Slashdot Mirror
Data Mining Used Hard Drives
linuxwrangler writes "One hopes the /. crowd knows the perils of discarding storage with sensitive data but this article drives home the point. Two MIT grad students bought used drives from eBay and secondhand computer stores. Among the data found on the 158 drives were 5,000 credit-card numbers, porn, love-letters and medical information."
There IS pornography on your computer!
I smell some seriously interesting anecdotes coming in from slashdot readers. :)
What did you eat today? http://www.atetoday.com/
Another reason to securely erase your data. In the end, _you_ are responsible for data under the Data Protection Act (in the UK anyway)
I only sell broken ones.
I have been pwned because my
5000 divied up between say 200 disks is 25 cards per disk, are these retail discarded drives? Perhaps this should be regulated.
Discarded computer hard drives prove a trove of personal info
JUSTIN POPE, AP Business Writer Wednesday, January 15, 2003
(01-15) 13:17 PST CAMBRIDGE, Mass. (AP) --
So, you think you cleaned all your personal files from that old computer you got rid of?
Two MIT graduate students suggest you think again.
Over two years, Simson Garfinkel and Abhi Shelat bought 158 used hard drives at secondhand computer stores and on eBay. Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information" -- medical correspondence, love letters, pornography and 5,000 credit card numbers. One even had a year's worth of transactions with account numbers from a cash machine in Illinois.
About 150,000 hard drives were "retired" last year, according to the research firm Gartner Dataquest. Many end up in the trash, but many also find their way back onto the market.
Over the years, stories have surfaced about personal information turning up on used hard drives, raising concerns about privacy and the danger of identity theft.
Last spring, Pennsylvania sold used computers that contained information about state employees. In 1997, a Nevada woman bought a used computer and discovered it contained prescription records on 2,000 customers of an Arizona pharmacy.
Garfinkel and Shelat, who reported their findings in an article to be published Friday in the journal IEEE Security & Privacy, said they believe they are the first to take a more comprehensive -- though not exactly scientific -- look at the problem.
On common operating systems such as Microsoft's Windows, simply deleting a file, or even following that up by emptying the "trash" folder, does not necessarily make the information irretrievable. Those commands generally delete a file's name from the directory. But the information itself can live on until it is overwritten by new files.
Even reformatting a drive, or preparing the hard drive all over again to store files, may not do it. Fifty-one of the 129 working drives in the MIT study had been reformatted, and 19 of them still contained recoverable data.
The hard-to-erase quality of hard drives is seen as a good thing by some. Many users like believing that, in a pinch, an expert could recover their deleted files. Law enforcement officers can examine a computer and lift incriminating e-mails or porno images from the hard drive.
The only sure way to erase a hard drive is to "squeeze" it: writing over the old information with new data -- all zeros, for instance -- at least once, but preferably several times. A one-line command will do that for Unix users, and for others, inexpensive software from companies such as AccessData works well.
But few people go to the trouble. Many ordinary computer users toss their old drives into the closet, or take a sledgehammer to it.
As it turned out, most of the hard drives acquired by the MIT students came from businesses that apparently had a misplaced confidence in their ability to "sanitize" old drives.
Tom Aleman, who heads the analytic and forensic technology group at the accounting firm Deloitte & Touche, often encounters companies that get burned by failing to fully sanitize, say, the laptop of an employee who leaves the company for a job with a competitor.
"People will think they have deleted the file, they can't find the file themselves and that the file is gone when, in fact, forensically you may be able to retrieve it," he said.
Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father. His father was able to read his personal journal.
death to whitey!
cool - cheap porn.
Take them outside, and throw them as high into the air as possible. Then watch them land on concrete.
I think that render the drive useless. =)
redundant... redundant.... redundant... redundant...
yeah, i've seen this whole "buy hds off people, find porn" thing before
its not new, who cares?
The moral of the story is: Purchase drives from EBay, harvest credit card numbers, get rich, then rule the world.
I got it all figured out now...
DISCLAIMER:
I don't believe what I write, and neither should you.
It's long been know that laptop theives are often more interested in the data than the computer.
Some computers sold on eBay are sold for the data.
nowadays most companies do not sell used systems anymore.. Since a simple format is not enough to protect sensitive data.
Where I work we generally destroy then throw away the entire computer when we no longer need it, the only thing part we keep is the monitor.
It's the safest way to go!
Stanley Feinbaum, professional journalist and master debater! God bless the USA!
If only he had but known...
We now have confirmed reports from an informed Orange County minister that Ethel is still an active communist.
so does formatting the harddrive not eliminate all past date? because i've read stories of how the fbi recovered sensitive material even on formatted drives
It's one thing to make sure you securely wipe any drive of your own you get rid of, but you can't do anything about old drives or paper files that a company or hospital might discard containing sensitive info about you.
Occasionally there are new reports about someone finding a stack of files by a dumpster containing sensitive medical or financial information about a lot of people. The same surely holds true for old drives or computers disposed of by careless companies.
Picked 6 or 7 old 4gig HDDs from my father's company a few years ago, found their company credit line information, personal (and some very erotic) email, and a surprisingly large collection of nudie photoshopped Gillian Anderson photos. Oh yeah, and like 100 different (and I must say, very well-done) quake2 "crackwhore" models and skins lol. I love the people who don't clear their HDDs, it's like treasure chests, you never know what you're gonna get.
------- "From bored to fanboy in 3.8 asian girls" ----------
Kevin Mitnick's laptop hard drive from eBay. He had stolen a couple thousand credit card numbers, didn't he?
A legitimate reason for having 5,000 CC #'s on 158 drives could be, maybe one of the drives was a web server for an e-commerce site?
I wonder how many previous owners these drives had? If so, I wonder if they're using some sort of low level disk analysis software like the FBI does that can effectively peel back layers of data that were on there in the past. Theoretically anything that has previously been on the drive should be recoverable through such methods.
-----------------------------------------
Remove the Greed which plagues mankind.
well not to be a troll but oh well.. anyone that reads /. most likely already knows about this technology. data recovery has been around for ages...nothing new here.
.[[erax0r]].
I can get creditcard numbers faster on kazaa.
Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information"
thats 5000 cc numbers on 49 drives?
102 credit cards numbers per drive?!
i smell bullshit...
maybe one of theose drives belonged to scripted kiddie with a cc# generator..
Thats not so bad. My dad happens to be a garbage man and often brings along an occasional system he's scavanged from the dumpsters along his route. Currently I have in my possession an old IBM Aptiva with some guys bank account information on it (He did his checking and stuff with it apparently), but worst of all I have what appears to be an old Gateway tower used to store Medical information for a major hospital in the area my father works. I have over 2 gigs of peoples medical history, including what they were put in the hospital for, insurance information, release dates ect.
I should really do the honost thing and reformat it but its always fun to flip the thing on and just page through stuff.
PGP (for windows or mac, ie not GPG) has two commands related to this: wipe file and wipe free space. They overwrite the appropriate sectors of the disk with several patterns designed to ensure that no matter what (common) encoding scheme the hard disk uses, every bit will have been set at least once, zeroed at least once, and overwritten with pseudorandom data at least once. If you set in on a lot of passes, it does an even better job. This would be a cheap (free, except for time and bandwidth to download it) way to make sure your sensitive data doesn't get out.
That said, experts would tell you that the only reliable way to make sure sensitive data doesn't get out is to thermite your drive.
Also, what's the one-line unix command (running MacOS X here).
I hereby place the above post in the public domain.
bought 158 used hard drives at secondhand computer stores and on eBay. Of the 129 drives that functioned
Everyone knows that HD's contain data.. I would be more impressed if they broke down the numbers of where the BAD drives came from. That would make a much more informative story. I've bought as-is before in person but never online.
Bad boys rape our young girls but Violet gives willingly.
eom
People still don't get it. My old boss wondered why I was "wasting my time" doing stuff like writing all zeros to drives of computers we were giving to charity. "I only told you to format them!"
I tried to explain the concept to her, but for an IT manager, she was woefully bad at technology.
Actually, come to think of it, she was about average...
Don't you wish your girlfriend was a geek like me?
or do like this guy did...
icanstilltellyourwifebill.com
he brought a hard drive, found all this cool stuff on it.. & put it to DVD for the masses
You tried your best, & you failed miserably,
The lesson is:
Never Try
Anyone happen to know any share/freeware programs out there for Windows 2k that will recover deleted files. I am intrested in running it on my computer to actually see what I can recover and see how well PGP's disk wipe function works.
But the CC info bothers me. Presumably, this is a corporate drive that got resold (Unless you know of 170 ppl with 25 credit cards a piece, in which case it's time to re-evaluate the financial system in this country).
