Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Technology

New Tech In Data Retrieval 124

Posted by timothy from the I-didn't-do-it-and-nobody-saw-me dept.
Johnath writes: "Story over at Science News about magnetoresistive microscopy, which allows very high-res inspection of magnetic media. The article is touting it primarily as a forensic tool, and gets me thinking -- how many passes of write-over-with-random-data are now required to securely delete a file?"
This discussion has been archived. No new comments can be posted.

New Tech In Data Retrieval More

New Tech In Data Retrieval

Comments Filter:
  • ...which just proves that the only REAL way to destroy your confidential data is with a BIIIIIIIIG hammer.

    {shhhhh... the froggies are asleep.}
    spam-proofing?
  • Could we now recover the erased portion of the watergate tapes? Sure it is analog, but that would only make the task more difficult, not impossible.
  • Unless you've got a magnetoresistive microscope to test your "erased" tape or disk with , you can't really say. Of course, if the data is sufficiently encrypted in the first place, it really doesn't matter if it can be retrieved from tape scraps etc.

  • "Officially" (Score:3)

    by dragonfly_blue ( 101697 ) on Sunday July 16, 2000 @11:16PM (#928841) Homepage
    Officially (which means nothing of course) I think the Defense Department mandates that 7 random read/write passes be made over data before it is cosidered securely destroyed. However, it has long been hypothesized that no matter how many times the data is written over, there is still a discernable and recoverable trace of the original information, mostly due to an extremely slight positional variation in the read/write heads as they pass over the original.

    Still, the equipment necessary to recover a 7 times read/write-over pass is probably out of the price range of all but the most well-funded groups; I wouldn't worry too much about it, especially if you use an encrypted file system and encrypted swap files.

  • Similar technologies have been around for a few years that could reconstruct the data stored on a disk from magnetic "shadows". This technology just gives them a much higher resolution method to do the same thing.

    At any rate, the one true way to prevent anyone from seeing what's on your disk is to encrypt it- even if they recover the data, there's not much that can be done with it!
  • ... but if they've overwritten that area they show with the NIST logo once, that's some rather serious degradation from just one pass- and therefore, 5 or so passes ought to do the job.

    But that's just my seriously uninformed guess.

    --Perianwyr Stormcrow
  • If you're up against the kind of resources that can and will do this sort of thing to get your data, then you'll have to resort to more drastic means, like sticking the hard drive in a really hot furnace. That should do the trick.
  • Except that any temporary copies will still be there, it'll still be in your swap file, and your password (or at least, most people's) is probably easier to crack than than using magnetoresistive microscopy.
  • Regular tape erasing lends itself to recovery by tools like this because the erase process applies an almost "uniform" transform to the tape being erased.

    Technology like this may provoke new erase technologies that erase and attempt to obscure the original information. One way to obscure something is to write "similar" information over it so it becomes difficult to tell what is part of what.
    A demonstration of this technique is the write something in pen on paper. You cannot erase this easily and if you try to darken the words with more ink, a careful eye can still find the pattern of the letters. To really "erase" the words without destroying the paper, write other letters/numbers over the original letters/numbers. If you do enough of these it becomes impossible to read the original words.

    The same technique would work for digital and analog recordings. Until now however, such steps would have seemed pointless.
  • Interestingly enough, there's an article on ABCNews.com here [go.com] that talks about just that. It seems that even at 7 passes there's enough data left to get a good picture of what was there. The government aparently thinks that 7 times is enough to make it difficult but not impossible for matters of national security (i.e. when some random nuclear greasemonkey decides to copy the plans for the latest blow-up-the-solar-system goodies to his home PC and has second thoughts afterwards, Big Brother(tm) can still find out about it.)

    Just my 0x2a yen.
  • ...or lots of lava
    ...or that acid you used to get rid of bodies

  • Secure deletion paper (Score:5)

    by Paul Johnson ( 33553 ) on Sunday July 16, 2000 @11:43PM (#928849) Homepage
    The best paper I've seen is here [fish.com]. Its a bit old (1996), but has lots of useful info.

    Briefly, the main problems are the "ghost" of the old data, track misalignment leaving part of the old data on the side of a track, and bad sectors which are marked off by the drive electronics. There are also issues with drives that promise to write the data to the store immeditately, but in fact just cache it.

    The only thing you can do is overwrite with random data several times in the hope that this will be enough.

    Paul.

  • Has anyone put a disk in a paper shredder? A good quality one will do disks, cds, mouse pads etc. I suggest that as a fun and fool proof way to get rid of data. Of course it isn't fool proof if you accidently put your hand in it.
    Kate

  • Here in the UK, (classified)data that is stored by the Ministry of defence is considered "securely destroyed" only when the hard disk has been mashed to a pulp.
    ...but it doesnt do you any good when someone nicks your laptop :)

    {shhhhh... the froggies are asleep.}
    spam-proofing?

  • Re:Destroying data (Score:1)

    by Anonymous Coward
    Bzzt! Wrong. Thanks for playing.

    Your disk will get full in a couple of minutes or hours (depends on your /dev/urandom), and data in /your/secret/file will be most likely overwritten only once.

