Slashdot Mirror
Picking Up the Pieces
ravenousbugblatter writes "The New York Times online ran an article yesterday titled Picking up the pieces that talks about new technology that can recover information from shredded documents. Not only can companies scan strip-shredded paper and recover the information, they can do the same with cross-shredded paper. It comes at a price though - one company charges $8,000-$10,000 to "reconstruct" the information in a cubic foot of cross-shredded material. How's it done? The shreds are glued onto a piece of paper and then scanned. Software then looks for matches (in one case using the pattern of ink at the edges of the pieces) and suggests possible combinations to the operator that can be accepted or rejected."
...on a really good television show that had far too short a life.
The Lone Gunmen - Those three 'nerds' from the X-Files; Frohicke, Langly, and Byers. Great guys. Great show.
There was one episode in which a rather critical clue was found in a shredded document; Langly and Frohicke were seen pressing the strips of paper between two pieces of contact paper and then scanning the sheet. A program therein sorted the strips, and matched them up. Voila, un-shredded document.
Great idea. Really.
Informatus Technologicus
Sounds like the folks in the Giant Black Marker Business stand to make a lot of money then. Ever tried to recover info from a page that's been "Blacked Out"? It's pretty mcuh impossible. It's not a good way to do things when you have 3 million pages of whatever to destroy, but surely technology will soon give us the More Giant Black Marker and privacy/corruption can continue.
Caffeine Good
You've heard about reconstruction of shredded documents. But now Blastco is selling the amazing, super-duper, Blendomatic(tm).
The operation of this wonderful device is so simple even my grandmother could be accidentally killed using it.
Simply dump up to 1 cubic foot of documents of be "blended" and press the button. Water is injected and the 250 hp motor started. In a few minutes a phlegm-like pulp of paper is ejected.
This mass of Top-Secret documents is now no different than a dollop of elephant snot.
This post encoded with ROT26. If you can read it, you've violated the DMCA. Handcuffs please, sergeant.
While I can see your point, the fact that shredders are so cheap ($20-50) and quick (4-10 sheets at a time) makes it fairly easy to give yourself a more secure feeling.
The risk is zero. The mathematical expectation (probability v.s. potential loss if somebody does pilfer my garbage) is greater than 50 bucks. Risk analysis says that buying the shredder was wise, though not overwhelmingly so.
I've had:
This is what I know of and it happened within 2 years.
Chris Kuivenhoven is a thief, beware
Given that a substantial number of people I know or work with have been fraud victims, I'd say the likelihood is significant. The question is whether or not the one-time cost of a $40 shredder is justified. The potential time and hassle of tracking down and closing fraudulent accounts amounts to far more than $40. If you don't value your time at all, then don't buy a shredder.
The idea is make it harder than it's worth to get the information. Having said that, it is very difficult to estimate how hard something is.
----
At a government agency that I used to work for, all documents were cross shredded then eventually dumped into a what amounted to a big blender (slurry tank) that mixed the little paper sheddings with water/bleaches/detergants to make a fine paper pulp, this was then pressed into bales sold to paper recyclers. (This agency was the largest recycler in the state :-) )
My combinatorics is a little rusty, but here's my take on duplex/complexity.
Case 1:If you have a one-sided, cross-cut document, you scan arrange the pieces, ink down, scann them, and plug them into your software. For the sake of easy math, we'll say the cross-cut process cuts the paper into 10,000 individual squares.
So the computer compares 40,000 edges against each other (not taking into account completely blank squares - I'm not going to delve into it that far). Now, the math and logic involved in image comparison is somewhat complex (as opposed to integer comparison, etc). This will take some time for the computer to come up with several viable options to present to the user.
Case 2:There's a two-sided, cross-cut document. The computer still has 10,000 pieces of paper to look at, but there are two sides to them. There is no way for the user OR the computer to tell which side of the square belongs to side A or B so it has to initially treat them as the same. Now the computer must look at 80,000 edges and compare them all against each other. This increases the computational complexity significantly. Especially when you take into account that once it starts to find chunks that "fit", it has to start dividing up the results into two pages. Added logic adds more overhead to the operations and the run-time increases nearly exponentially.
It also has to figure out which square from Side A correlates with the same square from side B and which orientation.
Duplex printing/cross-shredding, while putting more data in one place, makes it (theoretically) SIGNIFICANTLY more difficult to decipher using computer math and logic.
Self realization: I was thinking of the immortal words of Socrates, who said: "I drank what?"
I was working at an office in Manila for a while and one day some other guys in the office noticed a man at a table down the street a ways selling papers. When they stopped and looked at the papers, they discovered they were from our office- they had been pulled from the trash and he was selling them for something like 10 pesos a sheet (though it didn't look like he was making much of a killing). Not that they were particularly sensitive, but some of the papers had contact information on them, so we began shredding everything that had names on it.
When I got back home to the states, I was a product development manager, and one of the first things I did was buy a nice shredder for my company. At first everyone laughed- they said I was being paranoid, but it was mostly out of habit. Pretty soon everyone was using it, though. I realized after a while that deep down I hadn't really bought the shredder because I was worried about privacy or anything, but because it's addictive. Sometimes there were lines in front of the shredder. People were shredding notes from the morning's staff meetings. People were shredding poems that they had just printed off the Internet. If anyone were to pay $8,000 to recover one of our documents, the truth is that they'll likely find a page of Holy Grail script. ("Aha! Just as we suspected! This document proves they're doing research on swallows.")
