(1) HP OfficeJet LX

     One of my favorite places to go shopping for computer components, as odd as it may seem, is Goodwill. Goodwill is an organization that has stores that people donate items to. The items are then sold at the stores, usually at very low prices (since it is all profit), and the proceeds go to people who have physical or mental disabilities to give them job training and support. While you won't find any Pentium 4's or even old Durons at Goodwill, you can occasionally stumble across some interesting item that demands a spur-of-the-moment purchase. Items I have bought in the past include a CB Radio, a pinstripe suit,  a Super Nintendo, the original Mario Bros. for NES (and the list goes on). A few weeks ago I bought a Hewlett Packard OfficeJet LX for the price of $14.99. The OfficeJet LX is pretty old, but it has a copier, fax, and printer all in one, and I needed an extra printer for my workstation computer. I took it home, and of course the print cartridge inside was old and busted up. I bought a brand new sealed one on eBay for $15 including shipping, and once it arrived I started playing around with it more. The first thing I did was explore the printer menu on its LCD screen, and among other things I cam across a speed dial list.

 

(2) Speed dial menu

    Curious, I pressed "1" for the first speed dial setting, and a name popped up. I have blurred it out in the following picture, but the point is made.

 

(3) The name in speed dial #1

    Continuing on, the next screen contained the fax number, which is usually one or two numbers off at the end from the home number (if it is a residential fax). Once again, I blurred this out for the person's privacy, but remember that I had this information in real life.

 

(4) The number for speed dial #1

    While I am not a cyber criminal or professional identity thief, this information did peak my curiosity a great deal. I went through the entire settings and menu, and finally got the printer to print out the following (click on the pictures to enlarge).

 

(5) A guide to information hijacking

    There, in a nicely laid out fashion, was the entire speed dial list, complete with names and numbers. At the top was the header for the previous owner, complete with name and phone number. Being the bored teenager I am, I decided to hit the internet and see what I could glean from this information. My first stop was Google, and I spread out from there.

    Keeping in mind that I was venturing into unknown waters, and armed with only names and phone numbers that could be outdated, I ran directory, phone number, and name searches. Three out of the five people on the first list I was able to track down with free people-finding websites. From these sites, I got complete names, updated phone numbers, and full addresses. All three names showed up as living in North Carolina (I live in Illinois). Using Mapquest, I was able to pinpoint the locations of their houses, and saw that they lived within about a 30 mile radius or so, which meant that the information was most likely accurate. At this point I decided to stop, as I was not sure how far was too far before I grabbed seriously damaging information.

    After about an hour performing searches on these people, I decided to see how easy it would have been for the the previous owner of the OfficeJet LX to erase this infortmation. Without the manual that came with the printer, I was able to delete all the information in about 10 minutes. 10 minutes is all it would have taken the previous owner to erase this information.

Hard drive security:

    Moving onto a different track, the more obvious way to grab sensitive information is from intact hard drives that people leave in computers that they either sell or donate to charities like Goodwill. Just leaving the hard drive unformatted is asking for trouble, but even a format with your Windows CD or in Windows is not good enough to remove your information for good. There are numerous programs out there that can restore deleted or formatted information. Besides having formatting my parents' old HP Pavilion for donation, I also recently formatted my own 15GB WDC hard drive for sale on eBay. Some of the more popular programs for sale at this time write all zeros to the drive, while others overwrite the information on the drive with random gibberish. I prefer the second method, although both are generally acceptable by hard drive erasing standards.

    For both my parents' hard drive and my hard drive, I used a program called BCWipe. BCWipe overwrites the hard drive with random gibberish, and does it seven times over seven separate passes. The program is available for free the first 30 days, with no limitations or features excluded, and after that it costs $39.95. The price is a little steep for small time users such as myself, but is low for people who work in larger business environments where business secrets remain secret as long as older hardware is phased out properly, or for people who sell hard drives on eBay on a larger scale.

    All I did to wipe my hard drives was use BCWipe, and once BCWipe was completed, I formatted the drives with my Windows 2000 CD just to be safe. I now rest assured that no matter whose hands the drives end up in, my personal info will remain where it belongs.

Conclusion:

    If someone is really determined to obtain your private information, and they are experienced enough in the field of identity theft, then there is not too much you can do about it. However, you can avoid giving up your information on a silver platter by taking a little time before you donate or sell your computer hardware. Many things (take the OfficeJet LX for instance) can be a small gold mine for identity thieves, and unformatted or hastily formatted hard drives are easy pickings as well. I hope that by reading this article you can be more aware of items that you were considering selling or donating, and you'll never have to go through the turmoil of trying to recover your credit rating and sometimes your hard earned money after an identity theft. If a 16 year old with 15 bucks and no identity theft experience can acquire this information so easily, then what about a professional?

Home  ^^^