Personally, I have a standing policy in my department to take apart every HDD, take a magnet to each platter, and send the platters to Iron Mountain for destruction. Then again, we deal with large financial institutions, so we have to be extreme and obsessive-compulsive, which brings me to my actual point;
This stuff should be regulated. If you store personal info on an HDD for business purposes, you should have a legal responsibility (i.e. one that comes with repricussions if not met) to ensure that even after a drive is retired, the data is safe.
Just my $.02
But with better odds!
Live life to the fullest. It's not that life is short, but that you are dead for so long.
Has it occurred to anyone that at least some of these drivers could come from stolen computers ?
Data Fishing? I mean, you never know if you'll catch anything.
Instead of spending time in a dumpster, just find out who upgrade the target's computers, and grab those disks.
Right inside your Recycle Bin there's the option to recover any program that you've deleted.
It's like magic!
I have been pwned because my
1. Buy hard drives off ebay
2. Datamine CC numbers off old drives
3. ???
4. Profit!
Wait a second, I just found the missing step...
Sweet.
In regards to Wiping data, do yourself a favor and check out http://www.heidi.ie/eraser/
Beyond the wonderfull wiping the program does, there is the option to make an emergency boot floppy that wipes the HD with DOD style 7-pass or a GutherSomething 36 pass! Niffty for the paranoid.
my old company had the best method for destroying our sensitive data (like the gig of porn some asshat left on the XML server) - leave them in the old building! god bless those terrorists and their whacky flight skills.
btw, has anyone seen my old ti calculator? it was on the 21st floor of two.
Since the only thing that's going to retain data is the hard drive ... what a waste. Come on, companies should sell the rest of the computer! Where do you think poor college students are going to get their "used to be high end hardware half a decade a go" supplies, huh? ;_;
...
I mean, I agree, don't let the drive itself slip out, but
How much do you think sales of second-hand HDs are going to increase now?
The libertarian solution to the failures of capitalism is to apply more capitalism til the failures are fixed.
150 Opening BINARY mode data connection for slashdot.sig (129323052 bytes).
Most of mine never knew what "format" was...
Is this not an asset that should increase the value of the used hard drive?
1979? I was there, home skillet.
50 MB? Try 5 MB.
SCSI? Not in production.
Sun? Sure...
Linux? Try CP/M.
hexedit? Try debug.
Asian Students? First wave Vietnamese refugees, maybe.
E-mails? If you were working on ARPA.
Porn? Maybe PG rated adventure games...
Tax dollars at work? In 1979, we had to walk
10 miles up hill (both ways) to pay our taxes, and they only accepted krugerrands and virgins without
herpes, both of which were in even shorter supply
and higher demand than they are now.
When you really want your privacy.. I know of only one way that really makes any old data on a drive more or less gone.
The physical destruction of the recording medium.
However, I *always* remove the hard disk drive, disassemble it, and give it the sledge hammer treatment. I just don't have the time to get them running again, and write the erase patterns to every track and sector.
Maybe if there's ever a good, transparent, drive-level PGP available, I'll rethink this strategy, but until then, I put on the safety glasses and hammer away, after opening the drive case to expose the platters.
Here's a sugesstion to drive manufacturers--make a convention where if certain pins on the IDE connector are jumpered together, and the drive powered up, it will do a low-level format automatically. Then I might choose to erase the disks, so long as I didn't have to hook them up to a computer and run a program.
Best Buy can have you arrested
Always use one of these when installing a hard drive. That's sure to keep it sanitary.
I keep hoping for a moderation option like, "-1: Bitching about newsworthiness". Maybe this could be subsumed with a few other ideas into "-1: Whiner". :)
If you read the article you'll notice that many of the drives belonged to businesses; the CC#s were probably in customer lists. Now why was the parent modded "+5 insightful" rather than "-1 didn't RTFA"?
What's sad is he didn't even HAVE to post a date, just say "there was this time".
Homer: An F turns into a B so easily, you just got greedy.
Finally, math books without any of that base 6 crap in them.
"Sun Microsystems was founded in 1982. And Linus didn't start Linux until 1991. What year was that again"
-1, Bullshit? Heh.
nothing
"Out Of Order".
But I want to know, HOW can I do this? Is there any free software that would let me read an HD after it's been reformatted?
Actually, this reminds me of something I remember from playing with a 386 I have (well actually I destroyed it, but I still have the parts). When running a simple format c: from MS-DOS, it doesn't fully reformat, it leaves some files that can somehow be recovered, via a simple format switch. I wonder if that still works, with, say, the Win98 format tool.
Luckily for me, I DO know the perils of non-secure deletion. Originally I used to use Evidence Eliminator, but that got too corporate, so now I use Eraser, a free open-source prog. Works great.. I use the 35 pass one... just to be safe... ;)
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
I dont bother sanitizing them, squeezing or anything else. I just shoot them.
.357 magnum, after being accelerated to about 1700 fps from a Marlin 1894C lever-action carbine.
They're great target practice when set up at 50 yards. Plus, they're rendered more or less ultra-highly unreadable, with half the platters coated in vaporized lead spall, and then with the platters dramatically warped, penetrated, stretched and shattered. Many areas are complete and totally lost, the ones that arent, would require precise magnetic microscopy to observe the actual state.
These pictures were of a seagate 40mb eide, splashed with a 158grn jacketed hollowpoint in
No database code or data, just typical home directories and stuff. And they were running SCO, but boot blocks and stuff don't generally get written to tapes, so no chance of warezzing from it.
I also snag SCSI hard drives and SyQuest cartridges when they show up for five bucks or less at thrift stores, since most of that is Mac stuff and I'm a Mac-head.
Once I got a 6100 at a thrift store. I presume the owner stopped using it when the PRAM battery died. (When a 6100's PRAM battery dies, the video settings go with it, and unless you're using a fixed-frequency monitor, you get no video unless you hold down command-option-P-R. Looks like real bad a hardware problem when it's just the battery.) I could tell it was used by some college guy, studying to be a lawyer, I think.
"Thrift store hard drives are like a box of chocolates... you never know what you'll find!"
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
You can move the platters to another drive mechanism and read the data in that manner. There have been several articles on this very topic (for those who don't have data that is so critical it's worth $1000s to recover but it's still worth a shot).
I'd look them up but it's willy's time from 6-6:30.
I'd rather companies toss computers in the trash can, that way i get 'em for free. I filled me entire appartment full of computer hardware from computer shops and businesses trash back in the day before the great fall of the pc repair shops. Now adays, the people who used to repair computers now toss pizzas and flip burgers. Thank you "Computers new and used" i wish you still existed. You had the best dumpster in town. Or make that dumpsters, since you moved 3 or 4 times, each time getting smaller and smaller, then poof!
hot boss works under you.
I have a sneaking suspicion but...
Whoa! That's one pissed off female!
You're using her as bait, Master!
Has it occurred to you that this has nothing whatsoever to do with the story?
moron.
"Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father. His father was able to read his personal journal."
yeah right.. who the hell keeps a journal on there computer?
journal *cough* *cough* porn
Selling software wont make you money, selling a service will.
I have had 2 drives fail well within the warranty period, and did not return them for just this reason.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Damn! I just spent the last 4 years going through 1,487,932 floppy disks to find credit card details and someone goes and does it with hard drives!?
Never thought of that...
Keeping a private key in a chip, which won't lose it (maybe 2 for redundancy) and having chips dedicated to encryption and decryption before hard drive operations could be a solution.
Based on a previous article the data can be retrieved at the molecular level even if you overwrote it very many times. If you really want to protect your data like your customer's credit card numbers just don't ever write it plain text onto a magnetic disk.
Was it Pete Townshend's drive?
When I was in the army, we decommissioned a whole bunch of those old hard-drives with 8" platters. We took them apart, removed each platter and and used a belt sander to destroy the surfaces. The sanded platters were then sent to a facility on base that would melt them down.
The bodies of the drives were mostly magnesium, and I came away with about $250 from the scrap metal dealer.
Of course, who knows what I breathed by sanding those platters...
So even if I take all the steps necessary to make sure my data is safe on my computer, odds there is a business throwing away hardrives that have my data on them without properly removing all the data? Wow, I can't believe this isn't a hotter topic. I also wonder how this affects certain websites privacy statements. Sure, they don't give your information away intentionally, but they may give away a harddrive full of personal data without even realizing it.
At the very end of the article:
Garfinkel has learned his lesson. As an undergrad at MIT in the 1980s, he failed to sanitize his own hard drive before returning a computer to his father. His father was able to read his personal journal.
