14.03.2023 - Two years ago, the first NCSC weekly review was published. It was the start of a weekly series in which we report on the latest cyberincidents. Each week, we provide various tips on how to protect yourself and what to do in case of an incident. Including today's, more than 100weekly reviews have been published. The NCSC would like to thank all its readers for their interest. The current review shows what risks arise when disposing of or passing on computers, smartphones and USB sticks. The number of reports received by the NCSC fell sharply last week as the wave of fake extortion is now easing.
Computer disposed of – account hacked
Every computer eventually becomes outdated or breaks down, is replaced and has to be disposed of. This was the case with a computer that was reported to the NCSC last week. The person who reported the incident had handed in his MacBook at a disposal point. A few days later, however, he received a security warning that his MacBook had been activated and someone had tried to change his Apple account. It is suspected that someone was indeed able to gain access to the disposed-of device and hence to the data stored on it, such as the victim's photo collection, emails and login details.
This report to the NCSC highlights the importance of completely erasing the hard drive in computers and notebooks, USB sticks, mobile phones or tablets, etc. before their disposal or resale.
Simply deleting data is not enough
It is important to be aware that simply deleting data is not sufficient. Electronic data remains on the storage medium even after deletion, or after emptying the recycle bin. Only the information in the internal "table of contents" about where the data is stored on the hard disk is deleted. To delete data permanently, the storage location must be overwritten multiple times at random. Special programs are available for this process, known as wiping. If used properly, the hard disk is permanently erased so that the data can no longer be recovered, even using recovery programmes.
Before wiping, you should also remove linked accounts from your device and log out of applications (email client, Office 365 account, etc.).
Nowadays, modern operating systems also include functions that reset notebooks and mobile phones and prepare them for disposal or resale. In the past, however, deficiencies have been found in these functions and the deleted data could still be recovered. In order to reliably delete your data from a hard disk, it is therefore recommended to use a specialised program to randomly overwrite the hard disk several times. In addition, the recovery partition, and with that the manufacturer's recovery function, should also be overwritten. Overwriting the data is the only option for older devices.
If a device is no longer to be used, the data carrier can also be physically destroyed. However, the storage media must first be removed from the device, which can be time-consuming.
MacOS and Windows
Apple has published instructions for its operating systems on what to do if the computer is to be disposed of, sold or given away. These allow the data to be deleted and the notebook to be restored to factory settings.
The current Windows operating systems also have functions that reset computers to factory settings. Microsoft has published the relevant instructions.
Smartphones and tablets
On both Android and Apple devices, the storage space is encrypted if the corresponding function is available and switched on. It is therefore sufficient to delete the associated key to prevent access to the data. This is done as part of the factory reset. However, how secure this procedure is also depends on the encryption algorithm and key used by the manufacturer. Therefore, it makes sense to additionally overwrite the data. Overwriting the data is also the only option for older devices that do not have encrypted memory.
USB sticks, SIM cards with memory function, external hard disks, CDs/DVDs and other storage media
There are countless freely available tools on the internet for deleting data, known as shredder or wiper programs. However, it is sometimes unclear how effective a program is. If in doubt, specialists can provide information. Physical destruction must cause as much damage as possible. In the case of SSD (solid state drive) memory, each individual memory chip must be physically damaged. Note that many types of storage media can shatter violently when destroyed.
Last week's reports by category:
Last modification 14.03.2023