We Love Trash

by Oscar T. Grouch

This is a tale of caution.

Most all of you hacker-types reading this already know to always wipe any old hard disk before disposal - ideally, multi-pass drive wipes follow by partitioning as a LUKS volume with drive encryption.

These baselines are out of scope for this article, to tell you the real story.

When I found this data on the Windows trashed laptop, I wrote my findings in a notebook, then multi-pass wiped the laptop disk.  These files were not even deleted, so no NTFS recovery needed to review drive contents.

Enter the Dragon

This tale starts by my walking home from working in a major metropolitan city near the East Coast.  Walking along, I saw a trash management employee giving someone else a laptop.

I went over to learn more.  Talking to the sanitation workers, they told me people throw away multiple laptops all the time.  They noted seeing a dozen laptops a week in the trash, easily.  I struck up a conversation and was given a free 17-inch HP laptop running Windows 7 with a dead laptop battery.  Two minutes later as I loaded lappy into my backpack, they found a matching power supply.  I added that into my bag.

Game On!  Time to go home and check this out!

I got home, grabbed one of my favorite Linux Live USB sticks (Ubuntu, Kali, Tails, TempleOS, Hannah Montana Linux).

Once booted up, your favorite hacker mounted the Windows volume, then browsed the "C:\Users\%username%" folder.

These details are facts I obtained.  I was so stunned that I called my wife over to confirm this event was real.  This is the story of a restaurant with zero data integrity.

The disk was reviewed and wiped in September 2019 (pre-COVID - the world seemed so simple then).

The Goods

I recognized the company name.

I ate dinner there a few months ago and laughed when I recalled why the place sounded familiar.

On the desktop, files of note:

• check.jpg:  The back of a signed check.  Front account and routing numbers visible.
• HVAC.pdf:  Floor plan for HVAC install.
• Desktop\Drawings:  Building plans, high-definition AutoCAD design files, building engineering documents.
• Desktop\Employee Documents:  Current and past employee info, full names, driver licenses, scanned copies of Social Security cards, W-4, I-9, and direct deposit forms.

The archive data went from 2015 to February 2018. Digging more, this laptop had been in use since 2013.

Data, Data, More Data

Found an advertisement for Valentine's Day 2018, food menu specials, and payroll details for January 29, 2018 to February 11, 2018 - names, positions, hours worked, hourly pay, net pay.

• $3.00 an hour for servers.
• $9.00 an hour for bussers.
• $12.00 an hour for counter employee.
• $13.00 an hour for food runner.
• January 2018 Sales Report.pdf:  $29,101.35 grand total.  Including GC, SC, tips $31,882.07.
• Back to the desktop folder, we have Desktop\Music which was empty.
• Old Catering menus.  TeamViewer 10 was also installed.
• Desktop\Permits:  Deck and outdoor business permits.  Address of the business owners.
• Finance Docs:  Scanned checks, client catering agreements.
• Heather\Bank Statements:  AMEX, PNC Card processing statements going back to July 9, 2012.
• Equifax report.
• Fire inspection documents.

Pause to reflect.

This is a ton of data and I have more.  Please wipe business and personal details.  I could have committed tons of fraud with this data.

I still have a few more cringe details to wrap this article up.  I appreciate your patience as a reader.

• incident report.doc
• insurance questionnaire.pdf
• QuickBooks - but only has the 2009 templates.
• W-2 reconciliation, December 2015.
• Symantec folder with a CD key and a bunch of 1980s music.
• Taxes: Tax returns, payroll taxes in XLS files dated from 2010 to 2015.
• VerizonUSerID.docx
• Comcast business contract.
• Credit card statements.

Some files ask for a password to open, most files do not.

• discover.csv - for listing of transactions.
• Residential leases agreements from October 2011.
• Local Inquirer Ad.pdf dated January 29, 2012.
• koldwalkInCooler.pdf
• Landlord Letter.docx - vouching for tenants.
• Commercial construction building contract.
• PR statement from August 6, 2013 grand opening.
• Zagat 2013 review.
• Tag Organizer.pdf
• PNC bank settlement documentation.
• scan.pdf - inventory of office cleaning cups.
• Even more direct deposit and bank details found in a bank details folder.
• Health inspections.
• staff.xlsx
• monthly.pdf - February 2017 generated nearly $80,000 in one month.
• Scanned documents.  164 files.

Writing this out was longer than I expected.

May this article go easy on the 2600 editorial staff.  Redact names if necessary, but I felt sharing that I had both owners' names solidifies the concern in the discoveries.

Wipe and/or encrypt your disks.

Might I suggest amateur forensics to learn more.

Also, if using Linux, create a LUKS volume with an encryption passphrase to encrypt the whole disk.

You can then create EXT4 data volumes.