Ouch.
My
Limekiller
No thanks, I will stick to USENET for my porn, thank you verry much!
Eve Fairbanks says I drive a hybrid!LOL
I open up my old drives, remove the magnets, and bore holes in the remains with a 30-06. The magnets are powerful, I truly enjoy boring holes that way, and my data is secure. It's a win, win, win situation.
Sees IC anStillTell.html
http://www.videopremiereawards.com/HTMLNews/New
They're a hot item in some parts... Break in somewhere, grab whatever you can (maybe one guy grabs the case, the other grabs the monitor) and high-tail it out of whereever you stole it from. Friends of ours across the street had their house broken into (sadly, they forgot to arm their house alarm).
Anyways, not only did they steal their computer, but they stole their car. Repeat offenders like this likely don't need all the hardware they've stolen, so, much like stripping a car, they would be inclined to strip the computer for the parts and just sell the parts. They obviously don't care what data is on the hard drives.
Does this call for password-protected encrypted hard drives? Maybe a loopback device in Linux? I don't know much about it, but the only post-protection you may have against theft may be to plan for the theft initially -- right on the hard drive.
- Get out your favorite Linux installer CD or download a copy of Tom's RTBT and write it to floppy or CD-R.
- Boot from the floppy or CD.
- Log in as root.
- Run dd if=/dev/zero of=/dev/hda to erase the master drive on the primary IDE controller (/dev/hdb etc. for the remaining disks)
That's all. It erases all the blocks normally accessible by the disk controller and is probably safe enough for most people. Bad blocks that have been replaced may still contain a little bit of data, and inter-track data may be recoverable by analog means.You must be his father. Fuck doesn't anyone like this guy?!
requirements:
1 computer (add any hardware you want
1 power UPS built inside of the case
1 case welded shut
3 bars of magnesium
various circuits and ignitors (if you can't figure it out I can't help you)
watch out it will burn a hole through your floor.
Especially if it's not related to Ninnle Linux!
Now for or something really scary.
I run a computer shop in the southeastern United States, much of my work involves the local school systems.
Several years ago (Long before 9-11) a local school received a donation of several pallets of computers, monitors, printers, and other equipment from a local military installation. The donation was properly processed through the Defense Reutilization and Marketing Service (DRMS) and should have been cleared of any sensitive materiel.
I was contracted by the school to take the entire load and build as many working systems as I could out of the parts. As I begin to put systems together and power them up I was staggered by the fact that at least half of the hard drives were FULLY intact and no attempt at all had been made to remove sensitive data.
I of course had to take a closer look. Much of the data concerned simple day to day non-sensitive routine base operations (I am x-military so much of it was familiar to me). HOWEVER on one of the intact drives I found something that KNOCKED MY SOCKS OFF! Setting there on that hard drive spinning on my work bench was pile of data concerning the moving of NUCLEAR weapons and other nuclear materials and conventional weapons around the United States. The data contained information such as routes, schedules, manifests, and duty rosters. I WAS DUMBSTRUCK. How could this have happened? This drive should never have left a controlled area, EVER, it should have been destroyed. This was inexcusable!
Of course in a situation such as this all manner of thoughts go though your head. Thoughts such as; What kind of damage could a enemy of the U.S. do with this data. What would this data be worth to someone unethically inclined. If they knew I saw this data they would probably lock me up and throw away the key just for good measure, and of course WHAT SHOULD I DO WITH THIS DATA?
In the end I destroyed the hard drive and the data it contained and kept my mouth shut. That has been at least 8 or 9 years ago and until this day I have never told anyone and thank God that due to the passage of time I have forgotten most of the particulars of the data I saw.
... From a potential customer. We paid him a visit, trying to get him to use our consultation services. On the way out he asked if we could dispose of some old puters for him. We said sure.
Brought 'em home and fired them up. Lo and behild, there were all of his Quicken files (no passwords) from the previous fiscal year. You'd think that somebody that takes in half a million in revenue per year would know better...
It's been said before.. zero your data. Up to 7 times if you feel safer.
Jaguar (Mac OS X 10.2) will do this with the built-in Disk Utility.
Don't think that a small group of dedicated individuals can't change the world. it's the only thing that ever has.
so why doesw the pentagon not sell all their computers again?
I am the Alpha and the Omega-3
I found 'sensitive' material on Air Force and Navy computers that were donated to educational programs... after we returned the drives they started microwaving the damn things.
At the Hospital I work at, we have a very strict policy about old hard drives, tapes and optical disks. The policy states:
Hard drives must be demagnetized and physically destroyed before disposal (sledge hammer).
Tapes and Optical Disks must be destroyed by incineration.
Need I say more? Hour hospital has pretty good policy about data going outside the premises of the hospital, however their security administrator for the inside network is not very good. Guess that's what you get when you someone an important job like this and give him 40,000$ less than the industry standard salary.
= 5000 credit card numbers...this kind of math too hard for you people?
It's not enough to write 0's to remove traces of a file. Writing random patterns is much better and for older drives you can even do better than random (i.e. more erasing in less passes). The shred(1) command from the GNU fileutils will take care of this for you in Unix-alikes.
e s/ shred/1
_ del.html for an informative paper about the details of how secure deletion works.
http://btr0xw.rz.uni-bayreuth.de/cgi-bin/manpag
See also http://www.cs.auckland.ac.nz/~pgut001/pubs/secure
Backup all important data to both magnetic and optical media (another HD/tape -and- cd/dvd).
Re-format HD using the NTFS file system if the drive is larger than 2 GB, otherwise install NT Server from the earliest available service pack.
Install Windows NT 4 Server, apply service patch 6. Make sure you use a meaningless administrator password.
Upgrade MS Internet Information Server to version 4.0 from NT Option Pack. Create a default web site using the following as the index page (*.htm, *.html, *.shtml):
Why are Chinese, Dutch, German, and Russian Hackers So Homosexual?"
Chinese, hackers, IIS rules, Counterstrike, Dutch, mothers, US ALL THE WAY, Germany sucks, script kiddie, porn, pr0n, disable X10 ads, warez, firewall, Bill Clinton, rar, zip, romz, roms, direct downloads, Long Live Pakistan, How do I secure III?, index of, Ronald Reagan Library
Boot the HD in a computer with an internet connection.
Wait about four days.
Repeat the process three times.
Reformat the drive.
Donate/Discard.
Hey, at least it won't have -YOUR- important data on it.
-dameron
At a former employer who will remain nameless they had secure areas. To get in you needed a clearance and if you didn't have a full government clearance all of the people in there would power off their boxes until you left. You were also constantly watched and doing sysadmin stuff in there was an adventure because they could do whatever they wanted since they weren't hooked up to the regular network.
When they moved some of these labs all of the equipment was shrinkwrapped and escorted to the new location to prevent tampering while in transit.
I think I had something to say. Oh yeah. Ok, when hard drives and backup tapes got old they had to format them X number of times (I forgot the exact number), then physically smash them and then burn the remains. All in a secure manner (ie: not taking them to the local Springfile Tire Fire).
Anywho, a friend of mine had to replace RAM from one of their Suns, and I went with him. They let us leave with the RAM and didn't think twice about it. 2 or 3 minutes after we left my friend realized he may be able to take the RAM and actually read the data off of it somehow, assuming it was still saved.
Perhaps this could be applied to other things including external processor caches and VRAM as well.
Everyone knows you must write zeros over old drives 137 times, then bulk erase them then dip them in acid, smash them to teeny tiny bits, incorporate those bits into construction concrete for buildings on three separate continents and only then your data will be safely gone.
Though there is this one data recovery firm in Wisconsin that can get data off the drive even after all that...
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
US DoD Spec: 3 passes
German DoD Spec: 7 passes
(from http://www.ontrack.com/library/dataeraser.pdf)
-- R
Put a link on Slashdot, along with a bogus story about how it's relevant to the current topic, and watch the traffic roll in.
I have a friend that is high up in the IT dept for a large resteraunt chain.
They bought a lot of used computers and found all kinds of crap on those things - largely very strange porn.
I can recall the research group my dad was in when he was getting his phd at VA Tech - this was back when disks were the wider floppy ones - the huge ass ones, and then the revolutionary 5.25 ones (eventually everyone was astounded by those 3.5s).
Well, they needed disks and they found a place to get them cheap - by the hundreds. A few of the guys decided to check the disks prior to writing over them, and sure enough, tons of info on there.
No porn since there weren't really jpgs and such back then on the 8088s (but once CGA came out on the 286, I recall an amazing strip poker game).
