When getting rid of your old electronics like cellphones and computers, whether selling them or throwing them away, do you think twice about the private data you're leaving behind?
A Contact 5 investigation found many of you, even government agencies and computer experts, do not.
Contact 5 went fishing for personal information with Alan Crowetz of Infostream . "These days when it comes to hackers and the bad guys, information is power," said Crowetz.
It's information that's sometimes left on computers that their owners don't want anymore and end up selling. "Finding out Social Security numbers, finding passwords, finding financial information, that's almost more valuable than money these days," said Crowetz. "This is a great source to find information that people don't think twice about disposing of."
WHAT ARE HACKERS LOOKING FOR?
Contact 5 used popular sites like Craigslist and Ebay for our search. Crowetz told us what exactly the hackers and bad guys would be looking for in the perfect computer. We conducted an investigation so we could tell you how to protect yourself when selling.
"For me, I want to find things that are older. Those are much more likely to be a target because it's less likely to be a computer knowledgeable person and the older they are, the more data that's on there," said Crowetz.
Crowetz says bad guys will also be looking at what version of Windows is on a computer. Crowetz says when someone wipes a computer clean before selling, they usually re-load the newer versions of Windows back on it, to make it more desirable. If the computer you're looking to buy has an older version of Windows, it may mean the person never wiped the computer in the first place.
"If they say 5 or 6 years old, they've probably wiped and reloaded it. But if they say it's only 3-4 years old, you know there's a decent chance this is the original, they have not done anything," says Crowetz.
So watch out if someone starts asking about what version of Windows you use, "There's usually ulterior motives," said Crowetz. "If I am a hacker, I am going to take the time to ask questions."
Be clear, in your advertisements, that you wiped the computer and re-loaded it before selling it, advises Crowetz. "Most of the time, the right way to wipe a computer takes hours and people are not willing to do that, even when someone has erased and reformatted their computer, they can pull that data out really easily."
Or if you work in computers, write it down as well.
"Here's a good example here. I am a computer technician. Already I'm not interested," said Crowetz while shopping on Ebay.
Laptops are also more convenient to hack, according to Crowetz. "A lot of times you can grab passwords off laptops."
And even if your computer doesn't turn on, that doesn't mean the data is gone. "What they don't realize is that even if the computer doesn't work, the hard drive still does. I can still take that hard drive out and look at the data. So that's a good sign, there's a chance they didn't wipe this computer," Crowetz said.
WHAT WE FOUND
Contact 5 bought 4 computers. One from Craigslist, two HP computer towers from the Palm Springs Police Department and one from Ebay.
The laptop from Craigslist was securely wiped. The computer towers from the Palm Springs Police Department still had some data, Crowetz said.
"I found it really surprising, those weren't wiped at all. However, they lucked out. They put special software on there, so you can't tamper, you can't save information, almost anything on the computer. They didn't erase it, which is still concerning to me, makes me wonder if they're getting rid of other accounting computers, and not erasing the data," said Crowetz.
Now for the 4th, belonging to the Erie family: "It is alarming. And I'm a guy who deals with security and stuff, I should be used to this kind of thing. But this is just so bad," said Crowetz.
We could see every website the 6 person family had used from 2005 to 2010 when the computer was used. There were millions of emails, pictures of the children.
There were also tax returns belonging to the children. "I can use Social Security numbers to open up credit cards, bank accounts. I have enough personal information on there, I can reset their passwords for their bank accounts," said Crowetz. "It's a pedophile's perfect scenario; it's identity theft perfect scenario."
An incredible return for a computer available to anyone for just $40. A computer that was also dead, but the hard drive still worked just fine. "I might as well be holding a $10,000 bill in my hand right now," according to Crowetz.
But not only did the Eries put themselves at risk, they also endangered thousands of others. Christine's husband used the computer for work, he had personal information on more than 10,000 former or potential clients on the laptop.
"It's a list of people who are looking for financial advice. You can't even imagine how valuable that would be to a bad guy. In this case, I know these people have money because it shows their income, I have their email address, their phone number, that really gives me a great way to steal their identity or reach out to them to scam them. If I just ripped off 1% of these people I would be rolling in the dough," Crowetz says.
"I can sell this to another bad guy on the dark web who might buy this from me for a $1000. Instant return."
We tracked down Christine Erie, one of the owners of the computer. She told us, "it didn't work, hadn't turned on in probably 5 years. Probably sitting in the closet for ten."
She said she did put a magnet to the computer before giving it away, because she "had heard you could put a magnet up to it, and it would wipe everything. And we had a big round magnet and I tried that but I guess it didn't work."
As we found, it didn't.
Christine Erie called the entire situation, "scary."
"Thankfully you guys bought it," Christine told Contact 5.
WHAT TO DO WHEN SELLING OR DONATING AN OLD COMPUTER
Crowetz's first piece of advice? It's probably not worth it to even sell in the first place.
"Is it really worth $30, $40 for the risk you're taking to sell an old computer," said Crowetz.
But if you do want to, here are a couple things to think about:
1. Take the hard drive out, and destroy it.
2. DBAN.org: It's a free program that scrubs data from a hard drive.
3. Take your computer to an expert and have them wipe it.
WHAT HACKERS LOOK FOR IN A USED COMPUTER:
- OLDER MODELS
- VERSION OF WINDOWS
- WHETHER THE AD SAYS THE COMPUTER WAS WIPED
- WHETHER THE COMPUTER STILL HAS A HARD DRIVE
- IF THE COMPUTER IS DEAD, BUT HARD DRIVE IS STILL THERE
HOW TO PROTECT YOURSELF, AND SELL YOUR USED COMPUTER AT THE SAME TIME:
The Catch - If you do not erase EVERYTHING, it is HIGHLY likely you will leave dangerous stuff behind. But if you erase everything, the computer is not easy for anyone else to use if you want to give it away or sell it. They have to buy a lot of stuff to use it again in most cases.
TO WIPE ALL OF THE DATA:
1. Darik’s Boot and Nuke (Dban.org) Free Version - Considered "very secure."
2. Take out the “Hard Drive” – the device that physically holds all the data. Physically destroy it with drill/hammer.
3. Use built-in tools like “Format." Requires some skill, still possible (but difficult) to recover.