The Pentagon Discovers dd

hph writes: "CNN.com reports that 'The Pentagon believes it has found a way to give its old computers away to American schools and still protect information locked in the machines' hard drives.'" I hope this story amuses you all as much as it did me.

Re:Whats dd

For you non-UNIX people here at Slashdot (both of you), 'dd' is a command that reads and writes raw bytes to files or devices. The usage that the article is implying is "dd if=/dev/zero of=/dev/hda" which will overwrite the primary hard drive with zeros, destorying all data. (Well, obscuring it to the point where only trained technicians could possibly recover it by magnetic analysis of the physical hard drive platters.)

Bit more complex

It's a bit more complex than dd. Using high-tech microscopes, etc. the NSA can uncover data that was overwritten. Some tools overwrite the data multiple times, making rediscovery much more difficult. The story becomes even more complex when you introduce modern hard drives that can move data on the platter around at will to hide partially bad blocks on the drive. You can still have recoverable classified data on those bad blocks. Designing tools to properly wipe data from drives is a non-trivial task.

- pmitros

Re:Bit more complex

[SuiteSisterMary]

Actually, an acid bath is the generally accepted way to prevent a disk from ever being read again.

Re:Bit more complex

[joto]

Unfortunately, unless you manage to completely pulverize the drive, parts of the platters will still be intact, and data can be read from them. So a hammer is not the right solution. But if you really want a mechanical solution, I would probably recommend a mill (grinding it to flour :-)

Re:Bit more complex

[anshil]

A Magnet?

Re:Bit more complex

[thefogger]

Let's just take a hammer, or even better - a rock!
With give the drives and the rock to a gorilla in the zoo and tada - all data erased for the cost of one or two bananas.

Re:In other news...

Today it was discovered in a classroom in Denver, Colorado that when discarded chalkboards were sprayed with a phosphorescent acid group, previously erased markings became visible once again. The Department of Defense is trying to recall its previously donated chalkboards, but a militia on the outskirts of Denver has acquired twenty such boards and is defending them with a number of recently built suitcase nuclear weapons and H132 military grade sniper rifles that were under development at the Pentagon weeks before.

Re:Recovery of second and third generation deletio

Simple, just peel off the top 20 or 30 layers that you wrote and you'll see the lower layer easily. Believe me, we do this in forensics. The best way to wipe your drive is with a sledgehammer and then burn the rest of it in an incinerator.

Serious Issue

I've worked with a non-profit group partnered with the US Navy to refurbish computers for schools. Letting sensitive data out is a serious problem. Non-classified stuff being left on the drives is a frequent issue. You name the unclassified materials, we've seen them. The real problem is the actual classified stuffwe run into sometimes. It may be 1 in 1000 computers that have something like this on them, but sometimes people are really stupid. You would be amazed at the kind stuff people let out. We delete it all and reformat the drives, but it bothers me that no one checked to make sure they didn't leave stuff on it. For awhile the Navy started using some sort of microwave to clear the drives, but IMO (since none of them worked afterwards) this just fucked up the drives making them useless for schools as well. Thus, I think they should just destroy anything that EVER held classified data. Burn, crush, shred, melt, bury it, or throw it into the Atlantic rather than take a chance. At the same time, I no longer wonder how the chinese stole nuclear secrets from Los Alamos given the piss poor data security procedures I've seen here.

Re:Wow

is that really you? you're damn hot...

Re:Its only UNCLASSIFIED data...

There is a principle in DoD security, that the pattern of usage of Unclassified data should be classified, because it can give an indicator to other, more confidential information. Information Analysis has always been the spook's best friend, because people don't think to watch out for the 'trivial' stuff.

For those of you who remember history, see also the US's exploits in the Pacific during WW2, accurately outguessing the Japanese, based on whether they would transmit after they leaked information to them. There are many other instances where this has been helpful.

Just because there are occasional individual misses in a large organization, do not make the mistake of assuming that the overall practices of that organization are lacking rigor. Human error is a constant problem in every outfit.

As for Slashdot's snide little comment about DD, just writing a single null bit is most definately NOT up to DoD standards for deletion of sensitive data. Magnetic media has a tendency to maintain shadows of earlier data which, using sufficiently sensitive apparatus and diligent study, can yield a surprising amount of information that could be considered 'deleted'.

Personally, I would advocate a limited-lifespan design where two drives are maintained. One with a pad of entropic noise, one with the actual data, encrypted with this pad. As a sector is accessed on one, it is decrypted or encrypted using the noise. At the end-of-life, the pad drive is pulverized, /then/ a traditional 7-write delete could be used to wipe the data.

But that would require foresight, and that sort of thing would never make it past congressional accountants.

dd was too slow for us

When I was in the service, when we had to get rid of a hard drive, we would use it as a test machine during "bug out" drills.

Our normal systems had classified (conf, secret, ts, ts+codeword) info on them. During wartime, if we were over-run, we would set off incendiary grenades (thermite, for those of you playing along at home). Since it is a rather startling sight and you want to MAKE SURE that it is done correctly, we would have one live drill per year.

Alternatively, we would put the TS ones through the shredder. We would take apart the drives and then feed the platters through. Came out as powder. Needless to say, this was a "no-tie" area.
I did have one captain that made us put the head through as well, since "the field could store some information." Yeah. 1 bit...

Re:dd is not good enough to erase data

[mors]

Because restoring the data tends to rely on rather expensive equipment. A drive with double the capacity, and 10000 times the price wouldn't sell that well.

Re:Ahh...but then it would be marked seneitive

[miniver]

There is a clearance level called sensitive, and confidential. All files must be marked properly if they contain this information. In which case they are not unclassified. As such, records must still be kept of how many copies and where they are located if memory serves me correct.

The first problem with that is that from a strictly operational viewpoint, you can't classify *everything* -- because at that point you've eroded the value of the lowest security classification. If every document that is generated is marked sensitive, then either everyone will have to treat every book, file, floppy disk and piece of paper as sensitive ... or everyone will ignore the sensitive classification and keep working as usual. Human nature.

The second problem is the one that I raised, and that you ignored -- individual pieces of information by themselves are often completely benign, but correctly correlated can produce a very accurate estimate of information that would normally garner a much higher security classification.

This applies in every day life, as well. As an example, take the current trend in grocery marketing -- the saver club. If you join the club and use your club card everytime you go shopping at a particular grocery store, you get price discounts and cash back after enough purchases. Of course, the reason the store is willing to give you those discounts is that they are gradually building a very accurate database of information about your buying habits: what brands of food, how much, how often. You might not care if someone knows you eat Cheerios, but how about condom usage, or specific medicines? There's a lot of personal information to be gathered by aggregating supposedly non-sensitive data...

Are you moderating this down because you disagree with it,

Re:Its only UNCLASSIFIED data...

[miniver]

Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.

As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.

Are you moderating this down because you disagree with it,

Re:Its only UNCLASSIFIED data...

[psychosis]

Not entirely true. Personal data (SSAN, DOB, etc) is considered "FOUO", or "For Official Use Only". This marking is actually a 'security handling' marking rather than an actual classification. (Not sure what you did in the Army, but consider a document that is SECRET// - it's actually SECRET, but can only be handled in the ways appropriate to that program.
And there is a TON of useful information that can be gleaned from UNCLASSIFIED data, as mentioned in numerous other posts here. Personally, I think that all drives (CLASS and UNCLASS should be destroyed. Media is cheap enough these days that a school could buy a smallish but usable drive for about 100 bux and have the rest of the hardware for free.

Re:dd is not good enough to erase data

[psychosis]

clean-room zapping, and re-assembly would be better, but what about the cost? is it worth x $100 drives?
(not a flame, just an honest question)

Re:Sorry that is *NOT* DOD standard.

[psychosis]

Just a few minor points:
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to. ;)
I'll be interested to see what guidance might be waiting for us when we get to work Monday... And yes, those platter clocks/plaques do kick ass!

You're all paranoid.

[Colin+Smith]

I'll just point out that you're attributing an unwarranted level of competence to the various "Intelligence" communities.

Re:dd wouldnt do it

[RelliK]

dd would only perform a single write, which is in no way enough to delete all traces. That would be like erasing an audio tape; tiny vestiges of the original recording would still be present.

Uhh, no shit Einstein! And if you run dd twice it would perform two writes. What a concept! Amazingly, if you run dd 10 times, it will perform 10 writes. Wow!
___

And then there's money ...

[clovis]

It' probably has do do with economics.
I may have a similar situation. I work for a hospital, and we want to get rid of a stack of 486's sitting in a storeroom. Some are chock full of patient info. HIPPA (patient privacy act) says $10,000 fine for each incident of improper release of information, so we have an incentive. Not to mention how happy attorneys are to discover such incidents. (It can get real expensive)

First you have to plug the thing in and hook up the cables. There's only table space for two at a time.
Second, the overwrite. I'm only doing one overwrite. Why?
Do you have any idea how long it takes to do a single overwite of a hard drive on a 486, much less 7, 10, or 16 overwrites?
Suppose the 486 is flaky and the floppy is broken.
I'm supposed to fix it so I can erase the HD?
The salary cost of personnel doing thorough overwrite, degaussing, and all those other games makes it a hellavu lot cheaper to incinerate the drives and buy new ones. (if one were to attempt a thorough job). How many is the Gov talking about? 10's of thousands?

Ideally, one would have them wiped at the desk before installing the upgrade. (as if I trust the contractor-of-the-day to remember or actually spend the time).

Reading between the lines of the article, and interpolating from my own experience, the real problem with releasing overwritten drives versus the acid bath, is that some of the ones that were supposed to be overwritten were not done. How would you know (cost-effectively) that the overwriting was done completely, or at all?
Double-checking doubles the cost.

What's the point in giving away a $100 dollar computer if it costs $200 in taxes to clean it up?

Well, the schools don't care if it costs the government $2000 to donate a 486. To them, it's "free". People holler, politics intervenes, and we're back to giving them away.

The Pentagon says "to hell with it", we'll just do a single wipe and get rid of the problem.

Re:And then there's money ...

[topham]

Use a computer that is fast enough that the HD is the slow point in the process.

Do 2 drives at a time by writing to a drive on each of the IDE channels. (Not entirly supported by some low-level support chips; the bastards sometimes still treat it like it has 1 channel and flips between the two...damn cheapass chipsets).

Remove all the HD, process them, when done put them in a box marked completed... distribute the computers with the drives, and/or, re-install them.

Re:dd is not good enough to erase data

[armb]

There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data

See e.g. "Secure Deletion of Data from Magnetic and Solid-State Memory"
--

Re:Recovery of second and third generation deletio

[stevef]

Why 20 or 30 times? Why random data? Why not just write all zeros?

Re:dd is not good enough to erase data

[stevef]

I don't understand the need for overwriting several times.

Either a bit is on or off, how can it be in between? Or how can you get the previous value of a bit if a switch is either on or off?

Thanks.

Steve

It is possible to retreive some overwritten data

[gelfling]

Since the drive reads data in a track according to a somehwhat fuzzy technique that attempts to read most of the data most of the time from the area of the disk it expects to be able to read from, it is also true that data gets written only to approximate locations in a track. That is, there is bleed over into synch tracks and other areas which aren't typically overwritten by software commands. There are also redundant tracks that are used to compare read results so wiping out one logical track needs to be reflected in all logical tracks as well.

Otherwise they have to physically destroy the drives including crushing and burning.

Re:Politics and Security don't mix

[Art+Tatum]

Also, are you sure that none of those computers was ever used for classified information?

Yes. If you know anything about the way the NSA, CIA, and DoD operate, you know that they destroy all classified equipment *in-house*. They don't ever let *that* kind of stuff even leave the building.

When dealing with national security, one should generally err on the side of caution.

True, although I have to say that "national security" is the biggest lie that ever was told. It's been used repeatedly to engage in things so immoral that I just want to puke.

Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions

That's what this is trying to fix. As the article states, the *outgoing Secretary of Defense* made the decision that all computer storage equipment, regardless of original use, must be destroyed (instead of wiped with appropriate techniques). This equipment had already been given to schools.

Re:Politics and Security don't mix

[Art+Tatum]

Look here.

Re:Politics and Security don't mix

[Art+Tatum]

Well, I'm expecting those responsible to be tried, convicted, and punished for their crimes.

Re:Its only UNCLASSIFIED data...

[Andreas+Bombe]

The pad doesn't get destroyed, and somehow falls into enemy hands.

Then you've got a security leak, and encryption won't help you.

The pad does get destroyed, but the generator for the data on the pad falls into enemy hands, so they can derive the pad.

The pad must be truly random, else it is useless. If the pad can be derived from the generator you have a big problem.

Both the generator and the pad don't fall into enemy hands, but somehow the generation method is derived from patterns on the data drives, which do fall into enemy hands.

The contents of the data drive are just as random as the pad due to the XOR (obviously the empty drive has to be pre-encrypted to be "encrypted empty"), so this is equivalent to the previous point.

The generator will usually collect random bits from one or more physical noise sources (amplified transistor noise, radioactive decay, ...) to create the pad. However the two disk approach won't work anyway, the reason for which I'll detail in another post.

Re:Its only UNCLASSIFIED data...

[Andreas+Bombe]

One with a pad of entropic noise, one with the actual data, encrypted with this pad. As a sector is accessed on one, it is decrypted or encrypted using the noise.