They were nice and called the place selling these disks and let them know that there was still a lot of data on them. Lots of software and business data.
I've only had one hard drive die on me so far (with a wonderful *SPROING* sound) - I promptly tore it open and marveled at the shiny surfaces inside (and my cut hands from tearing it open).
but if I ever do sell a drive, I'm definitely going to fill it up with Pete Townsend porn.
There are some odd things afoot now, in the Villa Straylight.
Hey, hey, God^H^H^HBowie didn't say that the event occurred in 1979.
Was pretty much relegated to ASCII versions of Raquel Welch that printed on five feet of continuous feed paper in a dot matrix.
About as pathetic as using a cell phone for porn...
Because I pretty much run my life by computer I end up with all kinds of info on my computer. And it is for this reason that I use the Linux Crypto API (formerly the international kernel patch). I have an encrypted volume (a big file which gets mounted on loopback fs) on my machine where I keep any sensitive information including all of my email once it has been read. Every so often I mount it, copy the stuff in, and unmount it. It works great and is so easy to use that I actually use it. The only chance someone has of catching sensitive information is if they get it before I copy it into the encrypted volume (passwords, keys, company private data, etc. all go straight in) or if they can somehow recover it from the raw device from when it was written in cleartext. My disk has enough activity and accidentally fills up often enough that I'm not too worried. It's not like I'm protecting national secrets or anything.
At today's densities, all drives have many many bad sectors that are mapped out in a sector translation ROM on the drive's logic board and no two are the same. Swap boards and it's almost always lights out. I guess you could swap the ROM if you can identify it and have the right surface mount rework tools.
There doesn't seem to be much point in overwriting more than once with the same zero pattern (the article makes this mistake too, though the original authors probably don't). There are really two levels of sophistication we're hoping to elude here:
a) People using the drive's own interface to retrieve "deleted" datab) People doing direct signal analysis of the magnetic media to find successive generations of overwritten data
Once you've overwritten the disk once (whether with dd, a real SCSI low-level format, or some other means), you're in regime (b). Assuming you're paranoid and/or justifiably concerned enough to bother with repeated writes, using the same bit pattern does little - and zeroing is especially non-optimal, from what I've read. Random bit patterns seem a likely candidate, but randomness is actually particularly easy to divine in a signal.
People have experimented with instead writing various repetitions of constant strings with good success, but what might be ideal is a chaotic pattern that approximates the look of the expected data without divulging anything real (interesting thought - perhaps this is what some of the porn they found was for!). Write that a few times and you have a honeypot that might mislead a naive investigator into thinking there's nothing more to be found - but even this is difficult because the "freshness" of the bit patterns can be determined by their relative signal strength, and you can't simulate age using the default write current no matter how many new patterns you lay on. You can only hope you've made the old, real data so faint that it disappears into the background noise. Since there's no real way to guarantee this, people with real secrets to hide have to physically destroy the media. So much for reduce, reuse, recycle. ;)
The technique of extracting the data is akin to the work of deep-sky astronomers, military listening posts, or even sedimentary archaeology. It's quite an interesting problem, as is making the data unrecognisable. The parallel with copy-protection is obvious, and the outcome is the same - an escalating war of technique between intrigued hackers, where the party acting later in time (the deprotector / signal analyst) always has an advantage.
As an aside, when using dd to copy large amounts of data to disk you can often speed things up immensely by tailoring the (output) block size to the destination device.
Data Mining is NOT the process of recovering or otherwise retrieving data. Data Mining is the process of discovering knowledge through data that has already been obtained (usually through statistical and/or AI techniques). I.e., data retrieval/collection is a prerequisite for Data Mining.
Communism was just a red herring.
I'm going to be sending a company HD to Dell to RMA since it's starting to fail (stupid IBM DeskStar 60GB drives)... From what I've heard (and contrary to a few other posts in this story), it is still possible to retrieve some data from a hard drive where you've done "dd if=/dev/zero of=/dev/hda" (I still don't get how, but I err on the side of caution).
:)
Enter GNU shred. Its default operation does 25 passes at the drive, with passes such as random data, random patterns and all zeros. Theoretically, the drive has been overwritten so many times that there is almost no chance of recovering data.
Of course, just to play it safe I'll also run it across my stereo speakers a few times too
EnkiduEOT
There is no trap so deadly as the trap you set for yourself
-Raymond Chandler, The Long Goodbye
Ever heard what happens you syick a old cassette in front of a big woofer?
There is no substitute for destruction, but if you want to re-sell, use:
Autoclave
Autoclave is a boot disk w/ a Linux distro that will securely delete on five levels:
Zero fill
One random pass
3 binary overwrite passes
10 passes, some structured
25 structured passes
For *true* secure deletion. Policy at the University of Washington requires level 3 at least. Of course, I've bought some UW surplus computers with still-functioning Win98 on the drives...
Data mining is statistical analysis of structured or unstructured data to discover unknown relationships.
At best, this is voyeurism. At worst, it's espionage.
Say hi for me.
Last year, my employer of 12 years went out of business. The company was secretly being run improperly for quite a while and the owner closed the doors the same day he found out about the mismanagement.
Being the IT director, I helped the owner, my friend, with the office computers. I planned on wiping all the hard drives and I informed the owner of my plan. He agreed that it was a good idea.
From the next three months, watching the bankruptcy process unfold, I got questioned left and right as to why I wiped the data. The accountants wanted to know why...the lawyers wanted to know why...the liquidators wanted to know why...the court wanted to know why. I understand that a system with an installed OS is more valuable than one that has been wiped clean(the data had been backed up so there was no question of whether data had been destroyed) but this should not be unusual. Nobody asking me these questions were newbies--their jobs involved dealing with bankrupt companies and it was as if they had never seen this before!
Floppies, zips and tapes should be burned. Hard drive platters should be ground down with grinder wheel or belt sander.
Wansu, th' chinese sailor
I used to work at a small-town computer store and I had a bunch of customers that would come in with some minor problem, and "oh can you clear my history too?" ;) Man there is some very nasty, disturbed people out there!
Lo and behold, porn links, very strange S&M and things that a normal looking guy like that should *not* be looking at!
Sometimes they would ask for a reformat, and I would look at their stuff just for heck of it
in girum imus nocte et consumimur igni
I would have posted as AC if I were you. That seems like something I wouldn't want known.
On a more serious note, how would this fall under HIPAA? Would the hospital be liable even if they took (what they thought were) adequate means of destroying the data?
They moded me offtopic. I love it. Thanks for the laugh. Worth the karma hit.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Having a slow day are we?
There's PORN on computers??? Who'd a thunk it.
Over the years I've had a bunch of drives fail, which almost always is a big inconvenience, even though I'm religious about keeping good backups. To vent my frustration, I take the dead drive in to the woods near my house and drive several large spikes right through the case and platters. I leave it nailed to the tree for a week or so, as a warning to the other drives.
they routinely deal with highly sensitive data, and often dispose of older computers when they no longer can run the latest version of MS Office.
Some computer guy here bought some ex-govt hard drives 2nd hand, and on them was a catalogue of sexual-abuse victoms, their detailed records, and police comment about them. These institutions just don't have the computing know-how to handle such information digitally (even schools don't).
The TV station did a story on it, and must've seen the address of one sexual-abuse victom flash across the screen. They visited her house with cameras en-tow (!!).
The station got badly flamered for abusing their position like that.
It's not as if it's just any "[t]wo MIT grad students". Garfinkel has written more than a handful of security books over the years.
1337 (adj.) ["leet"]
1. gay.. just gay
e.g.: i am uber l337! [TRANSLATION: I am very gay!]
I just wait for my warantee to run out - it becomes unreable shortly thereafter!
No need to do any shredding at all. Just take the drives apart and mix up all the platters. The more drives the better!
See those tiny little screw heads on top of your hard drive? Undo, disassemble, burn and scatter all the individual components.
Kind of like an incineration of your past logged life.
dd if=/dev/zero of=/dev/hda ...will blank the whole hard drive, but what if I want to just overwrite the empty portions of a mounted partition?
Western Digital put out a free DOS utility called WDClear that will completely wipe an IDE drive with zeros in a relatively short time. Although it was intended for use only with Western Digital drives it will work with any IDE drive. You can find and download copies of WDCLEAR.EXE at many different web sites if you search google.
"Two MIT grad students bought used drives from eBay .... Among the data found ..... were 5,000 credit-card numbers, porn, love-letters and medical information."
I think that was MY hard drive.
That's it I'm giving them negative feedback!
http://www.kubuntu.org/
My cousin works for the IRS. He takes the hard drives and down to an iron mill of some sort. Personally watches them all get destroyed.
