Slashdot Mirror
A New Technique to Quickly Erase Hard Drives
RockDoctor writes "Stories about 'wiped' hard drives appearing on eBay (and other channels) and being stuffed with personably-identifiable data are legion; rarer are spy planes having to land on enemy territory, but it happened in 2001 to a US spy plane over an un-declared enemy (China, and that's a topic in itself). Dark Reading reports the development of a technique to securely wipe a hard drive in seconds, and which is safe for flying. (The safe for flying criterion rules out things like fun with packing the drives in thermite. Also thermiting the drives may not erase the platters to the standard required, which is moderately interesting itself."
can be rendered inoperable in seconds - the method's name is "slashdotting".
How curious that the anti-bot please-type-in-this-word word is kilobyte for this post.
Unfortunately a few passes with random data is not as effective against a sophisticated recovery effort as is often assumed.
_ del.html
Now if it's just some random joe with an undelete program he got for $19.99 at the local shop then a single pass is often enough, more sophisticated software only tools might get past a few, but with hardware equipment (probably not used often below the fbi/pro forensics places) you might want to do something a bit more secure.
With good knowledge of how the data is actually stored on the disk you can figure out patterns that tend to degausse the bits being wiped and help eleminate the residual images left by the micro imperfection in head positioning (which are shrinking to almost nothing these days) and simular effects a trully sophisticated data recovery effort might use.
Peter Gutman put out a paper about this that can be read at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure
that explains it better.
Though with remapping and newer recording techniques things change and software only erasure becomes more and more problematic. At the highest levels of secrecy I believe most governments require over-kill levels of outright hardware destruction.
FTFA: The researchers concluded that permanent magnets are the best solution.
Need a Wiki? Check out DokuWiki
Dozens of prank hard drive erasing have occurred within the Georgia Institute of Technology's nerd population. This was preceded by large orders of extremely powerful magnets. When questioned, the victims only had this to say:
"Khaaaaaaaaaaaaaaaaaaaaaaan!"
Well, there's spam egg sausage and spam, that's not got much spam in it.
When I need to protect my data from spying eyes I secure a 500m sata cable into the back port and slowly, very carefully; feed the hard drive into the event horizon. Giving it a good yank after a few minutes and reeling it back in.. the drive returns to normal working condition afterwards.
Why wasn't the content of the harddrive encrypted?
"Definitions of legion on the Web: * host: archaic terms for army * association of ex-servicemen; "the American Legion" * a large military unit; "the French Foreign Legion" * horde: a vast multitude" via Google's "define" search
Windows has detected an undetectable error.
Aluminum can act oddly in the presens of magnetic feels. see this link for information on how it might be able to bens platters.
Just use Maxtor harddisk drives, those things destroy themselves all the time!
Wouldn't it be easier to use a flash memory chip? It's unlikely that more than a few GB would be needed. And destroying a flash chip is much easier.
Or, just encrypt the data with the key in RAM. (Linux can already do this with swap - it's completely transparent to the user, and the key only lasts as long as the system remains running).
Actually, it's the iron that comes out molten; the aluminum is tied up as solid aluminum oxide. Nonetheless, it is a good question.
The Chinese eventually gained access to U.S. military secrets.
What a crock of crap. That and the rest of the story.
I worked in the military long enough to know that they would have encrypted sensitive data as a requirement (destroy or erase a security token, in the use of a combined token/passphrase crypto system and the data is safe) and that the military already use storage devices which can be erased in seconds with a function specifically built just for that.
This story sounds like it is just trying to inject some life into the stock price of some crap company that provides too little, too late.
If this isn't a fluff piece I don't know what is.
"We developed a 125 rare earth magnetic eraser with self contained power source"
Interesting, but adding in this US spy plane angle has got to be simply PR.
You DO NOT have to overwrite a file 35 times to be "safe". This number originates from a misunderstanding of a paper about secure file erasure, written by Gutmann.
The 35 patterns/passes in the table in the paper are for all different hard disk encodings used in the 90:s. A single drive only use one type of encoding, so the extra passes for another encoding has no effect at all. The 35 passes are maybe useful for drives where the encoding is unknown though.
For new 2000-era drives, simply overwriting with random bytes is sufficient.
Here's an epilogue by Gutmann for the original paper:
Seal the HD with a sticker that says reading the content of this HD is prohibited by the Digital Millennium Copyright Act. That will show them! :)
It depends on the type of magnetic field used and how it's applied. If you just put a drive platter (or magnetic tape, or floppy disk) into a static magnetic field, you might bend the platters or disturb the media, without actually destroying the data itself.
