prior to handing off a computer is an empty recycling bin. Most people don’t wipe their recycling bins on a regular basis. And if it was recently wiped, chances are that data still inhabits the computer’s hard drive.
When a thief goes for the Triple Crown of skulduggery, he recovers your hard drive, breaks through your password and then loots your computer of its internally held passwords. The two most vulnerable programs are instant messenger clients and most browsers, which store unencrypted passwords. A nearly axiomatic expression has been to not store passwords of any kind on your desktop.
- Chrome: There’s several password recovery tools available for Chrome. You may want to check out ChromePass.
- Internet Explorer: Internet Explorer requires that you use a recovery tool like IE PassView.
- Firefox: Unlike Chrome, Firefox at least includes a password manager, which you can lock using a password. Password recovery tools do exist for it, though.
- Instant Messengers: One of the best password recovery tools for instant message clients is MessenPass. It works on a variety of clients as well.
There’s a great deal of software options out there for recovering a password from instant messengers, browsers and other software. Considering that many of us reuse passwords on multiple platforms and websites, thieves getting hold of just one can potentially lead to financial disaster.
What Should You Do?
For those seeking to dispose of their own computer, and for those who find one, perform a multi-pass wipe on it. Ubuntu or Linux Mint are great for performing formats. Also, simply overwriting the original installation may not prevent data recovery attempts, but it will reduce the likelihood of it.
For destroying data, try Parted Magic. Parted Magic includes several disk wiping (and cloning) utilities that include multi-pass functionality. If you prefer another solution, try one of the many LiveUSBs offered in Live Linux USB creator (our guide to LiLi). We have covered several password recovery options. On the other hand, we cannot stress enough how important it is to use strong passwords to protect your data.
If you intend on throwing out an older computer, at the very least, consider using a multi-pass formatting tool on the hard drive. At the most, remove your hard drive from your computer before handing it off. A second point that I wanted to make with this article, is that data thieves only need your hard drive in order to get your passwords. The best precaution is to remove your hard drive. A third point is that you should be empathetic. If you ever find a discarded computer, take the hard drive and wipe it. You get Karma for doing so.
Did anyone else ever forget to wipe a discarded computer? Or find a computer? Let us know in the comments.