The lesson is, shred lots of junk while you're at it. It's fun for you, bad for whoever's trying to look at your stuff, and probably fun for the guy with the glue getting paid to recover stuff.
I'm in the NJ National Guard and the shredder we use puts out shreddings that I don't think could be put back together using this system. When the paper gets shredded it gets curled up on the eges, but since the slices are so small the curled edges overlap and make small rolled up strings. In the curling process the ink on the surface of the paper gets so worn out that flattening them and gluing to another piece of paper would not make the document readable.
Welcome to the land of the free...pay toll ahead...no photography...please open your bag...
(Sorry to reply to my own post, but this info is outdated.)
Now the pulp is sold to tissue makers. They bleach it white, make TP, and you wipe your arse and blow your nose with it.
Is this any way to treat our most valuable national secrets???
Forget about people dumpster diving - trash cans get spilled and bags get ripped. Do you want your bank statement blowing down the street?
Instead of looking at what's printed on the shreds, they should just scan the edges of each shred with a microscope. The orientation of the fibers at the edge would form a signature which could be matched to other shreds like a fingerprint. It would require higher res scanning, but I bet it would give almost perfect results.
Ihave no confidence in straight line shredders.
After doing some reading about how easy it was to put documents back together after they'd been shredded I did a little bit of testing.
The unit tested was a Fellowes DM-3. I think I paid $50 for this thing at Staples a few years ago.
Out of a waste basket that had about 50 shredded items in it, I was able to put 2 documents back together before I quit.... the first 2 I tried.
It's ridiculously easy. Advertisements usually come artwork on them... it was trivial to match up one of those. I just found all the strands that were (in this case) predominantly blue and orange, and arranged them. Easy.
In the second case, I went for something more like plain paper, a greyscale bank statement. The type of paper.. slightly grey, and the bank logo helped me identify those strands. After a few minutes, there were my transactions and balance. Not cool.
Part of what made this so easy is that the shredder doesn't seperate the strands after shredding. They just kind of fall on the pile more or less in linear order.
I've heard that bi-directional shredders are better, I haven't gotten around to buying one yet.
Huh?
Not just in the field. One of my duties when I was in Signal Corps, posted to the Diefenbunker, was to take the bags of already shredded classified waste out to the incinerator and burn them. And stir the ashes.
-- Alastair
The goverment has known and use this fact for over 20 years. The real shredders turn the paper into a very fine powder. If you want references go back to gulf war I. There was the report of a fire on the ship, well that was the shredding room. Turns out when you have an airborn powder a single spark will cause an explosion. (cross refrence grain elevators)
Have fun,
The whole point, is to destroy data to the level of your needs (i.e. risk). Obviously, if you are the NSA or a medical records place you need good shredding, but the whole point (of my linear shredder) is to make it more work for someone to get my data, than it is the neighbor's data. Then the dumpster diving bums will skip me. (You could could regularly start a gasoline fire in your dumpster I suppose, but the cops tend to frown on that activity.)
So I shred and add to the dumpster, with confidence that someone else's stuff is a lot easier to get to than mine.
I should have got a cross cut simply because it fits more pages per canister of waste, the ribbons do not fall and compact nicely like the little chips do.
There are "dusters" which pull the paper apart into dust-like fuzz instead of cleanly cutting them, those gotta be pretty close to being like burning + stirring, as the letters would be disassembled as well as the words and phrases.
I am not really looking for a perfect system, just to do an easy and simple way of reducing of the many ways data can leak out.
[Complaining that shredders are usless because the waitress can get the number is silly, that's like saying you won't patch IIS because someone could always walk by the machine and reboot it with a floppy disk in the drive. Chances are you'll get probes via the web server more often than someone tries to reboot the box while standing there... It's all about risk reduction, do a little bit where the return is best until you reach your ideal risk/work level.]
What I think would be a good solution would be a shredder with a built-in printer -- it will print random text over the sheet before shredding it, to make the text unreadable even if reassembled.
You're not off the hook just yet. Sure, you up the level of difficulty, but deciphering is still possible. Here's how:
Each writing utensil out there (printers, pens, pencils) have different chemical components in the material they use to write, e.g. the chemical composition of an HP toner for a LaserJet II might differ from that of a LaserJet 1200, and will most likely differ significantly from that of an offset printer. Same thing with pens -- two pens whose color looks identical might end up having totally different compounds in them. By testing various areas of the shredded paper, one could figure out 1) how many different inks were used; 2) map the presence of those inks on each bit of paper; 3) use that information to piece the bits together, much like duplex printing would be used.
Where else is such knowledge useful? Check forging, for one. Someone writes you a check (or you steal someone else's), you add a zero or turn a 3 into an 8 (or a 1 into a 7), cash it and run off with the money. Sure, sounds far-fetched, but has about the same probability of occurrence as someone using one of these $8k machines to piece together your most recent bank statement.
Have EVDO, will travel.
So shredding is good, just not good enough.
-- Thou hast strayed far from the path of the Avatar.
We wrote a book called, The Washington Connection and the resulting scandal was called Koreagate.
I've scanned the shreds-related photos from "The Washington Connection" for Slashdot users. The link to a thumbnail page of those photos is at: lewisperdue.com/book-covers/washington-conection.s html
The processing power for our operation came from open-source wetware running on carbs and adrenaline supplemented by adequate doses of ethanol. We experienced frequent meatware crashes as the result of overloaded I/O handlers.