Doesn't work. OTP is One Time Pad, disks are however random access and many sectors get rewritten. The rewrites would reuse the same pad in your design. Since we already established that overwritten data can be salvaged, an attacker can get two or more data strings encrypted with the same pad.

You can't fix this design with normal disk usage. It would work with UDF or similar packet writing file systems where nothing gets overwritten but changes are appended (and use up new bits of the pad) instead. Once the disk is full, a snapshot of the fs has to be copied to a second disk with the same system and a new pad. Once that is full two, copy snapshot back to first with again a newly created pad.

How I learned to stop worrying..

[Splat]

I work at a school and over the past year we've received over 10 donated 486 laptops from the Nuclear Regulatory Committee whose hard drives weren't wiped in any form whatsoever.

Mind you, I haven't found g any data on them, but they still had an operating system + programs. I was really shocked when I booted them up and their DOS Batch menus popped up "NUCLEAR REGULATORY COMMITEE .... 1 Wordperfect ..... 2 Windows" etc. Funny, but disturbing. If anyone did "cleanse" these computers before they donated them it was simply by using "DEL *.DOC". Yeah - real secure...

Re:Its only UNCLASSIFIED data...

[Delphis]

Media is cheap enough these days that a school could buy a smallish but usable drive for about 100 bux and have the rest of the hardware for free.

Probably a larger capacity and faster drive than was in the machine before. 20GB drives for less than $100 are everywhere. Makes you wonder how much it costs in terms of time to use dd by whatever method to remove the data from the original hd .. probably ends up about even.

--
Delphis

Re:Politics and Security don't mix

[Fyndo]

Yes, I'm sure those disks were never used for classified data. I don't think that the govt. would screw tha up.

As far as giving the drives to schools being as good as handing them to the baddie-o-week, no, it's not. Massive disappearances of hard drives from schools would be noticed by the schools, reported to the feds, and appropriate action taken.

Furthermore recovering overwritten data does require something more than spending 10 minutes using it in a classroom. The data may, or may not be recoverable once overwritten, and the drive may, or may not be accessable to them. Oh, yes, it's possible that there will be some leakage of somewhat sensitive data, but it's going to be a very, very, low bandwidth channel, and not very profitable to try to exploit.

A Real Problem, Not A Joke

[Detritus]

This strikes close to home, since I am in the process of excessing a large quantity of old and broken computer equipment. While I would like to sanitize all of the equipment, the problem is that much of it consists of non-functional computers and old hard drives. It would be more cost effective to destroy all of the hard drives than it would be to try to erase them. I'm not sure if the property management rules take that into consideration.

Re:Recovery of second and third generation deletio

[Cassandra]

Why 20 or 30 times?

The write heads on the hard drive are never positioned exactly the same way on two writes. This means that you could potentially uncover the data that was there before. By overwriting the original contents several times, it is likely that a larger part of them are completely overwritten.

Why random data? Why not just write all zeros?

My guess is that it is easier to sort out what was the original contents of the hard drive if you know all patterns that was written "on top" of it. A silly example: if you know that two numbers have been added, their sum is 11, and one of them is 5. What is the other one?

Re:dd is not good enough to erase data

[Cassandra]

Either a bit is on or off, how can it be in between?

Hard drives are magnetic media, i.e. they are analogue. The bits are what you get when you round the analogue signal to the nearest of your code words (not necessarily just 0 and 1, modems for instance use many more levels.). Actually even the ones and zeros in your computer are analogue DC levels, that are rounded off.

Re:swap in a new harddrive?

[SoftwareJanitor]

If a new hard drive costs "a couple hundred bucks" you are buying them in the wrong place. You can easily get a new drive for under $100 if you know where to look. Of course we are talking about the government, so they probably pay way too much, but still... They could just remove the drives and ship the schools the machines and the schools could buy the new drives themselves. Still cheaper than buying a whole new computer.

dd is often not enough

[Adam+J.+Richter]

With specialized equipment, you can often read data that was overwritten on a hard disk, so dd is often not enough. See Secure Deletion of Data from Magnetic and Solid-State Memory, by Peter Gutmann of the University of Auckland. There is also a previous slashdot article on this subject.

Although the article says that hard disks that held classified data will still be destroyed, there still is lots of information that is unclassified but is not supposed to be released, for example, private personal information, a large body of information that should have been classified because classified information can be derived from directly from it, etc. You can bet that the US military is much more familiar with this issue than the insulting "Pentagon Discovers dd" slashdot title implies.

Re:Its only UNCLASSIFIED data...

[dillon_rinker]

It's been a few years since I was in the Army, but IIRC, personal data is classified 'Confidential'. Or at least it's treated the same as confidential-classified material.

None of that will help you.

[No-op]

Doing a DoD spec 7 pass wipe will make it difficult to retrieve data off a hard drive but definitely not impossible. there are many companies that do this as a service, as well as software and hardware you can buy to perform these sorts of tasks. just by using OnTrack's Tiramisu ( now called Easy Recovery ) software I have been able to retrieve data after ex-employees tried to "nuke" their systems completely. When you start looking at repetitive wipes, then you start needing more useful hardware tools, such as the forensic units available to police departments and the FBI, etc. These typically cost from 5000 to 15000 dollars.

The whole point of the story though is this- while it has always been policy to physically destroy drives that have ever come near classified data (as one would hope!) unclassified systems were just required to be wiped and then could be disposed with at will. someone changed this (don't know who or when...) but the DRMO has still been selling systems like hotcakes with fully functional HDD's so someone hasn't been doing their job, I suppose :)

I'm glad to see them change this back so these systems can be put to a better use for schools, poor folks, and the like. Considering the equipment turnover in some military and governmental facilities, some of those kids might really be lucking out!!!

Re:Politics and Security don't mix

[No-op]

wow, an intelligent and thoughtful post on slashdot. I thought they were all gone :)

I think that the security aspects are definitely an issue, however many facilities actually do differentiate between secure and insecure systems. I speak from experience on that one. However, I can also attest that some people use computer systems that should only be used to order toilet paper to type up short quick memos that should only be done on secure B1 level systems... bleh. So I guess what I'm trying to saye is keep your shitter and your datacenter separate :)

Re:In other news...

[Dysso]

lol.. thanks.. you just made my day..

The sad part is that it's so close to what did happen..
Gotta love the US army!

If somebody wanted that data bad enough...

[warpeightbot]

they could get it back... the boys at Fort Meade specialize in recovering third- and fourth-generation overwritten files.... my brother-in-law does such things for a living (though not for Never Say Anything)...

Of course, I noted near the end of the article that the truly classified machines still get trashed, it's just the garden-variety receptionist and lower-end lackey machines that get given to universities where the 33l33+ #@X0R d00dZ lurk...

Re:Sorry that is *NOT* DOD standard.

[Ratface]

It also means you cannot bring radios, programmable watches, calculators, (anything with memory) to work.

Could you bring a goldfish? I mean they've only got like a 7 second memory. That's gotta be pretty safe.
"Give the anarchist a cigarette"

Re: several times over?

[Ratface]

Hmmm! Sounds like it would definitely be cheaper for them to stuff a new drive into the box and *then* give it away to the school!


"Give the anarchist a cigarette"

What's so funny about this?

[abelsson]

Erasing data is harder than you think. Even dd if=/dev/urandom of=/dev/hda probably doesn't erase all data beyond recovery. For maximum effect you need to do several rounds of erasing with certain bit patterns designed to maximise the effect on the magnetic patterns on the storage media as well as several rounds of cryptographically secure random numbers.

Securly erasing magnetic media beyond any hope of recovery without destroying the media is *hard*.

For a full account of the problems involved, read this.

-henrik

Re:Recovery of second and third generation deletio

[crawling_chaos]

Bzzzt. Thank you for playing

References:

• Soviet One Time Pads
• A Summary of Cryptosystems Midway down the page, you will see that AT&T sold a commercial one-time telegraph. Search for Vernam.

I also believe that Walker sold US one-time keys to the Soviets, but I can't find a reference right now. And of course there is an entire book on the subject as well.

Ph'nglui mglw'nafh Cthulhu R'lyeh wagn'nagl dominos.

Re:But arg format is totally nonstandard and fucke

[nyquil]

i always just leave out the of= part, do the tab completion, then move the cursor back and put in the of=. i agree its annoying, but if the path is that long you COULD save some typing.

Re:not very interesting

[RovingSlug]

Agreed. Slashdot's presentation totally misrepresented the actual story.

See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.

So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.

Re:Recovery of second and third generation deletio

[gmhowell]

WTF!? Do you actually think that some 20 year old (let alone 50 year old) information on some computer means anything?? If the US gubmint suddenly got:

All Soviet troop movements from the spring of 1979 to the summer of 1980,
The latest blueprints for their newest fighter,
Photos of Khruschev (sp) shagging Bobby Kennedy while Marilyn Monroe looked on,
and Stalin's memoirs, entitled "Why Hitler is a Bigger Prick than I"

who would give a shit.

Christ, you probably believe that the FOIA is too lenient.

Re:Recovery of second and third generation deletio

[gmhowell]

>>If there is any 20 year-old info that needs to stay secret (and has), how the hell am I supposed to know about it to rebut your argument?

Interesting argument. And one that I am not sure I can refute.

Touche.

Re:Recovery of second and third generation deletio

[gmhowell]

(May as well reply to the replies to my reply here. Most of the arguments are in a similar vein)

I stand my ground that 20 year old secrets are quite lame and not worth protecting. Your post was the one that seemed most rational, as it focused on things such as spy networks. No problem. That almost makes sense. If the network hasn't already been compromised (Aldrigde Ames, et al.)

If foreign powers (and in this case, I think we need to primarily concern ourselves with the Soviets and possibly the Chinese) are incapable of breaking the secrets after 20 years, they aren't a threat. If they are capable, destroying the drives is a moot point; they already have the information. But I will grant that of all the arguments, the question of spys makes more sense than any other.

Second point that many others made was WRT technological advances. Which doesn't float at all. Even after having a U2, I don't remember tales of a Soviet counterpart (I'm not a hardware buff, so I could be wrong. Still, it would be an important part to the Gary Powers legacy if there was evidence of the Soviets reverse-engineering the thing). There is also the more important matter of build-quality. You can have the greatest design in the world, but if your metallurgy/construction/operation of a device is faulty, who cares? I think the SCUD's proved that point about ten years ago. While the patriot missile helped, so did the fact that the SCUDs were put together like a Trabant. (Come to think of it, a Trabant in a trebuchet would likely have been more effective).

(Most of the rest deals with the other replies, so don't take it personally if it's not 100% related to your post)

Another poster mentions chemical and biological warfare, as well as the Manhattan project, as being items that are still rightfully under wraps. Give me a break. Without access to that data, China, Pakistan, and India (among others) all have nuclear programs. Concurrent discovery of technology is the norm, and the US didn't do anything grand, except get it done before having to get on with the island hopping.

Biological is perhaps the biggest joke there is. Anybody with a few credits of chem or bio in college could develop a rather nasty thing to rain all sorts of shit down on an enemy. The real trick is delivery systems. Given that little GPS powered 'RC' plane, I don't think we need to go high tech, either.

But of course, someone could steal the super-duper-top-secret GPS error removing protocol. This and the exact capabilities fall into the same category: big freakin' deal. Close only counts in horseshoes, handgrenades, and nukes. Do you think Saddam or Osama cares if their pathogen hits at 1602 Penn. Ave. instead of 1600?

I could go on and on about why the arguments posted up to my post were wrong, and did not support the destruction of hard drives. BUT, I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months. Thanks to the DOD (and their worldwide counterparts) Intel, Western Digital, and the rest continue to make 386's, one GB drives, and 30 pin SIMMs. Those 486's that could go into the schools don't contain ancient information. They contain the latest and greatest, given the slow speed of replacement of computers by the DOD.

(And to the moderator of my original post: If you think I am a troll simply because of strong language or an opinion that differs from yours, say so. Don't hide behind the 'overrated' tag. Obviously, at least four people on /. felt it was worth replying to with reasonably well thought out arguments (even though I disagreed with 99% of what they said). If you picked 'overrated' because you weren't sure if you were right, than you shouldn't be modding. And if you did it to save your karma, that's right, you are a karma whore. Earn your karma by posting.)

Re:Slashdot editors strike again!

[gmhowell]

>>Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?

Since most of the readership falls into both of these categories, why shouldn't the editors?

Re:Who wants or needs these machines?

[MrNixon]

Your school is lucky. Look beyond your own city/town, and you'll find plenty of schools that don't have the benifit of a generous business community, the monetary ability or the political drive to get enough computers for their students. The Pentagon is doing a great thing, IMHO.

Re:Recovery of second and third generation deletio

[MrNixon]

Damn it. I think I've been trolled, but I've seen too many shortsighted posts today.

20 year old data could come in handy. Like revealing the spy network (yes, it would be 20 years old, but chances are that those guys are still operational in some way, no?). Like revealing the locations of previously unknown weapons caches (they would likely be military installations still in operation). And all those unforseeable secrets (thats why they're called that) that might pop up. Just 'cause it's old, doesn't mean it sucks.

Look past the end of your nose.

Cool

[MrNixon]

Does that mean that the Pentagon has a smelter used only for destroying sensitive data?

If so, cool.

And the winner is...

