In the early 2000’s, I purchased several Sun Microsystems computers for putting together a home network of Unix machines. Nothing particularly exciting, I had an IPX, an LX, a Sparc5, and a few others. This was my testbed for tinkering around with Unix system administration. These computers were all purchased from eBay. The IPX and LX were both purchased from the same seller. Typically, when you buy computers on eBay you will find that they do not include hard drives. This is to protect any data that may be on those drives from prying eyes. However, the IPX and LX still had their drives in them. I had assumed they were wiped clean, but that was not the case. Both were fully ready production systems complete with the entire company directory and password file intact! Since I did not have the root password, I removed the drive and placed it in my Sparc5. Then, I updated the password file to use my root password. Finally, I removed the drive and put it back in the original machine. Now, I could run the machine with the new admin password. When it was booted back up, I found all kinds of company data – and this was a fortune 500 company too! This was the stuff that could have been sold on the black market for a substantial sum of money. I took the password file and ran it through Jack the Ripper – a common password cracking program – and before long knew the passwords for all the employees on this system. That same procedure was done on both the IPX and the LX. Lesson learned? Protect your hard drives. Absolutely destroy them before you get rid of them. The cost to company that originally owned these machines could have been enormous – they lucked because all I did was tinker with the machine as a curiosity and then wipe the hard drive clean. You may not fare so lucky when you dispose of your hard drive insecurely.
