Slashdot Mirror
Not-So-Clean Hard Drives For Sale
Saeed al-Sahaf writes "The Register is running a story about a security consulting company that as part of a study bought hard drives and laptops on eBay, and then was able to recover highly sensitive data including customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for their secure Intranet site. This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD). Looks like it's hardly necessary for crooks to get at your private information, although I sure industrial espionage spooks have probably done this for awhile." Shades of the recent post about recovering sensitive contents from swap partitions.
Dumpster diving ( just doing to my local dump and pulling shit from the stack of electronics) i've gotten social security numbers, credit card data, grading data from various area High Schools...
Don't worry - its just stigmata. Pass me a napkin and don't you dare tell my mother.
This reminds me a lot of this story.
Simplified summary of both: buy some hard drives on eBay and you could end up with some cool data!
At least post some backup or I've gotta call bs on that one.
Just Destroy The fucking Things! Are companies really so desperate for money that they need the revenue from used hard drives? It seems to me that the cost of making sure the thing is really clean is more than the thing is worth, so why not just pay someone to destroy them?
Next time you might get more for it by advertising it as a hard drive with hidden flash. :-)
BTW, try doing a data recovery on some of the little flash drives that get given out as promos. A few I've seen look like they've been used by the sales staff, before being given out to clients
http://staff.washington.edu/jdlarios/autoclave/
Works like a charm. And it has various levels of paranoia to choose from.
Happened to me once. My brother in law worked for a Large Multinational Bank and he new that I liked old computer junk. So he gave me a bunch of old 2/3/486 computers that were surplused from his job. They gave them to him because they didn't know how to get rid of them. Here was the catch . . . they didn't even format the things
So I had their FedEx programs, account numbers, their in-house banking programs and a sweet little windows 3.1 interface. Needless to say I disposed of the information properly. But I told my brother in law. He said "Oh, really" and just forgot about it. Go figure.
It is far too easy for those who would take advantage of sensitive information to exploit it for their own gain. They are quite fortunate someone like me got their hard drives and not someone bent on robbing them blind.
http://cincyboys.blogspot.com/ Everything Cincinnati. Including the word 'Finnih'
so instead of fixing a drive thats realy screwed up by doing a llf i should send it back for an RMA? doesnt sound like the best solution to me
I'll second this, even when I get a new hard I usually keep the old one to back stuff up to when I'm putting a new o.s. in. Or when I feel like trying out a new distro (or new version). Plus if a drive dies on me I have spare I can use.
Though is this case I think we're dealing with corporate upgrade cycle here. Usually the corporation sells off a bunch of drive in bulk to cut the cost of the upgrade or company hired to do the upgrade takes the old drives and re-sells them to garner a few extra $$.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
I work for a large manufacturing company in the US. The facility I'm in has an interesting approach. First they format... Then they drop a 20 pound weight on it. Usually a few times. I'm sure if someone really wanted the data they could get it, but it's raises the bar a little.
I find it a good practice to use em until they die
Heck, I've got every harddrive I've ever owned here, even the ones that died. Someday I'll get around to making clocks from them or maybe speakers like I saw here a long while back. Recently I had a computer start acting strange on IDE (but with an adapter, the drive worked fine on SATA in that machine) so I went through ALL the old IDE drives until I found one that actually still worked... 650MB IDE drive from Conner, if I recall correctly. That drive exhibited the same issues as well, so I chalked it up to the IDE controller dying, and stuck to SATA.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Okay, so people selling drives should delete the data. No news there.
What about people -buying- the drives? What happens if for some reason a government agency is searching your stuff, and finds the echos of child porn/other illegal data on the drive? How do you prove it's not yours?
I was lucky enough to never have to worry about this sort of problem when I worked for Uncle Sam. We had to take the actual platters out of our discarded hard disks and grind them down with a belt sander. No recyling either. Once we had a pile of dust, we had to dump the remains in a drum of some sort of acidic crap (usually used to destroy reams of sensitive print material). I always found it funny to see a few nice, shiny disks in the bottom of the safe with a classification label on them awaiting their demise.
Perhaps there's money to be made in performing this sort of destructive service for banks and other entities handling sensitive customer information.
-- Stu
/. ID under 2,000. I feel old now.
Gotta watch out for those pesky journalled filesystems though! I don't think a typical shred program does anything useful on an ext3 filesystem, for example. IIRC you can't be sure that you are really overwriting the physical location of the the orignal data (especially if the file has grown over time) and the journalling will (presumably for files below a certain size) just optimise away the intermediate disk writes and just write the final bunch of 0's ...
I guess you really need to repartition the drive using non-journalled filesystems only and shred all the free space.
