Do repair techs look through HD contents? 1

[Allen455]

Hi, sorry if this post is miscategorized, I'm not really sure what forum it best fits in...

My basic question is this: If I have some very sensitive data on a laptop hard drive being sent in to Compaq for repairs, how worried should I be about that data getting read by a worker at the repair facility?

I have a Compaq laptop, still under warranty, with a defective motherboard or power supply (it made an electrical "pop" and turned into a brick a few days ago). So I'm sending it in for repair or replacement, and luckily I have all my data backed up just fine. It's XP Pro/FAT32, with a password, so it's not like they're going to "accidentally" boot up into my stuff, but it wouldn't exactly be hard, either.

I'm feeling pretty stupid at this point for not using whole-drive encryption, let me tell you.

The hard drive itself is in this extremely stubborn caddy (with stripped screws!), so I can't just put it in an external enclosure and delete the data that way... Argh!

If you have any ideas/thoughts/experiences, I'd appreciate it SO much! Thanks in advance!

 

[bobw]

firewolfrl,
I attended a pc forensics course and we were told that if you see three (3) kiddie porn images you are required to report this. Personally I would drop the machine at first glipse of such data - not to worry about seeing a second.
The instructor was quizzed on this point and stuck to his story.

Allen455,
I have to agree with StuReeves and encourage you not to worry about it. Much of this work is done in a very rushed situation where poking around in a hard drive would be (almost) the last thing on a technician's mind.


Almost...well, was that comforting??? Bob

"If the only tool you have is a hammer, you will see every problem as a nail." - Abraham Maslow

 

[kmcferrin]

My thoughts:

As a general rule, sending it back to the repair depot for one of the big manufacturers is probably safe. That would be HP/Compaq, IBM, Dell, etc. As everyone else pointed out, in most cases they are far too busy to bother snooping. Assuming that the problem isn't the hard disk then it's unlikely they'll ever do anything more to it than boot it into Windows as a final check. If you happen to have something "interesting" when Windows boots (i.e., Wallpaper, system sounds, etc) then a bored or curious tech may take a second look. But again, as mentioned, most of those places have fairly strict privacy policies. Getting sued because a repair tech found a video of you and your spouse and posted it on YouTube is not the sort of thing that they like to happen.

Now if you are sending it in to a smaller shop, or taking it to a store for repair then it is MUCH more likely that someone is going to look through it for something interesting. It is also much more likely that if they find something interesting that they would make a copy of it for themselves for show it to someone else. It is also more likely that they will snoop around on your PC if you report strange or unusual behavior, or if a "PC health check" is included as part of their service (common with smaller shops).

Now if you happen to have something illegal on your PC (the textbook case is kiddie porn, or something that looks like it could be kiddie porn) then if they find it, they will undoubtedly report it to authorities, who will probably take a statement and then use it to get a warrant.

 

[firewolfrl]

bobw,
LOL.... I occassionally work for my local police department as the first stage in an investigation....if I find anything then the computer gets shipped to the state patrol labs...if I don't the city saves some money. I had to take multiple forensics courses to be qualified by the state patrol.
nice thing is the state hourly rate for this kinda stuff is higher than my hourly rate and the state is required to pay their rate

 

[wahnula]

All this talk about the user's criminal behavior, I am talking about something much more basic...identity theft. Or website usernames and passwords being compromised.

I am a privacy buff, shred every document and CD with any personal info before disposal. I would not want my personal details (like pictures of me & my dog) floating around out there without my consent, much less my banking info & budget.

There are bad apples in every bunch, and even if it's a 1/1000 of a percent chance of my personal data being compromised that is too much for me. If I ever send a PC off for repair it will be clean & shredded of ALL personal data. Once it leaves your home you have zero control over it.

Tony

 

[firewolfrl]

wahnula,
You make a good point about Identity theft....its a proven thing that less than 6% is stolen online, 80%-90% are from family (includes caregivers), and under 10% from mail theft and garbage rummage...


LOL I would be more worried about family....especially my mother-in-law.......

 

[Allen455]

Thanks everyone for all your replies and ideas! I ended up finding a local repair shop that managed to get those screws out... and didn't charge me a dime, which was really nice of them. So anyway, all is ending well, as I'm wiping the drive right now with Eraser...

Anyway, I feel a lot better now, and on my new PC I'm going to install Truecrypt right away!

Thanks again!

 

[Sympology]

Or just write "important docs" to DVD / CD.

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004

 

[wahnula]

Allen455,

I am glad to hear you took the safer route. You will sleep better while your charge is in someone else's hands, outside your control. Try to throw a little business to the local shop that helped you out.

Tony

 

[ArizonaGeek]

You make a good point about Identity theft....its a proven thing that less than 6% is stolen online, 80%-90% are from family (includes caregivers), and under 10% from mail theft and garbage rummage..

I've actually met someone that goes to thrift stores and buys up old computers to see what information he can get out of them. You'd be surprised, well no you wouldn't, at how much information one could get from a computer even one that has been formated.

Now if you happen to have something illegal on your PC (the textbook case is kiddie porn, or something that looks like it could be kiddie porn) then if they find it, they will undoubtedly report it to authorities, who will probably take a statement and then use it to get a warrant.

In most US states you, as a PC tech, HAVE to report kiddie porn or suspected kiddie porn if it is found on a hard drive. Of course, unless you are a sicko, you probably would anyway. I've never heard of anyone being busted for not reporting it but I do remember reading somewhere that most states have laws in regards to the reporting of a crime, especially against children. There have been MANY cases of people bringing in PC's to Best Buy or the like and being reported to the police.

I worked for a large ISP in the security dept. for just over 4 years and there are some really sick people out there. There are wierdos and freaks too but if you ask anyone that has done it for any amount of time there are some things (some people to be more precise) that just shouldn't exist in a civilized society.

Cheers
Rob