Posted by
ryuzaki0
on from the god-bless-america dept.
hph writes: "CNN.comreports that 'The Pentagon believes it has found a way to give its old computers away to American schools and still protect information locked in the machines' hard drives.'" I hope this story amuses you all as much as it did me.
Re:Its only UNCLASSIFIED data...
by
Anonymous Coward
·
· Score: 3
There is a principle in DoD security, that the pattern of usage of Unclassified data should be classified, because it can give an indicator to other, more confidential information. Information Analysis has always been the spook's best friend, because people don't think to watch out for the 'trivial' stuff.
For those of you who remember history, see also the US's exploits in the Pacific during WW2, accurately outguessing the Japanese, based on whether they would transmit after they leaked information to them. There are many other instances where this has been helpful.
Just because there are occasional individual misses in a large organization, do not make the mistake of assuming that the overall practices of that organization are lacking rigor. Human error is a constant problem in every outfit.
As for Slashdot's snide little comment about DD, just writing a single null bit is most definately NOT up to DoD standards for deletion of sensitive data. Magnetic media has a tendency to maintain shadows of earlier data which, using sufficiently sensitive apparatus and diligent study, can yield a surprising amount of information that could be considered 'deleted'.
Personally, I would advocate a limited-lifespan design where two drives are maintained. One with a pad of entropic noise, one with the actual data, encrypted with this pad. As a sector is accessed on one, it is decrypted or encrypted using the noise. At the end-of-life, the pad drive is pulverized,/then/ a traditional 7-write delete could be used to wipe the data.
But that would require foresight, and that sort of thing would never make it past congressional accountants.
dd was too slow for us
by
Anonymous Coward
·
· Score: 3
When I was in the service, when we had to get rid of a hard drive, we would use it as a test machine during "bug out" drills.
Our normal systems had classified (conf, secret, ts, ts+codeword) info on them. During wartime, if we were over-run, we would set off incendiary grenades (thermite, for those of you playing along at home). Since it is a rather startling sight and you want to MAKE SURE that it is done correctly, we would have one live drill per year.
Alternatively, we would put the TS ones through the shredder. We would take apart the drives and then feed the platters through. Came out as powder. Needless to say, this was a "no-tie" area. I did have one captain that made us put the head through as well, since "the field could store some information." Yeah. 1 bit...
Re:Its only UNCLASSIFIED data...
by
miniver
·
· Score: 5
Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.
As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.
Are you moderating this down because you disagree with it,
-- We call it art because we have names for the things we understand.
Re:Sorry that is *NOT* DOD standard.
by
psychosis
·
· Score: 4
Just a few minor points:
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to.;)
I'll be interested to see what guidance might be waiting for us when we get to work Monday...
And yes, those platter clocks/plaques do kick ass!
How I learned to stop worrying..
by
Splat
·
· Score: 3
I work at a school and over the past year we've received over 10 donated 486 laptops from the Nuclear Regulatory Committee whose hard drives weren't wiped in any form whatsoever.
Mind you, I haven't found g any data on them, but they still had an operating system + programs. I was really shocked when I booted them up and their DOS Batch menus popped up "NUCLEAR REGULATORY COMMITEE.... 1 Wordperfect..... 2 Windows" etc. Funny, but disturbing. If anyone did "cleanse" these computers before they donated them it was simply by using "DEL *.DOC". Yeah - real secure...
Although the article says that hard disks that held classified data will still be destroyed, there still is lots of information that is unclassified but is not supposed to be released, for example, private personal information, a large body of information that should have been classified because classified information can be derived from directly from it, etc. You can bet that the US military is much more familiar with this issue than the insulting "Pentagon Discovers dd" slashdot title implies.
Re:Its only UNCLASSIFIED data...
by
dillon_rinker
·
· Score: 3
It's been a few years since I was in the Army, but IIRC, personal data is classified 'Confidential'. Or at least it's treated the same as confidential-classified material.
Re:not very interesting
by
RovingSlug
·
· Score: 5
Agreed. Slashdot's presentation totally misrepresented the actual story.
See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.
So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.
Re:Recovery of second and third generation deletio
by
gmhowell
·
· Score: 4
(May as well reply to the replies to my reply here. Most of the arguments are in a similar vein)
I stand my ground that 20 year old secrets are quite lame and not worth protecting. Your post was the one that seemed most rational, as it focused on things such as spy networks. No problem. That almost makes sense. If the network hasn't already been compromised (Aldrigde Ames, et al.)
If foreign powers (and in this case, I think we need to primarily concern ourselves with the Soviets and possibly the Chinese) are incapable of breaking the secrets after 20 years, they aren't a threat. If they are capable, destroying the drives is a moot point; they already have the information. But I will grant that of all the arguments, the question of spys makes more sense than any other.