Disclaimer: I don't claim to be a fs expert - I just remember looking for a shred application a few months back and being dissapointed that none of them worked with ext3.
It'd figure other industries would do the same. Heck it's your business, your data, your life (well, only of part of it hopefully!) you have on these disk. Why bother with selling them? To get 20$ 50$? The way i see it, selling hard drives is equal to selling random filing cabinet without making sure they're empty.
slightly off-topic side note: :-D
/slightly off-topic side note
Some officers here are so tight about security: One of out tech went out to replace a fried power supply. When walking out with the roasted one, one guy asked: "Hey couldn't there be data on there?" the tech answered a polite "no" with a smile. The guy handed him a pair of cutter and said:"Well why don't you cut-off those wires just to make sure" !!
-- If you actually say LOL instead of laughing, maybe it's time to go outside! --
At one time (and probably to this day) the US DOD specs used to require a certain number of passes of 0 and 1 bits followed by the writing of a specific bit pattern before a hard drive was considered to have been properly erased.
I find it hard to believe the US DoD is this lax on security. I used to work for the Canadian government, and we had to hammer a nail through the drive a certain number of times "according to the specs" to consider it properly erased.
My dad did computer forensics for 10 years in the air force and i know for a fact that it takes a lot of work to completely format a drive. Even measures that people take to destroy a drive (i.e. drilling a hole thru the platters) arent entirely effective. With the right tools you can recover data from all but the most carefully destroyed or formated drives.
Put in knoppix CD
for(( i=1; $i20; $((i++)) )); do
# Do something to seed random number generator, probably involving the clock
echo Erasing cycle $i;
dd if=/dev/urandom of=/dev/hda;
done
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
... had this problem with military laptops. What to do if they get invaded and need to dump their data before getting captured lest their tactical data fall into enemy hands?
They tried hotkey combinations, which would trigger a script to delete the hard drive, but they were either too complex to remember, or too easy to accidentally hit.
In the end, they painted a big red 'X' on the underside of the laptop right where the hard drive sits, and instructed the operator "point gun here".
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Yeah, back about 20 years ago I got so much stuff doing the same thing. My friend and I had a large moving box full of floppies we recoverd, stacks of drives, old backup tapes, credit card numbers, SSNs, vendor statements and account numbers, complete and functional PCs, etc.
For others who plan on trying this out: Don't worry, dumpsters for your average company is clean with no gross shit in it. Oh, and regarding the police.. Wear nasty looking clothes.. I mean, really look like a dirt bag. If you go looking like geekboy from a middle income family, you'll get a trespassing charge against you. If you look like a rat, they will leave you alone. We only had a couple of run-ins with the cops and tenants. They all went pretty well, as we said we were looking for things to sell at the pawn shop.
The key, I have found, when performing a social hack is to always pretend like you recognize authority. Cops will quit caring about pointing out your trespass, real fast, when they manage to get a self-esteem boost by picking on a poor person. The little guilty voice in the back of their head will say "Leave the poor slob alone.. AlooOoone!"
Warning: This will not work if you park your new Volvo next to the dumpster. Park around other cars, if there are any, and be prepared to abandon your vehicle a few hours if you are told to leave by the cops. Oh, and get some strong fabric laundry bags to carry your loot.
I've never understood why once isn't sufficent. And if once isn't, can 35 guarantee it or is it the more the pass the less like they can retrieve data, but I guess I don't understand to what end.
This guy who does research on hard drive technology gives away a freeware Secure Erase HDDerase utility that just calls the HARDWARE-BASED Secure Erase capability that is ALREADY BUILT INTO all recent ATA-type hard drives!
We just need to figure out how to get Linux/*BSD/*NIX/Apple/Microsoft to make this an option at the OS or fdisk/format/Disk Utility/Volume Manager utility level so we can all use it easily.
...taking out screws, carefully making coasters.....blah blah bleh!
I had a 40GB hard disk that I'd paid a bit more for at the time because it was from a large reliable company (which I won't name) and had decent performance. It had a short life - maybe 2 years before it started playing up. Within 3 or 4 it was unusable even as a backup disk.
I took a great deal of pleasure in "opening it up" with a hammer. The screws were star shaped (torque screws??). The platter actually shatterred into dust and some larger shards. Don't know how safe it was doing this in my backyard, but it was a lot of fun. (Remember the scene from Office Space where they smashed the printer into tiny bits). Good therapy.
These posts express my own personal views, not those of my employer
Symantec's Ghost 2003 has a command line utility for erasing your HD, allowing the user to select HD, select the amount of passes and various other options, includes a one word switch.