[nigelo]

Surely, this thread must win the award for the most redundant posts per hour?

Re: [accusation of gross incompetence]

[Catullus]

[accusation of plagiarism]

[link to kuro5hin story]

[patronising comment]

--

Re:When is data truly gone?

[topham]

Bad news... many IDE drives require data to exists outside of the space for user data. This is for head alignment, etc. Some drives do support re-creation of this data, others do not and a general whipe like that may leave them dead.

Re:dd is not good enough to erase data

[rabidMacBigot()]

True, binary digits are either one or zero. But binary digits on a hard disk are written into the real world, and in the real world, the one or zero is the magnetic ailgnment of a few particles of ferrous oxide. These particles are altered when they're overwritten, but there's a very good chance that particles in the space between tracks may keep their original alignment. The trick, then is to overwrite the disk with many random bits, so that the patterns that might be found on a disk full of zeroes get lost in the noise.
At least, that's how I think it's done. Feel free to correct me if I'm wrong.

--

Re:Politics and Security don't mix

[tbo]

A few years ago, in France (ok, not the best example for clever militaries

LOL!!! Think "Maginot Line", folks! Still, it's a good point.

Seriously, though, why not just take all the money that was to be spent on wiping the drives (most likely 200 MB deals on 486s), and use it to buy decent computers for the schools? As if schools can't get enough 486s as it is... Hell, most schools won't even take them anymore.

Re:Recovery of second and third generation deletio

[tbo]

Not stuff encrypted with one-time pads...

Re:Politics and Security don't mix

[tbo]

This happens daily already. It's called middle management.

That was exactly my point :-) Except, imagine your boss has the power to create new laws if he doesn't like the current ones. See, things could be worse :-)

Re:Recovery of second and third generation deletio

[tbo]

I stand my ground that 20 year old secrets are quite lame and not worth protecting. Your post was the one that seemed most rational, as it focused on things such as spy networks. No problem. That almost makes sense. If the network hasn't already been compromised (Aldrigde Ames, et al.)

So, in other words, you're saying my point about spy networks would isn't valid, since the secret had been blown. There's a bit of a problem, though: If there is any 20 year-old info that needs to stay secret (and has), how the hell am I supposed to know about it to rebut your argument? The government probably has all sorts of stuff that's 20 years old that is still secret, and it's not about to surface on Slashdot.

I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months.

I wasn't saying the data was necessarily old now, but that, even if the technology doesn't currently exist to recover the drives, it could still be a problem if such technology is developed in 10 years. If they're just retiring the computers now, then, in all likelyhood, the data isn't too old.

Re:Recovery of second and third generation deletio

[tbo]

for i in `seq 1 16`; do cat /dev/urandom | cat > /dev/hda; done what the fuck can you recover after that? you can't do wizard things... What the hell can the NSA know more about filesystems that us, who understand and write filesystems?

There is a world beyond software, fool. Read this article. In case you're too lazy to click the link, you can recover data from a drive by disassembling it and using magnetic force microscopy with a scanning tunneling microscope. Even after you overwrite a bit, there are still traces of its previous value.

Re:Recovery of second and third generation deletio

[tbo]

Interesting argument. And one that I am not sure I can refute.

Touche.

First of all, thank you for the civilized debate. It's a rare thing on slashdot... You seem to be a rational, open-minded individual, and the world needs more like you.

I guess we've come to the conclusion that the government may have important 20 year-old secrets, but we can't reasonably find out if they do.

I figure their security experts probably know best, so they should be the ones making the decisions, not politicians who think the internet is synonymous with the web.

Re:Recovery of second and third generation deletio

[tbo]

All Soviet troop movements from the spring of 1979 to the summer of 1980,
The latest blueprints for their newest fighter,

These are fairly lame examples, but I'll work with them anyway... Troop movements would reveal tactics and doctrine, which don't change very quickly. Fighters and other military hardware often stay in service for 30 or 40 years (think--when was the F-15 introduced). Hell, the Russians are about 20 years behind the US in sub quieting technology, so getting old info there could probably still help them, and then we'd see the technology show up in subs sold to the Chinese (and, in turn, to every two-bit rogue nation in the world).

A much better example of something that would still need to be secret after 20 years would be the names of agents operating in foreign countries. Admittedly, that would be classified, but the original poster was talking about releasing drives that had held classified data (and I pointed out that it's hard to be sure a computer wasn't ever used for classified stuff).

Why take chances with national security just to get some crappy 486s into schools? For the cost of proper data wiping (remember, the Pentagon never does anything cheap), you could probably buy them Pentiums.

Politics and Security don't mix

[tbo]

This is a very bad decision, which I'm sure is being mad for political and not security reasons. From the article:

Others supported it after an audit found sensitive information such as lists of names and addresses had been left on hard drives of donated computers. Though unclassified, they said such cases still present risks.

This is entirely true. There's a lot of information that, when taken individually, isn't dangerous, but, when combined with large amounts of other info, could present a security hazard. Maybe one piece of unclassified info says the Air Force is building a new stealth fighter, and another piece of info is an Air Force requisition order for 20 tons of titanium. Put 2 and 2 together, and you know that the new fighter will be made of titanium... (Example borrowed from The Cuckoo's Egg). Also, are you sure that none of those computers was ever used for classified information?

Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.

Completely deleting data is very, very hard. Wiping a drive securely against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.

When dealing with national security, one should generally err on the side of caution.

Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?

Re:Politics and Security don't mix

[LS]

I'll take the bait:

"When dealing with national security, one should generally err on the side of caution."

Listen to yourself. I could easily hear that comment coming from a fascist. Erring on the side of caution for national security is always an excuse for taking away freedom.

Re:Politics and Security don't mix

[dirtmerchant]

Hence a (tm) good thing, as anything that hastens the collapse of the fascist us government is necessary to promote a one-world socialist democracy.

Re:Politics and Security don't mix

[Erasmus+Darwin]

True, although I have to say that "national security" is the biggest lie that ever was told. It's been used repeatedly to engage in things so immoral that I just want to puke.

Amen! I hate it when the DoD uses the argument of national security to rationalize nothing less than the wholesale MURDER of thousands of innocent harddrives. The poor little devices served that country well, by storing classified data, and their loyal service was repaid with incineration.

Even the brave harddrives that assisted with unclassified work still had their brains wiped clean several times before being forced into the hellish public school system. It's barbaric.

Re:Politics and Security don't mix

[eudas]

"Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?"

This happens daily already. It's called middle management.

eudas

Re:Politics and Security don't mix

[dario_moreno]

true ! A few years ago, in France (ok, not the best example for clever militaries, but where are they to be found ?), a satirical journal, le Canard, managed to get an almost complete list of the military secret service : they got hand of some class reunions invitation lists of military schools, and the secret service men were listed as belonging to units that did not actually exist.

Re:Politics and Security don't mix

[NickFusion]

"True, although I have to say that 'national security' is the biggest lie that ever was told. It's been used repeatedly to engage in things so immoral that I just want to puke."

And who told National Security and morals were even vaugly congruent?

National Security is all the sacry & horrifying things that governments do so the citizens can sleep untroubled through the night.

Re:Politics and Security don't mix

[cpl+almost]

The separation of classified and unclassified hardware is legendary among those who have ever worked under high security clearance. An excellent example is ethenet cables: once used to transfer classified data, they must be secured and destroyed. I question how much one could glean from an ethernet cable, even if it had not been wiped. But then again they lost entire hardrives full of classified data at LANL. --

Re:Recovery of second and third generation deletio

[tbo]

... even the computers that had classified information on their harddrives should be allowed to be re-used.

No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.

Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).

Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?

Why not

[penguinboy]

just remove and destroy the hard drives from all systems? I'm sure there are plenty of places that would much rather buy a cheap hard drive for a govt surplus system then buy an entire machine of the same spec.

Is it worth it?

[Junta]

It takes a lot of effort to securely erase the data on a hard drive. The ideal is to use encrypted FS from the beginning and then do multiple overwrites with random data to create a lot of noise, and even then recovery may be possible.
My question is, how old are these systems being retired? If they are relatively old, then the hard drive is probably very low capacity by todays standards and cannot be considered too reliable.
With a low-capacity hard drive, would it be cheaper to just ditch the hard drive entirely, using a destructive secure erasure method and spend the moeny that would have been to pay for staff to erase the disk without destroying it to instead buy a new small hard drive?

Re:Secure rm

[Juln]

also, you can use shred, including on entire devices... Hell, it's even an option in the kfm menu if they can't figure it out...

Re:Rycycle into building materials

[Juln]

I think probably the powder might be enough...
also, to make it more random, you could put the data on a pile, and rub or paint it onto a hot tube of glass, and then use it to make a bong with which you smoke classified substances.

The BIOS won't anyway.

[dmaxwell]

A small drive could hold LILO and /boot. Once a Linux or BSD kernel is running, the other drive should become accessible. Linux and the BSDs don't rely on the BIOS to access drives. So boot from either a floppy or a small hdd then load the rest of the system from the "big" drive.

Re:I think it amusing...It's OK, Taco.

[darkonc]

Now all we need is a mini distro on a floppy that automatically wipes any harddisk it sees 10 times upon booting, and shows a happy penguin when done...

Probably worth putting together for government and non-government users -- although I would put a banner page on startup with a warning message and a request to hit ctrl-alt-space to continue....

"You left WHICH floppy disk in my computer?"
--

Re:But arg format is totally nonstandard and fucke

[darkonc]

And they still haven't fixed it! What I hate most is the way filename completion won't work with of=/really/long/path/here/and/really-freaking-long -filename.ext I gotta type the whole shit out.

If you know how path expansion works in UN*X, a '*' expansion would be looking in your current (home?) directory for a subdirectory named 'of='. The unix shell does not know (or care) about what the command being called expects. That's why most UN*X commands do something like '-i filename'. That way the filename stands alone, and shell 'glob' expansion will work properly.

If you want to avoid the whole problem, then you can replace

dd various_options if=/some/long/pathname of=/some/other/long/pathname

with

dd various_options < /some/long/pathname > /some/other/long/pathname

That way, the filename is standalone and shell glob completion will work properly

In my early Unix days, I wondered why dd even had the if= and of= parameters, since < and > do the same things. I think it's so that people who get used to all of the other var=value params for dd stopped bugging the writers for a way of naming the input and output files that was consistent with the rest of dd's options. Perhaps we should update the man pages to reflect that.
--

Re:Its only UNCLASSIFIED data... (pads)

[darkonc]

Not a big problem... If it's a one time pad, you rewrite the pad everytime you rewrite the data. That way, both sides always get 'random' writes.. Even if the data doesn't change, you can't tell, because both sides get re-randomized. You need both sides to know what's going on.

The nice thing is that, since both drives are always getting 'random' data, a couple of extra passes of 'random' data might make it real hard to figure out which pass was the 'real' random data. Randomly switching which side gets the 'pad' and which the data-modified 'pad' may make analysis even harder.

A prototype of this 'secure' filesystem could probably be done up in a couple of hours by modifying a software-raid driver. If i cared enough about my own security, I might do it myself.

I'd patent this idea, but it's now been published
--

Re:When is data truly gone?

[darkonc]

My guess is that the 'classified' method of blanking a drive includes writing data multiple times, with a pause (weeks, months?) between. to allow magnetic data to 'bleed' into the borders. -- then, as someone mentioned, run it through a degausser to suck the platter dry and do a low-level format.
(I'm guessing, here)
--

Re:But arg format is totally nonstandard and fucke

[darkonc]

the IF= and of= constructs do not open pipes. The dd program has to parse the strings and wilfully open the input and output files named.

If you don't specify an if= or of=, then dd is capable of being used as part of a pipe.
--

Re:dd is not good enough to erase data

[divec]

At least a simple dd if=/dev/zero of=/dev/hda is not.

But enough runs of dd if=/dev/urandom of=/dev/hda might well do the trick.

Re:Recovery of second and third generation deletio

[divec]

Why 20 or 30 times? Why random data? Why not just write all zeros?

If you overwrite your data with zeros, then the original magnetic signal is still there, but weaker. If you overwrite a signal with a sufficiently strong random signal then you get a random signal. The 20 or 30 times is to ensure that the amplitude of the random signal is much greater than the amplitude of the data (if I understand correctly).

Re:dd is not good enough to erase data

[divec]

NO! A pseudo-random generator can be backtraced.

/dev/urandom is not a pseudo-random generator, because it uses truly random data which accumulates across the kernel over time. Well, it does use a pseudo-random generator when there aren't enough truly random bits lying around, so if you're /really/ paranoid then you should use /dev/random, which doesn't. Nevertheless, it is much, much better than using an entirely deterministic rand() function.

Re:dd is not good enough to erase data

[ddstreet]

Can't you just fire a couple of EMPs at the disk first? Or would that damage the hardware?

Yes the EMPs would destroy all electrical equipment, turning the system into a hunk of scrap metal.

Placing the drive in a very large and powerful magnetic field would (disputably) erase the drive, but it's certainly possible that there would be residual data left...

Definition of classified

[MartinB]

How much data is unclassified anyway? In an environment where there are massive disincentives to revealing anything, you tend to get the phone number of the local pizza delivery classified, right next to the phone number of the Kremlin. "Classify everything" is easy to implement.

Kind of makes a mockery of the classification system, but there you go.