Second point that many others made was WRT technological advances. Which doesn't float at all. Even after having a U2, I don't remember tales of a Soviet counterpart (I'm not a hardware buff, so I could be wrong. Still, it would be an important part to the Gary Powers legacy if there was evidence of the Soviets reverse-engineering the thing). There is also the more important matter of build-quality. You can have the greatest design in the world, but if your metallurgy/construction/operation of a device is faulty, who cares? I think the SCUD's proved that point about ten years ago. While the patriot missile helped, so did the fact that the SCUDs were put together like a Trabant. (Come to think of it, a Trabant in a trebuchet would likely have been more effective).
(Most of the rest deals with the other replies, so don't take it personally if it's not 100% related to your post)
Another poster mentions chemical and biological warfare, as well as the Manhattan project, as being items that are still rightfully under wraps. Give me a break. Without access to that data, China, Pakistan, and India (among others) all have nuclear programs. Concurrent discovery of technology is the norm, and the US didn't do anything grand, except get it done before having to get on with the island hopping.
Biological is perhaps the biggest joke there is. Anybody with a few credits of chem or bio in college could develop a rather nasty thing to rain all sorts of shit down on an enemy. The real trick is delivery systems. Given that little GPS powered 'RC' plane, I don't think we need to go high tech, either.
But of course, someone could steal the super-duper-top-secret GPS error removing protocol. This and the exact capabilities fall into the same category: big freakin' deal. Close only counts in horseshoes, handgrenades, and nukes. Do you think Saddam or Osama cares if their pathogen hits at 1602 Penn. Ave. instead of 1600?
I could go on and on about why the arguments posted up to my post were wrong, and did not support the destruction of hard drives. BUT, I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months. Thanks to the DOD (and their worldwide counterparts) Intel, Western Digital, and the rest continue to make 386's, one GB drives, and 30 pin SIMMs. Those 486's that could go into the schools don't contain ancient information. They contain the latest and greatest, given the slow speed of replacement of computers by the DOD.
(And to the moderator of my original post: If you think I am a troll simply because of strong language or an opinion that differs from yours, say so. Don't hide behind the 'overrated' tag. Obviously, at least four people on/. felt it was worth replying to with reasonably well thought out arguments (even though I disagreed with 99% of what they said). If you picked 'overrated' because you weren't sure if you were right, than you shouldn't be modding. And if you did it to save your karma, that's right, you are a karma whore. Earn your karma by posting.)
-- Jesus was all right but his disciples were thick and ordinary. -John Lennon
Re:Slashdot editors strike again!
by
gmhowell
·
· Score: 5
>>Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
Since most of the readership falls into both of these categories, why shouldn't the editors?
-- Jesus was all right but his disciples were thick and ordinary. -John Lennon
Re: [accusation of gross incompetence]
by
Catullus
·
· Score: 3
Re:dd is not good enough to erase data
by
rabidMacBigot()
·
· Score: 3
True, binary digits are either one or zero. But binary digits on a hard disk are written into the real world, and in the real world, the one or zero is the magnetic ailgnment of a few particles of ferrous oxide. These particles are altered when they're overwritten, but there's a very good chance that particles in the space between tracks may keep their original alignment. The trick, then is to overwrite the disk with many random bits, so that the patterns that might be found on a disk full of zeroes get lost in the noise.
At least, that's how I think it's done. Feel free to correct me if I'm wrong.
--
Re:Recovery of second and third generation deletio
by
tbo
·
· Score: 3
All Soviet troop movements from the spring of 1979 to the summer of 1980,
The latest blueprints for their newest fighter,
These are fairly lame examples, but I'll work with them anyway... Troop movements would reveal tactics and doctrine, which don't change very quickly. Fighters and other military hardware often stay in service for 30 or 40 years (think--when was the F-15 introduced). Hell, the Russians are about 20 years behind the US in sub quieting technology, so getting old info there could probably still help them, and then we'd see the technology show up in subs sold to the Chinese (and, in turn, to every two-bit rogue nation in the world).
A much better example of something that would still need to be secret after 20 years would be the names of agents operating in foreign countries. Admittedly, that would be classified, but the original poster was talking about releasing drives that had held classified data (and I pointed out that it's hard to be sure a computer wasn't ever used for classified stuff).
Why take chances with national security just to get some crappy 486s into schools? For the cost of proper data wiping (remember, the Pentagon never does anything cheap), you could probably buy them Pentiums.
Politics and Security don't mix
by
tbo
·
· Score: 5
This is a very bad decision, which I'm sure is being mad for political and not security reasons. From the article:
Others supported it after an audit found sensitive information such as lists of names and addresses had been left on hard drives of donated computers. Though unclassified, they said such cases still present risks.
This is entirely true. There's a lot of information that, when taken individually, isn't dangerous, but, when combined with large amounts of other info, could present a security hazard. Maybe one piece of unclassified info says the Air Force is building a new stealth fighter, and another piece of info is an Air Force requisition order for 20 tons of titanium. Put 2 and 2 together, and you know that the new fighter will be made of titanium... (Example borrowed from The Cuckoo's Egg). Also, are you sure that none of those computers was ever used for classified information?
Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.
Completely deleting data is very, very hard. Wiping a drive securely against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.
When dealing with national security, one should generally err on the side of caution.
Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?
Re:Politics and Security don't mix
by
Erasmus+Darwin
·
· Score: 3
True, although I have to say that "national security" is the biggest lie that ever was told. It's been used repeatedly to engage in things so immoral that I just want to puke.
Amen! I hate it when the DoD uses the argument of national security to rationalize nothing less than the wholesale MURDER of thousands of innocent harddrives. The poor little devices served that country well, by storing classified data, and their loyal service was repaid with incineration.
Even the brave harddrives that assisted with unclassified work still had their brains wiped clean several times before being forced into the hellish public school system. It's barbaric.
Re:Politics and Security don't mix
by
dario_moreno
·
· Score: 3
true ! A few years ago, in France
(ok, not the best example for clever militaries,
but where are they to be found ?), a
satirical journal, le Canard, managed to get
an almost complete list of the military secret service : they got hand of some class reunions invitation lists of military schools, and the secret service men were listed as belonging to units that did not actually exist.
Re:Recovery of second and third generation deletio
by
tbo
·
· Score: 5
... even the computers that had classified information on their harddrives should be allowed to be re-used.
No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.
Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).
Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?
Re:dd is not good enough to erase data
by
sconeu
·
· Score: 5
Having written several disk purge (not declassification -- once it's classified, it's classified) routines, I feel qualified to comment.
You don't just "dd if=/dev/zero of=/dev/rhd0".
There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.
The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.
Even the posters don't read the fscking articles any more.
-- General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
dd is not good enough to erase data
by
Baki
·
· Score: 5
At least a simple dd if=/dev/zero of=/dev/hda is not. There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data written before a constant bit pattern was written, and I'm sure the Pentagon does take such possibilities (difficult, but it can be done) seriously. A real good erase must write several different bit patterns in a row to make sure the original bits have been changed several times. The story isn't as stupid as some might think.
Re:dd is not good enough to erase data
by
OmegaDan
·
· Score: 5
My question is -- if all this data can be recovered in 3rd or 4th generation wipes... why can't they make a hard drive that exploits this to double its capacity ?
Re:Its only UNCLASSIFIED data...
by
flatrock
·
· Score: 3
Confidential information makes it's way onto unclassified computers in the military. The people dealing with the information are human, and some information almost inevitably ends up on the computers that they use on a daily basis. Those computers are not intended to have classified information on them, but as people write reports, and prepare presentations, small amounts of information leaks into what they produce. Each report or presentation doesn't hold enough information to be a problem, but taken as a whole, a lot of information can be gathered.
I did computer support at an Air Force base a number of years ago. The only time I heard of information not being properly destroyed was when a hard drive failed that had personel info on it failed, and the computer tech threw it in the trash when he replaced it. The tech had been around a long time, so he managed to not lose his job over the issue, but he should have known better.
The Air Force policy where I was at was that a computer's life span was 5 years, and they rarely bought state of the art computers in the first place. After a few years, the departments with the budgets to buy new computers would buy them, and the still usable used computers would be passed to a department why didn't have money to upgrade their 5+ year old equipment. Often those 5+ year old computers would be passed down to contractors and others without the budget or political clout to acquire new or even slightly used equipment. Old computers were also scavenged to keep other old computers running. By the time the Air Force was done with those computers, there was very little value left in them, even for educational use. An average computer tech contractor costs the government somewhere in the range of $40 an hour. If it really worth spending the time to make sure the computer's drive is wiped. In many cases the computers don't even work, so wiping the hard drive means putting it in another computer to do so. In the end the schools get tons of junk which they have to pay to dispose of, and the government gets to be politically correct.
Just chuck the hard drives in the incinerator and throw the computers away. Don't waste the time and effort trying to figure out if there might possibly be sensitive (classified or otherwise) information on the hard drive, destroy it. At the point the government is willing to give them to schools, they aren't worth anything anyway. If the government wants to spend money on getting rid of old computers, spend it recycling the old parts, so we don't just put them in landfills. Giving them to schools may be politically correct, but mostly it just means that the school wastes it's resources trying to find out if the computer is usefull, then just chucks it in a different landfill.
This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.
Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.
if they're worried about whats on unclassified machines, then somebody's not doing their job
Remind me never to hire you for a computer security position.
BECAUSE they're worried about what might be on an unclassified machine, they ARE doing their jobs. You don't stay secure by making assumptions. Period. You do it right, every time.
-- Vintage computer games and RPG books available. Email me if you're interested.
Re:LAYER the security approach
by
joto
·
· Score: 3
What if you layered the security approach? Encrypt the filesystem with a very good cypher and encrypt the entire filesystem!
Please tell me how to make sure they used encrypted filesystems 5-10 years ago, on those old machines that they are scrapping now. (See..., it's not a very helpful suggestion!)
