Category Archives: Security

Data Destruction

The GDPR exists to ensure that personal data is properly secured and protected against data breaches, leaks and hacking. So before you recycle your old computer or donate it to a charity shop make sure that you have removed all of the data from it.

Resetting the PC or formatting the hard drive will not remove all of the data, even if you have deleted your files prior to carrying out the procedure. If you are wanting to recycle the computer then you will need to have the data wiped from it permanently, this is not only for your protection but is also a legal requirement under the Data Protection Act.

Data is stored as binary numbers, by magnetism, electronics or optics and you have to remember that data is not only stored on the hard drive, it is also stored on other components within the computer. The computer’s BIOS for example contains operating instructions, including passwords stored as data in its electronic memory.

If you are considering recycling your old tech then you should give us a call and we will carry out an in depth “Clinical Data Destruction” procedure to “Ministry Standards” and return a clean machine to you. We can even re-instate the operating system, drivers and supporting software so that the machine can be donated fully functional.

Data Disposal:
If you are wanting to permanently dispose of your old computer, then we can carry out a level one destruction of the components that may contain data, this includes the hard drive, processor, bios and memory chips.


Enterprise Drives:
Enterprise class drives are constructed with heavy duty components and are designed to withstand higher temperatures and prolonged usage. Enterprise SSDs are typically made of longer-lasting flash memory and use different architectures to optimise performance, and often house three boards rather than the one found in consumer drives. Enterprise HDDs are constructed with heavy duty components including a headstock with higher structural rigidity, larger magnets and air turbulence controls, and double-anchored spindles. In addition, they often contain heat sinks and cooling tubes. So given the durability and the amount of heavier components installed into these drives, you will appreciate that they cannot always be destroyed by conventional means.


GDPR – The General Data Protection Regulation
PII – Personally Identifiable Information
CUI – Controlled Unclassified Information

50,000 plus targeted by NSO Groups Spyware

In July 2021 it was reported that spyware developed by the Israeli NSO Group was used to hack into the phones of thousands of people, including journalists, activists, politicians and business executives.

Most spyware or targeted malware, relies on malicious apps, user installations or physical access to the device itself for successful operations. However, NSO’s Pegasus can remotely compromise the device with little to no user interaction, as the spyware utilises flaws in the software’s code that have not been brought to the notice of its developers, thereby, leaving it vulnerable to exploitation by hackers.

The NSO (or anyone with access to the software) can deliver the spyware by sending the victim a link which when opened infects the phone, this then runs silently and without any interaction at all through a “zero-click” exploit, which takes advantage of vulnerabilities in the iPhone’s software and can can access all of the data on a person’s phone.

The software once installed on a victims phone, allows an attacker complete access to the device’s messages, emails, media, microphone, camera, calls and contacts.

The NSO had claimed that its spyware was undetectable and only used for legitimate criminal investigations. However the findings of the investigation by Amnesty Internationals Security Lab found that this statement was totally untrue.

A leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism non-profit Forbidden Stories and researchers from Amnesty International Security Labs analysed the phones of dozens of victims to confirm that they were targeted by the NSO’s spyware.


A tool has now been developed that will allow techies to detect whether a device has been infected, so if you are unsure whether or not you may have been compromised it might be worth speaking to your IT security or data forensics team.


A few simple rules to keep you safe

  • Don’t click on third party links even if they look genuine
  • Don’t download apps that haven’t been checked
  • Don’t open any documents or files that you can’t verify the source of

You should also be aware that resetting your phone to factory settings doesn’t always clear out an infection, this is because much of the software is integrated into the phone, plus your sim card also stores information such as telephone numbers, SMS messages, billing information and data usage, so spyware could also store itself on your sim.


LINKS

All you need to know about the Pegasus spyware

Forensic Methodology Report: How to catch NSO Group’s Pegasus

Massive data leak reveals Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally

MSA Tech Tools can be found here