Slashdot Mirror
Not-So-Clean Hard Drives For Sale
Saeed al-Sahaf writes "The Register is running a story about a security consulting company that as part of a study bought hard drives and laptops on eBay, and then was able to recover highly sensitive data including customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for their secure Intranet site. This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD). Looks like it's hardly necessary for crooks to get at your private information, although I sure industrial espionage spooks have probably done this for awhile." Shades of the recent post about recovering sensitive contents from swap partitions.
http://www.killdisk.com/eraser.htm
Its worth its weight in gold.
Is the juice worth the sqeeze?
Stop, timothy... we've heard this joke before. In fact, you seem to post this same story every nine months or so.
Circa September 2003... nine months ago.
Circa January 2003... eighteen months ago.
Then again, we've been talking about this problem for a year and a half, yet there still are people stupid enough to be selling HDs with readable data that should be kept secret on them without doing DOD-level formatting.
- Get a Torx screwdriver set from your local hardware store.
- Open the hd. Save the cool looking screws.
- Turn the platters into coasters.
- Just make sure you don't hurt yourself when playing with the magnets.
Perhaps advice for anyone planning to let go of a hard drive:
Use the shred utility, with a good number of iterations (25 sounds good). Go to the root directory and issue
shred -n 25 -u -v *
Then when you're done with that, low level format the drive using a disk utility such as the ones that come with Maxtors and Western Digital drives.
$cat
What they should have used: Secure Harddisk Eraser
The Secure harddisk eraser is a Linux boot floppy that overwrites your drive with random bits. Comes in a 3-pass and a 35-pass version. Insert, boot, wait for beep. Free as in GPL.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
That is only gratis software, so you really don't know how well it works, if at all.
A better choice is Eraser, it is GPLed.
http://sourceforge.net/projects/eraser/
You can also make a nuke boot disk with this program that automatically starts erasing everything upon start up. Don't forget to clearly label it ;).
3dinfo@maficstudios.com
actually, windows' formatting does NOT delete the data, it just checks the disk and makes the disk nice and clean, but most of the space is not altered, so your old "hobbies" might still be evident, even after formatting.
He say 1 and 1 and 1 is 3, got to be good lookin' cause hes so hard to see...
No, because these days you're not supposed to do the low-level formatting yourself. That's done by the manufacturer.
I guess that depends on the context. I mean, if you are a large company reselling entire PCs that were scrapped due to a recent departmental upgrade, then you might recover some value. Those PCs that were sold still contain information on their HDDs. Here in AZ, there are many auctions every weekend where one can purchase used PCs that were scrapped by some company by the pallet load. I'm sure if one wanted to spend the time, then one coudl obtain a wealth of information from the drives contained therein.
Be Safe! Sleep with a Marine. Semper Fi!
Well that depends on what you mean by 'low level format'.
Re-formatting ata hard drives at a truly low level can mess the disk organisation in ways that seriously degrade performance.
If your referring to a 'full' format with does more than the 'quick' format that mearly marks the drive as empty, well it's easy, and of very little use in this case.
Simply writing zeros to every location on the hard drive that stores data doesn't completely erase the data. That is the magnetic field of the bits are not set at exactly '0'. Slight variations in the magnetic material, write head field strength, and positioning all contribute to increase the odds of data being recoverable.
One way to improve your odds is to repeatedly write a series of 1's and 0's to a location to help average out these variables as well as use the hysteresis(sp?) effect to 'degause' the location, this is what 'shredder' programs do (the ones that aren't crap).
Some programs even go so far as to not simply write 11111111 then 00000000 over and over to the same byte, but to use other patterns so that the fields of niegboring bits add to the deguas effect in destroying the data.
At one time (and probably to this day) the US DOD specs used to require a certain number of passes of 0 and 1 bits followed by the writing of a specific bit pattern before a hard drive was considered to have been properly erased.
And yes each pass does put a little wear and tear on the drive, not enough to worry about unless your 'shredding' the drive quite a few times, but still worth noting.
