A View From the Abyss – Horror Stories of Data
Destruction
Professor Andrew BlythHead of Information Security Research Group
University of GlamorganE-Mail: [email protected]
Tel No: 01443 48 224524th Nov 2011
Professor Andrew BlythHead of Information Security Research Group
University of GlamorganE-Mail: [email protected]
Tel No: 01443 48 224524th Nov 2011
Data Disposal
Material Obtained from Investigation Study was of 250+ second hand disks.
Processes and Analyzed in accordance with the ACPO guidelines.
Funded by the BT, UltraTech, Simms and perform in conjunction with Edith Cowen University (Australia), Khalifa University (UAE) and Longwood University (USA).
Results are of a long term study
The material found from the Disk Study 2005-11 research can be put into three categories: Personal Corporate Government
Statistics – The UK/Europe
Statistics – Other Regions
Material (Personal PCs)
Communication Material
Emails (which included details of extramarital affairs, and love letters)
Usernames and passwords
Financial Material
Documents found which indicated correspondence to Banks, which included bank account details
Credit card details found
Invoices for purchases
Illegal Material
Paedophilia material
Hard-core Pornography.
The Nature of the Beast
Corporate information was found from different types of organisations The institute of Gas Engineers
Toni and Guy
Initiative Media
Marathon Oil
Ford Motor Company
The National Health Service
The German Embassy in Paris
Toni and Guy
This disk appeared to originate from Toni & Guy Hair Salon. It contains a number of pieces of information
staff takings, database of suppliers, record of work, staff names and contact information
Also has a number of passwords protected documents some of which use the same password.
Initiative Media
Substantial information appears on the disk relating to Initiative Media, this PR firm appears to have / had a large contract with a major house hold company. Types of information includes:
PowerPoint presentations Company strategies Emails and Memos Communication with partners / customers Account / financial information Brand images and photos Information on surfing habits hotels: etc...
Main user appears to be a one consultant - Carved space has considerable porn thumbnail images and some larger images. And some porn images are in the file system.
Marathon Oil One disk has a variety of data present which relates to
company called Marathon Oil, this includes: Logo for Marathon Oil on the computer along with log in
screen to Marathon with a user id number. Photo of oil rigs (identifiable as Brae field and have logo
Marathon oil on the side of the rig) Numerous photos of what appear to be oil rig equipment some
of what appears to be worn. Marathon oil documents include:
Oracle DB information Staff lists Staff training information Documentation on maintenance of oil rigs, and
maintenance records Material suggesting risk assessments Helicopter refueling safety check Also hydrocarbon release forms (oil into water?) Memos and other internal paperwork.
NHS Trust What appears to be material relating to the accessing of
a system known as the “Electronic Patient Record (Soarian)”
Network TCP/IP Configuration and Proxy Info. Portions of patient history with details of tests taken,
example included (patient name and identifiers removed) in other cases what appears to be test results for a cancer patient.27/07/2005 11:55 EDTA FBC (Prelim. Report) 27/07/2005 16:58
Full Blood count 27/07/2005 16:58
27/07/2005 11:55 Serum Bone Profile 27/07/2005 16:47
Liver Profile 27/07/2005 16:47
Renal Profile 27/07/2005 16:47
27/06/2005 10:50 Bronchial Washings Bronchial Washings 29/06/2005
27/06/2005 10:50 Bronchial Washings Bronchial Washings 26/08/2005
The State of Play
Questions