Homemade sex tapes sold off old devices
People who sell on their old digital storage devices are unwittingly exposing themselves to identity fraudsters by not wiping their old files, research suggests.
Banking details, personal information and homemade pornography are amongst the most common files found on second hand memory cards and USB sticks when people re-sell their devices in a bid to recoup the cost of their digital storage.
Edith Cowan University researcher Krishnun Sansurooah said research had revealed that most people who sold these devices through online auction sites often leave personal and private information on them.
Mr Sansurooah looked at USB sticks as well as memory cards in studies carried out throughout the past two years.
A survey of used memory cards had alarming findings.
More than half of the 78 cards purchased online showed no evidence that the previous owners had attempted to remove data and 19 included notes requesting the buyer remove the data left on the cards.
As well as credit card details, the cards contained government documents, sexual images and homemade pornographic videos.
A similar study of USB sticks involved the purchase of 80 from across Australia through online sites.
Of the 76 that worked upon arrival, only six had been wiped completely.
Mr Sansurooah said 46 contained information that could be used in a malicious way and 42 of those included personal information.
The information contained on 24 of them was enough to identify a person.
He said while some people had made attempts to remove this information, others had not.
One USB stick contained 890 documents from an Australian university which included bank account details, education history and identifying details of students at the university as well as their computer login details.
Mr Sansurooah said if it was easy enough for a researcher to unearth this information, it was easy enough for someone else with malicious intent to unearth personal information on devices.
He said much of the information left on devices was enough for identities to be stolen or fraud to take place.
"No one is stopping anyone else from doing it," he said.
Mr Sansurooah reminded people that pressing delete or formatting an item was not sufficient to remove information.
"If you do this, it is still there residing in the memory, what you delete is just the pointer, pointing to it," he said.
Mr Sansurooah said while there was software that could be purchased or downloaded for free to override all data on a device, he urged people simply not to on sell digital storage devices.
While he admitted it was not the most environmentally friendly option, he said he used a drill to damage USB devices he no longer needed.
He said people were not becoming any more careful, as more data was found on cards in the 2012 survey compared to one Mr Sansurooah carried out in 2011.
"People are becoming increasingly lazy," he said.
Mr Sansurooah said people were motivated by getting back some of the money they had paid for their second hand digital devices.
"They might pay $30 for a memory card and after using it for a year, sell it for $20," he said.
Mr Sansurooah will discuss his research this week at the 2012 secau Security Congress which starts today.