Actually, it wouldn't help security very much to use encrypted file-systems either. Encrypted file-systems are only supposed to help if someone seizes your machine. That means it might be a good idea on a laptop, but if physical security is good, it is an unnessecary hassle to use on desktops. And, as avoiding loss of data is equally important when it comes to security, I wouldn't really think they would want to go through with that. Better just scrap the HD's.
Sorry that is *NOT* DOD standard.
by
PrimeNumber
·
· Score: 4
Sorry this is not correct. The reason I know this
is that I used to work in a Secure Computer Information Facility or SCIF in military speak. Part of this meaning in English is that you work in a *lead lined building* and that every *square foot* of soil (for some odd reason) has been certified for said installation. It also means you cannot bring radios, programmable watches, calculators, (anything with memory) to work. If you think this is fanatical, any media which is taken out must be *stringently* degaussed, meaning you place a magnetic tape through a degausser at least three times, and as the article states (correctly) you *must* remove and degauss all disk platters muliple times. In fact, in my unit (a comm unit) before people pcs'ed (permanent change of station) they would give these platters mounted on wood with the unit insignia and your name on a brass plate. They actually look cool. (These were ancient VAX platters This was a rare exception as most items are destroyed, probably because the ancient aluminum platters kept cheesing the shredder.)
What you are referring to is the writing of info at least *5* times over the *whole platter* with I believe F8/F0 hex which is a standard (albeit used for *unclass* and unclass EFTO (Encrypt for transmission only) drives. And there is NO way you could have recovered that with PC Tools.
To sum it up: All classified media is destroyed, unclass could be saved, but a pain and generally destroyed as well.
'dd' is a command in UNIX/Linux systems that allows direct writing to the disk bit by bit. Using a program such as dd many times over would make it nearly impossible to recover old data from the drive (when deleted with 'rm', files can be recovered by programs readily available on the market-- they are still on the drive, but the OS doesn't know where they are). When every bit is set to zero several times over, however, then there is no way in hell you will find old data on the drive.
--
That's it. I'm no longer part of Team Sanity.
Overwriting data with dd does not suffice
by
_bernie
·
· Score: 4
Even with old Amiga floppy disks there were ways to retrieve some bits of data after a full format or overwrite. Blocks are separated by small gaps and tracks don't take up the whole 360 degrees of magnetic surface. On the Amiga, the disk controller was optimized for speed so it would not bother waiting for the index signal before starting to rewrite a track. Each time you rewrote a track, it would occupy a different section of the circle, leaving some old data where a clever guy could still retrieve it.
Today's hard drives are much more sophisticated than this, so they sure leave many more chances open to retrieve old data in original ways.
//BernardoInnocenti
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
Just imagine the new educational opportunities this opens up: young school children can now write letters to undercover agents, special forces members, and secret government think tanks.
They can also gain a valuable jump-start on children in other countries by starting young to learn about data analysis and retrieval, surveillance and the ins-and-outs of the military-industrial complexe.
This could be the best strategy to educate american children in the face of the growing espionage-publicity gap caused by the recent spade of british agents "losing" their laptops.
--
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
All this is is a short 2 paragraph write up on policy of giving away old hard drives to schools that might contain senstivie (not classified) data. No where does the pentagon claim to have discovered anything new here, and the way it is written in the story is just to explain it to people who don't understand that information might be able to be retreived from a hard drive. If anything, this is only interesting because it marks a slight change of policy, but beyond that it seems the only reason Taco posted this was so that he could show that he too can find some (however minor) faults in a CNN story's technical content. So to answer your question, no, this story did not amuse me as much as it apparently did you.
Pentagon officials today reversed a six-month-old policy that stated that used whiteboards must be pulvarized with sledgehammers before being thrown out or given away. This move allows whiteboards to be donated to classrooms.
Deputy Secretary of Defense Paul Wolfowitz is credited with discovering that nonclassified material could be removed from the whiteboard with an eraser.
An anonymous source close to the Pentagon has stated that this is undisputably the smartest decision the government has made in years.
[inadequate deletion method presented as obvious solution]
[insultingly simple and inadequate recommendation for general solution to computer incompetence] --
--
Who wants or needs these machines?
by
ColGraff
·
· Score: 3
My high school gets all the 486s and low-end pentiums it can use from local businesses.
-- I'm the stranger...posting to/.
Re: several times over?
by
F00Fmaster
·
· Score: 5
Seems a little funky
Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this:
Overwrite about a dozen times with pseudo-random noise, not just zeros. Simply overwriting with a constant pattern (just zeros [000...] or just ones [111...], or just a pattern [01010101...]) is easy to read through in magnetic analysis. You can do this from the command line: dd if=/dev/urandom of=/dev/hda
Use a cryptographically secure number to write truly random data over the drive, to which no pattern can be found. This is the hardest step, and it should be done several times.
Finally, wave a magnet over it to scatter the remaining magnetic field. This shouldn't really be so much a 'wave' as a 'continuous bombardment that goes on for several hours', but the idea is the same.