For a fee, of course.
occultae nullus est respectus musicae - originally a Greek proverb
I once found out crucial recruiting info for a university sports team. Ended up there were recruiting violations and I could have ruined the athletic department with the evidence on the laptop I had. But technically, I "wasn't suppose to have seen that" - Also, it is illegal to view "known" private data. Even if in one's possesion. I think these "lookers" in this story should be prosecuted. They give people like myself who buy surplus a bad name and cause problems with buying surplus as MOST items require original hard drive data to function.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
For stuff like medical data, financial data, etc., I'd seriously consider looking into wipe instead, which uses Peter Gutman's patterns.
The spooks here used to feed hard drives and tapes into a nearby iron smelter. One way brownian crypto...
Xix.
"Everything is adjustable, provided you have the right tools"
Hard drives on eBay get a sudden boost. Hard drives sold for ridiculous prices on eBay. Coincidentally, credit card fraud increases as well.
Question everything.
ok how can no one post the definitive whitepaper on secure deletion. this really lets you know that no secure deletion *software* is good enough if someone (big brother, nsa) wants the data off your magnetic media bad enough, and how it can be done relatively cheaply:
s ecure_del.html"></a>
r e_ del.html
<a href="http://www.cs.auckland.ac.nz/~pgut001/pubs/
http://www.cs.auckland.ac.nz/~pgut001/pubs/secu
This will destroy any possible resale value, but it will make sure that NO data can be recovered.
Find a suitable outdoor rifle range. Place the hard drive on the 100 yd. berm. Shoot the hard drive at least 10 times using a suitable high powered rifle. (An AR-15 is well suited to this activity.)
This will insure that no data will ever be recovered from any part of the hard drive. It's also great stress relief.
It's good to use your head, but not as a battering ram.
http://www.craigslist.org/about/best/2822956.html
Last summer I was building a two foot high poured-concrete wall ... extending one, actually, at the edge of my patio, where a big oak tree had been taken down. Well, I poured the concrete in and it turned out that I hadn't bought enough.
So I went down into the basement and pulled out all the old computer crap I could find -- old hard disk drives, AOL CD's, ISA boards of various types, etc. and just threw them into the cement mix until the level rose to where I wanted the wall to be.
Perhaps someday after I die (or move) someone will dismantle that wall. When they do, they'll unearth some hard disk drives, complete with a 1997 or 1998 vintage of Red Hat Linux and other software of the time.
Tired of FB/Google censorship? Visit UNCENSORED!
Depending how much someone is out to get you.
There was a quote somewhere saying that a heap of data could be recovered from even a square millimetre of hard disk platter.
So let's have a think about the maths. I don't know what the physical interior of a hard disk is like, but the exterior is in the vicinity of 10cm (4in) across. If the platter were square, that'd be 100*100 square millimetres. (It'd be round, so the actual number would be about 25% smaller.) Suppose we were talking about a 40gig disk. That's 4 meg per square millimeter.
Now if hard disks were made up of lots of layers, say 1000 of them, that's still 4K per square millimeter per layer, and you've got one hell of a pulverising job ahead of you!
There's good reason why high-security areas go through their elaborate sequences of electronic shredding (multiple data overwrites), physical shredding (makes the hammer look weak) and thermodynamic shredding (I daresay *someone* can get data off a hard-disk after you've treated it with thermite!)
Rachel
I used to work for the Queensland Police's IT department. We had to take used HDD to the dump personally and arrange for one of the bulldozers to crash them. Basically anything that had a memory chip had to be physically destroyed, old ram, old NICs, everything.
A friend of my replaced a defective HD controller card, that is mounted on the harddrive. He luckely had two identical drives, and the card was easy to replace. From what was a totally dead harddrive, became a fully functional one, without the use of expensive hardware/tools at all.
So when you toss your harddrive thinking no one can recover the data, only by using expensive hardware, it just might be a trivial task.
Burn the ISO, boot to the CD, then wait a *really* fucking long time for it to scamblefuck the drive. (You can also use a floppy disk...but nowawayd why use something that a magnet could possibly fuck?)
(I have no idea whether or not this is military-grade. Can anyone comment? And if not, provide something *better*?)
When I was 14 or 15 (long ago), I took a trip with my friend to visit his father and step mother for the day. We would have to help his father in his print shop for the day, but my friend promised in return we would be able to sneak access to his dads porn collection.
After we ended up working in his dads shop all day, we had dinner, went to his dads house, and his dad left us alone with his computers to play games on. We had brought a palette of 100 disks to hopefully sneak our porn home on, so we began copying all those pcx and gif files onto disks as fast as we could. We couldn't risk looking at them for fear of being caught. It wasn't that unusual to have a huge pile of disks because that was how things got copied in the olden days, his dad thought we were copying some of his games.
Low and behold, we fill all 100 disks with porn (an incredible stash in like 90 or 91). We go home for the evening to each of our houses, divide up the stash, and we both head straight to the computer to um, count our booty.
I get home, pop the first disk into the computer, and just about then I get a phone call -- its my friend, he says "dude, don't look at the pics, trust me." But he's piqued my interest so I have to. I load one up and what do I see? A big juicy cock. We had copied his dads gay porn stash.
Religion is a gateway psychosis. -- Dave Foley
My wifes company - health care company - gave away the old office computers a few years ago. With out wiping the hard disks. We got two computers - both the co-owners with all of the memos intact. It made for some interesting reading - filling in those awkward questions about people who didn't come to the company picknick.
Well, what do you think they're going to get off of THIS hard drive?
"Everything you know is wrong. (And stupid.)"
Moderation Totals: Wrong=2, Stupid=3, Total=5.
I disassemble my old drives. The Magnet makes one hell of a good Refrigerator magnet and the discs make good pocket mirrors for wife or frisbies for kids.
If you could reason with religious people, there would be no religious people
i get rid of numbers of hd's every month and prying open the case, putting a paper towel between your finger and the platter and just lightly pressing on them to smash them is all it takes.
the platters are fairly rigid so when you smash them they disintegrate into tiny tinty pieces usually never possible to recover (most of the platter ends up in 1/32nd bits or smaller, thats why the paper towel is there, to prevent micro splinters getting wedged in your skin ).
otherwise, just wedge a screwdriver between the casing and platter, and smash platter by leverage.
no one can read data off of dust.
Some sort of explosive device on a trigger next to your mouse?
A shotgun blast? (Hoping you hit the drives and don't get shot...)
Fast acting fantasy software to write random data 144 times over the disk in mere milliseconds?
Some spook (don't remember which one) degaussed a hard drive once. He might as well have just destroyed it, because he bent the r/w heads.
Doesn't work anymore. The magnets in the disk are too "hard" and can't be degaussed by any reasonble-sized magnet. Thermite is the approved method of secure disposal, although that's messy.
If you're going to stop short of total physical destruction of the disk (not just some pansy break-it-into-pieces thing), you might as well just overwrite it with Guttmann codes, followed by random data, followed by more Guttmann codes. If they can get it after that, they can get it if you smash it into a thousand pieces.
I hereby place the above post in the public domain.
work pretty well for erasure
it's completely worthless anyhow. I just take it apart and use the different parts for random things. I gave away the platters to friends (they will be damaged pretty badly, but probably recoverable). The platters are usually used for toys or coasters or decoration. It would be a headache for even me to track them down. An untrained eye can hardly distinguish them from eccentric decor. I just love to play with the motors and magnets though. I still want to use a dead IBM drive's 10K RPM motor to make one of those LED clocks. I would have the worlds loudest digital clock probably :)
Karma Clown
Can't the HD manufacturars add a jumper that completely erases the drive when crossed and the power is on (this would be a very appealing feature for business hds)
the can even hide the jumper underneath a sticker or something - erasing a whole drive properly is a royal pain
How would it be possible to prove those files were yours in a court of law?
I mean, conceivably you could create false information on a drive about the president, then sell that drive on ebay. Sometime later someone comes across that drive and scarfs the information off of it, then WOW a story, but it isn't real.
Prove that pr0n is mine!
Thermite
Backups are for wimps. Real men post their data in comments and have slashdot mirror it
I've had to RMA a drive (Seagate, I think) that had all our magic encryption keys. So I opened it, pulled the platters, and sent it in.
They didn't say a damned thing, and sent us a new drive. Each of the engineers took a platter and did away with it. No problem!
-- Spankmeister General
"They" will cut the power to your house or apartment before a raid to make sure you can't make use of any such niftiness. Get a UPS.
..don't panic
s/radius/diameter
Unfortunately, I suspect you're gonna have an unplesant time getting your hard drive to that state...