  • Burn all media!
  • Well if you read the article you could have read they can take data from a tape that is damaged. i think a hammer is not a problem for this kind of data reconstruction. Which lead me to the best solution: Hcl (? Is this muriatic acid in englisch = zoutzuur in het nederlands ?). Back to the question how many overwrites? An important part of the trick is to know the data density of the disk. Since they are using a head of a recent MR hard disk, it is supposed is to come close to the data density of the best hard disks that exists now. Overwriting would leave nothing in the resolution that it could scan today. SO the number of times you overwrite is according the number of years you want to hide the data. -watergate audio tape is not save at all. -your 20 MB (80286) hard disk could easly be reconstructed if overwriten once. -your 80 GB disk should be save for 5 to 10 years or it should contain very valuable data. This is like encrypting data. It is save, but only for a limited time. So the suggestion of somebody to encrypt the data is just a as (un)save. It only takes time to recover the data.
  • If you have reason to be that paranoid, don't just encrypt each file as you use them - encrypt the whole partition. Do the same thing with your swap file/partition as well (OpenBSD now has that capability). Use long, random passwords and store them in a single file that's encrypted up the wazoo (this should only be done if you're confident of the strength of your encryption - but if you're not, what's the point?)

  • Actually, do *NOT* use random passes... (Score:5)

    by Sir_Winston ( 107378 ) on Sunday July 16, 2000 @11:58PM (#928856)
    *Link to GPL'd Source Code Below*!

    The DOD standard you and others mention specifies a specific set of patterns to be used for each pass, in order to maximize the chances of making the data unrecoverable. It's specified in DOD 5220.22-M and generally referred to as "DOD standard 7-pass extended character rotation wiping," which is quite a mouthful.

    Sami Tolvanen has done some excellent research into the area, however, and at

    http://www.tolvanen.com/eraser/

    he goes into specifics, including scientific papers and providing links to the actual text of the DOD standard. He also provides a Windows binary for download and *GPL'd SOURCE CODE*, for a program he wrote called Eraser which is probably the best file shredding util out there. He concludes, based in part on a scientific paper at

    http://www.cs.auckland.ac.nz/~pgut001/secure_del .html

    that the DOD standard is outdated, and that the best answer is to use 35-pass "Gutmann shredding" using passes of specific characters as suggested by Dr. Gutmann in his paper linked above.

    Maybe some people should start porting Eraser to Linux, nudge-nudge wink-wink hint-hint.

  • you missed the point (Score:1)

    by Anonymous Coward
    The article was specific - it said it was using a magneto resistive head on audio/flight data tape. The MR head is so much smaller/sensistive than the audio head. Mordern hard drives have this MR head in them, so the effect is not going to be pronounced enough to be useful. If you have an older hard drive though, watch out. I bet it takes a long time to do this. Forensically it may not be possible to recover *properly erased* data with this particular technique, but I'm sure this will inspire others to try other stuff.

    So if you hit your hard drive with a hammer, your just destroying the drive mechanism, not the data on the disks, and the FBI will still get you. If you smash the plates into small pieces, they'll reconstruct them (If your worth the chase). I believe that the standard for passing a erase head over data to erase it beyond recoverability is 12 times. That's what the FBI says. I wouldn't be surprised if they can still recover stuff after this though and you just don't know it. So I suggest 20 times if you have the patience. BTW, a nice wind0ze utility that does this very thing is "file shredder" included with McAfee's nuts and bolts utilities. What's the Linux equivalent?

    It might be a good idea to do something like this to your financial/personal data on your old computer before you sell it. It's amazing what people leave on their hard drives when they dump their old computers. I'm wondering why we haven't heard more horror stories.
  • I'm pretty sure that places like the MOD do a miniumum of 7 random write passes on Hard disks that contain or have contained secure information, they then remove the platters, sand blast them and then set them on fire!!
    I think that would just about do it!
    Boxic
  • I hate to tell you, but a shredder is NOT a secure way of disposing of sensitive material. Any intelligence organization or forensics unit worhth their salt can piece documents (and probably even floppy disks) back together. If you have physical material that needs to be destroyed, get something like this [meco.org] . (Search for "dust" or "disintegrator" after opening the page.)
  • Well if you read the article you could have read they can take data from a tape that is damaged.

    Yes, but if he had read the article, he wouldn't have gotten firsties. It's a question of priority. :)

    ---------///----------

  • ramfs (Score:1)

    by |_uke ( 158930 )
    Why not use something like ramfs or a ramdisk to store data? Sure it means if your system gets shut off.. you loose your data... But that COULD be an advantage... "Ohh shoot.. the (name group your hiding from) is here... pull the power quick!"

  • Securing Data (Score:5)

    by krystal_blade ( 188089 ) on Monday July 17, 2000 @12:08AM (#928862)
    Security Fanatic alert!!! There are several new products which have just come on the market that will assist you in ensuring that your data is safe from prying eyes...

    1. Big Magnets... For only 19.95, we'll ship you a super powerful magnet capable of realigning the entire hard disk. This device takes some time, and is best used over a couple days. Please note that while large, and heavy, this is NOT a SPEAKER MAGNET!!!! We purchase ours before they ever reach the speaker manufacturer.

    2. Thermite Charges... Yes folks, you now have the ability to not only corrupt every single peice of data on your hard-drive, with our magnesium hotmelt system, we can even guarantee you fragging the computer it is in!!! These hard drive modifications are somewhat difficult to accomplish, so please send your hard drive, along with 200.00 (non-refundable) to our own technical explosives specialist, three fingers McCoy.

    3. Gravity/Kinetic Data sentry: 79.00... Our Data sentry gives it's best when and where it counts... Simply mount this item near your computer for a "just in case" emergency, and when the feds come pounding on your door, just begin actuating, and deactuating the Data Sentry to pulverize the hard disk. This Data Sentry, superior to others available, not only comes with a completely waterproof fiberglass handle, it also comes with an instruction manual. The solid core mettallic head has a patent on it for it's balled shape, which distributes tremendous kinetic energy into a very small location, (more PSI per use than comparable DATA SENTRIES!!!) Can also be used to hang pictures, pound nails, straightening metal, etc.

    4. And finally, we would like to give you one of the finest data security measures we have to offer. The cost is 5.00 for the item, and 25.00 shipping and handling. This item utilizes new space age non-kilned ceramo-limestone material to create a heavy, yet durable and portable security measure. When the need is there, simply lift our destructo bloc about 4 feet in the air, and let it fall on your hard disk. This item guarantees hard disk breakage on the first impact, or your money back. (Shipping and handling costs not included). Item can also be thrown at incoming agents to buy time with the "DATA SENTRY". Caution: Do not drop on foot, on Glass, or on Pets. This product is in no way related to an ordinary concrete block, although you can disguise it as one if you think you are being watched!!!

    krystal_blade

  • You don't know shit boy. OSM and trollaxor are nothing. Donkpunch is the god of /. He's rounding up all the jaded and syphillitic karma whores and forming them into a well ordered militia. Once we get Signal 11 on our side, we will cleanse the universe.
    --Shoeboy
  • I had a friend that was in the Air Force, working in computer systems. He said that at the facility he was at, there were 2 secure doors with armed guards before getting to the computer room, which was physically isolated.

    In case of imminent security breach, the room featured axes, as well as special magnesium based devices at the tops of the computer racks. The magnesium, once ignited, was supposed to burn through the computers in the racks.

    That was at least 5 years ago. Sounds like the old methods are still best ;-)
  • Could someone actually provide more details on the patterns that the DoD requires one to use?

    I'm not a data recovery expert, but wouldn't a random sequence of bits written between each step of writing the specified sequential pattern of bits make it harder to establish physical patterns during data recovery? Because if I'm right, this would act like the normal process of read/write and throw in confusion while the analyzing a drive under the microscope.

    Oh well, at least this piece of news gives the OS/disk encryption camp one more point.

  • Yeah. Try this instead:

    while true; do dd if=/dev/urandom of=/my/secret/file bs=`ls -l /my/secret/file|awk '{print $5}'` count=1;done

    That should do it. Be careful, though, 'cause it could take a while to go through each repetition. Fiddle with your mouse and hit some random keys to help it along. It also might chew up a fair amount of CPU or I/O on slower machines.
  • Data destruction in four easy steps:

    1) Cook data container (floppy disk, cd-rom, hd, etc) in microwave/oven for 20 minutes @ 400 degrees.
    2) Take container and pour into vat of hydrochloric acid (good enough for government work!). Let sit for 24 hours.
    3) Pour the new solution into 10 different beakers.
    4) Take beakers to 10 different landfills and fling 1 per location into rubble.

    Of course, this is a bit of overkill, but how else are you going to keep your forensic data recovery specialist girlfriend from finding your jpegs of Natalie Portman?

    love,
    br4dh4x0r

  • Peter Gutmann's deletion algo is in GNU fileutils (Score:5)

    by tau_ ( 154048 ) on Monday July 17, 2000 @12:28AM (#928868)
    Colin Plumb's shred(1) is part of GNU fileutils 4.0, standard install on Red Hat 6.2. From the info page:

    "This uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. While this will work on floppies, the patterns are designed for best effect on hard drives. For more details, see the source code and Peter Gutmann's paper `Secure Deletion of Data from Magnetic and Solid-State Memory', from the
    proceedings of the Sixth USENIX Security Symposium (San Jose, California, 22-25 July, 1996)."

  • Mission Impossible Hardware (Score:3)

    by crlf ( 131465 ) on Monday July 17, 2000 @12:30AM (#928869)
    I assume that to read magnetic media, one must remove the case from the drive. I don't know if the following are feasable or safe, but wouldn't it be nice if opening a harddrive and by breaking the vacuum seal, one of two (or maybe both) things may happen:

    1) -Triggering of a super strong electro-magnet, followed by,

    2) -An instantaneous release of acid that would eat away at the surface of the disk.

    These ideas may seem stupid to most, but you must realize that by opening a harddrive, you are ruining it anyway. I got this idea from the Guinness Tall Boy cans which have a Nitrogen Booster that gets released as soon as you open the can. The drives would have to be manufactured in such a way that these mechanisms could not be interjected before opening the case. This kind of hardware would not be targeted to the average consumer, but to those who may feel a little paranoid about the MAN getting a hold of their data.

  • I've got an encrypted partition, but encrypted swap? Do you have any idea how slow that is?? Then again, if you really had something to hide it would prolly be worth it. Then again, if you really had something to hide, you shouldn't be such a cheepskate, and just shell out for a few extra dimms.

  • More info at NIST (Score:3)

    by ph117 ( 125761 ) on Monday July 17, 2000 @12:42AM (#928871) Homepage
    http://www.nist.gov/public_ affairs/releases/g00-108.htm [nist.gov]

    I don't think this press release is referenced at the Science News article.
  • Maybe not secure but really really fun. I suppose you could burn everything afterward too.

  • I hear that's how they do it at TransMeta so it's gotta be a Good Thing (tm)... : )

    You need:

    • Media to dispose of
    • A GNU-Herd (tm)
    • A fast vehicle
    Do this:
    • Put the media in the way of a migrating GNU-herd (tm).
    • Wait till the GNU-Herd (tm) passes.
    • Pick up stomped media
    • Use fast vehicle to transport media infront of GNU-Herd (tm)
    • Repeat
    Thank you.
    //Frisco
    --
    "No se rinde el gallo rojo, sólo cuando ya está muerto."
  • Bah, forget all that fancy-smancy hi-tech stuff. Why not just crack your disk open and apply a nice, hot, blowtorch flame to the entire surface for a good half an hour? Or even better, if you have access to a furnace, stick your disk platters in there. I'd like to see someone read my old data when all the have is a molten blob of slag :)
  • The article is touting it primarily as a forensic tool, and gets me thinking -- how many passes of write-over-with-random-data are now required to securely delete a file?"

    Answer: Assume that security via obliteration will be ineffective. Instead, use non-random data. Use something so nasty, atrocious, and baiting that those that pry go for the lure rather than the information beneath the palimpsest.

    Security through what-they-want-ifiscation.

    Mojotoad

  • Think About It This Way... (Score:3)

    by Sir_Winston ( 107378 ) on Monday July 17, 2000 @12:49AM (#928876)
    > I'm not a data recovery expert, but wouldn't a random sequence of bits written between
    > each step of writing the specified sequential pattern of bits make it harder to
    > establish physical patterns during data recovery?

    The point of using specified patterns when wiping is so that those patterns will have the combined effect of completely obliterating the magnetic signature of any stored data. That's why certain patterns are mathematically thought to have a much more useful effect in the secure deletion of files than just using random data.

    Think about it this way; the following parallel isn't accurate as to the exact process, but should illustrate the same methodology: You have a few lines of text written on a sheet of paper, and you wish to render them unreadable even to very close examination. (Obviously you'd burn the paper, but for the sake of example assume we have to keep the paper.) Now, what would be most effective in destroying your writing, randomly scribbling over each character, or carefully writing successive patterns of other letters over the existing ones in order to methodically obliterate them? A simplistic analogy, but that's the easiest way to grok it. I doubt 100 passes of random data could be as effective as 35-pass Guttmann wiping.
  • Burn it to CDROM? But wont that leave more evidence to destroy than what you started with?
  • Thanks for the info. I've been wanting to switch over to Linux for over a year now, but two things have kept me back: ease of use (I like GUIliciousness, and can't stand too many command lines), and the lack of easily available and easy to use security programmes which can replace all the functionality of those I use in Windoz. Thankfully, both issues seem to be being addressed increasingly well, and maybe next year I can take the final plunge. :-)

  • If you need security then encrypting the data is your best bet.

    Chapte r 10 - Encrypting files and drives in Linux, BSD, and other Unices [securityportal.com]

    and

    Chapte r 9 - Encrypting files and drives in Windows 95, 98, NT and 2000. [securityportal.com]

    As well I have 2+ gigs of OpenSource cryptographic software at CryptoArchive [cryptoarchive.net]

  • Of course it isn't fool proof if you accidently put your hand in it.

    It is. It won't damage the shredder at all. The fool may not be shredder proof, but thats his responsibility.
  • I'd add that DoD standard is seven times overwritten with zeros, not "random data", and that anyone who uses random data as an overwrite is probably going to get what they deserve sooner or later (particularly if their "random" data isn't as random as they thought it was).
  • Apart from being seriously paranoid, thats probably also a good way of removing your entire arm (If not killing yourself) while you're at it. :)
  • The best method is probably still heating the drive until you reach the Curie temperature of the magnetic media inside (probably somewhere around 600C). Once you reach that temperature, the metal inside the media looses all its magnetic properties, and the data is lost.
  • To recover this I'd take a device measuring the density of dye on a paper (some kind of spectrophotometer) and scan the sheet with it. Knowing the patterns you used I'd just substract them from scanned image and restore original data.

    Same for magnetic media - as we know how each pass alters state of the media, knowing all the patterns we could try to invert the operation.

    Obviously signal to noice ratio would decrease with each pass, but introducing some randomness (artificial noise) into patterns will make this process more controllable and faster.