Re:Whats dd

[Dwonis]

You can only write to the disk byte-by-byte with dd, not bit-by-bit.
------

Re:dd is not good enough to erase data

[Dwonis]

Can't you just fire a couple of EMPs at the disk first? Or would that damage the hardware?
------

Re:dd is not good enough to erase data

[Dwonis]

What about taking the platters out (in a clean room), zapping those several times, and replacing them?
------

PShaw the govt's been doing this for years!

[meatspray]

The Army has been using Norton Diskwipe for a long time because it meets "military" standards, If i remember there was a g3 option that made it run itself three times.

there's a document here on using Norton to kill a hard disk section 5.2.3.4

http://www.ct.ngb.army.mil/Security/ctsecpol.htm

Re:PShaw the govt's been doing this for years!

[Scoria]

Arguably, Norton has this feature with any program ::grin::.

Just install it on any Windows machine and it'll do its job within a few days. :P

Re:dd is not good enough to erase data

[Dust+Puppy]

"They" do. Hard drive capacities double every x months, and every data that was erased from a hard disk that was new at one point can be recovered y months later. There is a linear relationship between x and y. That's Moore's law.

I am not a MIL STD, but...

[sconeu]

IIRC, it's:

1. Write all 1's (0xff) to the disk. Readback & Verify.
2. Write all 0's (0x00) to the disk. Readback & verify.
3. Repeast steps 1 and 2 two more times (for three full passes).
4. Write a random byte to the disk (I'm partial to 0x47 or 0xb2, but take your pick). Readback & verify.
5. Write the 1's complement of the previous byte to the disk. Readback and Verify.

Make sure to generate a log somewhere for audit trail purposes!

Note. I am NOT a DoD STD. Please check your customer's relevant specs for purge.

Re:dd is not good enough to erase data

[sconeu]

Having written several disk purge (not declassification -- once it's classified, it's classified) routines, I feel qualified to comment.

You don't just "dd if=/dev/zero of=/dev/rhd0".

There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.

The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.

Even the posters don't read the fscking articles any more.

Re:Whats dd

[bugg]

It's a versatile UNIX tool that, among other things, can be used to write "zeros and ones" to an entire harddrive (...not just the filesystem)

Re: several times over?

[Shanep]

Since the heads don't follow the exact same path every time, you've also got to do something to ensure that the fringe areas out to each side of the track really got overwritten. If you can get direct control of the head position microstepper, you write once a little to the inside of the nominal track position, then write once a little to the outside.

Hard drives have'nt used stepper motors for a very long time. They are very slow and suffer from backlash that causes exactly what you describe about not being able to position the heads exactly enough.

Older SCSI, MFM and ESDI drives may have required this treatment, but a modern SCSI or IDE drive should not need this extreme treatment. In fact (I'm not sure about the modern SCSI drives) this is not possible through software for the IDE drives. Technically, IDE drives can not be low level formatted the way a SCSI drive can be, by a user. This is something only the factory can do. The track positioning is done by a spare platter face which does not have write heads. The "low level" format utilities that IDE makers provide, only writes zeros to the whole drive, it does not allow repositioning of tracks the way a SCSI low level format util does, which is the true meaning of a "low level format".

I would prefer filling the drive with zeroes, then ones and then repeating a few times, then finalizing with the random data.

PS. Why a bootable DOS floppy? MS kernel somehow the best for this? ; )

Re:Why is this story so important?

[Shanep]

So, the pentagon decides to fdisk all the hard drives for regular de-classified pc's. Big deal.

fdisk will not necessarily destroy any data. It may simply mean that you will not be able to gain access to that data again if you don't know how to restore the partition tables you just hosed with fdisk. Writing new tables of differing sizes may overwrite some small amounts of data though.

Whenever I build a machine that I don't want to be hosed, I take the precaution of printing out the partition tables so I can restore them if need be.

I have needed to restore them and I was able to restore that partition to it's original usable state with no data loss.

A simple dd if=/dev/zero of=/dev/hda will render a drive completely unsalvagable without a specialized hardware+software solution. NO software will be able to get old data back off this drive while it is in any ordinary PC. The drive will read zeroes and nothing else, since the data on it will be falling well under the digital trigger level for a 1. You'll need hardware that reads directly from the heads to get data off it and a standard PC can not do that.

Re: several times over?

[Shanep]

Hi markmoss,

but I believe what any modern disk drive has for head positioning is a tiny electromagnet ("audio coil") driven by a DAC

Yeah, an electromagnet in close proximity to a very strong fixed magnet, driven by a DAC that gets position and error data from either a platter that is completely dedicated to head position data, with grey code encoded tracks that correspond to the cylinders, or platters that have grey coded data between sectors on each track. Either way, the heads a positioned pretty well.

So the head is still going to wander a little (by 1/2 a DAC step at least)

Half a step? Positioning the heads half way between tracks? This would either cause the reading of erroneous data and none if the signal levels are down near the noise floor (as far as the drive can see).

Maybe you missed this: the article is not concerned with data recovery using the drive as is

No actually, that is a point I have been trying to make in other posts to try to quell some of the hype. Some people seem to think this can be done through some software trickery.

Incidentally, there may be a business opportunity here.

How about stationary erase heads that span the platter radius, so as to allow a complete degauss in a couple of revs? A full erase 7400 times in 1 sec sound good? ; )

With modern drives built to get every last byte, with tracks positioned as close as posible so as to waste as little media as posible, bluring the lines between tracks, I would'nt be amazed to see them get data from a zeroed drive, but I would be astounded if they could do it with one that has had some random write treatment a few times, even reading just off the tracks.

Re: several times over?

[Shanep]

No, a DAC step

Sorry, I should know better.

That is, the erase head would have to be capable of writing 1's and 0's both,

Yeah I was thinking that, a simple degauss might not be good enough.

Re:In other news...

[leucadiadude]

DOD discovers data destruction disk dimension "dd" Duh.

Re:Windows licenses

[lizrd]

I suspect that said windows licenses are non-transferrable. That is usually the case with corporate/govt. site license arrangements. As a result, it would probably be illegal to sell these computers without removing windows from the drives anyway.

________________________

dd is not good enough to erase data

[Baki]

At least a simple dd if=/dev/zero of=/dev/hda is not. There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data written before a constant bit pattern was written, and I'm sure the Pentagon does take such possibilities (difficult, but it can be done) seriously. A real good erase must write several different bit patterns in a row to make sure the original bits have been changed several times. The story isn't as stupid as some might think.

Re:dd is not good enough to erase data

[fonky]

> My question is -- if all this data can be recovered in 3rd or 4th generation wipes ... why can't they make a hard drive that exploits this to double its capacity ?

MS Doublespace?

Re:dd is not good enough to erase data

[OmegaDan]

My question is -- if all this data can be recovered in 3rd or 4th generation wipes ... why can't they make a hard drive that exploits this to double its capacity ?

Re:dd is not good enough to erase data

[Forrestina]

for the time and cost that would take, why not buy a new hard drive? doing multiple dd's to a drive is really the best method. i think DoD's standard is 7 rewrites. but, i could be wrong.

-------

Re:dd is not good enough to erase data

[ecesar]

Correct me if I am wrong, but I thought that urandom was only slightly less random than /dev/random [ref]. In other words, urandom would become pseudo-random only during the short intervals where the entropy pool is depleted. For this application, probably it is randomized often enough.

Re:dd is not good enough to erase data

[evilviper]

Actually, it's quite easy to do this with dd (not that it's of any consequence). dd if=/dev/random of=/dev/hda or if you weren't a moron and wanted to do this about twice as fast.... (dd does write verification which is unnecessary) cat /dev/random > /dev/hda about 5-10 times doing that and everyone's happy. Of course, after the first time you'll need to do it from boot disk ;-).

---=-=-=-=-=-=---

Re:dd is not good enough to erase data

[beable]

In other words, urandom would become pseudo-random only during the short intervals where the entropy pool is depleted. For this application, probably it is randomized often enough.

/dev/random runs out of bits fairly quickly. For example, I just ran cat /dev/random > random.file and I only got about 750 bytes out of it. I wiggled the mouse around a lot and the file went up to 4k. It would be quite difficult to get a whole hard disk worth of real random data from there, which means that /dev/urandom will be mostly pseudo-random.

Re:dd is not good enough to erase data

[eudas]

why else did you think some of your files would occasionally disappear like socks in a dryer?

eudas

Re:dd is not good enough to erase data

[Martin+Spamer]

if all this data can be recovered in 3rd or 4th generation wipes ... why can't they make a hard drive that exploits this to double its capacity ?

Because much of this is cross between urban myth and techno-babble, usually believed by people who don't really understand HD technology, basically the techno-phobic bureaucrat and Journalists.

Once the physical sector has been over written, it's been over-written and only the new data can be read, the old data on it is gone, gone for good. This is basic physics, magnetic polarity.

The problem occurs when re-writing a file, which is a written to a numbers of 'virtual' sector, actually called blocks. The actual physical sectors these block are written to varies and will typically change each time to those blocks at the front of the free space list.

Another issue is that when files are deleted, typically it is simply marked as deleted and added to the end of the free space list. Rewriting a file to a disk, typically marks the old version as deleted and makes another 'fresh' copy.

So the problem is that fragments, possible whole versions, of the old file are scattered over the disk, not 'under' the current sector.

Re:dd is not good enough to erase data

[FeTrut]

My guess is that 1) The methods are not 100% accurate or reliable, and 2) The technology/equipment needed to read it would be either too large or too expensive to bother manufacturing into a hard drive unit.

Re:dd is not good enough to erase data

[markmoss]

That could work, but I think you could buy a new (probably 10X bigger) drive for less. You can also bulk-erase _through_ the aluminum drive case, but modern hard drives require a very high magnetic field strength to erase (several times that required for the strongest ("type III") magnetic tape). It would be likely to bend or break the platters. And finally, there is no mil-spec qualified bulk-eraser for even type III tape--so regardless of technical merits, they couldn't use bulk-erase methods.

Re:Slashdot editors strike again!

[Jay+L]

Actually, not even the reporter claimed that. All he claimed was that the Pentagon found a way to balance two competing goals - which they did. It is only geeks like us that instantly read "found a way" as "developed new technology".

Re:Whats dd

[Jay+L]

When every bit is set to zero several times over, however, then there is no way in hell you will find old data on the drive.

I think you mean "there is no way in hell you will find old data on the drive unless there was some advanced technology mentioned three times above in responses I didn't bother to read before posting my own."

Re:Windows licenses

[Kupek]

How the hell is this a troll?

Re:Its only UNCLASSIFIED data...

[flatrock]

Confidential information makes it's way onto unclassified computers in the military. The people dealing with the information are human, and some information almost inevitably ends up on the computers that they use on a daily basis. Those computers are not intended to have classified information on them, but as people write reports, and prepare presentations, small amounts of information leaks into what they produce. Each report or presentation doesn't hold enough information to be a problem, but taken as a whole, a lot of information can be gathered.

I did computer support at an Air Force base a number of years ago. The only time I heard of information not being properly destroyed was when a hard drive failed that had personel info on it failed, and the computer tech threw it in the trash when he replaced it. The tech had been around a long time, so he managed to not lose his job over the issue, but he should have known better.

The Air Force policy where I was at was that a computer's life span was 5 years, and they rarely bought state of the art computers in the first place. After a few years, the departments with the budgets to buy new computers would buy them, and the still usable used computers would be passed to a department why didn't have money to upgrade their 5+ year old equipment. Often those 5+ year old computers would be passed down to contractors and others without the budget or political clout to acquire new or even slightly used equipment. Old computers were also scavenged to keep other old computers running. By the time the Air Force was done with those computers, there was very little value left in them, even for educational use. An average computer tech contractor costs the government somewhere in the range of $40 an hour. If it really worth spending the time to make sure the computer's drive is wiped. In many cases the computers don't even work, so wiping the hard drive means putting it in another computer to do so. In the end the schools get tons of junk which they have to pay to dispose of, and the government gets to be politically correct.

Just chuck the hard drives in the incinerator and throw the computers away. Don't waste the time and effort trying to figure out if there might possibly be sensitive (classified or otherwise) information on the hard drive, destroy it. At the point the government is willing to give them to schools, they aren't worth anything anyway. If the government wants to spend money on getting rid of old computers, spend it recycling the old parts, so we don't just put them in landfills. Giving them to schools may be politically correct, but mostly it just means that the school wastes it's resources trying to find out if the computer is usefull, then just chucks it in a different landfill.

let's trade "secrets"

[quigonn]

Dear Pentagon, I give you my Nutshell books so that you can learn using computers efficiently and you give me your cryptography technology, OK? Actually, Linux in a Nutshell should be enough.

When is data truly gone?

[liberty!]

Anyone with sensitive data of any kind runs into the question of how to make it gone on demand. We all know ways of starting over on a drive to recycle it - load your favorite GNU/Linux or BSD distribution on it from scratch and enjoy.

However, the real question is this: if someone really wants to do so, how much data can be retrieved from a drive which has been reformatted and written over. Sure, most of us are going to give up fairly quickly, but if one puts enough effort into it, what data is still there waiting between the tracks? Unfortunately, at least some of the stuff from Tom Clancey novels is based on fact, and if you have the budget of a major government, and enough time, at least some data can sometimes be retrieved. If there are secrets which are worth enough to spend major time and money recovering, no data is ever quite gone.

