To Delete or Not Delete

By Dr. Lyndell St. Ville- ICT Consultant
By Dr. Lyndell St. Ville- ICT Consultant

FOR the wrong reasons, a North American company called Avid Life Media Inc. has featured recently in the technology news. One of their websites, AshleyMadison.com, was reportedly breached by a hacking group called “The Impact Team.” AshleyMadison boasts that it is the most famous name in infidelity and married dating, and claims to have over 37 million members. According to The Washington Post, AshleyMadison is “an unusual and apparently very popular dating Web site for those seeking extramarital relations.”

The Impact Team threatened to expose the supposedly-secure details of their customers. Why did they take such action? You might think a strong moral objection to the online cheaters’ club? No, they claim the noble cause of customer protection. The Impact Team expressed outrage that the website charged customers a fee to delete their details, but did not delete that data. Unsurprisingly, the company refutes those claims made by the hackers.

If we believe the company acted as expected and deleted the data, it gets even worse. If we overlook the salacious contents of the breached data, and focus on the possibility that supposedly-deleted data was dredged-up by the hacking group, that raises some uncomfortable questions, such as:

(1) If the data was deleted, how could it be retrieved in this embarrassing way?
(2) Can you trust a third-party provider with your data?
(3) Are there tools or techniques to protect your data from this type of intrusion?

Firstly, you should understand that deleting a computer file does NOT destroy the data. When you delete a file, its name is unlisted, and its diskspace is considered to be available. That file exists in body, if not in name. A recovery utility could be used to undelete that file.

Secondly, who do you trust with your data? It is perplexing that a well-resourced company, equipped with a Chief Technology Officer and Director of Security, capable of implementing best-practice, is still caught-out in such a manner. It is even more troubling that they recognised the value in deleting the data and were still unable to secure that process. It suggests woefully shoddy decision making, auditing, and follow-up.

Thirdly, to protect your identity online, you could employ an alias when undertaking activities that do not rely on your true details. Assuming of course, that you can not altogether avoid the temptation of the site, and that you are prepared to be in breach of their terms and conditions. A cryptographic digital currency, such as bitcoin, would also come in handy for anonymous payment.

You may safely delete a sensitive file from your computer, via the “secure erase” facility if one is provided by your operating system. Alternatively, invest in some software utility to acquire that capability.

To share your views, contact the author at: www.datashore.net or via The Voice.


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend