Thursday, January 8, 2009

Fear and Terror! All your data are being stolen!

Wow, this is just asinine, with emphasis on the ass part. http://news.bbc.co.uk/2/hi/technology/7816446.stm

This article is telling everyone that if you really want your data to be safe when you throw away your computer, you need to beat the thing to a pulp with a hammer.
The most straightforward solution, according to Which?, is complete destruction - and it recommends using a hammer.

If you're that worried, get rid of it properly: burn it or put it in acid.
Frankly, I think that this article is irresponsible. In a nutshell, the article is saying that yes, you can find software out there that will erase your data securely, but the only way to be completely positive is if you beat your hard drive with a hammer. This, I believe, does a disservice to the non-computer experts of the world. Consider a case of two identical hard drives, one beaten to pieces and the other overwritten a single time with random data. Which one would be easier to retrieve data from?

The answer is the broken one. Now I wouldn't want to be the guy to have to do it, but you can piece together all those broken platters and recover data from them. I was watching Forensic Files a few months ago and they had a case where someone had cut up a 5 1/4 inch floppy drive with scissors and the Department of Defense was able to piece it back together and get the data. On the other hand, recovering data that has been overwritten with other data is as close to impossible as I would say you can get...and it becomes less possible as hard drive densities increase.

Once upon a time there was a man named Peter Gutmann who suggested that with the use of an electron microscope you might be able to figure out what was once written to a part of a hard drive that had been overwritten. That lead people to come up with policies like "you have to overwrite 7 times before it is safe to dispose of." However, despite all the assurances I've heard that it can be done, nobody knows anyone that has actually done it. A couple years back I took a forensic class with Mike Murr from the SANS institute and he was talking about this very thing. Everyone knows someone that has done it, but nobody has done it themself.

I should be clear that I'm talking about data that has been deleted and overwritten by the operating system or some other software. Here is a great quote from the Wikipedia entry on the subject:
Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] Daniel Feensberg also points to the interesting fact, that the "18 minute gap" Rosemary Woods created on the tape of Nixon discussing the Watergate break-in, has not been recovered. An easy task compared to recovery of a modern high density digital signal.
I'm worried about people like my dad. He's going to read something like this and instead of looking for some free software to clear his old hard drive, he's going to take it out to the garage and hit it with a hammer. He's going to go through all that work and possibly give himself a heart attack when he could have sat in his living room chair, watching TV and actually had better protection. Poor dad. Please don't let this happen to your dad. Spread the word that overwriting or encrypting your data is more effective than pulverizing it.

8 comments:

Michael Janke said...

Nice.;)

I tried beating a disk to destruction with a hammer. It's more work than what you'd think it would be.

You are right though, if you need to minimize the probability of data loss, a hammer isn't the best tool. I'd guess that a simple overwrite, done twice (but by two different processes or people) would be the most effective when you consider that the mostly likely scenario is that the person wiping the stack of hundreds or thousands of disks will eventually miss or misplace one & let it slip through unwiped.

The second person/process reduces that probability.

Unknown said...

I like the two person integrity that you introduce with your idea. What if you had one person wipe the drive with all zeros. Then have a second person run a script that randomly checks a representative sample of the disk to see if it finds anything that isn't a zero.

Wiping a whole drive with zeros is going to take some time, especially as drives get bigger and bigger. Having a second person repeat the process may cost more money than a company is willing to spend. If you can reduce the manpower by spot checking the drive for compliance, you can improve compliance with your wiping policy while spending less money. What do you think of that?

I know it seems counter intuitive, but you don't need a huge sample to have big confidence. My hard drive has 488397168 sectors. If I want to have a confidence interval of +/- 3% and be 95% confident in my answer, I only need to sample 1067 sectors. It would be pretty quick to randomly select 1067 sectors and read all 512 bytes of the sector to see if it is all zero. If a drive slipped past the first guy, there are very low odds that it would also slip past this check...and this check would be quite a bit faster that re-overwriting the drive.

Anonymous said...

on old drives, I fdisk and format, then copy my mp3's library to the drive until it fills up. When it's done, I take it out in the garage, drill 3 - 5/8" holes in it, and chuck it in the trash.

At work, we degauss them with something like this: http://www.datasecurityinc.com/products/deg_hd6600.html , and then usually smash them. Why, because we like to smash things.

Unknown said...

Well who doesn't like to smash stuff. I know I do, I just don't think that it is very necessary.

Fdisking your drive doesn't really do much to protect your data. The partition table consists of about 16 bytes in the Master Boot Record, so when you perform the fdisk, you're really just zeroing out those 16 bytes. The same goes for formatting. You aren't actually removing any data, you're just zeroing out the File Allocation Table. Overwriting with mp3's, now that actually protects your data from disclosure. I think it would save you time and be easier to just write zeros or random data over the drive.

Michael Janke said...

Good idea.

One pass plus a valid sample to verify the first pass.

The bottom line - if a sample of sectors show that they have been zero'd after the first pass, then we have assurance that drive made it through the first pass, and the problem is solved.

Anonymous said...

How about some utility like Darik's Boot-N-Nuke?? I've been using this all the time.

Unknown said...

Yeah, Boot and Nuke (DBAN) works by overwriting the drive with something. I can't remember if it does random or if you can specify that you want ones or zeros. The main thing to remember is that you really only need to write over the data one time, don't run a 7 pass wipe that will take 7 times as long as what is necessary.

Also, if you're going to use a second examiner to verify that your drives have been wiped, then you probably want to overwrite with a constant rather than with random. Reason being: if you write zeros to everything then when your examiner sees anything else then he knows this drive was missed. But with random data he would have to spend more time examining the drive to determine if it has been overwritten.

Anonymous said...

"How can you ensure that the data is destroyed".

Next, put the emphasis on "you".

Physical destruction seems to be the best alternative: there's no way a random person can ensure data destruction by software, without first ensuring that the software can be trusted, which would mean a pretty complex quality assurance project. And, as has already been noted, even then some additional precautions are necessary.

The only alternative I can see is to trust some kind of software certification (i.e. trust X who says that 'software Y does destroy data completely'.)