Or at least, that is what those fabled government agencies base their budget requests upon.

Re:When is data truly gone?

[dj28]

In the PGP documentation, it said that commercial applications have been known to recover data past 9 wipes ¥random bit writes© They say the 'magic number' is 26©

Re:When is data truly gone?

[dasunt]

Now, I believe (and if I'm wrong, correct me), that when a bit is written to the hard drive, there is a minor amount of error where it could be written to physical area of the hard drive. The error isn't enough to make it interfer with the other bits of data on the hard drive, but is enough that there is a decent amount of chance that you could pull off the previous value of the bit from the hard drive, if you tried hard enough.

Also, when a bit is changed from one state to another, if the bit is changed, it might vary slightly (but still in the range of tolerance) if the bit was changed from 0 to 1 or 1 to 0 instead of the bit being 1 before or 0 before and remaining unchanged. Think of it as the magnetic field defining the bit as being not as strong as if the bit was not "flipped".

Now, the way to get around this is to write random bits of data to the hard drive several times. Another poster has commented that seven is the magic number, and since I've heard that number before, I have to agree. So fill the hard drive with random bits seven times and the original data can be assumed destroyed.

Re:When is data truly gone?

[thefogger]

Yes,
I recently read an article about a company here in Germany that recovers data even from very badly damaged hard drives. I don't know how much of this stuff is true, but one guy from that company said they where able to recover most of the data by examining the "borders" of each data track. He said that when data is overwritten with other data on a drive, it's usually not written exactly on top of it so that sometimes the underlying data is still visible at the borders.
The article had picture of some special reading device that was able to read "every kind of drive, even those of new and unknown technologies." The article wasn't in a tech magazine but nevertheless, I found it very interesting.

GPart

[VB]

You'd be amazed at what this tool can recover.

Linux rocks!!! www.dedserius.com

The Gutmann Paper

[Speare]

For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX.

Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann

This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.

Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.

Re:The Gutmann Paper

[beable]

For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX. This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives.

Quick! Patent those patterns! Then the Pentagon will have to pay you hundreds of dollars in software patent fees for every drive they try to wipe!

Quick, someone file a patent!

[Bocaj]

Incredible! By replacing the old information with nothing, we can erase it! Way to move right on it to 70,s guys.

Re:Pluses and minuses

[MattGWU]

It's not the pluses and minuses you have to worry about....it's the ones and zeroes. Those little buggers will get you every time.

Policy change is great, but it may not help.

[Pachooka-san]

I volunteer for a local organization, SMARTCO that recycles government and business computers into local non-profit organizations. Our biggest source of machines is the local Naval Station. Guess what -we're drive-limited. The biggest problem we have is finding hard drives because they've been stripped out of the machines we get. No classified stuff, mind you, just plain old everyday desktops stripped because everyone errs on the side of caution. This policy might change that, except dd takes time. On these old machines, the biggest (government) cost is the labor to strip it. Spending the hours it would take to dd the drive isn't going to happen, even if all but 3 minutes is interaction-free. So much quicker to run the drive through a degausser or a sledgehammer. The volunteers can't do it, because they aren't "cleared personnel". So unless we can get a civil servant to spend his or her precious free time to wipe the drive themselves, we'll still get driveless boxen.
<sigh>

Pachooka-san

Recovery of second and third generation deletions

[BierGuzzl]

... even the computers that had classified information on their harddrives should be allowed to be re-used. Considering the fact that you can still get at second and third generation overwritten data, just overwrite 10 or 20 times with random junk (not a predictable pattern of 1's and 0's) and you've most certainly buried the classified stuff.

If you REALLY are paranoid, just get a script to plant misinformation throughout the system before deleting it all.

An ignorant question

[Steeltoe]

Wouldn't it be possible to use a strong moving magnet to wipe out the disks, or would this destroy the harddrive altogether/have no effect/not be cool enough etc? d;*)

- Steeltoe

Hell, even military trash cans are a risk

[Uggy]

When my unit goes on manuevers one of the things we do for realism in training is to make sure we get rid of our TRASH in a secure manner. The enemy or potential enemy can find out a million things about you just by going through your trash. Unclassified systems will contain more information about our habits, tendencies, and personalities than any classified computer.

I'd prefer to just destroy all the disk drives and let the schools buy brand new ones. They'd probably like that better anyway, instead of losing work because that 5 year old disk died on them in the middle of a paper.

Re:not very interesting

[he-sk]

If I'm getting this joke right, Slashdot is not laughing about CNN's tech style reporting, but is making fun of the Pentagon's order in the first place. The overkill of destroying a couple of millions worth of hard disks.

Anyway.

Too much pot?

Re:swap in a new harddrive?

[Stephen+Samuel]

The intent of destroying the hard drives was to prevent sensitive (though technically unclassified) information ending up in the hands of someone who might have some fun with it (including an inquisitive High School student who finds data and decides to sell it to his druggie friends who.....).

Please consider, as well, that calling it a 'preventive measure' is probably a euphimism for somebody found some useful information on a hard drive we gave away and three informants died as a result -- but we're not going to acknowledge that that's the real problem because it might end up in the whole program being trashed..

You have to look at this from the (probably non-technical) Bureaucrat's point of view. Once the drive is destroyed, the problem is solved. Paying good money to buy hundreds (thousands?) of brand new hard disks that you're going to give away is a waste of funds that you can always find someone in your organization clambering for to help hunt down the latest killer. (remember that this initiative probably made it past on the bigwigs based on the promise that it would cost the department next to nothing, while providing good PR). Providing new drives with every outgoing machine would probably increase the up-front cost of the program by an order of magnitude.

(the scarey thing is that the 'destruction' probably consisted of tossing the drive in the garbage where any spook would be happy to dumpster dive and retrieve all of this data from one place.
--

Re:swap in a new harddrive?

[Stephen+Samuel]

Well if it's so cheap, the school should be happy to pay $20-$50 for a used drive to make a free computer usable. It's a far more justifiable expense for the school recieving the drive than it is for a government department that is going to be giving (thousands of) machines away as a (free) goodwill gesture.
--

Re: several times over?

[Stephen+Samuel]

Back in the early '80s was someone posted a note explaining that when the NSA/CIA tested disk drives, they had a prescribed method for the vendor to overwrite the drive before it could be passed on for other uses.

Most vendors found it easier to just melt down the drives.

Remember that these were mainfraime hard drives, in the early '80s, that probably cost in the range of thousands of dollars each (retail).
--

Re: several times over?

[Stephen+Samuel]

Unclassified doesn't mean unimportant. Your computer is unclassified, but I'm sure that I could get a whole lot of 'interesting' data about you, and your job, by looking at the data on your hard drive.

Remember that these are 'unclassified' machines and they feel that the risk of 'only' overwriting them is fine. They're still destroying drives from classified machines.
--

Honeypot?

[rsborg]

All the posts here are either:
1) Congrats to the DOD, for doing the good deed
2) DOD are idiots, everyone knows how to read "erased" info from HD's
3) DOD know what they're doing... we may know how to read from 3rd/4th overwrites, but I'm sure they're on the ball.

What about another conclusion?:
4) They know that we and the bad guys know how to read the information, and want to put out a "trap" to see if the information is leaked properly...

Seems to me they're just dispensing information ...

i love the pentagon

[finalfantasydog]

yes they let all of nuclear secrets hard drives get out, yet thier worried about dd not working to overwirte thier drives

Here are some Facts

[carcass]

Maybe y'all want ta take a look at this: "Secure Deletion of Data from Magnetic and Solid-State Memory"

Also check out the source for GNU fileutils-4.1. (ftp://ftp.gnu.org/gnu/fileutils/fileutils-4.1.tar .gz). The src dir contains "shred.c" which more or less implements the contnent of the paper.

carcass

Instead of just zeros and ones...

[p0et]

what about fill the disks with the bytes "6c61 6f6c 676e 7420 206f 7375 2820 6570 746e 206c 6874 7369 6220 7469 2073 6562 6761 6e6f 0a29"??

Thats ascii for "all this bits belong to us (pentagon)"... : )

Re:Instead of just zeros and ones...

[PrimeNumber]

Not to be a *complete* schlimmiel -- (The post was funny) but that coverted ASCII (6c61 6f6c 676e 7420 206f 7375 2820 6570 746e 206c 6874 7369 6220 7469 2073 6562 6761 6e6f 0a29) equals: "laolgnt osu( eptn lhtsib ti sebganoLF)" With the line feed character 0Ah being LF. Now this: "616C 6C20 7468 6973 2062 6974 7320 6265 6C6F 6E67 2074 6F20 7573 2028 7065 6E74 6167 6F6E 29" is ASCII for "all this bits belong to us (pentagon)" I couldn't help it --- I had to know! :)

A better way...

[smallstepforman]

The amount of money spent by a foreign power into tunnel microscophy, Hal effect backtracing, cracking pseudo-random no generator etc (insert favourite technique here) will always be more expensive than just bribing a key person to bring data from the Pentagon. A bit of social engineering is always more beneficial than electrical / software engineering. Besides, the whole issue of conflicting governments and human rights is something that belongs on kuro5hin, not /.

7 Times.

[NullStream]

Amazingly I learned my "Professional Practice" (aka Ethics in Computer Science) the NSA (or some other US military orginization with too much money) did a study to see how many times a hard drive needs to be overwritten before the data is completely unretrieveable. They came up with the magic number of 7.

dd if=/dev/urandom of=/dev/wd0a bs=128

Do that 10 times and you should be cool. This came about as my professor actually does this every time he needs to have his machine serviced.
(10 as who the hell believes americans anyways?)

Re:7 Times.

[NullStream]

OpenBSD for me.

Re:7 Times.

[jbarnett]

OpenBSD disk are not physically secure. 1) Openan OpenBSD boxen (or 99.9% of the computers out there) 2) take drive out 3) mount disk 4) look at all your data and p0rn

OpenBSD only encrypts swap (and you have to turn this on manually) and doesn't have support for encrpting ufs yet...

Re:In other news...

[ecesar]

It's even more close to what happened, because if the boards are anything like the ones here at my university, they are readable after erasing (with some effort).

It is believed that hard disks are still readable after simple zeroing (with special hardware), and this is the rationale behind functions such as PGP's overwriting with several passes of random bits.

Re:But arg format is totally nonstandard and fucke

[The+Madpostal+Worker]

No, its beacuse pipes are the most effcient things, espcially for gigs and gigs of data. Thats why you pass them explicitly.

/*
*Not a Sermon, Just a Thought
*/

Re: several times over?

[SuiteSisterMary]

if they're worried about whats on unclassified machines, then somebody's not doing their job

Remind me never to hire you for a computer security position. BECAUSE they're worried about what might be on an unclassified machine, they ARE doing their jobs. You don't stay secure by making assumptions. Period. You do it right, every time.

Re:It doesn't

[Walterk]

That's what I always do before installing a new OS on my HDD..

Re:Secure rm

[Walterk]

Not my fault that those damn keyboard manufacturers put that c and g so close together.

Re:Secure rm

[Walterk]

Is it me or hasn't anyone heard of srm?

Re:fp

[talonyx]

A reply to a story you moderated renders all of your moderations undone....

Re:In other news...

[Provocateur]

It was discovered that the so called "whiteboard erasers" were actually physical storage media devised by the Russians to act as failsafe compression/zip drives, and all information that was thought to have been erased from government whiteboards could actually be retrieved with the proper decompression equipment...

Re:LAYER the security approach

[joto]

What if you layered the security approach? Encrypt the filesystem with a very good cypher and encrypt the entire filesystem!

Please tell me how to make sure they used encrypted filesystems 5-10 years ago, on those old machines that they are scrapping now. (See..., it's not a very helpful suggestion!)

Actually, it wouldn't help security very much to use encrypted file-systems either. Encrypted file-systems are only supposed to help if someone seizes your machine. That means it might be a good idea on a laptop, but if physical security is good, it is an unnessecary hassle to use on desktops. And, as avoiding loss of data is equally important when it comes to security, I wouldn't really think they would want to go through with that. Better just scrap the HD's.

Sorry that is *NOT* DOD standard.

[PrimeNumber]

Sorry this is not correct. The reason I know this is that I used to work in a Secure Computer Information Facility or SCIF in military speak. Part of this meaning in English is that you work in a *lead lined building* and that every *square foot* of soil (for some odd reason) has been certified for said installation. It also means you cannot bring radios, programmable watches, calculators, (anything with memory) to work. If you think this is fanatical, any media which is taken out must be *stringently* degaussed, meaning you place a magnetic tape through a degausser at least three times, and as the article states (correctly) you *must* remove and degauss all disk platters muliple times. In fact, in my unit (a comm unit) before people pcs'ed (permanent change of station) they would give these platters mounted on wood with the unit insignia and your name on a brass plate. They actually look cool. (These were ancient VAX platters This was a rare exception as most items are destroyed, probably because the ancient aluminum platters kept cheesing the shredder.) What you are referring to is the writing of info at least *5* times over the *whole platter* with I believe F8/F0 hex which is a standard (albeit used for *unclass* and unclass EFTO (Encrypt for transmission only) drives. And there is NO way you could have recovered that with PC Tools. To sum it up: All classified media is destroyed, unclass could be saved, but a pain and generally destroyed as well.

Re:Amusing? No.

[Copid]

But of course you have time to post a message bitching and moaning about it here. Funny how that works out.

