Slashdot Mirror

← Back to Stories (view on slashdot.org)

Picking Up the Pieces

Posted by michael on from the all-the-king's-men dept.

ravenousbugblatter writes "The New York Times online ran an article yesterday titled Picking up the pieces that talks about new technology that can recover information from shredded documents. Not only can companies scan strip-shredded paper and recover the information, they can do the same with cross-shredded paper. It comes at a price though - one company charges $8,000-$10,000 to "reconstruct" the information in a cubic foot of cross-shredded material. How's it done? The shreds are glued onto a piece of paper and then scanned. Software then looks for matches (in one case using the pattern of ink at the edges of the pieces) and suggests possible combinations to the operator that can be accepted or rejected."

49 of 529 comments (clear)

  1. Shredding is for wimps. by Anonymous Coward · · Score: 5, Funny
    That's why I always dissolve my old paper in concentrated sulfuric acid.

    1. Re:Shredding is for wimps. by vasqzr · · Score: 5, Funny


      I eat my shredded paper in a bowl with milk.

      mmmm, fiber

    2. Re:Shredding is for wimps. by BlackHawk-666 · · Score: 3, Funny

      We all do that, but most of us do it in prepackaged boxes bought at the supermarket labelled "breakfast cereal" or "shredded wheat" ;-0

      --
      All those moments will be lost in time, like tears in rain.
    3. Re:Shredding is for wimps. by los+furtive · · Score: 4, Funny
      In the Canadian Forces it was regular practice in the field to simply burn any document that had a classicifaction higher than Protected A (pretty much Confidential and above). I've had to do it more than once. Of course, burning isn't enough, you then need to pulverise the ashes since you can often still read from the burnt paper.

      It wouldn't phase me it we found out the NSA has a method of determining the contents of a document by reading the smoke that is generated as it burns ;-)

      --

      I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.

    4. Re:Shredding is for wimps. by VikingBerserker · · Score: 4, Funny

      Actually, we in the intelligence community prefer to scan the target's cerebellum as he/she is in the process of reading the document. Not only do we get the document in question, but we also learn its pertinence at the same time. Once in a while we get a bonus, like a nice new recipe for Poutine.

    5. Re:Shredding is for wimps. by AJWM · · Score: 4, Interesting

      Not just in the field. One of my duties when I was in Signal Corps, posted to the Diefenbunker, was to take the bags of already shredded classified waste out to the incinerator and burn them. And stir the ashes.

      --
      -- Alastair
  2. Still a good idea... by ajiva · · Score: 4, Insightful

    Shredding your financial statements is still a good idea. It keeps people from going through your trash and getting financial information. Everyone should at least get a straight line shredder and shred everything that they don't use.

    1. Re:Still a good idea... by plalonde2 · · Score: 3, Insightful
      Have you done the risk analysis on this?

      What is the realistic likelyhood of someone pulling your financial information from your trash? It's substantially more effecient to just throw your statements out to the street on trash day under your coffee grinds.

      This tendancy towards living in fear scares me.

    2. Re:Still a good idea... by preric · · Score: 3, Interesting

      While I can see your point, the fact that shredders are so cheap ($20-50) and quick (4-10 sheets at a time) makes it fairly easy to give yourself a more secure feeling.

    3. Re:Still a good idea... by Chazmyrr · · Score: 4, Interesting

      Given that a substantial number of people I know or work with have been fraud victims, I'd say the likelihood is significant. The question is whether or not the one-time cost of a $40 shredder is justified. The potential time and hassle of tracking down and closing fraudulent accounts amounts to far more than $40. If you don't value your time at all, then don't buy a shredder.

    4. Re:Still a good idea... by Cyno · · Score: 4, Funny

      I'm not paranoid enough to shred my financial documents. But I'll happily encrypt all my data.

      I don't trust you. Its not that I don't trust some criminal who might be after my money. I don't trust YOU. My neighbor, my friend, my fellow citizen. Because I watched you vote.