    I think the best solution is a special random patterns: one should have a [mathematical] set of optimal patterns and choose one of them at random every time.

    Every secretary using MSWord wastes enough resources

  • Program based on this paper (Score:3)

    by The Apocalyptic Lawn ( 2350 ) on Monday July 17, 2000 @01:37AM (#928885)
    A program that is based on this paper is WIPE [sourceforge.net]. Free software so it's good for you.

    - da Lawn

  • From the article:

    As the sample moves back and forth, the head detects the strength and direction of the magnetic field at millions of points. A computer then can make a topographic image from the data or interpret the data directly-into sound, for instance.

    Imagine the possibilities: you could record sound onto a piece of magnetic material - a loop of tape coated with powdered iron oxide, for example - and this advanced computer technology would allow you to play back that sound at will! The gramophone will be a thing of the past! I predict that in ten years' time room-sized devices based on this technology will be available, making it possible to listen to music anywhere there is access to a 24 kW power supply (required to run the computer). Now if only we could find a smaller, less power-hungry replacement for vacuum tubes...

    $ cat < /dev/mouse

  • If you have secrets, there is no good alternative to destroying the media. Disks are cheap; presumably your secrets are worth more. -- Stolen from Applied Cryptography
  • sid=steelcage
    Are you man enough?
    --Shoeboy
  • If you're really paranoid you could wrap wire around your magnetic material in a corkscrewish pattern. Running a lot of current through this would set up a magnetic field through the drive, which should destroy everything. Now you got AC running through (@60 Hz like most/all of america.. dunno what it is elsewhere).. and the field'll be swapping 60 times a second. Run a lot of power through it should be effectively destroyed. Set up a trigger that would be hard to catch (maybe light-based? opening up the case on your computer? losing power to the computer? opening the door to the room with the computer in it without appropriate steps to disengage the trap?

    Anyways, this should destroy just about anything.. work as an emergency device for the paranoid.

  • Didn't you know that O'Brien has been doing this for ages? He always manages to find some fragments of the file which he can use to reconstruct the original. I always thought it was a little far-fetched. Guess I was wrong.
  • > primarily as a forensic tool, and gets me
    > thinking -- how many passes of write-over-with
    > random-data are now required to securely delete
    > a file?"

    the more interesting aspect is that if you've got such a great method of recovering partially deleted data, you can easily pack more data onto the medium by just writing more data over it.
    Retrieval will be *really* slow but this might change in the future.

    Da Warez D00d
  • > However, it has long been hypothesized that no
    > matter how many times the data is written over,
    > there is still a discernable and recoverable
    > trace of the original information,
    nope. I suggest you read up on Heisenberg's Uncertainty Principle [adnc.com]. After a while the signal will be so faint that just reading the medium will destroy the data. This might take many more passes than 7 of course, but it's definetely not infinite!

    Da Warez D00d
  • Everyone is missing the point (or joking, and hilariously :-) when talking about "The only secure way is to melt the drive", or "THERMITE!!!". It seems to me that the point is to erase all data, while still being able to USE the hard drive. Utilities like Wipe cannot act quickly enough to erase your hard drive when the FBI comes busting down your door... considering that, if they are looking for your computer, the first thing they will do is unplug it and tote it away.

    Point being, 99% of the time, if you want to get rid of all of the data on a hard drive... you'd probably like to be able to use that drive again in the future. The security of my data is not worth the $200 that I payed for my drive (I have nothing important), however if I can protect myself by writing over the data x times, in pattern y, then I am interested.

    --

  • Heh,

    First make a ROT13 FS, and then make should all the important files on it are also ROT13ed..

  • If you can't count on your data being dead even after you performed a multi-pass wipe of the hard drive and then burned it, then where do you seek protection?

    Obviously, encryption.

    Big brother is watching, if you want to keep anything secret you better use something that will at least be hard for "them" to penetrate. Encryption is the only known last defense.

    Hmmm, let's see if I can get Echelon to take notice of this post. Nuclear weapons grade plutonium uranium kryptonite terrorism attack make the infidels pay bomb blood killing death www.terrorists.org DEATH TO THE UNBELIEVERS! allah'u akbar muhammad purple monkey dishwasher.
  • I remember reading that big HDDs were starting to be sold where the _real_ capacity was quite a bit larger than the stated capacity and the drive automatically looked for sectors about to go bad and started using the 'spare' parts of the drive. Hence giving a more reliable drive than you might otherwise get. If this is the case then you might be writing your obscuring data over the parts of the platters that the HDD is using _now_ but not what it was using when you first got it and started using it to store your por^H^H^H sensitive data.

    Anyone know any more about this?

  • Don't Destroy The Archives [waves.com] is an interesting page which suggests things that could be done to restore old audio tape recordings. I like the idea about correcting wow and flutter using the bias signal. I wonder if this technology comes close to making this sort of restoration possible?

    Molly.