Then, finally, you also format the drive. Simply formatting it or simply running 'dd' does nothing to prevent the people the Pentagon is afraid of from getting the data.
It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence:
Th` new b`mber is m`de of tritanium oxid`.
The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit. Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.
Slashdot Mirror
There is a principle in DoD security, that the pattern of usage of Unclassified data should be classified, because it can give an indicator to other, more confidential information. Information Analysis has always been the spook's best friend, because people don't think to watch out for the 'trivial' stuff.
/then/ a traditional 7-write delete could be used to wipe the data.
For those of you who remember history, see also the US's exploits in the Pacific during WW2, accurately outguessing the Japanese, based on whether they would transmit after they leaked information to them. There are many other instances where this has been helpful.
Just because there are occasional individual misses in a large organization, do not make the mistake of assuming that the overall practices of that organization are lacking rigor. Human error is a constant problem in every outfit.
As for Slashdot's snide little comment about DD, just writing a single null bit is most definately NOT up to DoD standards for deletion of sensitive data. Magnetic media has a tendency to maintain shadows of earlier data which, using sufficiently sensitive apparatus and diligent study, can yield a surprising amount of information that could be considered 'deleted'.
Personally, I would advocate a limited-lifespan design where two drives are maintained. One with a pad of entropic noise, one with the actual data, encrypted with this pad. As a sector is accessed on one, it is decrypted or encrypted using the noise. At the end-of-life, the pad drive is pulverized,
But that would require foresight, and that sort of thing would never make it past congressional accountants.
When I was in the service, when we had to get rid of a hard drive, we would use it as a test machine during "bug out" drills.
Our normal systems had classified (conf, secret, ts, ts+codeword) info on them. During wartime, if we were over-run, we would set off incendiary grenades (thermite, for those of you playing along at home). Since it is a rather startling sight and you want to MAKE SURE that it is done correctly, we would have one live drill per year.
Alternatively, we would put the TS ones through the shredder. We would take apart the drives and then feed the platters through. Came out as powder. Needless to say, this was a "no-tie" area.
I did have one captain that made us put the head through as well, since "the field could store some information." Yeah. 1 bit...
Congratulations. You have failed the first test for a security clearance. Just because the data is unclassified, you can't assume that the data isn't still sensitive.
As an example, suppose you have a spreadsheet that details the fuel consumption for a group of F-16s, and another spreadsheet that details fuel purchases for an air base. Individually the spreadsheets are unclassified information, but together they are sensitive, because from the two spreadsheets you can deduce a great deal about the missions and deployments for that group of F-16s. Even months after the fact, that information is still sensitive, because it can be used to make predictions about that air group.
Are you moderating this down because you disagree with it,
We call it art because we have names for the things we understand.
Just a few minor points: ;)
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to.
I'll be interested to see what guidance might be waiting for us when we get to work Monday... And yes, those platter clocks/plaques do kick ass!
I work at a school and over the past year we've received over 10 donated 486 laptops from the Nuclear Regulatory Committee whose hard drives weren't wiped in any form whatsoever.
.... 1 Wordperfect ..... 2 Windows" etc. Funny, but disturbing. If anyone did "cleanse" these computers before they donated them it was simply by using "DEL *.DOC". Yeah - real secure...
Mind you, I haven't found g any data on them, but they still had an operating system + programs. I was really shocked when I booted them up and their DOS Batch menus popped up "NUCLEAR REGULATORY COMMITEE
With specialized equipment, you can often read data that was overwritten on a hard disk, so dd is often not enough. See Secure Deletion of Data from Magnetic and Solid-State Memory, by Peter Gutmann of the University of Auckland. There is also a previous slashdot article on this subject.
Although the article says that hard disks that held classified data will still be destroyed, there still is lots of information that is unclassified but is not supposed to be released, for example, private personal information, a large body of information that should have been classified because classified information can be derived from directly from it, etc. You can bet that the US military is much more familiar with this issue than the insulting "Pentagon Discovers dd" slashdot title implies.
It's been a few years since I was in the Army, but IIRC, personal data is classified 'Confidential'. Or at least it's treated the same as confidential-classified material.
Agreed. Slashdot's presentation totally misrepresented the actual story.
See, rather than applauding the Pentagon for giving away (!) computers (!!) to schools (!!!), and rather than commending the Pentagon for reversing an existing policy (the path of least resistance would have just destroyed those hard drives), Slashdot decided to flex its techno-elitism and show just how snobby some geeks can be.
So, if some people at Slashdot would stop desperately trying to mock any and all mainstream journalism about computers, perhaps they'd see the actual value of this story.
(May as well reply to the replies to my reply here. Most of the arguments are in a similar vein)
/. felt it was worth replying to with reasonably well thought out arguments (even though I disagreed with 99% of what they said). If you picked 'overrated' because you weren't sure if you were right, than you shouldn't be modding. And if you did it to save your karma, that's right, you are a karma whore. Earn your karma by posting.)