    5. Re:Still a good idea... by Rogerborg · · Score: 3, Insightful

      Sure, because it takes no time to sort your documents into shred and no-shred, shred them, then empty the shredder into the trash, rather than just lobbing everything in there.

      In a society that gives out credit card numbers as easily as names, it never ceases to amaze me the number of people that assume that their card number has been swiped from their trash rather than from any one of the other zillion places that it lives.

      --
      If you were blocking sigs, you wouldn't have to read this.
    6. Re:Still a good idea... by Nic-o-demus · · Score: 5, Interesting

      I was working at an office in Manila for a while and one day some other guys in the office noticed a man at a table down the street a ways selling papers. When they stopped and looked at the papers, they discovered they were from our office- they had been pulled from the trash and he was selling them for something like 10 pesos a sheet (though it didn't look like he was making much of a killing). Not that they were particularly sensitive, but some of the papers had contact information on them, so we began shredding everything that had names on it.

      When I got back home to the states, I was a product development manager, and one of the first things I did was buy a nice shredder for my company. At first everyone laughed- they said I was being paranoid, but it was mostly out of habit. Pretty soon everyone was using it, though. I realized after a while that deep down I hadn't really bought the shredder because I was worried about privacy or anything, but because it's addictive. Sometimes there were lines in front of the shredder. People were shredding notes from the morning's staff meetings. People were shredding poems that they had just printed off the Internet. If anyone were to pay $8,000 to recover one of our documents, the truth is that they'll likely find a page of Holy Grail script. ("Aha! Just as we suspected! This document proves they're doing research on swallows.")

      The lesson is, shred lots of junk while you're at it. It's fun for you, bad for whoever's trying to look at your stuff, and probably fun for the guy with the glue getting paid to recover stuff.

    7. Re:Still a good idea... by JUSTONEMORELATTE · · Score: 5, Funny

      It's substantially more effecient to just throw your statements out to the street on trash day under your coffee grinds.
      Coffee grinds? Bah! As a parent, I have two words for you:
      diaper pail
      If someone gets my credit card statement, they damn well deserve it.

      --

    8. Re:Still a good idea... by killmenow · · Score: 3, Funny

      I don't care about risk analysis. If there's a chance at all, (as others have pointed out) you can get a shredder for ~ 20 USD. I told my aunt to buy me a crosscut shredder for Christmas or something so got it free.

      Besides, the cost and the risk are not the point (for me). I just freaking love the feeling I get when I run solicitations through it. Jesus I love that scrunchy crunchy grinding noise it makes.

      I swear my blood pressure gets a few points closer to normal every time I shred something. Paper shredders: they do a body good!

    9. Re:Still a good idea... by Copid · · Score: 4, Insightful

      I would agree with you, but it depends on where you live. If you're a college student living in on-campus apartments, you should shred your documents. I've seen people dumpster diving for financial information in such areas. The campus police had a hard time staying on top of the problem where I lived. College students are good targets because their trash is frequenly mostly paper, they have to put their SSN on just about everything (at least, they used to), and their trash is almost inevitably full of credit card statements and other financial detritus. Combine that with big, shared dumpsters full of bags like that and you have a prime target. Sure, somebody probably isn't going to grab your specific garbage can in the suburbs, but the likelihood of being a target in some areas is quite high.

      --
      An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
    10. Re:Still a good idea... by Jucius+Maximus · · Score: 4, Informative
      "Enlighten me. Given that I properly destroy PIN numbers and the like, what use could my financial information (bank statements, credit card bills, etc) be to anybody else?"

      Having worked at a bank and received anti-fraud and anti-identity-theft training, I know that there is a lot of evil stuff that could be done with that information.

      For example that government tax document that wasn't shredded probably has your Social Security Number, your name and your address. The SSN is one of the most prized possessions among fraudsters. Just that information alone is enough to do evil things like apply for new credit cards in your name that you don't know about. Or open lines of credit or bank accounts, cell phone accounts, etc. in your name. Of course if you haven't paid for a credit check document lately you won't see all of these accounts in your name.

