I spotted this tweet earlier, and was a bit shocked to say the least - not by the author of the tweet, but the author of the article itself, which was this https://www.uscybersecurity.net/cyber-attack/
Even dead computers pose a significant risk if the HDD remains intact and has not been securely erased.
We really need to do better than this if we are to protect the integrity of sensitive information, and data that is our property. Simply dumping a PC when you have finished with it (or when it simply gives up) is nowhere near sufficient to protect this sensitive data. Criminals are not interested in hardware - they will typically be interested in the contents of the disk. Even if you think you’ve removed data, you’ve only removed the pointers to it - the information will still be there for someone with a basic knowledge to be able to recover.
Seriously - if you do decide to get rid of your PC, Laptop, Phone, or anything else that may contain sensitive information (even copier image drums contain data), then for your own sake and safety, ensure that the contents of the disk have been erased first. We’ve seen so many tales of laptops being sold on eBay where the data remains intact - in some cases, much to the detriment of the person selling the equipment. If you wonder what I’m talking about here, there was a story on eBay some time ago where some random guy who thought he was some sort of “hot shot” decided to sell a broken laptop, which a security expert bought. BIG mistake…
The article was hilarious - this guy basically uncovered the seller’s entire life, his Hotmail account, and so much more - including some bizarre images, shall we say… I doubt you’ll find the story now, but this guy threatened to place the entire contents online for the world to see unless the seller gave him a refund 🙂
But, back to my point - it’s incredibly easy for anyone to assume someone else’s digital identity by failing to remove sensitive data from machines before they are disposed of. We as security professionals should be giving out much better advice than this.
Let’s open up the discussion in this area, as it’s woefully misunderstood.