I stand my ground that 20 year old secrets are quite lame and not worth protecting. Your post was the one that seemed most rational, as it focused on things such as spy networks. No problem. That almost makes sense. If the network hasn't already been compromised (Aldrigde Ames, et al.)
If foreign powers (and in this case, I think we need to primarily concern ourselves with the Soviets and possibly the Chinese) are incapable of breaking the secrets after 20 years, they aren't a threat. If they are capable, destroying the drives is a moot point; they already have the information. But I will grant that of all the arguments, the question of spys makes more sense than any other.
Second point that many others made was WRT technological advances. Which doesn't float at all. Even after having a U2, I don't remember tales of a Soviet counterpart (I'm not a hardware buff, so I could be wrong. Still, it would be an important part to the Gary Powers legacy if there was evidence of the Soviets reverse-engineering the thing). There is also the more important matter of build-quality. You can have the greatest design in the world, but if your metallurgy/construction/operation of a device is faulty, who cares? I think the SCUD's proved that point about ten years ago. While the patriot missile helped, so did the fact that the SCUDs were put together like a Trabant. (Come to think of it, a Trabant in a trebuchet would likely have been more effective).
(Most of the rest deals with the other replies, so don't take it personally if it's not 100% related to your post)
Another poster mentions chemical and biological warfare, as well as the Manhattan project, as being items that are still rightfully under wraps. Give me a break. Without access to that data, China, Pakistan, and India (among others) all have nuclear programs. Concurrent discovery of technology is the norm, and the US didn't do anything grand, except get it done before having to get on with the island hopping.
Biological is perhaps the biggest joke there is. Anybody with a few credits of chem or bio in college could develop a rather nasty thing to rain all sorts of shit down on an enemy. The real trick is delivery systems. Given that little GPS powered 'RC' plane, I don't think we need to go high tech, either.
But of course, someone could steal the super-duper-top-secret GPS error removing protocol. This and the exact capabilities fall into the same category: big freakin' deal. Close only counts in horseshoes, handgrenades, and nukes. Do you think Saddam or Osama cares if their pathogen hits at 1602 Penn. Ave. instead of 1600?
I could go on and on about why the arguments posted up to my post were wrong, and did not support the destruction of hard drives. BUT, I have largely reversed my opinion, based on one small thing that I haven't (yet) seen mentioned: most of these machines don't have 20-50 year old data on them. Most like, it is just a few months. Thanks to the DOD (and their worldwide counterparts) Intel, Western Digital, and the rest continue to make 386's, one GB drives, and 30 pin SIMMs. Those 486's that could go into the schools don't contain ancient information. They contain the latest and greatest, given the slow speed of replacement of computers by the DOD.
(And to the moderator of my original post: If you think I am a troll simply because of strong language or an opinion that differs from yours, say so. Don't hide behind the 'overrated' tag. Obviously, at least four people on
Jesus was all right but his disciples were thick and ordinary. -John Lennon
>>Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
Since most of the readership falls into both of these categories, why shouldn't the editors?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
[link to kuro5hin story]
[patronising comment]
--
True, binary digits are either one or zero. But binary digits on a hard disk are written into the real world, and in the real world, the one or zero is the magnetic ailgnment of a few particles of ferrous oxide. These particles are altered when they're overwritten, but there's a very good chance that particles in the space between tracks may keep their original alignment. The trick, then is to overwrite the disk with many random bits, so that the patterns that might be found on a disk full of zeroes get lost in the noise.
At least, that's how I think it's done. Feel free to correct me if I'm wrong.
--
All Soviet troop movements from the spring of 1979 to the summer of 1980,
The latest blueprints for their newest fighter,
These are fairly lame examples, but I'll work with them anyway... Troop movements would reveal tactics and doctrine, which don't change very quickly. Fighters and other military hardware often stay in service for 30 or 40 years (think--when was the F-15 introduced). Hell, the Russians are about 20 years behind the US in sub quieting technology, so getting old info there could probably still help them, and then we'd see the technology show up in subs sold to the Chinese (and, in turn, to every two-bit rogue nation in the world).
A much better example of something that would still need to be secret after 20 years would be the names of agents operating in foreign countries. Admittedly, that would be classified, but the original poster was talking about releasing drives that had held classified data (and I pointed out that it's hard to be sure a computer wasn't ever used for classified stuff).
Why take chances with national security just to get some crappy 486s into schools? For the cost of proper data wiping (remember, the Pentagon never does anything cheap), you could probably buy them Pentiums.
Now I know the Slashdot editors (and more than a few Slashdotters) think that they're left-wing 31337 political h4X0rs, and that the Pentagon is completely incompetent, but maybe, just maybe, you should do some fucking research before your criticize somebody.
Completely deleting data is very, very hard. Wiping a drive securely against a determined and experienced foe may take more than 20 passes. Considering the physical security at most schools, giving the drives to schools is as good as handing them to the Russians/Chinese/Martians or whoever is the enemy of the day. If the drives haven't been properly wiped, you might as well give them accounts on all the DoD computer networks so they don't have to steal computers from school kids. I also would say it's a lot easier to smash a drive into itty bitty pieces and burn them than it is to properly erase it.