      That bank statement with recent bank activity can also be used to impersonate you. You could do telephone banking, tell them you forgot your "secret word" and then they will ask you about recent transactions, what other accounts you have with them, etc. and then assume that the fraudster is the genuine article. And they have access to all of your bank funds via telephone banking. They could start requesting replacement credit cards and bank cards with new PIN numbers.

      At this point, you are thoroughly hosed for life and even if you do manage to clean it up, it will be hell opening a bank account or credit card because all of the fraud warnings on your name. You'll have a lot of trouble getting leasing on a car or taking advantage of one of those "don't pay until 2005" deals at the furniture store.

      The moral of the story: SHRED YOUR DOCUMENTS. And for goodness sakes, use your other hand to cover that PIN entry keypad whenever you're using your bank card.

    11. Re:Still a good idea... by wideBlueSkies · · Score: 5, Interesting

      Ihave no confidence in straight line shredders.

      After doing some reading about how easy it was to put documents back together after they'd been shredded I did a little bit of testing.

      The unit tested was a Fellowes DM-3. I think I paid $50 for this thing at Staples a few years ago.

      Out of a waste basket that had about 50 shredded items in it, I was able to put 2 documents back together before I quit.... the first 2 I tried.

      It's ridiculously easy. Advertisements usually come artwork on them... it was trivial to match up one of those. I just found all the strands that were (in this case) predominantly blue and orange, and arranged them. Easy.

      In the second case, I went for something more like plain paper, a greyscale bank statement. The type of paper.. slightly grey, and the bank logo helped me identify those strands. After a few minutes, there were my transactions and balance. Not cool.

      Part of what made this so easy is that the shredder doesn't seperate the strands after shredding. They just kind of fall on the pile more or less in linear order.

      I've heard that bi-directional shredders are better, I haven't gotten around to buying one yet.

      --
      Huh?
    12. Re:Still a good idea... by IIH · · Score: 3, Insightful
      Sure, because it takes no time to sort your documents into shred and no-shred, shred them, then empty the shredder into the trash, rather than just lobbing everything in there.

      For the same reason that all email should be encrypted to the same level, you should shred everything, not just items that you consider condifential. Otherwise you're doing some of the work of the attacker for him, by sorting out the data into important and not-important.

      --
      Exigo spamos et dona ferentes
  3. Question... by stoney27 · · Score: 4, Insightful

    Ok I havn't read the story, yet but one quesion comes to mind. How do they handle double sided printing? And if they can't, more the reason to print double sided, besides saving paper.

    -S

    --

    It is said that a child learns wisdom from the parent,
    but the truly wise parent learns joy from the child
  4. If people only knew... by creative_name · · Score: 4, Funny

    ...they were shelling out $8,000-$10,000 for some dude to sit in a room with a couple of cases of crazy glue and a knack for deciphering ink blots...

    Crap! my secret's out.

    --
    Posting as directed.
  5. This is why by pizen · · Score: 4, Insightful

    This is why sensitive information should be incinerated after it has been cross-shredded.

    1. Re:This is why by micromoog · · Score: 4, Insightful

      Why bother cross-shredding it first?

    2. Re:This is why by seafortn · · Score: 3, Informative

      Having spent 6 months burning everything I produced, I'll tell you I would have killed for a shredder - it takes FOREVER for a stack of papers to burn, so you have to either crumple every sheet of paper you throw in the burn bag, or resign yourself to spending 30 minutes standing next to a burn barrel, stirring your mass of papers with a long metal pole. (and of course the wind always blows the smoke right towards you).

    3. Re:This is why by Cpt_Kirks · · Score: 3, Funny

      For the explosion? I once saw an idiot 2Lt dump a box of 1x2mm document shreds into a blazing burn barrel.

      Tiny bits of paper + oxygen + hot flame = Lots of fun (if you're not too close).

