Slashdot Mirror
A New Technique to Quickly Erase Hard Drives
RockDoctor writes "Stories about 'wiped' hard drives appearing on eBay (and other channels) and being stuffed with personably-identifiable data are legion; rarer are spy planes having to land on enemy territory, but it happened in 2001 to a US spy plane over an un-declared enemy (China, and that's a topic in itself). Dark Reading reports the development of a technique to securely wipe a hard drive in seconds, and which is safe for flying. (The safe for flying criterion rules out things like fun with packing the drives in thermite. Also thermiting the drives may not erase the platters to the standard required, which is moderately interesting itself."
Unfortunately a few passes with random data is not as effective against a sophisticated recovery effort as is often assumed.
_ del.html
Now if it's just some random joe with an undelete program he got for $19.99 at the local shop then a single pass is often enough, more sophisticated software only tools might get past a few, but with hardware equipment (probably not used often below the fbi/pro forensics places) you might want to do something a bit more secure.
With good knowledge of how the data is actually stored on the disk you can figure out patterns that tend to degausse the bits being wiped and help eleminate the residual images left by the micro imperfection in head positioning (which are shrinking to almost nothing these days) and simular effects a trully sophisticated data recovery effort might use.
Peter Gutman put out a paper about this that can be read at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure
that explains it better.
Though with remapping and newer recording techniques things change and software only erasure becomes more and more problematic. At the highest levels of secrecy I believe most governments require over-kill levels of outright hardware destruction.
The Chinese eventually gained access to U.S. military secrets.
What a crock of crap. That and the rest of the story.
I worked in the military long enough to know that they would have encrypted sensitive data as a requirement (destroy or erase a security token, in the use of a combined token/passphrase crypto system and the data is safe) and that the military already use storage devices which can be erased in seconds with a function specifically built just for that.
This story sounds like it is just trying to inject some life into the stock price of some crap company that provides too little, too late.
You DO NOT have to overwrite a file 35 times to be "safe". This number originates from a misunderstanding of a paper about secure file erasure, written by Gutmann.
The 35 patterns/passes in the table in the paper are for all different hard disk encodings used in the 90:s. A single drive only use one type of encoding, so the extra passes for another encoding has no effect at all. The 35 passes are maybe useful for drives where the encoding is unknown though.
For new 2000-era drives, simply overwriting with random bytes is sufficient.
Here's an epilogue by Gutmann for the original paper:
Because the Windows 98 computers running the spy cameras don't support encrypted file systems.
Seriously, this is a fricking no-brainer. Make the key 4096 bits of random data, load it into battery-backed RAM from a storage device kept at the air field. When you run in to a problem you have 4K of data in RAM to destroy instead of GBs of data on disk with the added benefit that if you ever get the disk back to the air field you still get your data. Unless the Air Force doesn't have access to unbreakable encryption...
Both M-Systems and Memtech have solid state disk drives that implement NSA and NISPOM approved methods for secure hard drive erase - and they can erase the entire drive in under a minute -
If you shape the magnets correctly and use AC to power them, then a magnetic field can (in theory) move any material that conducts electricity. Because a moving magnetic field will generate an electric field in the conductor, with will create a magnetic field that interacts with the original field. It may not be practical with all materials, but it is possible.
I know by itself thermite and similar methods have difficulty penetrating the outer case reliably, but I would think drill+thermite injection to fill the internal cavity of the system would be effective..
Takes too long to drill the disks and insert the thermite, while your spy plane is spiralling down.
And anyway, if the themite didn't fully destroy the disks, you weren't using enough of it. See?"An object declared as type _Bool is large enough to store the values 0 and 1." -- 6.1.2.5, C99 standard.
With all due respect, the article doesn't describe the device as you say. It weighs 125 lbs in prototype form, which will be reduced for production, and there's only one needed per airplane, not one per drive. What they're proposing is much less bulky than a similarly useful grinder or furnace. After all, it has to be usable on many packaged drives, quickly, in emergency plane-crash conditions. In a previous life, I did some work for E-Systems on a spy plane (Rivet Joint) using big removable ESDI drives of a few hundred megabytes each capacity, and the project guy said that it took about 20 minutes for their emergency drive erase sequence to finish. Not good if you're going down in enemy airspace!
