Posts

Getting Rid of an Electronic Device? Do This First…

A shocking study by the National Associated for Information Destruction has revealed some terrifying information: 40% of electronic devices found on the second-hand market contains personal information. This information includes usernames and passwords, personal information, credit card numbers, and even tax information. Tablets were the most affected, with 50% of them containing this sensitive information, while 44% of hard drives contained the info.

What does this mean for you? It means that all of those old devices you have laying around could put you in danger.

Deleting…Really Deleting…Your Devices

Many of us will haphazardly click the ‘Delete’ button on our devices and think that the information is gone. Unfortunately, that’s not how it works. You might not see it any longer, but that doesn’t mean it doesn’t exist.

To really make sure your device is totally clean, you have to fully wipe or destroy the hard drive. However, before you do, make sure to back up your information.

Back Up

Whether you use a Mac or a PC, there are methods built into your device that will allow you to back it up. You can also use the iCloud for Apple, or the Google Auto Backup service for Androids. And of course you can use external hard drives, thumb drives or remote backup.

Wipe

Wiping a device refers to completely removing the data. Remember, hitting delete or even reformatting isn’t going to cut it. Instead, you have to do a “factory reset,” and then totally reinstall the OS. There is third party software that can help, such as Active KillDisk for PCs or WipeDrive for Mac.  If you are trying to clean a mobile device, do a factory reset, and then use a program like Biancco Mobile, which will wipe both Android and iOS devices.

Destroy

Wiping will usually work if your plan is to resell your old device, but if you really want to make sure that the information is gone for good, and you are going to throw the device away anyway, make sure to destroy it.

Many consumers and businesses elect to use a professional document shredding service. I talked to Harold Paicopolos at Highland Shredding, a Boston Area, (North shore, Woburn Ma) on demand, on-site and drop off shredding service. Harold said “Theft, vandalism, and industrial espionage are ever increasing security problems. Today’s information explosion can be devastating to your business. Most consumers and businesses may not know that they have a legal responsibility to ensure that confidential information is not disseminated.” The reality is, if security is important to you or your company, then shredding should be as well.  

The goal, of course, is to make it impossible for thieves to access the data you have and/or discard.

Recycle

If you want to recycle your device, make sure that you only use a company that is certified and does downstream recycling. Know that recycling offers NO security for your information. They should be part of the R2, or Responsible Recycling program or the e-Stewards certification program. Otherwise, your data could end up in the wrong hands. Also, if you recycle or donate your device, make sure to keep your receipt. You can use it when you file your taxes for a little bit of a return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How the Government (and Bad Guys) Intercept Electronic Data

The news of the NSA spying using PRISM should not come as a surprise to anyone in the intelligence community. Electronic spying is as normal as breathing. And when a 27-year-old American traitor with little life experience (he was 15 when 9/11 hit) blows the lid off of a current spy program, it’s time to define why and what needs protecting.

  • PRISM: This is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007. Much of the information collected by PRISM is done via warranted tapping into servers here in the U.S. that route lots of data overseas. Its purpose is to discover “chatter” and prevent manmade disasters.
  • ECHELON: ECHELON is a name used in global media and popular culture to describe a signals intelligence (SIGINT) collection and analysis network created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s. The ability to intercept communications depends on the medium used, be it radio, satellite, microwave, cellular or fiber optic.
  • Cell site simulators: Slate.com reports this “equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design, Stingrays, sometimes called ‘IMSI catchers,’ collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service.”
  • Remote-access Trojans: A remote-access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program—such as a game—or sent as an email attachment.

These are just a few of the ways data is collected/gathered/stolen. So should you be worried? If you are up to no good, yes. If you have personal information on your devices that can be used to steal your identity, yes.

However, I’m personally not concerned about data being collected by my government. I’m well aware of what I’m electronically communicating and nothing incriminates me. But what does worry me is when bad guys get hold of data via RATs and use it to take over accounts or open new accounts. Using antivirus, antispyware and a firewall is your best defense.

We can’t do much to protect ourselves from government surveillance other than simply not communicating digitally or using less popular search engines, social sites and email programs. But there are tools such as TOR and Hotspot Shield VPN that mask IP addresses and can be used to anonymize communications.

If you want to seriously hide, then using anonymizers to create accounts and then continuously communicate using them is the most effective way to go.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.