Don't need pentagon to discover DDs...

[tcc]

Since when do the pentagon think they're so hot for finding DDs? no war, so all they can think of is sex??? pffff

can I ask you something?

[elegant7x]

Does it hurt, being so stupid?

EMPs

[elegant7x]

EMPs don't erase hard drives. Usualy they just distrupt an electrical circut, without damaging the hardware to much.

Wow

[elegant7x]

hard drives can be read after simple deletion.

Re:Recovery of second and third generation deletio

[elegant7x]

No one ever used one time pads

Re:Windows licenses - misrating?

[e_lehman]

I once moderated a comment and then used the mouse wheel to scroll down to other comments. Unfortunately, it didn't work out that way: rolling the mouse wheel after moderating scrolls through the list of moderation adjectives. I bet this leads to otherwise inexplicable mis-ratings all the time. An "insightful" becomes a "troll", etc.

LAYER the security approach

[mcrbids]

Ok, so even after 10 over-writes, there's still a chance that information can be recovered.

What if you layered the security approach? Encrypt the filesystem with a very good cypher and encrypt the entire filesystem!

Then, when you format the hard drive, overwrite 10x with dd (and random bit patterns, in a randomized write pattern), the black hats would have to
1) Read through 10x overwrites,
2) Read through the format,
3) Decrypt the final result, protected with a strong cypher.

As with all things security related, you provide multiple layers of defense!

Re: several times over?

[PurpleFloyd]

I believe that there are methods for retrieving a bit after it has been overwritten... something to do with residual magnetism? A poster below says that the "magic number" to eliminate all possibility of retrevial is 7 times, but I have heard anything from 5 to 12 times. Oh well, I don't have anything incriminating on my hard drive anyway; you might ask someone who is a little more into this stuff than I.

Re:Whats dd

[PurpleFloyd]

'dd' is a command in UNIX/Linux systems that allows direct writing to the disk bit by bit. Using a program such as dd many times over would make it nearly impossible to recover old data from the drive (when deleted with 'rm', files can be recovered by programs readily available on the market-- they are still on the drive, but the OS doesn't know where they are). When every bit is set to zero several times over, however, then there is no way in hell you will find old data on the drive.

dd wouldnt do it

[ishmalius]

It seems obvious once again that people are making snap judgements with insufficient information. The Pentagon's Public Affairs Offices are not exactly the prime repositories of technical ability. God forbid.

dd would only perform a single write, which is in no way enough to delete all traces. That would be like erasing an audio tape; tiny vestiges of the original recording would still be present.

The military has always known how to properly purge disks, for example with software such as Fortress, which has been around forever. It performs multiple passes of the disk, writing on the disk with different data, and in different scan patterns, with various read tests in between. It is very thorough. And let us not forget to mention large-scale disk degaussing.

This "news" is much like the press "discovering" TEMPEST (the ability to sense radiations from a computer and monitor from a distance)last year, even though that technology has been publicly known for many years now.

China

[Amon+CMB]

Looks like the government has learned that you're supposed to HARD-ERASE sensitive information on computers before throwing them into the public. First the nuclear incident with computers in the dump, then the airplane crash land. The Chinese apparantly got ahold of it that way.

Re:Recovery of second and third generation deletio

[dirtmerchant]

Yes. america needs a good ass-kicking to give it some much needed humility. And don't give me any of that "Greatest Nation in the World" crap either. The only reasons the u.s. was successfull in the past was geographical isolation from the major European powers and fertile soil.

Ok... question.

[_Knots]

Given the capabilities of such things as MOSIX, Beowulf clusters, etc, etc... why would *anyone* ever want to get rid of a computer? Especially the government, who really doesn't have to worry about the comparatively miniscule power that a headless computer draws (ok, it -might- matter in CA, but that's a different matter). Let's see... I still have a 486DX2, two Pentium II systems... all on 10BaseT and running their various operating systems very happily. Oh, and I *did* have another 486 which is now in various places, different parts doing different things (hey, a free computer-grade power supply. No complaints here.) Instead of destroying all those machines... just toss them into a distributed computing center, leave 'em powered, and use them for backup servers or something. Or even... have the military port MojoNation for internal use. ::grin::

Overwriting data with dd does not suffice

[_bernie]

Even with old Amiga floppy disks there were ways to retrieve some bits of data after a full format or overwrite. Blocks are separated by small gaps and tracks don't take up the whole 360 degrees of magnetic surface. On the Amiga, the disk controller was optimized for speed so it would not bother waiting for the index signal before starting to rewrite a track. Each time you rewrote a track, it would occupy a different section of the circle, leaving some old data where a clever guy could still retrieve it.
Today's hard drives are much more sophisticated than this, so they sure leave many more chances open to retrieve old data in original ways.
//BernardoInnocenti

Re: several times over?

[issachar]

I'm really showing my ignorance here, but I presume that the requirement of writing over each bit "several times" means that there is some way to tell what a bit was set to immediately before the last time it was set?

Seems a little funky. How many times does a bit have to be changed, to make it's previous value unrecoverable?

DD's? Haha..

[meff]

The pentagon has known about double d's for a long time already, Bill Clinton was one of the greatest known for his interest in them.

;)

Re:swap in a new harddrive?

[beable]

hey noodlehead, conservatives LIKE education, it makes for alot of smart people who know what the hell their doing in the workforce, vs stoned hippies who havnt had a bath in a month.

People with a good education can also spell "a lot", "haven't", "don't" and "isn't", and can write sentences that other people can understand. They are also familiar with the subtleties of the possessive apostrophe.

Re:Recovery of second and third generation deletio

[beable]

Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).

HEY! This nanotech sounds pretty good! If you could recover all the data that was written to a drive over 20 years, that means a standard 20GB hard drive could hold... ZILLIONS OF GIGABYTES! Imagine a Beowulf Cluster of those! When is nanotech going to get invented?

Re:B u l l S h * t !

[kz45]

If an idea or a concept goes against their religion the religion demands that you silence it.

how about slashdot/gnu/linux community as an example of this? Open your eyes and you will see the truth

Heh

[IainMH]

"The overwriting entails printing series of ones and zeros over the stored material".

I bet that someone at the Pentagon is now looking at the first two buttons on thier keypad and thinking;
G-ddamn this is going to be boring
:-)

Slashdot editors strike again!

[Reality+Master+101]

Uh, it's the reporter, not the Pentagon that claimed that the Pentagon has "found a way" to erase the hard drives.

Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?

--

Re:But how do you get the dried cum out of keyboar

[redadmiral145]

i think you did to.

Whats dd

[mesach]

just wondering if it has such signifigance why dont you let us know what it is in the post

Re:Whats dd

[The+Monster]

'dd' is a command in UNIX/Linux systems that allows direct writing to the disk bit by bit.

Not quite. It allows direct writing to the disk controller. The magnetic pattern written to the physical disk is (unimaginatively enough) controlled by the controller, which tells all sorts of lies to the computer. For example, the controller may detect that a sector can't be read back to contain the same data that were just written, and transparently move the data to a substitute sector without ever informing anyone or anything of this decision.

The program that can see past the controller's shenanigans is called "low-level format". It is more akin to a device driver, having intimate knowledge of how the actual disk operates. If the Pentagon wanted to contract with the manufacturers of disk drives for a very special LLF utility that properly exercised each sector, writing magnetic patterns specifically designed to cripple subsequent analysis, that might be good enough.

Or it might not. You've got to ask yourself how much effort an attacker is willing to expend to retrieve the contents of that drive, and how much damage can be done if he's successful to properly evaluate the risk.

Re:Whats dd

[NonReal]

Department of Defense

Re:Its only UNCLASSIFIED data...

[fantom_winter]

typically stuff is called C/RD.

Confidential, Restricted Data. However, privacy act stuff isn't confidential, it is just restricted data. Which means alot when it comes to control issues.

Why is this story so important?

[Billly+Gates]

I don't think its a big enough deal to post on slashdot. So, the pentagon decides to fdisk all the hard drives for regular de-classified pc's. Big deal. Ya, thats definately worth big news.

Next.

Amusing? No.

[LoudMusic]

I wouldn't call it amusing, I'd call it outright stupid. That was a waste of my time.

~LoudMusic

http://www.BigAssFileServer.com

Re:Windows licenses

[mgkimsal2]

Thanks - I see someone else modded it up as well. For some reason I seem to get this more than the average user, from what I can tell (modded 'troll' for no apparent reason). Good to see the system eventually rights itself. :)

Windows licenses

[mgkimsal2]

Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.

Most likely to fail component?

[jroysdon]

What's the most likely thing to fail in an older computer? Probably the power supply or CPU fan, with the cause being dust build-up. If the fans are maintained and not clogged with dust, what's next in line? I'd have to say it's the hard drive.

20GB drives direct from the manufacturer for $109. I'm thinking someone could pick up 8GB drives for at least half that, and fix the "useless" computers without hard drives. Or just use NIC boot ROMs and have diskless workstations. Far from worthless without a harddrive.

http://www.maxtordirect.com/searchresults.asp?sear ch_id=6

Re: several times over?

[Crizp]

A Norwegian company called IBAS specializes in restoring data from damaged (read: fire, water, erased) drives. They've got the world's most advanced equipment for restoring data.

They have released a utility that erases disks so even they can't retrieve any old data. Basically it writes a random pattern of 0's and 1's to the disk, and it does that 12 times. Before that you could pay them to _really_ destroy the disks, they just put the disk in one of their huge degausser boxes. It said a few times and the disk was rendered useless.

A year ago I recieved a couple of used Compaq servers from the place I worked the helpdesk. They were reluctant giving it to me, but it was OK after I explained to the manager how I'd erase the drives... I'd use a program that did exactly what the IBAS software did, only for free :). Even handed him a copy of the statement from IBAS explaining that this was a safe way to delete info. As long he personally wathced me erase them, I could have them.

Re: several times over?

[NNKK]

keep in mind these are supposedly unclassified machines, technicaly there should be no reason to go to all the trouble of wiping the data so completely that you include using a strong magnetic field to do it

dd if=/dev/urandom of=/dev/hda 2 or 3 times should be fine, followed by one more dd from /dev/zero
if they're worried about whats on unclassified machines, then somebody's not doing their job

Re:Its only UNCLASSIFIED data...

[NNKK]

A: If it's sensitive, it shouldn't be unclassified.

B: Unclassified material can easily be retrieved, even without an FOIA request, by anyone who really wants it, i.e. anyone who could actually make use of it in a manner that threatens security.

Re:Recover this.

[Phil+Linngood]

Is that the best you can do? You realise that data recovery agencies all around the world are laughing at you right now?

Old disk drives

[maxwells_deamon]

I was given 16 2-gig SCSI drives to get rid of. I was planing on donating most of them.

When I got them home I found out that they were differential drives. I have no scsi controller that will talk to them so I am now stuck with them until I can find a way to erase them or let kids take them apart for the magnets. Spending 200+ USD for a controller is not an option.

I will not donate/trash them until they are wiped at least once.

I have also bought used hard disks at our local computer flea market and have found what looks like info from a fortune 100 company still on them! (I could see the name of the company was used in making folder names.) I formatted them at once.

Pluses and minuses

[NoOneInParticular]

I really loved this one:

"We've looked at the pluses and minuses," she said Thursday, and determined that overwriting would protect information on the computers while allowing the machines to be donated.

There must be one of a hell of a group behind this, looking at all those pluses and minuses on the hard drive to see if there's any protected information left!

If they would have put only minuses on the hard drive, the exercise may have been less hard. But then they might have concluded that half of the protected information was still there!

Re: several times over?

[Elendur]

Since it's stored magnetically, there's still a trace of what was previously there. So if you have some advanced equipment you can see what used to be there. Some people say you need to write over something quite a few times and even then you're not totally safe if someone with the time and money and equipment, like a government agency, wants to read it.

It works.

[FreeMath]

dd if=/dev/zero of=/dev/hda

Format them

[carwashi]

You can read the subject. cant you?

Next thing you know, folks...

[(H)elix1]

will be buying old CAD stations trying to create a T-Rex.

Let us all welcome the Pentagon to the 1980s

[Galactic+Avenger]

Actually, the problem is that even an overwritten drive can have its old data recovered. Not by using the default drive heads, speeds etc -- but by using more sensitive equipment. Remember that the magnetic media is actually analog once you examine it closely enough. When you overwrite a previous value, you don't quite completely overwrite it.

There are data recovery centers that exist precisely for this purpose.

Funny Stuff because I work for ....

[magadass]

This is quit funny because I work for a contractor that gets rid of old pentagon systems...SCI, Secret, and Unclassed systems and we just got done getting rid of a crapload of systems that are being trashed..not donated but trashed..The government wastes about 200 good systems a day..And this is from my job alone..I have personally witnessed this stuff being tossed in the garbage..We have picked up 20,000 dollars servers still working and have trashed them...Of course after all of its hard drives have been degaussed by the people with level 6 security..

Later

New Classroom Projects

[corvi42]

Just imagine the new educational opportunities this opens up: young school children can now write letters to undercover agents, special forces members, and secret government think tanks.

They can also gain a valuable jump-start on children in other countries by starting young to learn about data analysis and retrieval, surveillance and the ins-and-outs of the military-industrial complexe.

This could be the best strategy to educate american children in the face of the growing espionage-publicity gap caused by the recent spade of british agents "losing" their laptops.

