The majority of today’s businesses rely in some way upon computer systems to handle the tasks of everyday commerce. These businesses are increasingly using computers to work with their internal and external documents, depending more and more on digital storage every day. Most attention has been focused on well-known problems such as viruses, exploits, etc.
Attacks by intruders and insiders have led to billions of dollars in lost revenue and expended effort to fix these problems. For the most part, these attacks have been focused on software based vulnerabilities, while perhaps the most devastating vulnerabilities lie in hardware devices which exist in the majority of all computer systems in use today.
In fact, physical attacks on storage hardware are common and may be the most likely and dangerous type of attack. Although using this new, digital alternative to paper may seem to be easier and faster, inside these seemingly harmless computers lie devices which are recording and generating audit trails of all data ever accessed on them, potentially acting as an informant to whoever possesses the devices. In fact, overlooking these devices may give an attacker a chance to steal sensitive data. Also, this could be carried out by any personnel with physical access to the machines.
What are these devices? Is this some sort of top-secret spy gadget? The answer, surprisingly, is no. It’s the traditional, magnetic hard drive. Magnetic hard drives are used as the primary storage device for a wide range of applications, including desktop, mobile, and server systems. All magnetic disk drives possess the capability for data retention, but for the majority of computer users, the hard disk drive possesses the highest lifespan of all magnetic media types, and therefore is most likely to have large amounts of sensitive data on it.
Businesses spend large amounts of time and money on developing and implementing important and well known safeguards such as firewalls, antivirus products, spyware scanners, and more. What is too often overlooked is perhaps the most serious threat of all: reselling or re-using used hard drives which may contain critical information on the business’ customers, sensitive internal documents, the business’ network layout, passwords, trade secrets, and other sensitive information. With more and more documents being converted into digital format, this is an ever-increasing threat. We will focus on the traditional magnetic hard disk, and exclude other types of magnetic media such as floppy disks, as floppies can be cost-effectively destroyed if they contain sensitive data. However, it should be noted that other forms of magnetic media can also yield a treasure trove of data to whomever has physical access to them.
Click Here to download the paper