The number of passes used and what if any special patterns are used determine the amount of effort it would take to recover the data, kind of like key length in cryptography. Adjust paranoi settings apropriately. (note: the anology is imperfect as hell, 1024 might be a mediocre key length, but thats enough shred passes to noticeably shorten drive lifespan.)
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
They think once it is formated evrything is gone but not so...I think HD manufacturers should put warning labels on there hds, They already provide Free utils to write zeros to the hd for that purpose.
There is a good program called DBAN available from dban.sourceforge.net which is linux-based boot disk that does a good job overwriting to at least one of the DoD specs.
Properly shredding data on disk requires writing known values that also set the ECC bits to all possible values. That requires knowledge of the ECC being used on the disk. Many disk scrubbers actually write so many known vlues because they are attempting to catch all of the common ECCs.
Click here
The floppy disk I created is red and I went so far as to draw a skull and crossbones on it, knowing full well what booting this thing does to a PC. A disk like this is an essential little tool to any geek's arsenal.... alongside Knoppix and tomsrtbt.
The only thing is it takes HOURS to DoD wipe a hard disk. It took 15 hours for me to fully DoD a 40GB drive.
READY.
PRINT ""+-0
Eraser actually uses Darik's Boot and Nuke when you use it to wipe an entire drive. See the features page.
For this reason, I believe the DOD reccomends writing random data to the disk 7 times, to guarentee that it is destroyed.
Remember, however, that any overwriting makes it impossible to recover data except by special means far beyond that of a normal file recovery program. Tools that recover data after it has been overwritten are not easy to make, and I'm not even sure that they would run on computer hardware. It's possible that such recovery would require special ATA firmware, or even replacing the hard disk firmware.
I'm not an expert, but that is what I've been able to grok from casual reading on the subjectt.
The Cheese Stands Alone.
A few years ago, DoD spec for erasing info classifed "Confidential" was a minimum of seven passes with varying strings of 1's and 0's. DoD "erasure" for a drive that has held "Secret" data involved opening the case and applying a power sander to each surface until ALL the magnetic media has been sanded off, or in a combat situation where the destroying authority was prepared to sign that time was absolutely critical, thermite or white phosporous grenades. I don't remember offhand what the spec was for Top-Secret, as I never had to know that one.
Who is John Cabal?
find out how they were erased so we could find out how not to do it, and where they were not successful in recovering info to go back to those companies to find out how they did wipe that info properly.
Most likely it's very simple. The disks they recovered info from were not overwritten and the disks they couldn't recover information from were overwritten. A format that operates mostly in read-mode will leave most of the information intact on the disk. I have even FDISK'd, messed around with varying partitioning schemes, reformatting, and to my surprise eventually winding up with the original contents of a partition still readable.
Something as simple as
dd if=/dev/zero of=/def/hda
and let it run until it's finished would be adequate to put the disks into their "couldn't recover information from" category. Still for the few bucks a used drive is worth it seems kinda stupid not to just pull them and pile them up somewhere. This from someone who has a pretty cavalier attitude toward security.
Well I imagine random data would probably be 'good enough'.
The use of specific patterns, especially alternating 1's and 0's, is to take advantage of known effects such as degausing. There is also the matter of modern hard-drives and ecc data that a poster below kindly pointed out. My last dealings with such data-erasure techniques was a few (8-10?) years ago. My appologies for not pointing out that my info might be a tad dated.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
DoD 5220.22-M, 1995. This is probably outdated by now, but the standard at that time was to overwrite all addressable locations with a single character to clear the disk, or overwrite each address with a character, its compliment, and a random character to "sanitize" the disk.
Note that these procedures only apply(ed) to every-day harddrives, not anything containing sensitive information. For the drives with classified information, 5220.22-M gives you a list of things you can do: "Disintegrate, incinerate, pulverize, shred, or smelt." There is no acceptable method of sanitizing a disk with classified information on it.
And for the poster below who said that overwriting the data seven times would guarantee that the data was gone... not true, though the data is almost certainly out of reach for the average Joe. NSA is by no means the average Joe, of course, but they have successfully recovered data from a drive that has been overwritten at least a hundred times.
2-cents
If the drive needs a low-level format, it SHOULD be sent back. A modern hard drive should never need a field reformat within it's design lifetime.