Re:New Classroom Projects

[viva1917]

Nah. The kids will never take these "educational opportunities". 99.9% of them would prefer to cut class, horse around, make drug deals, or at best, use the classroom computers to check their Hotmail. This is exactly what goes on during Computer Science class at my high school, and it is considered the most "academically elite" school in a city of 1.5 million.

Soviet education was at least an order of magnitude superior to American education.

Re:swap in a new harddrive?

[sideshow-voxx]

Hehehehee Noodle-head... . Maybe I should be modded for flame-bait too... :-)

If you LIKE properly funded education, that's cool cause I LIKE properly finded education too. Let's do lunch.

(And the liberals and the conservatives lived happily ever after)

Re:Many things look stupid...

[smittyoneeach]

Prismatic,

Aw, c'mon: do you feel there is enough information in the post to make a judgement regarding the "biggest motivator"?

Also, while I have the utmost respect for those who operate under a vow of poverty, I do not.

As far as this "greater potential for public good and service," I gave ten years of active service in the military, and continue to serve in the reserves. Dunno exactly what the implied 'render unto Caesar' requirement is, but I can state with confidence that I've done something.

Re:Many things look stupid...

[smittyoneeach]

As far as "putting me in my place" goes, I'll split the difference and say it's mutual.

GS needs some of those best and brightest in order to have an intelligent GS sector to make good decisions. that's a large reason why i myself am going to give up a good decade or more of my time to the army once i graduate.

My best suggestion is that you pursue a small community within the Army. Don't want to diminish what sounds like some good youthful enthusiasm, but file this away: human organizations don't scale well. The 'outfit', be it Army, Navy, strait government, or dare I say, any company, acquires inertia proportional to population.

Bear John 15:2 in mind, and note the general non-application of this wisdom.

Regards,

Chris

Re:Many things look stupid...

[smittyoneeach]

The important thing is to ensure your motives are pure.

The chaplaincy is an interesting field, due to the ecumenical nature of the military. You can expect a challenge.

Godspeed, boss.

Re:Many things look stupid...

[smittyoneeach]

Quixotic wish, boss.

Many things look stupid...

[smittyoneeach]

Until it's your name/job/reputation on the line. In the absence of a business model, most government folks of any strip play a conservative hand, unless there is good press involved for doing something intelligent. It's a fear driven, inefficient culture. David Gergen said this about it, recently:

But that's just the tip of the iceberg. The civil service-the substructure that is so vital to day-to-day operations-is rapidly crumbling: 53 percent of the federal workforce will qualify for retirement by 2004; 71 percent of the government's senior managers can retire by then.

And there's precious little new blood to replace them. A survey of the nation's most academically gifted college students-the Phi Beta Kappa graduates-found that only 1 in 10 rated the government as the employer of choice. Among the nation's public-policy schools, interest in government has also declined. According to Light, some 76 percent of those graduates sought public-sector jobs in 1973; two decades later, the number dropped to 49 percent; today it has dwindled to about 30 percent. And these are people supposedly being trained for public service!

in US NEWS

There is a temptation to blame recent moral turpitude in elected officials for the intellectual vacuum of the civil service corps, but calling it a leadership issue is oversimplifying.

Closer to the mark, we get what we pay for. I just turned down a GS position, because the pay was 2/3 a private sector offer.

Go figure why we are shocked by this decision to spare unclassified hard drives.

Re:Many things look stupid...

[prismatic]

funny how you have a bible verse in your sig, but you claim that money was your biggest motivator for turning down a job with greater potential for public good and service
--
Brian Voils
"A university is what a college becomes when the faculty loses interest in students."

Re:Many things look stupid...

[prismatic]

well, when you clearly state that "I just turned down a GS position, because the pay was 2/3 a private sector offer", its pretty hard to guess something other than that the reason you turned down the job was because of the pay.

i also never said or even implied anything about a vow of poverty. i'm sure the GS job would have kept you quite well out of the line of poverty, especially including your reservist pay.

though i will admit, i had no idea you'd spent 10 years military service, and i apologize for assuming that you hadn't done any GS work, since you turned down one GS job. it seems to have made more of an ass out of me, than you.

but on another note, you seem rather aware that GS positions don't always grab the best and the brightest, though they do get some very bright people. i just feel, personally, that GS needs some of those best and brightest in order to have an intelligent GS sector to make good decisions. that's a large reason why i myself am going to give up a good decade or more of my time to the army once i graduate.

but thanks for replying to my post and clarifying things, as well as putting me in my place. i probably needed it more than i can see
--
Brian Voils
"A university is what a college becomes when the faculty loses interest in students."

Re:Many things look stupid...

[prismatic]

I'm not sure I understand what you mean about pursuing a small community in the Army. My "plan" (plans change) is to do a stint in the infantry, step out and go to a seminary, and return as a Chaplain. I do intend to bear fruit, and the Army is certainly a harvest ground. I've still got to discuss some of this with my PMS, though, to find out if I have to avoid my advanced course in order to change branches like that. But if I have to, I don't have a problem with that. I've still got another year before I assess.
--
Brian Voils
"A university is what a college becomes when the faculty loses interest in students."

swap in a new harddrive?

[NonReal]

Umm. Why don't they just put a new harddrive in the machine? It's not like you can't swap in a new one (assuming they don't use Windows XP :))

Re:swap in a new harddrive?

[BLAMM!]

the scarey thing is that the 'destruction' probably consisted of tossing the drive in the garbage where any spook would be happy to dumpster dive and retrieve all of this data from one place.

I know your comment was probably just a joke, but I have to reply anyway. I worked in several high security offices in the US Air Force, and I can assure you that classified destruction is taken *very* seriously. In the case of hard drives, the drives are reformatted, disassembled and the platters are sanded until they turn from a nice rust color to a pretty burnished silver. In the military's eyes, there is no such thing as overkill.

Re:swap in a new harddrive?

[Bobo+the+Space+Chimp]

Who would want the old drive anyway? Hoo-boy! An 80-meg hard drive!

Re:swap in a new harddrive?

[dunkerz]

yeah, but they would have to get one of the school students to install the new drive (considering teacher knowledge of computers). :)

--

Re:swap in a new harddrive?

[F00Fmaster]

Hello Mr. Noodle Head,

Conservatives like education, because it makes for a lot of smart people who know what the hell they are doing in the workforce, instead of stoned hippies who haven't had a bath in a month. Conservatives like a healthy growing economy (results in good business). Poor people don't help with a booming economy, and so any sane person would think 'Gee, we should educate the poor people and make them better off!' To bring about this desirable result, you fund education.

The thing that Conservatives don't like is waste (also known as inefficiency), which the Federal Government has a large amount of. If the governmnet was a business, it would have gone bankrupt long before now. Although you may think it is, it is not because taxes are too low, it's because government is too big and a billion here and a billion there is not a 'Big Deal'.

What is it about Liberals that makes them think that business fundamentals don't apply to the government?

[Perhaps they don't believe that capitalist fundamentals belong anywhere -ed]

Re:swap in a new harddrive?

[whereiswaldo]

Ouch! Nice roast, dude. Hehe..

Re:Its only UNCLASSIFIED data...

[flynt]

This is wrong. You cannot obtain personal files of random Pentagon employees with the FOIA. Yet, these could be exposed by giving away an old hard drive.

not very interesting

[flynt]

All this is is a short 2 paragraph write up on policy of giving away old hard drives to schools that might contain senstivie (not classified) data. No where does the pentagon claim to have discovered anything new here, and the way it is written in the story is just to explain it to people who don't understand that information might be able to be retreived from a hard drive. If anything, this is only interesting because it marks a slight change of policy, but beyond that it seems the only reason Taco posted this was so that he could show that he too can find some (however minor) faults in a CNN story's technical content. So to answer your question, no, this story did not amuse me as much as it apparently did you.

Its only UNCLASSIFIED data...

[FKell]

Its not like its something you already can't get with the Freedom of Information Act already.

Re:Its only UNCLASSIFIED data...

[markmoss]

Is any of that information unavailable through other channels (budgets, FOIA requests)?

Re:Its only UNCLASSIFIED data...

[Geleekrapfenmann]

well, that's why it's better to use removable media. Floppies are less than $0.50 each, and they're big enough to store text documents. If you have a CD-RW with packet writing, you can do much the same thing.

Although removable media is less reliable than a hard drive, it's so much cheaper, you could easily make 2 copies, and store a backup copy in a secure safe somewhere. Plus, if all of your data is stored on CD, etc, it's pretty damn easy to upgrade to a new computer, and not have to copy the files over.

Re:Its only UNCLASSIFIED data...

[F00Fmaster]

Why ? No pad, no data. Or did I miss something ?

Just in case one of the following happens:

• The pad doesn't get destroyed, and somehow falls into enemy hands.
• The pad does get destroyed, but the generator for the data on the pad falls into enemy hands, so they can derive the pad.
• Both the generator and the pad don't fall into enemy hands, but somehow the generation method is derived from patterns on the data drives, which do fall into enemy hands.

It's always best to be safe.

Re:Its only UNCLASSIFIED data...

[F00Fmaster]

Then you've got a security leak, and encryption won't help you.

Not at all. What if somebody hijacks the truck on the way to the dump/incinerator/whatever? What if one of the magnetic tapes isn't fully erased? What if a braindead politician decides to also send the erased pads to schools, under the impression that they are also useless without the data disk?

Re:Its only UNCLASSIFIED data...

[sigxcpu]

I agree to what you said but you have to add to that the advances in atomic scale microscopy. you see, the hard drive heads _NERVER_ cover exactly the same track and with an atomic force microscope (AFM) that has a magnetic head (actualy it is called a cantileaver) you will be able to read alot of data of a drive that has been formated. (a 'cheap' AFM goes for about 50k$ not to much if you are realy looking for somthing). ( and a lesson to all of us if you have somthing to hide phisicaly destroy the drive just erasing is probably no worth much )

Ahh...but then it would be marked seneitive

[FKell]

There is a clearance level called sensitive, and confidential. All files must be marked properly if they contain this information. In which case they are not unclassified. As such, records must still be kept of how many copies and where they are located if memory serves me correct.

In other news...

[Edgewize]

Pentagon officials today reversed a six-month-old policy that stated that used whiteboards must be pulvarized with sledgehammers before being thrown out or given away. This move allows whiteboards to be donated to classrooms.

Deputy Secretary of Defense Paul Wolfowitz is credited with discovering that nonclassified material could be removed from the whiteboard with an eraser.

An anonymous source close to the Pentagon has stated that this is undisputably the smartest decision the government has made in years.

AT&T

[perlchimp]

My wife works for AT&T and she recently found out that they pay some company to destroy all of their surplus computers. Everything from desktops on. Not just the hard drive, but the entire computer. I bet the IT guys grab some parts, but still most things just go to waste.

What are you talking about?

[dachshund]

The news here is that they've reversed the order. The statement you're referring to was made by an AP reporter, not the Pentagon, and Slashdot's just quoting it. What's wrong with that? Didn't you notice the quotes around the statement and the statement "CNN reports that..."?

Unclassified

[dachshund]

Note that these machines contain only unclassified data. While that information might certainly be useful if you aggregate enough of it and cross-reference, overwriting the data (one time or hopefully many) is probably enough to reduce that threat-- it's unlikely that "the enemy" will expend the resources necessary to acquire and probe thousands of machines for trace magnetic information without being noticed.

Re: several times over?

[markmoss]

Bootable Linux floppy would be fine, if the kernel plus the erase program would fit. With DOS, the kernel is tiny (msdos.sys, io.sys, command.com) so I _know_ it would fit.

"Stepping motors" was indeed a mis-statement, sorry. I'm not sure what the author of the article meant by "microstepper", but I believe what any modern disk drive has for head positioning is a tiny electromagnet ("audio coil") driven by a DAC, with DAC steps fine enough that you can use servo data to center the head on the track. The audio coil has a continuous response curve, but the DAC has a limited number of bits and thus a finite step size. So the head is still going to wander a little (by 1/2 a DAC step at least), so there will be data left unerased along the edges here and there.

Maybe you missed this: the article is not concerned with data recovery using the drive as is, but with taking it apart and using a very fine and very sensitive magnetic probe, which would be able to search the fringes for data, besides searching the center track in case the overwrites left ghosts of the original data. If you can get direct control of the DAC, you could control the head position to ensure the entire surface got erased, even between the tracks. I don't know if IDE and SCSI interfaces allow this; the article seemed to assume you can, but that "microstepper" blooper makes me wonder if the author understands the difference between MFM and IDE.

Incidentally, there may be a business opportunity here. Make a disk drive in which a somewhat larger and stronger erase head rides in front of the read/write head. Build in commands to use this to erase a sector or the whole drive, using that big erase head to sweep everything, and following the mil-spec for erasing classified data. Sell it to DOD for $300 each -- in the long run it's going to be cheaper than crushing $100 drives because you can't be sure they are erased, and it wouldn't raise the real cost by even $50. Feel free to use my idea, I'd rather stay poor than get involved in defense contracting again... 8-)

Re: several times over?

[markmoss]

No, a DAC step is the change you get when you flip the last bit in the position code -- like 100010001000 to 100010001001. This is a small fraction of a track (because on modern drives you have to compensate for thermal expansion and wear or you won't find the track at all). So when the feedback loop flips the last bit, the head is going to jump a small fraction of a track, and this will leave unerased areas on the fringes.