  • >> How many passes of overwriting ... blah That's a stupid question, because overwriting zillions of times may not really erase all the data. You have to go to the inode table and find out WHICH BLOCKS OF THE DISK the file was written out, and target those blocks/sectors and overwrite stuff. rm or unlink just removes the entry for the file in the parent directory's entry and marks the inodes as unused. that doesn't actually ERASE data from your disk. even in MS DOG (FAT as well as VFAT) they just replace the first letter of the filename with junk in the FAT. they don't actually go and delete the disk blocks which housed the data.
  • Will cut through case and spinning drive.
  • You might want to rethink #1. I contract for the DOD ad recently found some people who were using a VCR tape demagnitizer (big electromagnet that makes fillings vibrate) on hard drives. The problem was that the drive electronics were being toasted but the casing was providing a shielding effect on the platters themselves. I proved to them that this was not a viable deletion methof by removing the electronics from an identical un-wiped drive and attaching it to a supposedly clean drive. LO AND BEHOLD 2gigs of classified data were instantly available for my espionage pleasure. Since this incident we have gone back to the traditional method of: 1) Place drive on bare concrete floor 2) Hit repeatedly with a 50# sledge (this is a BIG mofo) 3) Put your new extreme slimline drive in the trash.
  • sort of like holography? more data in the same space?

  • the neal stephenson method (Score:1)

    by Anonymous Coward
    I'm sure you all recall the technique used to erase hard drives in the event of imminent seizure in "Cryptonomicon" - winding wire around the inside of a doorframe and electrifying it so that a large amount of magnetic flux goes through that door, null-and-voiding any hard drive carried through that portal. Would anyone with a little more practical knowledge than myself care to share whether or not that would be effective?

  • Well, back in the '70s... (Score:3)

    by bluGill ( 862 ) on Monday July 17, 2000 @04:04AM (#928904)

    My dad was working for Controll Data Corporation back in the '70s, which was then a big comptuer company. (Cray designed their systems before starting his own company).

    They had drum drives. Like a normal harddrive, but instead of a platter it was a drum (like a big tin can). The department of defense bought on of these units, which turned out to be defective. After a few days of operation it broke, and deformed the drum. There was now no machine that could read it. They DOD sent it back to the factory for replacement - with two armed gaurds. Those gaurds were with the machine at all times until technitions opened the case. Then they took rags, rubed the magnetic coating off the drum, and burned the rags.

  • Believe it or not, that may not be enough. Guttmann's paper [auckland.ac.nz] goes into some detail as to how much magnetic field is required to fully reset the media. As an example of an "adequate" field, he mentions a DOD device which produced a field so strong it actually bent the drive platter.
  • Heh - reminds me of the secure server room in 'Cryptonomicon'.

    Put all your servers in a room with one entrance - a corridor down to a single door. Around the door frame (and behind the plaster) wrap lots of turns of wire, and pass mains electricty through it. Anything in the room is find. Anything outside the room is fine. As soon as any material on magnetic media goes through the doorway, (such as your harddisk which is being removed by government agents) it all goes 'pfft' in a puff of electrons. To get any information to the box directly, you'll need to do it via non-magnetic media (e.g. CD-ROM), or you could just up/down load stuff remotely.

    But as soon as the [insert relevant government agency operatives] come along to relocate your equipment for evidence purposes, their act of removing it (and passing it through an alternating magnetic field) causes it to be useless to them.

    tada!

  • Truth is Stranger then Slashdot (Score:3)

    by DragonHawk ( 21256 ) on Monday July 17, 2000 @04:43AM (#928907) Homepage Journal
    ... Thermite Charges ...

    The military actually uses these things. One of the neater James Bond devices I've seen is what appears (at first glance) to be two thick hanging file folders. One at the front of the drawer, one at the back. Then you notice the wires attached to them. They're shaped explosive charges, designed to completely destroy the contents of a file cabinate or safe quicky. For use in the event of "imminent compromise" of security by enemy forces.
  • Hmmm ... I think not - there's some ghost magnetization left, unless you keep it above the Curie point for a long time.

    A cone 10 or 11 kiln should do the job - melts the platter, which really randomizes the data.

  • Anyone know any more about this?

    Yes, most any hard drive made past 1990 or so will have "spare sectors", which are used to replace sectors the drive detects are going bad. This is considered a problem for the DoD, which is why you are required to either (1) use drives certified not to do that or (2) physically destroy the drive before you can call it "clean".

  • really had something to hide, you shouldn't be such a cheepskate, and just shell out for a few extra dimms.

    For the really paranoid, even that isn't enough. It seems that DIMMS develop a bias towards the information they hold. When powered up, statistically, the bits are more likely to take on their biased value. With several powerup/read cycles, the biased pattern can be recovered fully. ECC memory makes the process even more certain.

    A randomization process similar to secure HD wipe can be used to truly randomize the bias. The very paranoid might want to patch their kernel so that the idle task does secure wipes on pages and swap. Doing it more thoroughly thoroughly would probably be a real performance killer (Even the idle task version would harm performance by trashing the caches, but not as badly).

  • Since this incident we have gone back to the traditional method of: 1) Place drive on bare concrete floor 2) Hit repeatedly with a 50# sledge (this is a BIG mofo) 3) Put your new extreme slimline drive in the trash.

