Slashdot Mirror
Picking Up the Pieces
ravenousbugblatter writes "The New York Times online ran an article yesterday titled Picking up the pieces that talks about new technology that can recover information from shredded documents. Not only can companies scan strip-shredded paper and recover the information, they can do the same with cross-shredded paper. It comes at a price though - one company charges $8,000-$10,000 to "reconstruct" the information in a cubic foot of cross-shredded material. How's it done? The shreds are glued onto a piece of paper and then scanned. Software then looks for matches (in one case using the pattern of ink at the edges of the pieces) and suggests possible combinations to the operator that can be accepted or rejected."
...on a really good television show that had far too short a life.
The Lone Gunmen - Those three 'nerds' from the X-Files; Frohicke, Langly, and Byers. Great guys. Great show.
There was one episode in which a rather critical clue was found in a shredded document; Langly and Frohicke were seen pressing the strips of paper between two pieces of contact paper and then scanning the sheet. A program therein sorted the strips, and matched them up. Voila, un-shredded document.
Great idea. Really.
Informatus Technologicus
Sounds like the folks in the Giant Black Marker Business stand to make a lot of money then. Ever tried to recover info from a page that's been "Blacked Out"? It's pretty mcuh impossible. It's not a good way to do things when you have 3 million pages of whatever to destroy, but surely technology will soon give us the More Giant Black Marker and privacy/corruption can continue.
Caffeine Good
While I can see your point, the fact that shredders are so cheap ($20-50) and quick (4-10 sheets at a time) makes it fairly easy to give yourself a more secure feeling.
Given that a substantial number of people I know or work with have been fraud victims, I'd say the likelihood is significant. The question is whether or not the one-time cost of a $40 shredder is justified. The potential time and hassle of tracking down and closing fraudulent accounts amounts to far more than $40. If you don't value your time at all, then don't buy a shredder.
At a government agency that I used to work for, all documents were cross shredded then eventually dumped into a what amounted to a big blender (slurry tank) that mixed the little paper sheddings with water/bleaches/detergants to make a fine paper pulp, this was then pressed into bales sold to paper recyclers. (This agency was the largest recycler in the state :-) )
I was working at an office in Manila for a while and one day some other guys in the office noticed a man at a table down the street a ways selling papers. When they stopped and looked at the papers, they discovered they were from our office- they had been pulled from the trash and he was selling them for something like 10 pesos a sheet (though it didn't look like he was making much of a killing). Not that they were particularly sensitive, but some of the papers had contact information on them, so we began shredding everything that had names on it.
When I got back home to the states, I was a product development manager, and one of the first things I did was buy a nice shredder for my company. At first everyone laughed- they said I was being paranoid, but it was mostly out of habit. Pretty soon everyone was using it, though. I realized after a while that deep down I hadn't really bought the shredder because I was worried about privacy or anything, but because it's addictive. Sometimes there were lines in front of the shredder. People were shredding notes from the morning's staff meetings. People were shredding poems that they had just printed off the Internet. If anyone were to pay $8,000 to recover one of our documents, the truth is that they'll likely find a page of Holy Grail script. ("Aha! Just as we suspected! This document proves they're doing research on swallows.")
The lesson is, shred lots of junk while you're at it. It's fun for you, bad for whoever's trying to look at your stuff, and probably fun for the guy with the glue getting paid to recover stuff.
Ihave no confidence in straight line shredders.
After doing some reading about how easy it was to put documents back together after they'd been shredded I did a little bit of testing.
The unit tested was a Fellowes DM-3. I think I paid $50 for this thing at Staples a few years ago.
Out of a waste basket that had about 50 shredded items in it, I was able to put 2 documents back together before I quit.... the first 2 I tried.
It's ridiculously easy. Advertisements usually come artwork on them... it was trivial to match up one of those. I just found all the strands that were (in this case) predominantly blue and orange, and arranged them. Easy.
In the second case, I went for something more like plain paper, a greyscale bank statement. The type of paper.. slightly grey, and the bank logo helped me identify those strands. After a few minutes, there were my transactions and balance. Not cool.
Part of what made this so easy is that the shredder doesn't seperate the strands after shredding. They just kind of fall on the pile more or less in linear order.
I've heard that bi-directional shredders are better, I haven't gotten around to buying one yet.
Huh?
Not just in the field. One of my duties when I was in Signal Corps, posted to the Diefenbunker, was to take the bags of already shredded classified waste out to the incinerator and burn them. And stir the ashes.
-- Alastair
The goverment has known and use this fact for over 20 years. The real shredders turn the paper into a very fine powder. If you want references go back to gulf war I. There was the report of a fire on the ship, well that was the shredding room. Turns out when you have an airborn powder a single spark will cause an explosion. (cross refrence grain elevators)
Have fun,
The whole point, is to destroy data to the level of your needs (i.e. risk). Obviously, if you are the NSA or a medical records place you need good shredding, but the whole point (of my linear shredder) is to make it more work for someone to get my data, than it is the neighbor's data. Then the dumpster diving bums will skip me. (You could could regularly start a gasoline fire in your dumpster I suppose, but the cops tend to frown on that activity.)
So I shred and add to the dumpster, with confidence that someone else's stuff is a lot easier to get to than mine.
I should have got a cross cut simply because it fits more pages per canister of waste, the ribbons do not fall and compact nicely like the little chips do.
There are "dusters" which pull the paper apart into dust-like fuzz instead of cleanly cutting them, those gotta be pretty close to being like burning + stirring, as the letters would be disassembled as well as the words and phrases.
I am not really looking for a perfect system, just to do an easy and simple way of reducing of the many ways data can leak out.
[Complaining that shredders are usless because the waitress can get the number is silly, that's like saying you won't patch IIS because someone could always walk by the machine and reboot it with a floppy disk in the drive. Chances are you'll get probes via the web server more often than someone tries to reboot the box while standing there... It's all about risk reduction, do a little bit where the return is best until you reach your ideal risk/work level.]