The determined Real Programmer can write Fortran programs in any language.
Now, even assuming there's something remaining after thermite, how do you get it out of a molten platter? The head hovers at nanometers from the disk's surface. A bent disk with a huge hole through it will just instantly wreck any head trying to read it. Is it even technically possible to restore the platter to a condition where you can even try to read anything from it?
Besides, shouldn't all the data vanish due to the reaction bringing the surface above the Curie temperature?
Just holding the media next to a magnet, even an AC electromagnet, and turning the magnet on and off, doesn't erase the data as effectively as moving the media from close to the coil to far away. Or at least that's what I was always told. I suppose if you had a circuit that powered down the coil slowly, it would have much the same effect.
It wouldn't, but you're nearly right. Simply placing a conductive object inside a magnetic field does nothing at all. In order for something to happen there must be motion. When you're using a coil powered from regular mains AC, the power resembles a sine wave, so the field is oscillating back and forth - this is sufficient to have a small effect, but you really want to move the object relative to the coil or you're mostly wasting power (and unlikely to stop the media from working, using a little coil like that). Specifically, the object needs to move across the direction of the field, not along it. A regular coil has field lines that move out from the top of the coil, move around it in a circle, and meet again at the bottom of the coil - so the overall shape in three dimensions is like a torus, with the hole going down the centre of the coil. So you want to move the object repeatedly towards and away from the side of the coil; that cuts the field at 90 degrees, which is where you'll get the maximum effect.
Powering down the coil slowly accomplishes nothing directly - it's not about changing power levels. If you want to make the coil have a stronger effect without moving anything, you need to oscillate it faster, but that's impractical. Just move the media towards and away from the coil, in close proximity, a few times. Speed doesn't matter much, but the power developed by the coil and the length of time you spend doing it does. Moving the media towards the end of the coil (where the hole is) does very little; moving it towards the side is best. However, if you want to actually *remove* all traces of magnetism from something, then you do want to gradually reduce the power level - you see this most often in a monitor's degaussing coil. This may be necessary for tapes and floppies, if the drive can't handle media that has been randomly magnetised and you want to use the media again, but it's not required if you just want to wipe the data before disposal.
I just have to wonder aloud for the sake of curiosity what effect a (perhaps slightly modified) medical defibrillator would have. Maybe replace the conductive paddles with said electromagnets?
You're going to want full video of the flight, at a high resolution if possible. That's gonna take up a few GB very fast
# cat
Damn, my RAM is full of llamas.
125 lbs' worth of equipment to securely scramble a hard drive? Let me guess, the contractor is going to spend time "miniaturizing" it and charge several hundred grand per unit, right?
I have a solution, with the total weight being under 5 lbs and total cost being under $130 (not counting any logic/switching required to enable it).
Keep in mind:
- the aircraft is disabled
- flight instrument interference is a non-issue
- The HDD not only does not have to be usable, it is intended to be unusable after this process
- 12V, 24V, and 48V taps should all be readily available in the aircraft (NiMH batteries would suffice)
Ready?
Here are the required components:
- a heavy-duty consumer-level inverter costing under $100 in bulk
- a Radio Trash (or generic) degausser costing well under $30 in bulk.
Total weight: under 5 lbs. Renders a hard drive unusable in a couple of seconds.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
If I needed to destroy a the data on a drive in seconds I would simply heat it well above the curie temperature for the magnetic material being used. If you are feeling really paranoid add a variable field strength magnet as well - once above the curie temperature you wouldn't need much of a magnet to make sure things were well scrambled.
I used to have a better sig but it broke.
I'm a LAN integrator for a mobile military communications system that is used for passing of secret and top secret material... Our manual says it takes about 3 grenades in the hummer to format all the hard drives if they need to do it quickly :)
I don't know where the CIA world factbook gets its facts, and I usually defend China on Slashdot as well. You just need to know one little thing about facts and China. Communists excel at writing their own reports. And the Chinese communists have trained rather well. I saw a nice documentary on TV about making wine in China. On a certain field one can make a certain amount of wine. That amoung was expected (and announced) in the first year of operation. The French specialists that were there to help to set it up were ignored in very imporant crop handeling issues all along and because of that and because you never get the full amount the first year anyways they predicted an amount of wine about 1/20 the amount the Chinese were expecting. They turned out to be right. So the operator just bought the wine somewhere else and put the right sticker on the bottles. After all half the financing came from the state. Failure to fulfill quotas not allowed.