    Note that physical deformation may still leave recoverable magnetic signatures on the recording medium. There are companies who specialize in this sort of data recovery. I know of at least one case where a laptop (with hard drive) was run over by a truck, completely crushing it. The company was able to recover all most all of the data.
  • I wrote a Tempest certified disk formatter in the 80s and was required to do 10 passes with specific patterns to qualify. To prove their point they had me write a text file onto a disk and then run the formatter. With earlier/fewer passes they were able to print the file out and give it to me (I chose the text) This was in the 80s, so I'm sure it's better now. They used to grind up bad disk drives so that all that came out was sand, that was the preferred method to "sanitize" them

  • It is my understanding that the most paranoid security involves incineration, shredding the remains and then encaseing in concrete for burial in a secured facility.

  • Take your hard drive to the nearest foundry, throw it into the crucible... voila-- it is now a molten puddle that is intermingled with the rest of the metal in that crucible.. and I welcome any FBI,CIA,NSA geek to read that data. I have destroyed several older hard drives that way, (The nickel and Aluminum are useful alloys in some metal batches, while everything else floats to the top as slag.

    Gawd, why do it the hard way? In a hurry you are toast anyways (Except for the primercoard idea... wrap that HDD in primercord... but then you'll spend the same amount of time in jail for disfiguring the officers there to apprehend you.

    Although, back in my hacker days (friends who did the cracking, I just built the hardware) I had a degaussing coil wrapped around the hard drive (Monster 20MEGS!) one flip of the switch and it starts degaussing (If you heard of a bust you have time to sanitize, if you dont hear of the bust then you are the first
  • Oh, you're gonna pay for that. Especially the purple monkey dishwasher part.

  • ... wouldn't it be nice if opening a harddrive and by breaking the vacuum seal ...

    It is a common misconception that hard drives are vacuum sealed. In fact, Winchester-style disk drives use an air cushion to "float" the heads above the disk platters. They won't work in a vacuum. Furthermore, hard disk drives have filtered "breather holes" which connect the inside of the drive to the outside. They need to do this because as the spindle motor heats up, the air inside the chamber expands, and it needs a place to go.

    ... but you must realize that by opening a harddrive, you are ruining it anyway.

    Not true. The danger is contamination -- i.e., dust. If even a tiny dust particle gets between the read/write head and the platter while it is spinning at 3600 RPM or faster, Bad Things Happen. If you use a clean-room environment, you can open up a hard drive -- and even run it with the cover off. Data recovery companies sometimes do this sort of thing.
  • To hell with the Nixon Tapes,I wanna hear about the content on the Clinton/Gore drives!
    I recall they have a problem with "lost" e-mail.
    I doubt he heated them,probably "accidentally"
    formatted them.

  • Even without the key it is possible to decrypt the data. It just takes a lot of time. But if you have the means to read the overwritten data from a disk, you surely could afford the equipment to decrypt the data.

    :conspicacy mode on
    The NSA already has tools to decrypt DES-128, that is why it is realeased for export.
    Overwriting 7 times is possible to recover.
    :conspiracy mode off

  • All HDDs I know of have such spare sectors and mapping now, and have for years. I know that the old Bernoulli drives in the '80s did that (and you could HEAR the spares being used because they were on different tracks).

    That's why IDE and SCSI drives don't come with bad block lists on them like RLL and MFM drives did. The filesystem on such disks would either have a special badblock indication in the block map or would set up hidden pseudo files that occupied the bad blocks.

    Dumber drives map in a spare when a write gets a hard failure. Smarter drives copy and re-map when too many read passes are required to retrieve a block w/o errors. They do not even report the condition. SMART drives have diagnostice that will tell you about some of these things.

  • I remember something about data destruction from the cypherpunks list a few years ago. Releasing some sort of acid that will wash the platters clean, suspending the media in solution and completely destroying the data.

    The acid in question was not harmful to skin, thus avoiding charges of a "terrorist device" from Thermite or some more dangerous substance. (make that avoiding reasonable accusations of)

    Sounded good, if one of you real chemists can point this in the proper direction it would be appreciated.

  • Yeah, good question. Solid state disk drives have done this for quite some time. By solid state I mean flash, like compact flash or the various ATA-flash packages out there. The reason was because with flash memory, as most of you know, the life of a given sector is much shorter than that of a typical hard drive, it can only reliably handle so many writes, before the media wears out. With the current flash products, the number of writes is above one million, but it used to be much lower. So when a sector goes "bad" the embedded logic maps it to a reserved sector, so you can continue on as if nothing has changed. I'm not sure if the embedded logic will let you revisit a damaged sector. I'm guessing that it will not let you. That, of course, would be a big problem for most of the scenarios people have been discussing. I also have not seen where you can query the device for the number of sectors that it has had to re-map, so you may never really know. Of course, I personally have not dealt much with this "intelligent" flash memory, so I might be mistaken.

    Do typical hard disks do this? I don't know, but I'm going to check that out. Now that I think about it, it has been a very long time since I have had a bad block on a hard drive.
  • Splendid! Now everybody go and replace your rm with this :)
  • If even a tiny dust particle gets between the read/write head and the platter while it is spinning at 3600 RPM or faster, Bad Things Happen

    Which would lead to quite a nice way of trashing your drive if you had the ability to modify it yourself, or even better if some company wants to make 'secure' drive.

    all thats needed is a nice row of diamond tipped styli that can be triggered and play the disk.