When dealing with national security, one should generally err on the side of caution.
Finally, for all you sysadmins and security experts out there, how would you like it if politicians with no computer knowledge whatsoever were second-guessing all your security decisions, while making sure you'd still take the fall if anything went wrong?
... even the computers that had classified information on their harddrives should be allowed to be re-used.
No, no, no! Information can be recovered long after the second or third overwrite. Here's my
source. And that's just what the public knows how to do. Who knows what the NSA and their foreign counterparts can manage.
Remember that, when dealing with data security, you don't just need to worry about what your enemy can do now, you need to worry about their capabilities 20 years from now. If the data has to stay secure for 50 years, then the only choice is to destroy the drive (we may have nanotech by then, and then you'd probably be able to uncover everything that was ever written to the drive).
Please, people, the NSA and the Pentagon have people who know way the fuck more about security than you or me. Leave matters of national security up to them, and go back to worrying about how to make your home linux box secure... Write to your politicians, and tell them to stop meddling. Getting 486s for schools may sound like a noble cause, but if it costs the lives of American soldiers 5 years from now, was it worth it?
Having written several disk purge (not declassification -- once it's classified, it's classified) routines, I feel qualified to comment.
You don't just "dd if=/dev/zero of=/dev/rhd0".
There are several standards for purging media, such as DoD 5220-28M, and AFR 205-16. They specify the means of purging various media, ranging from core to disk to tape.
The smartass comment about "dd" was totally unwarranted. Also, if hph had bothered to READ the article, he'd have seen that DoD was simply reverting to the earlier policy of wiping (unclassified) disks and donating the computers, instead of destroying all disks.
Even the posters don't read the fscking articles any more.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
At least a simple dd if=/dev/zero of=/dev/hda is not. There are still ways (disassembling the drive and analyzing the magnetic surface carefully) to retrieve old data written before a constant bit pattern was written, and I'm sure the Pentagon does take such possibilities (difficult, but it can be done) seriously. A real good erase must write several different bit patterns in a row to make sure the original bits have been changed several times. The story isn't as stupid as some might think.
Confidential information makes it's way onto unclassified computers in the military. The people dealing with the information are human, and some information almost inevitably ends up on the computers that they use on a daily basis. Those computers are not intended to have classified information on them, but as people write reports, and prepare presentations, small amounts of information leaks into what they produce. Each report or presentation doesn't hold enough information to be a problem, but taken as a whole, a lot of information can be gathered.
I did computer support at an Air Force base a number of years ago. The only time I heard of information not being properly destroyed was when a hard drive failed that had personel info on it failed, and the computer tech threw it in the trash when he replaced it. The tech had been around a long time, so he managed to not lose his job over the issue, but he should have known better.
The Air Force policy where I was at was that a computer's life span was 5 years, and they rarely bought state of the art computers in the first place. After a few years, the departments with the budgets to buy new computers would buy them, and the still usable used computers would be passed to a department why didn't have money to upgrade their 5+ year old equipment. Often those 5+ year old computers would be passed down to contractors and others without the budget or political clout to acquire new or even slightly used equipment. Old computers were also scavenged to keep other old computers running. By the time the Air Force was done with those computers, there was very little value left in them, even for educational use. An average computer tech contractor costs the government somewhere in the range of $40 an hour. If it really worth spending the time to make sure the computer's drive is wiped. In many cases the computers don't even work, so wiping the hard drive means putting it in another computer to do so. In the end the schools get tons of junk which they have to pay to dispose of, and the government gets to be politically correct.
Just chuck the hard drives in the incinerator and throw the computers away. Don't waste the time and effort trying to figure out if there might possibly be sensitive (classified or otherwise) information on the hard drive, destroy it. At the point the government is willing to give them to schools, they aren't worth anything anyway. If the government wants to spend money on getting rid of old computers, spend it recycling the old parts, so we don't just put them in landfills. Giving them to schools may be politically correct, but mostly it just means that the school wastes it's resources trying to find out if the computer is usefull, then just chucks it in a different landfill.
For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX.
Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann
This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.
Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.
[
Vintage computer games and RPG books available. Email me if you're interested.
Is it me or hasn't anyone heard of srm?
"If anyone needs me, I'm in the angry dome."
Please tell me how to make sure they used encrypted filesystems 5-10 years ago, on those old machines that they are scrapping now. (See..., it's not a very helpful suggestion!)
Actually, it wouldn't help security very much to use encrypted file-systems either. Encrypted file-systems are only supposed to help if someone seizes your machine. That means it might be a good idea on a laptop, but if physical security is good, it is an unnessecary hassle to use on desktops. And, as avoiding loss of data is equally important when it comes to security, I wouldn't really think they would want to go through with that. Better just scrap the HD's.