You need a FREE iPod Nano
This only goes to prove that selling on eBay comes with certain unavoidable risks. You never know who your buyer is going to be...
It could be some smart ass college kid who is going to get your old porn collection you thought was lost.
Saskboy's blog is good. 9 out of 10 dentists agree.
Should produce some interesting results. It'd be interesting to see the different effect from hitting dead center on the hub as compared to (on a different, identical drive) the outermost rim.
Wait a sec, 5000 credit card #'s...on 158 disks. So, somehow each disk had over 30 numbers on it ON AVERAGE. Or did one have 5000 and thats it.
At least we know what those people using your credit card number arent being very careful when they throw out the trash, and apparantly the really big balls go to the guy who sold his old drive on ebay, the same drive he used to purchase his new computer with your credit card info...
My question is, what were 158 hard drives doing with an average of more than 31 credit card numbers each? Sounds a little shady to me.
Trying is the First Step to Failing --Homer Simpson
I caught that reference...
Dammit. I just misplaced a drive with 5,000 credit-card numbers, some porn (mosty of Briney spears) and my old love-letters to my 8th grade music teacher. Not to mention my personal info medical information.
Any way I can claim that drive back? I have no idea how it ended up on ebay.
Actually. DOD has specific guidelines that define Overkill.
1. format drive
2. Triple overwrite security erase. (All 1s all 0s then all 1s again.)
3. Degauss with powerful magnet.
4. Crush with road roller.
5. Melt in furnace.
6. Bury in secure area under 15 feet of cement.
--= Isn't it surprising how badly I spell ?
The company I work for uses East-Tec's Disk Sanitizer to erase hard drives before selling any old computers. It's available for windows, linux or as a dos-based boot disk and there is a fully functional 30-day demo, so anyone can download it and clean some hard drives. We finally licensed it, after some 25 computers over a year. Better late than never, I guess.
Please someone mod parent up. I'm really curious!
Yes, I'm familiar with some of those, starting with Guttman's now-ancient 1996 paper Secure Deletion of Data from Magnetic and Solid-State Memory. The OP's sentence that I was responding to was "Theoretically anything that has previously been on the drive should be recoverable through such methods." But it's nowhere near as simple or as "reliable" as that. Besides, I haven't seen any papers in the last few years that talk about doing this with today's drive capacities. Guttman's paper talks about the more advanced drives at the time as being easier to securely erase:
In addition, remember that many parts of a disk undergo a *lot* of reading and writing of different bit patterns. Recovering a prior generation of data may in fact mean recovering what was written at a particular spot thousands of writes ago. That's just not always possible.And even when it is, it can be guarded against, as I alluded to in my post. The thrust of the abovementioned paper, in fact, is how to delete data so that it can't be recovered, even with the use of advanced techniques.
In short, the notion of realistically recovering data that's been properly erased - not just by an OS-level format - even with hundreds of thousands of dollars at your disposal, is more of a myth than anything else. It's a possibility for security wonks to scare each other with and try to guard against, not something that's happening in practice. Companies that do professional recovery don't even remotely get into this kind of thing, for example, and they're the ones who might have the financial incentive to do so.
http://dban.sourceforge.net/
Simply possessing that data might be a crime.
Ok, so I was wondering what everyone's favorite utilty for restoring delete files is...
You toddlers need to read more clearly. But, since your mom exercised while she was pregnant with you, and now you have ADHD, i'll explain it for you.
"Welcome to 1979." = People have been doing clandestine data recovery on discarded computer media for decades. This story is nothing new.
My dumpster-diving adventured were limited to about 1996-1999. The 50MB Sun SCSI enclosure was from circa 1990 or so, the data on it was from '94-95.
Happy, girls?
Bowie J. Poag
I love how half the posts here have become describing how everyone take their drives out in the street, pours acid on them, shoots them, sledghammers them, drills holes in them and them drips melted pokki sticks on them. WTF do you people have on your hard drives? I don't think people are mining drives for anime these days.
You know what?
how about magnets? Big ones, made from NdFeB (Neodymium-Iron-Boron) ... they aren't too expensive, and boy they do the job. Hop over to ebay and get one.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
I'm not very concerned about that aspect of it as I encrypt everything of any real value on any computer that will ever access a network. If someone is going to recover it, they will have to go through a lot more work to get it. Good encryption tools (such as Drivecrypt) are readily available.
Believe me, I know about the perils of "data mining". I met a great girl online and after a while we started talking on the phone. We'd been talking for weeks and eventually it turned sexual and very arrousing. Well, I sent her pictures of myself naked. The pictures were taken while we were talking, so I was also arroused.. She was at her parents house and she just couldn't wait to take them home to look at them, so she looked at them on her Dad's computer... Of course a week after that she told me that despite her attempts to clear her tracks, her Dad undeleted the pictures.. I couldn't imagin going home to meet her parents after that!
I work for a University. A couple of years ago I was called in to fix a PC that had BSOD'd. The data was intact but the OS wouldn't boot. Rather than reinstall from scratch, we use a ghost image with service packs and antivirus etc preinstalled, as we have a lot of PCs to support (>1000 per support person.) I explained to the user that this would wipe their hard drive, and asked if she had backed up her data to the network, as stipulated in the AUP (Acceptable Use Policy). She confirmed that she had, so I reimaged her hard drive and got her back up and running.
That afternoon she rang up in a tizzy, asking where her 'book' was. This (economist) had been writing a book for three years, and the only copy was on that hard drive. We sent the drive to a data recovery service, who charged us £200 to tell us the data was not recoverable. Luckily the user was able to recover most of her data from printouts, fragments she copied to the network, floppies and so-on.
So if you can read data after only overwriting it a couple of times, how come Norton Ghost can render data unrecoverable in one pass?
N.B.
The user said she thought I meant had she saved the Word document she was working on at the time. She had saved it, to the local hard drive!
I've been extra careful with Ghost ever since, but still had two more instances of massive data loss, where both times a technician allowed me to Ghost a PC then got irate because I'd ghosted 'the hard drive with the data on it, not the new clean one' after failing to mention there were two hard drives in the PC rather than the usual one.
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
"Welcome to 1979 - I was just learning how not to repond to my own trolls."
shred command is rather useful
I'm saddened that my favorite Bowie-watching link, bowiejpoagis.batshitinsane.com, no longer contains the history of Bowie, chronicled with actual Bowie comments.
Ah, but I still have google.
WDclear is widely available for download. This will write zeros to the entire drive. Google on it and you'll get lots of hits. You can put it on a bootable floppy, but whatever you do, don't bring this floppy to CumpU$A with you. That wouldn't be "nice."
BCwipe is also available for download. This is a DoD grade DOS tool that will not only write zeros but do a 7 pass overwrite with random data. Mind you this takes a long time. About 35 hours on my 40 gig drive. The great thing about this tool is that you can install it under Windows and it will let you wipe your deletes as you make them from the right click menu, or wipe your recycle bin when you empty it or only overwrite the *empty* sectors of your drive. It can also be run from a floppy under DOS. This is the one that I won't leave home without.
This one is nagware though, so let your conscience be your guide on registration.
I'll also point out to the Windows users in the crowd that the linux dd solutions posted by others are still perfectly available to you as well. There are a number of single floppy bootable Linux distributions available for sysadmins and techs to carry around for various emergency and admin situations, like a machine that refuses to boot from its HD. I always like to have one of these about my person, even when I know I'm going to be working on pure Windows machines, because they offer far more functionality than the usual Windows "rescue" disk, often including full network capability and a text based web browser, just in case you need to access the network and/or web to get the files to restore the machine you're working on.
KFG
So, you think you cleaned all your personal files from that old computer you got rid of? Two MIT graduate students suggest you think again. Over two years, Simson Garfinkel and ......
It's an obvious hoax, no way that's someones real name! ;)
"I say we nuke them from orbit, it's the only way to be sure"
7. Profit!!!
But it's no surprise that there are places that can't even be bothered to do a low-level format. Probably reckon it would cost too much, and we can't evade our sacred duty to maximise profits, can we?
try this then.. http://w1.270.telia.com/~u27007970/ghetto.htm you can be smug with the knowledge that your data's gone down the drain.
Why on earth has no-one done a "wipe-it-all" linux disc distribution.
;-)
A minimum system, that has one goatse picture and ability to connect to something like news://alt.binaries.pictures.erotica.[like I know the group name].disgusting
The system asks if you are sure you want to empty your hard disk, then formats it twice (or formats, writes random seed data and formats), and writes it full of "random" images from disk and nntp host!