/dodwipe
...and we're not military, we're just a large corporation, is we use the simplest solution that definitely works. you can mess around with disk wipers, but if there's the tiniest chance it won't work then it's easier, quicker and cheaper to take it down to engineering and get them to put it under a pillar drill. *no-one's* getting data off a platter that's had a 12mm drillbit go through it.
I've read some posts here which states that if you overwrite data on a drive, it's possible to recover it. Well, it's NOT. Not according to Ibas, a large data recovery company here in Europe anyway.
The problem with all these so called reasers and such is that they often try to write a continous stream of zeroes for example. The hardware in that case will compress the information, leaving only a small footprint on the storage media itself. That makes it very hard to securily erase a harddrive.
Some people claim that one can read out already overwritten bits from magnetic media. Well, no, you can't. Sure, maybe one can read back a bit or two if you analyze the physical structure of the disk itself. But getting some real data back from overwritten bits is quite impossible, with todays technology.
If you want to securily erase a drive, use a big magnet. I mean big as in the ones used for lifting cars on the junkyard! There are some special tools out in the market for that purpose.
One other way is probably just to remove the platters and crush them into dust.
... fell on its face on this count. After the German reunification the Bundesnachrichtendienst, (German Intelligence sercvice, BND for short) combed East Germany for hard drives because the STASI used to pass used ones on to state businesses and institutions. Apparently they were able to recover a fair amount of documentation this way. But the real score was that they found a set of tapes (the famous SIRA tapes) with backups of among other things an index linking agents to the STASI's library of coded agent activity reports which somebody had forgotten to flag for deletion. The problem was of course that the CIA had stolen the directory containing the codename key ie. directory of codename=agents-real-name (aka. "Rosenholz" files) before the BND got to it. So now the CIA knew who all the agents were but no more and the Germans knew how to find out what they were upto. Of course the CIA insisted that the BND hand over the database but refused to trade it for the codename key. Last I knew that request was flatly denied they have now settled on some sort of tit for tat exchange.
So the lesson is, after you whipe your disk, DON'T FORGET THE BACKUP MEDIA!
Only to idiots, are orders laws.
-- Henning von Tresckow
You can usually get some fairly random data from
A "1 that used to be a 0, and before that a 1" and a "1 that used to be a 0, and before that a 0" are almost certainly indistinguible. One write ago you might be able to recover, but two writes ago you haven't got much chance. Perhaps if you extracted the platters, you might be able to find some remnants of data on them
Once the data is as close to unrecoverable as won't make much difference, any extra effort you make is wasted. Sure, there are going to be one or two gems out there; but most people's data isn't that valuable, or can be had elsewhere for less effort. Think about it: Names and addresses are published in phone books and electoral registers. Identity numbers / SSNs are not secret. Nor are bank account numbers -- they're on every cheque you write. Credit card numbers are only valid for two years. Medical records of strangers are an interesting read, but not terrifically useful for anything interesting. If you're utterly paranoid, it might be worth doing partial random writes before storing any data on a new drive -- so if someone really can determine the first thing ever written to the drive, it would be nonsense. "Underwrite" each sector a random number of times, of course. Of course, if you have an encrypted file system, only the encryption key need be erased securely.
So, having applied the laws of physics and seen that getting rid of data isn't that hard (and could be implemented almost trivially at the OS level; but not being able to recover data might conceivably be worse than being able to recover it, what with everyone getting used to the idea of a magical 'undo' button), let's turn the question around and look at it from the other side:
Who gets fat on persuading people that they need to physically destroy used hard disk drives? And why? Let's see
Anyway, if recovering overwritten data really worked -- or even only half-worked -- someone would, by now, have tried to use it for a "drive space expander" utility. The kind of thing that would probably be advertised by SPAM.
Je fume. Tu fumes. Nous fûmes!
The oft-cited DOD specs aren't. When the military wants to make sure a drive cannot be read, the procedure is physical destruction of the media, not wiping the disk.
Trust me, I've had plenty of fun with sledge hammers, sandpaper, and degaussing magnets over the years.
Peace.
I work for a hospital, so we have to satisfy HIPAA regulations when disposing of hard drives. When a PC is junked, we ship it to the warehouse, where it is stripped of RAM, if it is still useful, and the hard drive. The hard drives are then fdisked, formatted, and put in a cardboard box. Once we get over twenty hard drives, out come the hammers, and there go the drives. It is overwhelmingly satisfying to hit a "fragile!" sticker with a hammer. Once the platters are cracked through or shattered, the drives are reboxed, the box is taped, and it goes out with the rest of the computer trash (perhaps to recycling.) Though this isn't perfect, anyone who gets the data off of those platters is likely to get it no matter what we do.
Fred
"A fool and his freedom are soon parted"
-RMS