Stationary erase heads: those would work for a complete wipe, but moving erase heads would also allow for selective erase of one file at a time, making this feature useful through the working life of the machine rather than just when it was moved to a different role. Either way, you would have to give the drive the capability of low-level formatting itself after the wipe, I forgot that. I'd guess that the military would prefer the selective wipe capability, because in the situation where the "instant full erase" was really needed, they'd probably prefer just to package a thermite grenade with the drive -- you might not have power to run an erase cycle but yank that pin when you've got to bug out, and the disk (and much else) is a puddle of melted glass and metal 5 seconds later... And finally, yes I did mean what you call a "random write treatment a few times." There is a mil-spec for that, something like write all 0's, write all 1's, write 010101...., write 101010..., and repeat X times. That is, the erase head would have to be capable of writing 1's and 0's both, and doing this harder and wider than the write head.

Re: several times over?

[markmoss]

One more thing: Since the heads don't follow the exact same path every time, you've also got to do something to ensure that the fringe areas out to each side of the track really got overwritten. If you can get direct control of the head position microstepper, you write once a little to the inside of the nominal track position, then write once a little to the outside. Repeat for the other 22 patterns required to be sure of complete erasure... It's a big pain to write the program, but once written you just put it on bootable DOS floppies with the instructions: "Insert in disk drive, turn power on, wait until complete (up to 3 days)." A good link to a thorough discussion of this has been posted before.

Of course, there is a big assumption when erasing this thorough is required: that someone will get hold of the drive and believe that it is worth a great deal of work by high-paid techs using very expensive test equipment in a clean room. If the computer has a sticker saying "War plans room. May contain classified data", there's a pretty good chance someone would do that. But if you simply dd (or a DOS/Windows equivalent) a shipment of 100 machines scrapped from the personnel dept, do you really think anyone is going to dissassemble all 100 hard drives on the chance that maybe one of them contains useful data? (And don't you think that the school receiving those machines might investigate who's been stealing the hard drives?)

Re:Recovery of second and third generation deletio

[banuaba]

I have an example of a legitimate 20 year secret. The F-117 was prototyped in 1977 as the "Have Blue". We non-gov't pinkboys still do not know the radar cross-section and full capabilities of this aircraft, to the benifit of national security. The same thing can be said of aircraft carriers, but to a lesser degree.


Brant

Re:Recovery of second and third generation deletio

[Atreides4]

Think a little harder. Think about 50 year old things that must still be kept secret now. Think of how the Manhattan Project data is still one of America's most closely guarded secrets. Formulas for chemical and biological weapons developed in the 60s are also very closely guarded, as both could still cause immense damage to national security. There are countless other things that need to be kept secret for 20 years. Stealth plane radar signatures, vulnerabilities in US armaments, exact capabilities of ICBMs, etc.

I think the DOD is being far too lenient. The hard drives should be destroyed to protect America's security. But then I'm paranoid about such things.

Is it that expensive?

[JagEsquire]

I'm not sure that I'm qualified to comment. Because you see I'm a Canadian. But though our information may not be of a security level to warrent starting World War Three, we'd still like to keep some of it confidential. I've worked for computer companies in sales in the past and I have sat infront of individuals from Statistics Canada and Revenue Canada and presented our sales pitches. Both Govenment agencies destroy hard drives and it costs them money. Let's say that they by a new machine from me. The shipping guy at the hard drive factory drops a case of hard drives and tells no one so he can keep his job. That case is sent to us and then we put a drive from that case in a machine we sell to Revenue Canada. 4 weeks later the drive dies a horrible death. Weather the data is still there or not they can't use the drive so they need to buy a new one. They won't give me the drive for warrenty because of "classified information". And me as a retailer sure as hell isn't going to give them free replacement, so they buy a new drive at tax payer expense. So what do you do? We drop the price of the drive, because we don't have to offer warrenty. And because we want to do even better business with the government we called the drive manufacturer (Maxtor Canada) and they drop the price of the drive because they don't have to offer warrenty. This senario happened three years ago. A 4Gb drive selling for $280.00 canadian, could be put in a machine for around $175.00 with no warrenty. At that price we could have sold them two drives. One for use now, and one for when the government wants to give the computer away to a school. Protect our information, destroy the drives, look for another alternative to allow them to end up in our schools. JagEsquire -You'd have to be really vain to believe a low post rating means we have nothing to say.

switching hard drives won't be "easy"

[ballzhey]

Old mother boards won't see today's 8 gig and up drives, so wouldn't it be better to use these computers for trash? Recycle a computer? Let's worry about recycling more important things right now such as natural resources and our culture. Let the govt. sell this this "junk" to people who want to make clusters and buy the schools new computers. Wow, that was hard!

carlcmc

[carlcmc]

Ummmm, excuse me, but when we got our 2nd computer (386 20mhz DX (not sx mind you but dx) 65mb HD) when i was 12 i knew how to use pctools to delete files/format drives with DOD standards (F8 written to every sector).

Re: several times over?

[Geleekrapfenmann]

I believe the word is "titanium"

Re: several times over?

[Geleekrapfenmann]

oh yeah, like a difference in one letter is gonna be enough to stop goons from knocking down your door. If you wanted to make it sound hypothetical, you should have picked a name lacking in similarities with the other elements. But, knowing the government, you'd probably end up picking a code name they had used, so hey, either way, you're screwed :p

[accusation of previous poster's incompetence]

[Flying+Headless+Goku]

[recounting of vague memories of secure deletion requirements]

[absurdly thorough overkill method for secure deletion]

[suggestion that previous method is barely adequate]

[expression of smug superiority]
--

[accusation of gross incompetence]

[Flying+Headless+Goku]

[accusation of incompetence reiterated]

[inadequate deletion method presented as obvious solution]

[insultingly simple and inadequate recommendation for general solution to computer incompetence]
--

What if..

[lightfoot+jim]

What if you have an effective means of data concealment but use a flawed implememtation ? I believe that the idea was for the drives containing the pads never to be released to the public. Whether the politician or trucker goofs, it's an error in implementation, not method. I can't think of any computer security methods which are secure against errors in implementation. The original poster didn't imply that this idea was either. Personally, this is one of the most interesting ideas I've ever seen on /. or elsewhere.

Another opportunity for World Domination

[slashdot_commentator]

Do you suppose anyone with contacts in that program could get them to install disk images after wiping the disks?

A general distribution Debian OS (with all the bells and whistles) could be put on all the machines sent to those schools. Everyone knows that Linux is much more efficient with low memory, 486 CPUs than Windoze. If the school system administrators are willing to adapt to Linux, they would have machines configured to operate as soon as they are hooked up (which would minimize deployment costs)! And think of all those impressionable, young minds we can corrupt (from M$)... A win-win scenario! (woohoo!)

Hey, there are supposed to be some heavy hitter Linux advocates around here, get crackin'!

Pinky: Gee, Brain, what do you want to do tonight?
Brain: The same thing we do every night, Pinky. Try to take over the world!

No pc peripherals...nothing ever see the light...

[cuteface]

Hmmmm...i'm surprise Pentagon is actually toying with the idea.
From where i come from....a country in Asia...the practice,
is never to give away any PC components once it's used in a sensitive organisation.
But i always wish someone could enlighten me...harddisks
..i can understand...but how the hell do you
recover information from RAM or soundcards or videocards!!

Rycycle into building materials

[viva1917]

Most hard drive platters are composed of either aluminium alloy or a mixture of glass and ceramic. The latter of these could be ground into powder, mixed with water, dried, and fired in a kiln.

Re: several times over?

[Amanda+Smith]

Yeah you really can't put a number on it. If I wrote the top secret bit a day ago then a few time may be sufficent but if I wrote it 2 years ago and the drive has been heavily used then it might not be possible to totally erase that bit because the tracks might be off some ways due to wear.

Who wants or needs these machines?

[ColGraff]

My high school gets all the 486s and low-end pentiums it can use from local businesses.

Re:But arg format is totally nonstandard and fucke

[then,+it+was+nigh]

What I hate most is the way filename completion won't work with of=/really/long/path/here/and/really-freaking-long -filename.ext

In tcsh, at least, you can use a command like:

complete dd 'c/if=/f/' 'c/of=/f/'

to enable the kind of completion you want. See "man tcsh" for further info.
--
#/usr/bin/perl
require 6.0;

Re:stupid, stupid, stupid!!!

[F00Fmaster]

"Mommy, Mommy, Jake found the schematics for an R21 Assault Tank on the school's computer, and now all the cool kids have R21 Assault Tanks. Can I get an R21 Assault Tank? Please?"

Re: several times over?

[F00Fmaster]

Ah, but that would be the name of an actual element. You see, by making up the name of an element, I can show that my situation is clearly hypothetical, and not based on anything resembling fact. That way, I don't get government goons knocking down my door and asking why I posted classified data to Slashdot.

Re:B u l l S h * t !

[F00Fmaster]

Which would cost billions of dollars to fund the installation of technology that they can't even get to hit their targets half the time?

Perhaps it costs billions of dollars to get it to hit the target all of the time? Or should we just leave ourselves vulnerable to a nuclear attack from halfway across the world.

If an idea or a concept goes against their religion the religion demands that you silence it.

That's not unique to conservatives; that's unique to religion. However, there are certain ethical considerations that need to be made when evaluating a technology. For example, one should think about whether we as humans should be using the technology, (cutting down rainforests, building nuclear reactors) or if it poses more a danger than a threat. Conservatives are concerned more with morals and ethics than with the exact translation of the Bible or the Koran.

Re:B u l l S h * t !

[F00Fmaster]

I like it, I like it! Very clever.

Re: several times over?

[F00Fmaster]

unclassified machines

If somebody hasn't already pointed it out, unclassified data can be combined to derive classified data. Say a terrorist already has the following information.

• Uranium-235 is used in nuclear weapons. (publically available)
• Tritanium shielding can be used to mask radiation from large amounts of Uranium-235. (publically available)
• A military truck from Utah carries supplies along Interstate 12 every few months. (spy)

Nothing too dangerous in that, is there? But what if he discovered this:

• A vehicle production facility in Utah ordered twelve tons of tritanium. (unclassified)

From that, a terrorist could theorize that he could aquire purified Uranium-235 for production of nuclear weapons by hijacking the military transport trucks running along Interstate 12. Clear?

Re: several times over?

[F00Fmaster]

Seems a little funky

Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this:

• Overwrite about a dozen times with pseudo-random noise, not just zeros. Simply overwriting with a constant pattern (just zeros [000...] or just ones [111...], or just a pattern [01010101...]) is easy to read through in magnetic analysis. You can do this from the command line: dd if=/dev/urandom of=/dev/hda
• Use a cryptographically secure number to write truly random data over the drive, to which no pattern can be found. This is the hardest step, and it should be done several times.
• Finally, wave a magnet over it to scatter the remaining magnetic field. This shouldn't really be so much a 'wave' as a 'continuous bombardment that goes on for several hours', but the idea is the same.
• Then, finally, you also format the drive. Simply formatting it or simply running 'dd' does nothing to prevent the people the Pentagon is afraid of from getting the data.

It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence:

Th` new b`mber is m`de of tritanium oxid`.

The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit.
Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.

Other new policies

[agdv]

They have also updated their policy on monitors. Now when they become unreadable, instead of destroying them, they will have somebody clean the whiteout off. They're now trying to figure out what to do when the mouse gets jerky because of the accumulated dirt.

Re:But arg format is totally nonstandard and fucke

[jim3e8]

zsh lets you use tab completion inside the arguments (e.g. of=/dev/nu^I -> of=/dev/null).

Re: several times over?

[tdelaney]

My brother knows a guy who works in one of the real heavy-duty data retrieval mobs ... (friend of a friend of a ... ;)

Apparently, they can retrieve data which has been overwritten 17 times with random data (depends on the characteristics of the specific hard drive of course). They also managed to retrieve 90% of the data from a hard drive which had been *melted*. Don't ask me how they distinguish data which has been overwritten 16 times from data which has been overwritten 17 times ... that's why *they* make the big bucks.

Apparently, the best way to prevent data being read from a hard drive is to put it in an enclosed box, set the platter spinning, then hit it with a hammer. The enclosed box is so you don't kill yourself when it shatters.

Re:Recover this.

[X-Guy]

I used to do that with Scanning Magneto Resistive Microscopy and Magnetic Force Microscopy in work at University that was supported by the NSA. Alot of very hard work, but there is potential to recover alot of data if the data was not carefully erased. "dd" won't do it. The biggest problems were in the area of spared out sectors and residual data in the guardbands. Modern disks have extra sectors that can be swapped with bad sectors when media problems are discovered at runtime. Through the drive interface you can only access *logical* sectors and not the bad sectors that have been replaced. There is mostly intact data at those places. Also, due to tracking misalignments there is typically long arcs of partial tracks of original data lying at the track edges after overwrite. Due to shock and temperature differences and other influences consecutive writes don't line up on top of each other. Careful erasing is a difficult problem.

Giant magnet?

[whereiswaldo]

Why not just pick each hard drive up with a crane magnet, then low-level format the thing. I seriously don't know if that would work, but I'd like to see how tiny magnetic particles could stay aligned in any certain way after being subject to that kind of magnetic force.