Happy datamining to someone intrested in your "stuff"
In dream society, people could be given the ability to mod replies. In real life, it would be disaster.
I'm betting this will keep most folks from getting much useful from my hd's. Of course, I've never given away a hard drive that I hadn't already put into another machine and reinstalled a new OS on anyway....
After reading articles on how to read data after it has been overwritten and also reading about how to draw pictures(magnetic pictures) on tape, writing over them qiute often and retreving them. I think I will use the aluminium factory near by to dispose of my old harddrives.
I think melting them will delete the data.
What do you think?
First, a little background:
Regarding disk recovery:
Regarding SRAM recovery:
Regarding DRAM recovery:
Based in part on the recovered data, we concluded that candidate A was declared the winner due to a ''mistake'' in mapping ballot slot numbers to candidates. In some cases the slots for candidate A and B were reversed.
An incorrect vote count was reported by the election officials. It is our guess that when we came around asking for the raw data, someone began to collect it. At some point some official(s) discovered the blunder. The system was left on while they stalled for time. When it was clear that we were going to force them to turn over the data someone wiped the system and shut it down.
BTW: The majority of the election officials involved were supporters of candidate B. Even though their blunder caused them to declare candidate A the winner, they still tried to coverup their mistake.
Our conclusion was that the attempt to coverup the mistake was motivated by not wanting to admit the major blunder instead of because of candidate A's influence. This conclusion was reached in part because of messages that we recovered on another system that was not wiped. However we would have never been able to find that other system, nor would we have been able to match the raw slot numbers with the reported vote counts by candidate name without the help of the data recovery consultant and the critical data that they recovered.
I'll offer a few observations:
P.S. I know that some people doubt that one can obtain old data from SRAM and DRAM after poweroff. I did too until it was done for our group. To those who still doubt this: I will refer you to Peter Gutmann's paper on Secure Deletion of Data from Magnetic and Solid-State Memory for another source on data recovery methods.
Can't you also use shred to blank individual files?
I bought a refurbished power mac not so long ago and it appeared to come from united airlines and did contain quite an amount of serious sensitive data. Reports/emails about illness of an employee, financial stuff, flight planning etc.
It was right there, no attempt had been made to delete it at all. Sigh.
If you try this at home you may get prosecuted by the BATF for having unregistered/unlicensed "destructive devices". So you could still end up in prison, even if you destroyed all of your computer hardware.
Mea navis aericumbens anguillis abundat
Totally break them down to components after a reformat, then beat on the parts with a hammer just for insruance.
Then of to the dumpster they go.
---- Booth was a patriot ----
If you wipe, remember to take your device's physics into account.
Wipe it once when it is completely "cold" (computer has been turned off for at least several hours), then wipe it again after it has been running for an hour or so, and wipe it a third time after you've giving the disk some serious thrashing (that is, disk activity that moves the head around quite a bit).
The reason is temperature. Data is saved on circles on a magnetic medium. The read/write head has a certain amount of thickness, and so have the tracks on the platter (the tracks have to be a bit widther than the head is, to take thermal expansion into account so the head won't overwrite data on neighbour tracks).
So, for some specialized data recovery company, it may even be possible to recover different data from the same track, because after a while of use, a track can look like this:
---------------- Outer track end
AAAAAAAAAAAAAAAA Older data 1
BBBBBBBBBBBBBBBB
BBBBBBBBBBBBBBBB Actual data
BBBBBBBBBBBBBBBB
CCCCCCCCCCCCCCCC Older data 2
---------------- Inner track end
So, your drive will always read the data in 'B'. In 'C' there might still be data your computer saved when the drive had just spun up and was cold, while 'A' might still hold a copy of data that was written on very heavy disk activity when the drive was really hot.
To overwrite all of this data, you need to have the drive write in any of the temperature states that it has been in within this life.
"Simple" writing might only destroy all 'B' data and leave all 'A' and 'C' data intact on the drive, where they can be recovered.
42. Easy. What is 32 + 8 + 2?
Another interesting case came up when my company was in its death throes and was firing people left and right. When the admin was backing up the content of their hard drives prior to wiping, a lot of interesting non-work-related stuff cropped up. I'm not talking about a little gay porn. One guy had dozens of documents related to different couples' divorce proceedings! Ouch ;)
The real lesson here is that the people you sometimes have to entrust your data to can't necessarily be trusted.
chisel it open (even if you do have torxes; it's much more destructive, and amusing), bend up the platters, and sandpaper the hell out of them, that should do it.
Facts do not cease to exist because they are ignored. - Aldous Huxley
42. Easy. What is 32 + 8 + 2?
what you need to do is overwrite the whole harddisk several times with different patterns. Peter Gutmann recomends 35 passes with different patterns. The DoD 5220.22-M NISPOM recomends 3 passes.
Secure Harddisk Eraser implements these 35 or 3 passes on a single floppy. Just boot from the floppy, wait 60 seconds and the harddisk will start to erase.
The homepage
Any sufficiently advanced libertarian utopia is indistinguishable from government.
The company I work for uses the DoD 3 passes to wipe drives.
I still have the last two drives from my last couple of home PCs. Lately I was thinking about taking them apart and sanding down the platters. How effective would this be in assuring nothing can be recovered?
One thing to consider is turning your system in for repairs. I used to own an Apple G4 Cube and when I sent it in for repair, Apple decided simply to send me a new one. While I didn't have anything on the hard drive except some MP3s and Email, who knows where that disk is now and who has it? It is something to think about if you have your computer serviced.
After reading all the posts of this topic, I have concluded that physical destruction is the best way to go. Although I have no doubt that a program designed to securely erase the hard disk would be effective enough for me, my hard disks are simply too big for this approach. Who wants to wait on 7 or more passes on a 120GB hard disk?
That's one of the great things about Data Recovery... It's like a metal detector on the beach, sometimes you'll find valuable stuff, sometimes you'll find important missing items, other times you'll just find junk.
the spreadsheet program?.. wow!.. nice colors!.. Those were the days!..
Well, in that case, first they'll read your DNA, have uncontestable proof you (or your identical twin) had had possesion of them, and then they'll read your data.
Then they'll clone your ass and threaten to rat you out to the 6th day fundamentalists, who would assassinate you if they knew you weren't "as God made you."
Shop as usual. And avoid panic buying.
for why I take dead hard drives to a friend's range and shoot them. Of course, its really just have some fun (hard drives explode quite nicely, especially if you hit the magnets). I would love to see someone reconstruct much of anything on a hard drive I've put 50 rounds of .30-06 through.
A quick way to make a few bux. Buy some drives and if the data is damaging enough extort some money from the poor bastards.
First, a night in a box with a dozen or so neodymium iron boron magnets, and then a few minutes of lovin with one of these puppies, and presto, hard drive toast.
.mike
Throwing drives in the trash reminds me of the age old story of the bank robber that goes into a bank and hands the teller one of those nifty holdup notes. You know, the one with his name and social insurance number on the other side.
-- Ok ok, I'll be good. Gimme back my karma.--
-- Karma whore? You betcha. --
Wouldn't several loops of this be better?
# dd if=/dev/urandom of=/dev/hda
The AIX credit card server here probably has boat loads of information. I haven't gotten around to formatting it, though it does boot to a login prompt. It was for Homeruns, a failed grocery delivery service.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Anyone ever try drilling a small hole in a hard drive and dumping in water and pure sodium? Or how about microwaving a hard drive
I've tried lots of data restoration software, from shareware to super expensive. Almost all of them worked pretty badly. Except one, and I mention it here if it helps someone who is desperate and thinks there's no hope, to go down a potentially fruitfull track...
I've tried Get Data Back for FAT and for NTFS on drives that were formatted, partially zeroed (both FAT's gone on a FAT drive) and new partitions partially used and they restored perfectly almost all files (luckily every file I needed). They cost money (frequently found on warez sites though) and the programs and web site don't look all that professional, but I've never found anything that worked as well. I rekon these guys deserve to be paid for this great software.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
They are amazing fridge magnets. And the platters, BTW, make superb coasters for your coffee table.
I am a little worried that there may be something toxic on the platters...it's not like they intend for disk platters to be food service approved.
The only data point I have is that there are no particular EPA requirements for disposal of the platters. So they probably don't contain anything too dangerous.
The price of freedom is eternal litigation.
Most hard drives I get from old computer still have intact data with Quicken files, resumes, and business correspondence on them. Most of it is boring and gets deleted.
Macintosh hard drives from the older systems are my favourite though as they have lots of games and neat programs on them and it's easy to copy over to other drives for backup. The last mac drive I got from a junk machine had photoshop, a neat SCSI drive utility, after dark, and SPECTRE, one of the great mac games.
