What are the risks of buying a used/refurbished computer? How can I mitigate those risks?












60















I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question




















  • 10





    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

    – Brian R
    Nov 26 '18 at 16:28






  • 9





    This is a very broad question.

    – Billal Begueradj
    Nov 27 '18 at 5:24






  • 3





    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

    – Eric Lippert
    Nov 27 '18 at 18:11






  • 3





    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

    – Bakuriu
    Nov 27 '18 at 18:54






  • 5





    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

    – HopelessN00b
    Nov 27 '18 at 19:21
















60















I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question




















  • 10





    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

    – Brian R
    Nov 26 '18 at 16:28






  • 9





    This is a very broad question.

    – Billal Begueradj
    Nov 27 '18 at 5:24






  • 3





    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

    – Eric Lippert
    Nov 27 '18 at 18:11






  • 3





    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

    – Bakuriu
    Nov 27 '18 at 18:54






  • 5





    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

    – HopelessN00b
    Nov 27 '18 at 19:21














60












60








60


11






I bought a used computer that appears to be wiped clean, but can I be sure?










share|improve this question
















I bought a used computer that appears to be wiped clean, but can I be sure?







hardware






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 26 '18 at 20:08









yoozer8

1681211




1681211










asked Nov 26 '18 at 4:05









PBeezyPBeezy

8872510




8872510








  • 10





    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

    – Brian R
    Nov 26 '18 at 16:28






  • 9





    This is a very broad question.

    – Billal Begueradj
    Nov 27 '18 at 5:24






  • 3





    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

    – Eric Lippert
    Nov 27 '18 at 18:11






  • 3





    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

    – Bakuriu
    Nov 27 '18 at 18:54






  • 5





    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

    – HopelessN00b
    Nov 27 '18 at 19:21














  • 10





    Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

    – Brian R
    Nov 26 '18 at 16:28






  • 9





    This is a very broad question.

    – Billal Begueradj
    Nov 27 '18 at 5:24






  • 3





    A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

    – Eric Lippert
    Nov 27 '18 at 18:11






  • 3





    I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

    – Bakuriu
    Nov 27 '18 at 18:54






  • 5





    Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

    – HopelessN00b
    Nov 27 '18 at 19:21








10




10





Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

– Brian R
Nov 26 '18 at 16:28





Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.

– Brian R
Nov 26 '18 at 16:28




9




9





This is a very broad question.

– Billal Begueradj
Nov 27 '18 at 5:24





This is a very broad question.

– Billal Begueradj
Nov 27 '18 at 5:24




3




3





A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

– Eric Lippert
Nov 27 '18 at 18:11





A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.

– Eric Lippert
Nov 27 '18 at 18:11




3




3





I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

– Bakuriu
Nov 27 '18 at 18:54





I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.

– Bakuriu
Nov 27 '18 at 18:54




5




5





Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

– HopelessN00b
Nov 27 '18 at 19:21





Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?

– HopelessN00b
Nov 27 '18 at 19:21










5 Answers
5






active

oldest

votes


















96














It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




  • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


  • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


  • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






share|improve this answer





















  • 47





    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

    – sleske
    Nov 26 '18 at 12:15











  • Comments are not for extended discussion; this conversation has been moved to chat.

    – Rory Alsop
    Nov 29 '18 at 10:14











  • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

    – OrangeDog
    Nov 29 '18 at 12:50



















12














Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






share|improve this answer





















  • 11





    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

    – pboss3010
    Nov 26 '18 at 12:26






  • 1





    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

    – usul
    Nov 26 '18 at 14:30






  • 1





    DBAN may not be enough. BIOS can also be a problem.

    – kelalaka
    Nov 26 '18 at 19:24






  • 3





    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

    – John Deters
    Nov 26 '18 at 20:56






  • 2





    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

    – Magisch
    Nov 28 '18 at 12:33





















8














Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






share|improve this answer































    2














    It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






    share|improve this answer



















    • 1





      Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

      – Sneftel
      Nov 29 '18 at 9:58



















    0














    The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



    I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



    You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






    share|improve this answer





















    • 8





      At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

      – Wildcard
      Nov 26 '18 at 22:37










    protected by Community Nov 29 '18 at 9:45



    Thank you for your interest in this question.
    Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



    Would you like to answer one of these unanswered questions instead?














    5 Answers
    5






    active

    oldest

    votes








    5 Answers
    5






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    96














    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer





















    • 47





      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

      – sleske
      Nov 26 '18 at 12:15











    • Comments are not for extended discussion; this conversation has been moved to chat.

      – Rory Alsop
      Nov 29 '18 at 10:14











    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

      – OrangeDog
      Nov 29 '18 at 12:50
















    96














    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer





















    • 47





      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

      – sleske
      Nov 26 '18 at 12:15











    • Comments are not for extended discussion; this conversation has been moved to chat.

      – Rory Alsop
      Nov 29 '18 at 10:14











    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

      – OrangeDog
      Nov 29 '18 at 12:50














    96












    96








    96







    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.






    share|improve this answer















    It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).



    Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.



    And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".



    The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.



    Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.



    Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.




    • The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.


    • The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).


    • The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).



    So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
    However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 30 '18 at 8:14

























    answered Nov 26 '18 at 10:56









    Guntram BlohmGuntram Blohm

    1,319710




    1,319710








    • 47





      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

      – sleske
      Nov 26 '18 at 12:15











    • Comments are not for extended discussion; this conversation has been moved to chat.

      – Rory Alsop
      Nov 29 '18 at 10:14











    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

      – OrangeDog
      Nov 29 '18 at 12:50














    • 47





      Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

      – sleske
      Nov 26 '18 at 12:15











    • Comments are not for extended discussion; this conversation has been moved to chat.