I'm most familiar with procedures for erasing magnetic tape than hard drives. The conventional method that I was always taught was to put the tape very close to source of a strong alternating electromagnetic field (so easy way is to just have a small coil hooked up to the wall socket). Then -- and this is the important part -- you move the media away from the coil, while the coil is still operating. So it goes from the near field out to where the field is basically no longer having any effect, but without the field going off. The result is that different layers of the media end up with different magnetic fields: as the media moves further and further away from the coil, the field is no longer able to saturate the center of it, so it's left with a certain state. The material just next to that gets left with a different state, because by then the coil's field has changed directions. So you end up with different magnetic states (polarizations) being written to the media both in the depth direction, and lengthwise (as you pull the tape along past the coil). I guess the thickness of the "stripes" would depend on characteristics of the media, plus the frequency of the coil's field and the speed with which the media was moving past it. I just always moved it slowly away at a few inches per second, personally.
Just holding the media next to a magnet, even an AC electromagnet, and turning the magnet on and off, doesn't erase the data as effectively as moving the media from close to the coil to far away. Or at least that's what I was always told. I suppose if you had a circuit that powered down the coil slowly, it would have much the same effect.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
If thermite doesn't do a good job, go one better and make the platters out of thermite. Make the motor axle out of magnesium, add a fuse and you're set.
If the burning is a problem, just make the platters from cheddar cheese, and add a mouse in a cage adjacent to the drive. Open the hatch, and problem is solved.
Trust the Computer. The Computer is your friend.
Normally the hard drives just go into a grinder or furnace. Sure, that won't suit an airplane, but neither will a bulky magnetic device that weighs 125 pounds per hard drive. (can't just have one because the drive has to slide right in)
The obvious solution: encrypt everything that hits the disk, keep the key in RAM, and overwrite the key when needed.
I'd worry the most about antenna shapes and sizes and various analog circuitry.
Poster wrote:
If you had read the article , you would have found that they ARE using magnets to wipe the hard drives. FTFA:
Both M-Systems and Memtech have solid state disk drives that implement NSA and NISPOM approved methods for secure hard drive erase - and they can erase the entire drive in under a minute -
And in further news, Georgia Tech scientists have designed a printer with an integral shredder that shreds all output continuously as it is printed.
They have also designed a novel camera which, instead of a digital CCD array, uses a tough, thin strip of polyester polymer coated with a chemical, light-sensitive substrate. Intended for spy applications, if caught the captured images can be destroyed in seconds simply by opening the back of the camera.
"How to Do Nothing," kids activities, back in print!
If you shape the magnets correctly and use AC to power them, then a magnetic field can (in theory) move any material that conducts electricity. Because a moving magnetic field will generate an electric field in the conductor, with will create a magnetic field that interacts with the original field. It may not be practical with all materials, but it is possible.
... by overwriting twice with random data will destroy any data beyond recovery. You can't use special things to read residual magnetic data off the platters, unless you're habitually using 25-year-old hard disks. Modern drives use very complicated modulation schemes, unlike old MFM drives.
Comment removed based on user account deletion
Now the RIAA/MPAA/FUD are going to demand that such a device be put into every possible digital recording device.
Attempt to copy a protected product and BAM, your hard drive is toast.
Plus, some people have called into question a lot of the sources used in that paper. It seems that some of the sources don't even exist.
I know by itself thermite and similar methods have difficulty penetrating the outer case reliably, but I would think drill+thermite injection to fill the internal cavity of the system would be effective..
Takes too long to drill the disks and insert the thermite, while your spy plane is spiralling down.
And anyway, if the themite didn't fully destroy the disks, you weren't using enough of it. See?"An object declared as type _Bool is large enough to store the values 0 and 1." -- 6.1.2.5, C99 standard.
With all due respect, the article doesn't describe the device as you say. It weighs 125 lbs in prototype form, which will be reduced for production, and there's only one needed per airplane, not one per drive. What they're proposing is much less bulky than a similarly useful grinder or furnace. After all, it has to be usable on many packaged drives, quickly, in emergency plane-crash conditions. In a previous life, I did some work for E-Systems on a spy plane (Rivet Joint) using big removable ESDI drives of a few hundred megabytes each capacity, and the project guy said that it took about 20 minutes for their emergency drive erase sequence to finish. Not good if you're going down in enemy airspace!
The determined Real Programmer can write Fortran programs in any language.