Sorry this is not correct. The reason I know this is that I used to work in a Secure Computer Information Facility or SCIF in military speak. Part of this meaning in English is that you work in a *lead lined building* and that every *square foot* of soil (for some odd reason) has been certified for said installation. It also means you cannot bring radios, programmable watches, calculators, (anything with memory) to work. If you think this is fanatical, any media which is taken out must be *stringently* degaussed, meaning you place a magnetic tape through a degausser at least three times, and as the article states (correctly) you *must* remove and degauss all disk platters muliple times. In fact, in my unit (a comm unit) before people pcs'ed (permanent change of station) they would give these platters mounted on wood with the unit insignia and your name on a brass plate. They actually look cool. (These were ancient VAX platters This was a rare exception as most items are destroyed, probably because the ancient aluminum platters kept cheesing the shredder.) What you are referring to is the writing of info at least *5* times over the *whole platter* with I believe F8/F0 hex which is a standard (albeit used for *unclass* and unclass EFTO (Encrypt for transmission only) drives. And there is NO way you could have recovered that with PC Tools. To sum it up: All classified media is destroyed, unclass could be saved, but a pain and generally destroyed as well.
'dd' is a command in UNIX/Linux systems that allows direct writing to the disk bit by bit. Using a program such as dd many times over would make it nearly impossible to recover old data from the drive (when deleted with 'rm', files can be recovered by programs readily available on the market-- they are still on the drive, but the OS doesn't know where they are). When every bit is set to zero several times over, however, then there is no way in hell you will find old data on the drive.
That's it. I'm no longer part of Team Sanity.
Even with old Amiga floppy disks there were ways to retrieve some bits of data after a full format or overwrite. Blocks are separated by small gaps and tracks don't take up the whole 360 degrees of magnetic surface. On the Amiga, the disk controller was optimized for speed so it would not bother waiting for the index signal before starting to rewrite a track. Each time you rewrote a track, it would occupy a different section of the circle, leaving some old data where a clever guy could still retrieve it.
Today's hard drives are much more sophisticated than this, so they sure leave many more chances open to retrieve old data in original ways.
//BernardoInnocenti
Bernie Innocenti - http://codewiz.org/
Uh, it's the reporter, not the Pentagon that claimed that the Pentagon has "found a way" to erase the hard drives.
Is it just me, or does it seem to anyone else like Slashdot's editors 1) can't read, and/or 2) are easily amused?
--
Sometimes it's best to just let stupid people be stupid.
Everyone's talking about 'dd' - to my knowledge it's not a Windows utility. My hunch is that most of these computers are Windows systems, meaning we (taxpayers) have paid for a license. Unless the gov't has immaculate record keeping and can provide the license for Windows (and the media to restore it) the recipients of these systems are going to pay again for a Windows license. True, not everyone will put Windows on, but my guess is that a majority of them will be put back in service with Windows on them.
creation science book
They can also gain a valuable jump-start on children in other countries by starting young to learn about data analysis and retrieval, surveillance and the ins-and-outs of the military-industrial complexe.
This could be the best strategy to educate american children in the face of the growing espionage-publicity gap caused by the recent spade of british agents "losing" their laptops.
There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
All this is is a short 2 paragraph write up on policy of giving away old hard drives to schools that might contain senstivie (not classified) data. No where does the pentagon claim to have discovered anything new here, and the way it is written in the story is just to explain it to people who don't understand that information might be able to be retreived from a hard drive. If anything, this is only interesting because it marks a slight change of policy, but beyond that it seems the only reason Taco posted this was so that he could show that he too can find some (however minor) faults in a CNN story's technical content. So to answer your question, no, this story did not amuse me as much as it apparently did you.
Pentagon officials today reversed a six-month-old policy that stated that used whiteboards must be pulvarized with sledgehammers before being thrown out or given away. This move allows whiteboards to be donated to classrooms.
Deputy Secretary of Defense Paul Wolfowitz is credited with discovering that nonclassified material could be removed from the whiteboard with an eraser.
An anonymous source close to the Pentagon has stated that this is undisputably the smartest decision the government has made in years.
[accusation of incompetence reiterated]
[inadequate deletion method presented as obvious solution]
[insultingly simple and inadequate recommendation for general solution to computer incompetence]
--
My high school gets all the 486s and low-end pentiums it can use from local businesses.
I'm the stranger...posting to
Yes, it is very, ah, 'funky'. You can use magnetic analysis of the drive to get back data written to it a long time ago. Basically, the only way to actually remove data from a drive is this:It isn't so much about reading back single bits, but about reading whole files, in which a single bit or two might be slightly damaged. For example, read the following sentence:The meaning of the sentence remains intact, even when four or five characters are lost. In the same way, quite a great amount of data can be uncovered by reading large chunks of data, even if you can't retrieve everything to the bit.
Making these decisions based on politics and not security is a dangerous choice. I hope the Pentagon thought about it very seriously. Of course, with the Presidents virtually giving away our nuclear missile designs, there isn't much left to protect, but still the issue stands.