      – Rory Alsop
      Nov 29 '18 at 10:14











    • However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

      – OrangeDog
      Nov 29 '18 at 12:50








    47




    47





    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

    – sleske
    Nov 26 '18 at 12:15





    Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.

    – sleske
    Nov 26 '18 at 12:15













    Comments are not for extended discussion; this conversation has been moved to chat.

    – Rory Alsop
    Nov 29 '18 at 10:14





    Comments are not for extended discussion; this conversation has been moved to chat.

    – Rory Alsop
    Nov 29 '18 at 10:14













    However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

    – OrangeDog
    Nov 29 '18 at 12:50





    However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.

    – OrangeDog
    Nov 29 '18 at 12:50













    12














    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer





















    • 11





      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

      – pboss3010
      Nov 26 '18 at 12:26






    • 1





      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

      – usul
      Nov 26 '18 at 14:30






    • 1





      DBAN may not be enough. BIOS can also be a problem.

      – kelalaka
      Nov 26 '18 at 19:24






    • 3





      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

      – John Deters
      Nov 26 '18 at 20:56






    • 2





      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

      – Magisch
      Nov 28 '18 at 12:33


















    12














    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer





















    • 11





      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

      – pboss3010
      Nov 26 '18 at 12:26






    • 1





      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

      – usul
      Nov 26 '18 at 14:30






    • 1





      DBAN may not be enough. BIOS can also be a problem.

      – kelalaka
      Nov 26 '18 at 19:24






    • 3





      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

      – John Deters
      Nov 26 '18 at 20:56






    • 2





      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

      – Magisch
      Nov 28 '18 at 12:33
















    12












    12








    12







    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.






    share|improve this answer















    Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.



    Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 26 '18 at 15:14

























    answered Nov 26 '18 at 4:54









    John DetersJohn Deters

    27.6k24190




    27.6k24190








    • 11





      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

      – pboss3010
      Nov 26 '18 at 12:26






    • 1





      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

      – usul
      Nov 26 '18 at 14:30






    • 1





      DBAN may not be enough. BIOS can also be a problem.

      – kelalaka
      Nov 26 '18 at 19:24






    • 3





      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

      – John Deters
      Nov 26 '18 at 20:56






    • 2





      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

      – Magisch
      Nov 28 '18 at 12:33
















    • 11





      Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

      – pboss3010
      Nov 26 '18 at 12:26






    • 1





      The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

      – usul
      Nov 26 '18 at 14:30






    • 1





      DBAN may not be enough. BIOS can also be a problem.

      – kelalaka
      Nov 26 '18 at 19:24






    • 3





      @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

      – John Deters
      Nov 26 '18 at 20:56






    • 2





      @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

      – Magisch
      Nov 28 '18 at 12:33










    11




    11





    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

    – pboss3010
    Nov 26 '18 at 12:26





    Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.

    – pboss3010
    Nov 26 '18 at 12:26




    1




    1





    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

    – usul
    Nov 26 '18 at 14:30





    The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).

    – usul
    Nov 26 '18 at 14:30




    1




    1





    DBAN may not be enough. BIOS can also be a problem.

    – kelalaka
    Nov 26 '18 at 19:24





    DBAN may not be enough. BIOS can also be a problem.

    – kelalaka
    Nov 26 '18 at 19:24




    3




    3





    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

    – John Deters
    Nov 26 '18 at 20:56





    @kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.

    – John Deters
    Nov 26 '18 at 20:56




    2




    2





    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

    – Magisch
    Nov 28 '18 at 12:33







    @KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.

    – Magisch
    Nov 28 '18 at 12:33













    8














    Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



    If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



    On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






    share|improve this answer




























      8














      Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



      If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



      On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






      share|improve this answer


























        8












        8








        8







        Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



        If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



        On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.






        share|improve this answer













        Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?



        If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.



        On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 11:16









        ideaman924ideaman924

        1034




        1034























            2














            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer



















            • 1





              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

              – Sneftel
              Nov 29 '18 at 9:58
















            2














            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer



















            • 1





              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

              – Sneftel
              Nov 29 '18 at 9:58














            2












            2








            2







            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.






            share|improve this answer













            It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 27 '18 at 13:34









            aaronzookaaronzook

            488




            488








            • 1





              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

              – Sneftel
              Nov 29 '18 at 9:58














            • 1





              Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

              – Sneftel
              Nov 29 '18 at 9:58








            1




            1





            Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

            – Sneftel
            Nov 29 '18 at 9:58





            Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?

            – Sneftel
            Nov 29 '18 at 9:58











            0














            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer





















            • 8





              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

              – Wildcard
              Nov 26 '18 at 22:37
















            0














            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer





















            • 8





              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

              – Wildcard
              Nov 26 '18 at 22:37














            0












            0








            0







            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.






            share|improve this answer















            The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.



            I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.



            You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 26 '18 at 19:10









            schroeder

            75.1k29164200




            75.1k29164200










            answered Nov 26 '18 at 17:35









            Syntaxxx Err0rSyntaxxx Err0r

            272




            272








            • 8





              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

              – Wildcard
              Nov 26 '18 at 22:37














            • 8





              At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

              – Wildcard
              Nov 26 '18 at 22:37








            8




            8





            At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

            – Wildcard
            Nov 26 '18 at 22:37





            At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.

            – Wildcard
            Nov 26 '18 at 22:37





            protected by Community Nov 29 '18 at 9:45



            Thank you for your interest in this question.
            Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



            Would you like to answer one of these unanswered questions instead?



            Popular posts from this blog

            A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

            Calculate evaluation metrics using cross_val_predict sklearn

            Insert data from modal to MySQL (multiple modal on website)