    It might be possible to get the data from a hammered disk, but from a case full of steel wool? also if you had something to ignite it (and possibly some oxidant), well steel wool burns pretty good...

    hmm as a thought, given that cases a small and at least semi-sealed you might not want to be near it when you did this :)

  • ALl of this is well and good for *traditional* magnetic recording media (disk & tape).

    What about Magneto-Optical ? Since it is allowed to change state by heating with a laser, does that make the old data less descernable ?

    What about flash memory cards ?

    - just another cosmic ray -
  • Uhhhh....this is what overwriting does. It overwrites over the sectors/inodes over and over again with bullshit. Read this for information: bleh. [auckland.ac.nz]
  • I work in a bookstore (computer bookstore) near the DND (Dept. of National Defence in Ottawa, Canada) and I spoke to a Senior Officer in the Security Dept. and he indicated to me there in no commerically available product which would have the ability of wiping a drive which could not be recovered. He also told me that he was not aware of any method that he knew of that could prevent his dept. from recovery data on any drive. Of course the techiques his dept. has access to I'm assuming are limite too very few groups any where in the world. So for the must of us we are safe. :-)
  • If you guys want more information on exactly HOW they recover this information, check out this page: this page. [auckland.ac.nz]
  • The UK Defence Office states that to truly erase data from a hard drive you need to:

    1) Crack the hard drive case open
    2) Strip the magnetic oxide from the disk platter with acid
    3) Shred the substrate that the oxide coated.

    Allegedly with sophisticated enough equipment you can salvage data from the substrate even once the oxide has been stripped.

    --
  • Personally I have my server room garded by a small band of 1337 hobbits, whose job it is, at the slightest sign of evil intervention, to take all the hard drives/ram etc and throw them in the crack of doom.

    Works every time....

  • Is that Unibomber treatise still on-line? I think it would do the job nicely.
  • Hmmm... I hadn't thought about that. For a short file, it shouldn't make any difference (since the first 12(?) blocks on an ext2 FS are accessed directly through the inode, which should be the same even if open(2) is carried out with the O_TRUNC flag. I don't know wenough about the kernel's inner workings (especially how it caches these sort of operations before writing them out to physical media) to make any definite statements, but it would certainly seem like there's a race condition between the time the file's truncated and the random data is written out (unless these two operations are actually carried out atomically, which I think is unlikely). In normal use, it probably doesn't matter too much, but we're talking about normal use by extreme paranoiacs, so it's obviously not good enough.
    To do thus properly, you'd have to go digging into the kernel and alter the unlinking operation to all the random overwriting before it actually unlinks the file. Bummer.
  • I doubt it.

    At work, we have several NSA certified tape degaussers. The degaussers are certified for media up to 750 oersted at better than -90 dB erasure. They are strong enough to erase the credit cards in your wallet if you stand too close to one that is in operation. Signs are posted that warn people with heart pacemakers to stay out of the area. As strong as they are, they are not powerful enough to securely erase the high coercivity media used in many modern tape cartridges and disk drives. The other problem is that a hard disk enclosure is going to shield the platters inside the drive.

    See A Guide to Understanding Data Remanence in Automated Information Systems [ncsc.mil] for the National Computer Security Center guide to the subject.

  • I've read that frozen, they can retain their info for "days". This of course implies that unfrozen, they should decay more quickly.
  • I still think the only "secure" method is the vat of molten metal...

    "Just drop it in the bubbling mass of molten metal to your left on your way out of the secure area!"
  • There are some good AnswerGeek articles on this topic... the recommendation from that article was if you wanted to remove a file the best bet would be to drill a hole in your hard drive...

    Here are the articles:

    Trashing your PC - http://archive.abc news.go.com/sections/tech/Geek/geek000706.html [go.com]

    Data Dump - http://archive.abc news.go.com/sections/tech/Geek/geek000622.html [go.com]

    The Hard (Drive) Facts - http://archive.abc news.go.com/sections/tech/Geek/geek000615.html [go.com]

  • There is no way to guarantee that you can delete data by repeatedly overwriting it: there are too many places where they old data may remain duplicated. Hardware simply isn't designed for reliable deletion. The best you can do is to destroy the disk physically when you are done with it.

    However, if you use cryptography, for example, the Steganographics File System [linux-security.org], and if you implement it securely, then it doesn't matter what people can retrieve.

    Of course, with cryptography, you run into some of the same issues. In particular, keeping your keys secure is, in itself, not trivial. For example, if you type in your key and the program that reads the key gets swapped out, your plaintext key will have been written to disk.

  • Adding mlock to zillions of applications that may buffer your password in virtual memory is not feasible (and typing "man mlock" will accomplish nothing).

    In the short term, if it's important, you can turn off swapping. But a better long term choice is probably to encrypt swap space with a key that is created at boot time, held in kernel memory, and discarded when the system shuts down/crashes. That addresses the problem once and for all.

Slashdot Top Deals

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire

Close