Stolen hard drive data put Formula One drivers at risk of blackmail, reports claim

May 13, 2008 Sophos Press Release
Sophos recommends firms and home users are careful about how they dispose of old computers.

IT security and control firm Sophos has reminded organizations and home users of the importance of securely disposing of computer equipment, in light of the arrest of a man accused of attempting to blackmail Formula One racing drivers Adrian Sutil and Lewis Hamilton.

German police are reported to have arrested a man who is alleged to have tried to sell a hard disk which had belonged to Sutil, and contained personal information, details of Swiss bank account transactions, photographs, and private correspondence between the 25-year-old German who drives for Force India and his racing ace friend, Lewis Hamilton.

The suspect, who has only been named as "Dieter", was arrested by undercover detectives at an autobahn service station outside Munich as he tried to sell the disk to Bild Motorsport magazine for 10,000 Euros (approximately £8,000).

"This is a timely reminder to businesses and individuals alike that if you are disposing of an old computer make sure you securely wipe its hard drive first. Whether you are taking the PC down to the garbage tip, selling it onto a friend, or giving it to charity, it is critical that the data on it is properly overwritten and permanently erased," said Graham Cluley, senior technology consultant for Sophos. "This is computer security 101. Identity thieves have been known to hang around junkyards picking up old computers just minutes after they have been dropped off, and then using data recovery tools to see if financial records, passwords and other information useful for stealing identities can be unearthed. And if you're a business or mega-rich celebrity such as a Formula One driver the losses can be even more acute."

Sophos experts believe that if Adrian Sutil's father Jorge had properly erased the contents of the computer when he disposed of it a year ago, the racing drivers would not have been at risk of blackmail.

"Deleting a file doesn't necessarily mean that it's really gone - and a computer-savvy con-man using simple tools can often bring information back from the dead. To properly defend yourself you need to make sure your hard drive data has been overwritten, preferably multiple times. That's why Government offices are told to use military-grade erasure software to ensure that data cannot be recovered by criminals from dumped PCs," continued Cluley. "Businesses also need to have a strict policy in place about how they deal with old computers, hard drives and storage devices to ensure that sensitive information does not fall into the wrong hands."

Dieter faces charges of attempted blackmail and possession of stolen personal data. If found guilty, he could face a maximum of up to five years in jail.