(If you disable thermal recalibration on the drive, you'll get what you asked for. I don't know if you can even do that anymore -- "AV" drives used to have that as an "option" for bursts of increased speed.)
Boot into Knoppix, run shred.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
I believe the problem is that the journal still exists, after shredding the file content. Ie the file contents are shredded, but journalled entries for file creation still exist, thus unless you create the file while the fs is mounted as ext2, you still have the problem..
i hate pansy republicans
It is still possible to recover data from a physically damaged disk which will no longer work in a machine.
Data can be obtained from the undamaged (or less damaged) portions of platter, which is usually still a lot of the disc, of course this requires MUCH more low level tools than overwriting with data. Best effort is 25 overwrites, combined with a large nail.
i hate pansy republicans
One could always use this
zap!
Diabetes, either type, cannot be spread to another person by blood contact.
...
...I buy used DLT-IV tapes off ebay and found a lot of uhm, "interesting" stuff on some of them.
About 1 out of 10 tapes I buy has stuff like source code for commercial closed source applications, confidential customer data, etc.
It's scary how lax people are with this shit.
most diabetics i know use sharps containers or gallon jugs to hold their used needles before they're properly disposed of. i also make a point of gloves, heavy shirt or hoody, work pants, and boots when diving.
Don't worry - its just stigmata. Pass me a napkin and don't you dare tell my mother.
Some friends of mine bought a Cisco router that still had the original owners' configuration on the flash memory. The original owner was the DoD, and we guessed they probably wouldn't have been keen to see all the information that was stored therein to enter the public domain.
The British Army decommision hard drives using an angle grinder. The US use thermite.
That said, for most purposes programs like Eraser will make data recovery so expensive and ineffective that for the data most of us have, nobody will bother. In fact, that's probably true even of less effective measures such as "dd if=/dev/zero of=/dev/hdb".
Xenu loves you!
Just running one drill hole into a disk will not render it totally unreadable, it just means it won't work in a standard PC. You can still retrieve the information off off it if you have the know how. Just depends on how valuable this info is.
For disks sued for defence at level secret and above we used to scrub it, place it on a runway and run over it with a tank!! Then dispose of it in a secure landfill site.
But if you're concerned about someone ripping the drive open and using electron microscopy to work out the alignment of the molecules (and from that, the data they store), then theory (and experiments?) shows that the multiple-pattern-wipe technique is sufficient to guarantee data is destroyed.
For most data, therefore, one all-zeros wipe is probably sufficient and will take the least time. But for some users and some data, more wipes will be appropriate.
Peter Gutmann's paper is a good place to start for more detail.
--
The new DoD standard is that no wipe software is good enough, you've got to destroy the hard drives if they contain anything sensitive and above. Basically, that's everything the DoD or DHS does. So, when machines are turned in now, hard drives are degaussed and then put in a shredder. And I've got to tell you, the hard drive shredder is one cool thing. It makes hard drive confetti.
Aluminum is very pyrophoric. If you grind it up into a fine enough powder, it ignites in the air (see this MSDS, for example...sorry, no cool pictures).
"Nothing shocks me. I'm a scientist." -Indiana Jones
Pages 14 and 15 note methods "a, b, d, and m" sanitizing fixed drives, and continues:
Note this applies to DOD contractors, and other rules probably apply to DOD, military, and the CIA/NSA/NRO/etc intelligence community.
The obvious implication is that the 3 verified passes are sufficient to render the information not worth recovering for Confidential and Secret, but that Top Secret info is still potentially recoverable within cost/benefit constraints for the opponent. Remember - for many things (except possibly some weapons systems info) you don't need to guarantee the opponent can't recover the information, you merely have to make the cost of recovery greater than the benefit they gain from the secret.
Oh, and the Canadian RCMP TSSIT OPS-II says: "Must first be checked for correct functioning and then have all storage areas overwritten once with the binary digit ONE, once with the binary digit ZERO and once with a single numeric, alphabetic or special character, " and again, not for Top Secret - for that, they recommend contacting somebody for special instructions/handling.