How exactly do you govern more than a billion people? I don't know, do you? But don't trust any "facts" from China.
I'd worry the most about antenna shapes and sizes and various analog circuitry.
My parents worked at (met at) a secret radar research site (the misleadingly named TRE - Telecommunications Research Establishment) during WW-II. My mom once mentioned that since it was known that in case of lost aircraft there was a real danger of some of the equipment falling into enemy hands, it was routine practise to include dummy circuitry and sometimes wholly bogus equipment just to add to the confusion. Sometimes such equipment was deliberately allowed to be "captured".
A slight weight penalty, but deemed worth it.
-- Alastair
The raptors have a window in its housing letting one can show off the platters. Why not make that window removable and when in need to erase the drive just pour in some sand while it's spinning. That will surely sand of anything magnetic. Or make the heads lower themselves on to the platter and lathe the magnetic layer off. When the magnetic top layer is shaved off into dust the platters are nothing more than metallic frisbees.
To clarify things, here's several scenarios for erasure:
/dev/random' isn't
/dev/pattern01' through 'dd /dev/pattern35'
"delete file" erasure: tell the OS that that part of a file system doesn't have any current ownership,
and that the filename doesn't exist, i. e. doesn't point to any data.
"overwrite sectors" erasure: direct the hard disk drive to put new, noninformative, data into the
spaces formerly occupied by a file's data (and maybe metadata, like the file's icon and such)
"multiple remagnetize" erasure: direct the hard disk drive to put all (in binary terms, both) physical
magnetizitions onto the data area, so that data's remnant traces are not informative
"whole-disk multiple" erasure: ensure that all areas on the hard disk and all other data-holding parts (flash ROM)
are multiply rewritten. This would make the bad-block list disappear, might even make the
original format (how many tracks and sectors) unknowable to an investigator.
After "delete file", unerase software can bring much data to light
by scanning the drive through the normal hardware. Because EVERYONE KNOWS THIS, there
are 'secure erase' options in many disk tools (Norton "Wipe File", Mac OS X "Secure Empty Trash" etc.)
Those secure erase tools do multiple "write-over-sector", but there are some
regulations that require "multiple remagnetize" erasure, and even 'dd
guaranteed there; you gotta pay money for a tool certified for that use. Here's why:
What everyone DOESN'T know, is that "write-over-sector" leaves behind some small regions
(magnetic domains) in places the read/write heads cannot access, which can be sensed by
exotic techniques (optical rotation, neutron scattering, electron beam microprobing). The
erase-35-times and DOD (military) multiple-erase requirements are aimed at this kind of
exotic stuff. Nothing you can do in software would get data back from "write-over-sector"
erasure.
The modern disk drive compacts the data into a serial bit stream of known bandwidth and
containing parity/error correcting code information, and DOES NOT put ones down on the
disk when ones are in the data (MFM, RLL, and suchlike encoding schemes are in use on ALL
media I'm aware of). This embedded-clock-and-data stream is hard to predict (what does
Hitachi use on sATA drives this week? I don't know. Does anyone?), but WITH KNOWLEDGE
of the encoding scheme, there are different recommended patterns for ensuring
erasure to the standard of 'put ones on every spot, then zeros on every spot' . The use of
software with ones in the DATA INPUT is not going to cause ones in the MAGNETIZED PATTERN,
but you can come up with a set of data inputs that DOES effectively hit every bit of the surface.
The famous paper on erasure has thirty-five scenarios for the encoding on the disk,
and attempts to give a full remagnetize (with 'dd
kinds of operations).
So, that's a third kind of erase, intended to remagnetize all portions of the disk surface.
The formal requirement to remagnetize the surface is ridiculously strict, becaue the exotic techniques
DON'T KNOW HISTORY. Those random little domains can be left over from the manufacturer's
bad-block scan, or from last December's diagnostic reformat, or from the camera run from last
week, or from this week's most sensitive information, or can be a combination of all of those.
Or, it could be a bit of cosmic ray induced damage. The exotic reconstruction technique
doesn't have any noise margin, it doesn't ignore the insignificant; noise is guaranteed.