-- After all is said and done, more is said than done.
I was once given an old computer from a local hospital that contained all of the towns medical records. I was able to see which of my friends had stds and other sensative information. This sort of thing should be more carefully disposed of.
Could Jesus microwave a burrito so hot that he himself cou
Back in the day on Macs I think "initialize" meant the same thing as "format" in DOS. In high school my teacher was afraid to let us initialize the modem, because she thought it would wipe it clean! :D
And this was in a gifted Telecommunications/Networking class. Sad.
AFAIK there are secure ways of removing data from a HD writing so-and-so bit patterns that many times to the disk.
What I don't understand is why tools for performing such erasure is not more widely known and spread. Hell, why they are not incorporated into OS distributions as a tool.
Somebody make an 'srm' (secure remove) command for UNI*'s, a "Do you really, really, really want to remove this file" option in W**, and a linux boot disk totally wiping complete disks before you trash them, or sell them off eBay.
5000 credit card numbers on 49 hard drives? Anyone care to speculate?
If what you say is true, then that scene in Cryptonomicon where those lawyers seize that computer and it passes through the strong magnet in the doorway and then gets wiped, well, that wouldn't have happened that way, eh?
My harddrive never make it out of my house ALIVE...i slave drive them to death.
:P
A the moment i still have a 600mb seagate churning away in my server...it will only leave the case when it pops its clogs
"What do you mean you have no ice? Do you expect me to drink this coffee hot?" - Random Customer, Clerks
I'd like to see IDE hard drives that encrypt every sector -- but done in the drive's electronics.
Before the drive can be used, the mainboard (bios?) must first issue an ide command to set the key that the drive used for reading/writing each sector.
WIth a properly configured bios, the bios could ask you for the key during power on self test.
You run your computer off a UPS. If the bad guys are going to serve a warrant, raid you and steal your gear, they might first cut the power to prevent you from inserting a linux "reformt-the-drive" floppy and punching reset. The UPS helps against this.
But even if you can't get the drive reformatted, and the bad guys attach your drive to one of those drive copying gizmos to collect evidence, all they get is encrypted blocks. Or better, if the drive electronics detects an attempt to do this, massive sequential copying of blocks, but without first having issued the decryption key command, then the drive electronics could simultaneously return random bytes to through the ide interface to the copying gizmo while actually overwriting the corresponding sector on the drive with different random data.
Another way to look at this from the point of view of the drive electronics is that if the drive is powered up, and very much access is attempted without the decryption key command, then the drive can assume that it is NOT physically in the good guy's computer where it belongs.
While the technique described here is also good to prevent data mining of your hard drive, it is most useful in preventing data mining by the bad guys who might steal your drive for evidence.
The price of freedom is eternal litigation.
According to one of my lecturers at ETH in Zürich (this guy works in the IT department of a bank here in Zürich) the rival bank UBS disposes of hard drives using a 3-ton pneumatic press standing in their serverroom, ie disks never leave the *serverroom* in a readable state ;=). This guy himself had problems with his computer vendor (Dell, ..., whatever) since they, when voiding warranty, returned the computers without harddrives...
You don't need a whole distro for that, just a clever application. You can use snowdisk to encrypt the whole drive with random useless data. It wasn't originally developed for that, but I have had no problem using it for completely wiping drives clear of useful data.
Snowdisk
Quis custodiet iposos custodes?
I went to a bankrupcy auction a few weeks ago, an engineering and testing company that had gone bankrupt. None of the computer they were selling had been wiped - about 20 laptops in various states of function, and about 2 dozen desktops and servers. The prices were way high, so I didn't buy anything, but I have to wonder what kind of data was on there.
Although as far as wiping the OS's, you could always just tell them you wanted to make sure you didn't violate the EULA.
I have blog like everyone else
Just as it's a good practice to shred papers with personal info before recycling or discarding them, it makes sense to wipe clean or cut up your old floppies, too.
Years ago I bought a CP/M system complete with a 30MB 14" hard disc at a computer show consignment table. I couldn't get it to boot up but I was able to poke around on the disc by writing and reading directly to the controller. I discovered some erased files and one was the previous owner's resume, a developer for Pickles and Trout. So....I called him up and he helped me get it working. He was suprised I found his deleted resume and I assured him I'd wipe it as soon as I got it working. That drive also had the source to most of their CP/M development. It made for some fun reading, pre-DMCA, of course.
Get out your B.F.G. and...
oh wait.
D'oh
My neighbor recently caught his house on fire and destroyed part of ours, too. Among the casualties of the fire department hoses were three computers (5 hard drives in all). When are damaged goods were being tossed in the dumpster, I grabbed the computers and had my kids take hammers to the hard drives (they loved that!)
By the way - the Macintoshes still booted and ran, but the PC did not!
I can confirm you that *NO* drives or any computer parts which can contain non-volatile data (cpu/ram/bios/etc) will come out of government agencies unless they are stolen by employers.
I work for a large company and on-site people can't bring in anything (laptop/cd/floppies). If they bring it in, they have to leave it in.
Now this is, of course, following the legit procedure. One can remember the hard drive incident at Los Alamos...
-- Leeeter than leet
If the situation is that bad, then I must say I really do support some sort of recycling program for computers (I do anyway, but am saying that maybe more needs to be done to make it worthwhile for your average joe/company).
At the very least, the article should have addressed it when it mentioned that hard drives end up in the trash, with something to the effect of "...however, just throwing the drive in the trash contribues to {insert environmental harm issue here}, so they should be zeroed out, then recycled at the Computer Recycling Center." Especially in a San Francisco paper!!
I like the ole Sledgamatic(tm).
Mashes, bashes, can even sterilize.
I worked at one company where the policy of removing data with classified data was: 1.) erase the files with delete command 2.) remove platters from hd frame 3.) smash platters with ball peen hammer 4.) put pieces in incenerator. I don't think you can data mine this one.
The only sure way to erase a hard drive is to "squeeze" it: writing over the old information with new data -- all zeros, for instance -- at least once, but preferably several times.
I must say, this is the first time I've ever heard zeroing a hard drive as "squeezing" it. Sounds more like compressing the data on the hard drive to allow more to be stored in a riskier way. Where in the world did this term originate, or did this Justin Pope just make it up? I can't even find an entry for it in the Jargon File (I've found nothing between square tape and squirrelcide.)
#2 When I have a drive go south on me that's out of warranty and can't be RMA'd, I garuntee that the better than average Joe can't extract data from it by blowing 2-4 holes in it with my Glock 22 (.40 cal). It really does lay to rest the debate about whether I provide adequate data protection on my drives. Of course I also have a string in my welcome dialogs that simply states: This computer is protected by Glock. I don't have many security problems.
With all this data recovery and such, the question becomes, what is truly secure? As a precaution I've begun overwriting all of my files with Slashdot articles...
HA HA! Funny!
One of the major problems with these hard drive erase tools is that they only immediately impact upper surface levels of the device. The magnetic field from data stored on a drive as an effect on impurities deeper within the data material layer. Such impurities move as a function of time. Data long held on a disk drive will have a much greater impact on these deeper impurities than the most recent overwrite.
You can over-write the disk 100 times in the course of a day. Such wipes will have little effect on the deep impurity migration that occurred when the data sat on disk for months. True, the final wipe pattern will, over time, swamp the previous long term impurity migration. The longer you leave the erased data on the drive, the less the chance you will be able discover the previous old data.
I am not surprised that data sections such as the swap/VM-paging area and parts of the file system structure were not recovered. Such areas are usually in flux (no pun) and so
From the above story, it appears that data recovery started only a few days after the disk was wiped. Data that was stored for several weeks would be recoverable by removing the upper surface and analyzing the impurity structure of the next layer.
but usually not both. that's what I told my bosses when our dotcom was being liquidated. they opted for fast. *sigh* oh well. my other concern was backup tapes. those were sold at auction as well. my HR and payroll data was kept there. anyone have luck bulk demagging DLT (or 8mm or AIT)?
On a side not, another boss used to work for the NSA, and their data scrubbing procedure I think was 11 overwrites, then open the drive and sandblast the platters, then incinerate the platters! All of this was done by the NSA in the building where he worked (he'd even operated the incinerator)! They couldn't allow the drives to leave their building even for destruction.
We are all agreed that your theory is crazy. The question which divides us is
whether it is crazy enough to have a chance of being correct. My own feeling
is that it is not crazy enough.
-- Niels Bohr
- this post brought to you by the Automated Last Post Generator...