    4. Re:This is why by Pluribus · · Score: 4, Interesting

      At a government agency that I used to work for, all documents were cross shredded then eventually dumped into a what amounted to a big blender (slurry tank) that mixed the little paper sheddings with water/bleaches/detergants to make a fine paper pulp, this was then pressed into bales sold to paper recyclers. (This agency was the largest recycler in the state :-) )

  6. New proverb: by naner42 · · Score: 5, Insightful

    Never put all your shreds in one waste-basket.

    --
    Self realization: I was thinking of the immortal words of Socrates, who said: "I drank what?"
  7. DOes this violate the DCMCA? by Unknown+Poltroon · · Score: 5, Funny

    I mean, isnt shredding a type of encrypton? And isnt this reverse engineering?

    I think ive mispelled every word in here.

    --
    All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
  8. This was seen done... by HaloZero · · Score: 5, Interesting

    ...on a really good television show that had far too short a life.

    The Lone Gunmen - Those three 'nerds' from the X-Files; Frohicke, Langly, and Byers. Great guys. Great show.

    There was one episode in which a rather critical clue was found in a shredded document; Langly and Frohicke were seen pressing the strips of paper between two pieces of contact paper and then scanning the sheet. A program therein sorted the strips, and matched them up. Voila, un-shredded document.

    Great idea. Really.

    --
    Informatus Technologicus
  9. Impressive by jhines0042 · · Score: 4, Funny

    But I guess thats why the government always burns sensitive papers.

    Although... I remembering hearing about a set of government instructions that once said:

    1) Destroy all copies of this document once you have read it.
    2) But make a copy first for your records.

    --
    42 - So long and thanks for all the fish.
    1. Re:Impressive by panda · · Score: 4, Informative

      Actually, at the NSA (and CIA, too IIANM), they shred documents with a cross-cut shredder, then dump it all into a mulching vat where the documents are slowly dissolved and made into a greyish goo which can be used to make brown paper. I don't recall if they actually make the paper at the end or how they dispose of the goo, if they don't make paper from it.

      If you're really paranoid about getting rid of data, mulching and consequently making paper, is much better than burning because burning leaves shriveled bits behind that can be analyzed to gain some notion of what was on the paper to begin with. Yes, I have seen most of a burned document recovered using chemical and laser analysis of the charred remnants. You would be surprised at what actually survives an attempted or accidental destruction by fire. Also, you can get better quality paper and more destruction of data by using high-powered jets to spray the ink out of the paper. (one company was advertising just such a method for cleaning paper to get better quality recycled paper. I forget just what they proposed doing with the ink.)

      No, I'm not a spook. I don't work for the above agencies, but I have had some short term experience in document recovery and archival preservation, plus most of what you want to know about effective document recovery can be found in non-classified sources (books and the 'Net).

      No, I'm not going googling for you. Do your own legwork, ya lazy bums! :-)

      --
      Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
  10. Hm... social engineering! by Monkeylaser · · Score: 3, Insightful
    I don't know about you guys, but this could conceivably make corporate espionage that much easier.

    Companies had better get more thorough in destroying their documentation if their information can still be gleaned after shredding.

    An evil thought occured to me. What sort of things could you glean from microsoft's trash using one of these programs. Any of the open-source crowd on here brave enough to find out? Could make for some amusing reading, those company memos.

  11. Change is coming by INMCM · · Score: 3, Interesting

    Sounds like the folks in the Giant Black Marker Business stand to make a lot of money then. Ever tried to recover info from a page that's been "Blacked Out"? It's pretty mcuh impossible. It's not a good way to do things when you have 3 million pages of whatever to destroy, but surely technology will soon give us the More Giant Black Marker and privacy/corruption can continue.

    --
    Caffeine Good
    1. Re:Change is coming by multipartmixed · · Score: 3, Insightful

      GBM would be relatively easy to "undo" with access to an appropriate lab. GBM ink is soaked into the paper; laser printing/photocopy ink is melted onto it.

      It might be as simple as finding something which will react with toner to make it fluoresce under UV.

