How much is your hard disk worth to hackers?
Think twice before dumping that broken laptop - the data on it is a goldmine for cyber criminals
Losing a laptop is always painful, often raising the awkward question of backups when it’s too late. But whether your lost laptop perished of age or disappeared from your bag in a pub, that pain can take on a financial dimension too. Unless your data was encrypted or the laptop was disposed of securely, the blunt truth of the matter is that you’re at risk of exposure to the dark market.
Your personal data is valuable, and cyber criminals will pay for everything from bank logins and credit card details to the perhaps less obvious lists of contacts and email conversations. But just how much is your hard disk worth to a hacker? In this feature we’ll find out.
What kind of data has value? The simple answer is all of it, just to differing levels. In order to get your head around this you need to start thinking like a criminal, says John Livingston, CEO at Absolute Software.
Your hard drive is a potentially easy-access encyclopaedia of personal data
"If we’re going to add up the cost of this, let’s start with how many security questions your bank asks you when you call them,” he says. “Address? Name? Date of birth? Mother’s maiden name? Customer number? The process attached to ‘forgetting’ your password invariably requires providing a couple more details – a registered mobile number, email address, or a letter to the registered address. Your hard drive is a potentially easy-access encyclopaedia of data, containing the answers to those questions and more."
Ryan Rubin, a director at Protiviti, points out there are also the "cached passwords that can be found in applications such as internet browsers, email clients [and] social media clients". Catalin Cosoi, Chief Security Strategist at Bitdefender, would also include the potential "access to compromised systems on your internal network which have internet access, which is rented by cyber criminals by the hour".
When it comes to your computers used by small businesses, Intel’s Rob Sheppard believes there's a lot more value to be extracted. "Things that are valuable include company intellectual property, such as product design and cost information, vendor agreements, customer contact details and financial records," he says.
Konstantinos Xynos, of the faculty of advanced technology at the University of Glamorgan, admits it is hard to place an accurate figure on the value of your data. However, he says cyber criminals "will tend to look at the age of the data (how recently data was written to the drive) and who the user is. Roughly speaking, anything up to a three-year-old computer will still have useful data. Data that has not been analysed but has been identified as a personal machine will not have much face value".
Integrated gaming systems can contain a huge library of registered games and these types of accounts are highly sought out
Interestingly, Xynos believes any computer that can be identified as having been used primarily as a games machine is likely to command a premium. "This is because of the inherent value in the games themselves," he explains. "Games, like other commercial software, have serial numbers which can extracted and sold on. Integrated gaming systems, like Steam, Origin and Desura, can contain a huge library of registered games and these types of accounts are highly sought out."
Clearly, the actual value depends on the number of games, along with whether or not credit card information has been associated with the accounts. However, Steam accounts containing up to nine games are often sold for between £4 and £8 on the dark market. Accounts for online games such as World of Warcraft are also valuable, as the hacker can log in and transfer all the in-game items to a character they own, then sell them on auction sites.
When it comes to mining your email, Xynos insists, there isn't much value to the underground economy unless sold in bulk, when they may command a notional value of a penny per item. Then there's the licence serial keys to your software, which reside on your hard drive and can be sold on after being extracted by trawling the system registry. Windows 7 Ultimate keys are still selling for around £3 a time despite the launch of Windows 8, for which keys have yet to hit the dark market in any great number.