      --

      Do daemons dream of electric sleep()?
  12. Re:Simple workaround. by bourne · · Score: 4, Funny

    Or you could flush it down the toilet after you tear 'em up.

    DO NOT TRY THIS.

    I tried to do this with a teacher's note when I was in 4th grade or so. The ripped up little pieces floated happily around and never flushed.

    Maybe it will work with a powerful industrial-strength "sounds-like-an-airplane-taking-off" mechanism but, if you're working with a standard home toilet, you're unlikely to get the results you wanted.

  13. When I was... by stubear · · Score: 4, Informative

    ...in the Air Force we shredded documents on a regular basis. The shredder basically turned the paper into a fine powder. We had to put the resulting powder into black bags "for fear of information being weened from unathorized viewing of the dust through the clear bags the shredded used". I always thought the computer required to piece these documents together would be enormous and would take centuries to simply match one letter from one document. The thousands of documents shredded at one time would take thousands lifetimes and by then the information would be beyond useless.

    1. Re:When I was... by Salgak1 · · Score: 4, Funny
      I was in the USAF as well. We also had the "powdering" shredder, but OUR SOP was to shred docs, place in the black plastic bag, stop by the Field Maintenance Squadron, sign for a 1-2 gallon container of JP-4, then call Civil Engineering and the Security Police Squadron. We'd all meet at a remote location on base, I'd empty the bags into a steel drum, followed by the JP-4, CE would throw in a radio-controlled incediary thingie, and we'd all retreat 50 yards or so, the cop would make a radio call, and the CE guy pressed the trigger. Big fireball, pillar of flame for 5 minutes, and then walk back up, stir the ash, another gallon of JP-4, and repeat.

      I don't even want to THINK what they had to do with the TOP SECRET and Compartmented waste. . .

    2. Re:When I was... by JUSTONEMORELATTE · · Score: 4, Funny

      I was in the USAF as well. We also had the "powdering" shredder, but OUR SOP was to shred docs, place in the black plastic bag, stop by the Field Maintenance Squadron, sign for a 1-2 gallon container of JP-4, then call Civil Engineering and the Security Police Squadron. We'd all meet at a remote location on base, I'd empty the bags into a steel drum, followed by the JP-4, CE would throw in a radio-controlled incediary thingie, and we'd all retreat 50 yards or so, the cop would make a radio call, and the CE guy pressed the trigger. Big fireball, pillar of flame for 5 minutes, and then walk back up, stir the ash, another gallon of JP-4, and repeat.
      One has to wonder how much this was dictated by security requirements, and how much is was just because you could.

      --

  14. Memory holes. by rice_burners_suck · · Score: 4, Funny

    For this reason, I don't throw away shredded papers. I had memory holes installed in my home, a la 1984, and whenever I throw away a paper, all I do is throw it in the memory hole and a vacuum sucks it away and into a furnace that burns the paper until it nothing but dust. I mix it with dirt, soil and fertilizer, and then I spread it all over my yard. The plants love it.

  15. Document FLAMER! by WPIDalamar · · Score: 3, Funny

    Excellent! Since shredding isn't secure anymore, when are we going to get personal paper INCINERATORS. Put paper in... press button... KAZAAM, 4 foot flames shoot out of the bin.

  16. In related news... by chad_r · · Score: 5, Funny

    ... Arthur Andersen accountants and Enron executives were reported to have pooped their pants upon hearing this.

  17. Who's paranoid? by arth1 · · Score: 4, Insightful

    Papers that have been burned are usually readable, as long as the ashes aren't totall crumbled into particles. The burnt ink will have a different shade of grey than the burnt paper. It takes work, but you can reconstruct paperwork quite well from burnt papers. In many cases even easier than shredded paper, as the fragments are larger.

    If burnt until the ashes turns white again, it's even easier -- then the text will often stand out in black on white again, and be directly readable by a human eye.

    What I think would be a good solution would be a shredder with a built-in printer -- it will print random text over the sheet before shredding it, to make the text unreadable even if reassembled.
    If anyone hasn't patented it, it's too late now - I hereby declare the idea public domain and knowledge.

    Regards,
    --
    *Art

    1. Re:Who's paranoid? by PhilHibbs · · Score: 3, Funny
      What I think would be a good solution would be a shredder with a built-in printer
      You mean a shrinter?
  18. Re:Diced documents? by FattMattP · · Score: 5, Funny
    I wonder how long it will be before we see the first shredders that slice the documents into squares instead of long strips.
    It'll be about 20 years ago. At least.
    --
    Prevent email address forgery. Publish SPF records for y
  19. Re:O Canada by los+furtive · · Score: 4, Informative
    Har-dee-har-har. Here's the breakdown:
    • Protected A, B, C: Any information that can negatively affect or harm an individual. For example, phone lists and such are Protected A, while medical records would be Protected B, and a psychological profile might be Protected C.
    • Confidential, Secret, Top Secret: While protected works at individual level, C/S/TS works at the the army as a whole. The more damage it can cause to the military if information is revealed, the higher it goes. And it's the same as the US, in fact I think most if not all NATO countries us the same thing.
    • Bonus ones: COSMIC, ATOMAL, etc: These ones aren't discussed in public very much. COSMIC TOP SECRET is used by NATO countries, while ATOMAL is used by the US for restricted date.
    • Misc: CANUSUK, NATO, etc...: Canadian/UK/US eyes only, restricted to NATO countries only. There a whole pot pourri of other classifications.

    As a clerk in the forces I was privy to Secret and below, including NATO and CANUSUK stuff, the most secret stuff was reports of incidents in Bosnia/Crotia in the mid 90's, deaths, specific locations of troups etc. It was kind of fun because I would read them in the morning while posting the mail, and then see it in the news the next day. Hope this has been enlightening for you.

    --

    I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.

  20. Re:First by Bigby · · Score: 3, Funny

    I'm surprised this company hasn't been sued for violating the DMCA because they are attempting to "circumvent a security feature".

  21. Real Military shedders by shatten · · Score: 3, Interesting

    The goverment has known and use this fact for over 20 years. The real shredders turn the paper into a very fine powder. If you want references go back to gulf war I. There was the report of a fire on the ship, well that was the shredding room. Turns out when you have an airborn powder a single spark will cause an explosion. (cross refrence grain elevators)

    Have fun,

  22. X10 Web Cam in the voting booth? by duck_prime · · Score: 3, Funny
    I don't trust you. Its not that I don't trust some criminal who might be after my money. I don't trust YOU. My neighbor, my friend, my fellow citizen. Because I watched you vote.
    Well maybe if you'd stop leaning over my shoulder while I vote, I'd stop poking through your trash bin.
  23. My Observations by jafiwam · · Score: 3, Interesting

    The whole point, is to destroy data to the level of your needs (i.e. risk). Obviously, if you are the NSA or a medical records place you need good shredding, but the whole point (of my linear shredder) is to make it more work for someone to get my data, than it is the neighbor's data. Then the dumpster diving bums will skip me. (You could could regularly start a gasoline fire in your dumpster I suppose, but the cops tend to frown on that activity.)

    So I shred and add to the dumpster, with confidence that someone else's stuff is a lot easier to get to than mine.

    I should have got a cross cut simply because it fits more pages per canister of waste, the ribbons do not fall and compact nicely like the little chips do.

    There are "dusters" which pull the paper apart into dust-like fuzz instead of cleanly cutting them, those gotta be pretty close to being like burning + stirring, as the letters would be disassembled as well as the words and phrases.

    I am not really looking for a perfect system, just to do an easy and simple way of reducing of the many ways data can leak out.

    [Complaining that shredders are usless because the waitress can get the number is silly, that's like saying you won't patch IIS because someone could always walk by the machine and reboot it with a floppy disk in the drive. Chances are you'll get probes via the web server more often than someone tries to reboot the box while standing there... It's all about risk reduction, do a little bit where the return is best until you reach your ideal risk/work level.]