GP probably meant by 'powerful' magnets the kind you can get at scientific supplies shops, or even (in slightly less powerful degree) at ThinkGeek.
The 'powerful' in the article refers to the power akin to an MRI scanner. Ever see that video of somebody holding a scissor on a string several feet away from the aperture, and the scissor points straight to it with some duress on the holder's finger from the string when the MRI is on?
Suffice to say that nobody in a home/office environment is going to have one those 'powerful' magnets laying around.
Me - I settled for "Darik's Boot and Nuke" as part of the Eraser program to wipe two old computers, and will again for a third shortly. They never had highly classified or particularly sensitive information - just stopping the casual users from retrieving old porn. I hate porn pirates.
Now, even assuming there's something remaining after thermite, how do you get it out of a molten platter? The head hovers at nanometers from the disk's surface. A bent disk with a huge hole through it will just instantly wreck any head trying to read it. Is it even technically possible to restore the platter to a condition where you can even try to read anything from it?
Besides, shouldn't all the data vanish due to the reaction bringing the surface above the Curie temperature?
Degaussers are nothing new. But there is no need to use them. Encryption does the trick as well. Just erase the key securely and you are done. If the device that the disk is installed in does not support encryption, then develop a module that sits between disk and device and encrypt on that. Attach a switch that triggers key erasure.
There is a second problem with degaussers: You have to physically remove the disks from their housing. That may take more than minutes.
And there is a third problem with degaussers: You have to very carefully check they work with each device they are to be used on. For example, older degaussers do fine for older disks, but are completely useless for modern ones.
And a 4th problem: Degaussers do not work at all for solid-state disks. Since they are not that uncommon in military application and actually may look the same, that seems to be a serious problem. One that encryption does not have.
I see one advantage for the permanent-magnet solution in military application: It works without power. But if you use the encryption-in-the-cable approach I described above, you can keep the key in a battery-buffered memory chip and erase that securely using the power of the battery (not quite as simple as it sounds, but it is possible to do). All in all, this mainly seems to be a scheme to sell the military something expensive.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What I want to know is, is it more effective than a really big hammer?
it happened in 2001 to a US spy plane over an un-declared enemy (China, and that's a topic in itself).
This is offtopic, although a more interesting topic than "wiping data", but the plane itself was over international waters and never over China's territory.
Also, since when does spying require a declaration of war? The whole point of spying is to aid in deciding-the-need-for or course-of preemptive actions. Given the Chinese government's penchant for secrecy and censorship, it seems fair to want to keep an eye on them. The same point can be made about spying on any other country... everyone knowing what everyone else is doing has a stabalizing affect. All bad decisions are made in fear, which brought on by ignorance, and governments, whose decisions affect millions, need all the tools possible to make correctly informed decisions.
Good trade relations with the United States are critical to the party's survival. If western markets became inaccessible and foreign capital fled, growth would falter, internal tensions would mount and the legitimacy of the party would soon be questioned. In any case, a global hyperpower can do just about anything it wants: weaker states must submit to its overwhelming might. And none of these rulers seek justification in your eyes.
China may have different attitudes and morals standards than the US, but they are doing many things right as well; more than western media tends to portray (e.g. according to the CIA world factbook China has a lower percentage of citizens suffering from poverty than the richest country in the world (namely the US)). I don't want to whitewash anything, but reading things like "undeclared enemy" in a tech article on an international website just pisses me off.
And when you gaze long enough into the code, the code will also gaze into you.
Go buy a nice 3" diameter 1" thick n50 Neodymium-boron magnet. Condiering it's strong enough to attract steel pots and pans from ten to twenty feet away, just setting one of these bad boys on a hard drive will almost 100% efectively wipe it the fuck out, not to mention most likely fuck up the heads on the drive, making it totally useless.
Also it will keep the plane attached to the steel in the concrete of the landing strip and thereby prevent it from falling into the enemies hands in the first place. A sound engineering solution!
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
> ...undeclared enemy (which is China, and that's a topic in itself).
China is not an enemy. We buy a ton of stuff from them. They buy a ton of stuff from us. Our businesses have offices there. Our colleges have exchange programs with them.
Yeah, our diplomatic relations are a little bit strained over things like Taiwan, but we're nowhere near going to war with them. If you're a troll, shame on you. In any case, shame on the Slashdot editors for choosing this ignorant or trolling person's story.
vi ~/.emacs # I'm probably going to Hell for this.
According to the article, yes it is more effective than a hammer.
What about a magnetic hammer?
Sure, they say they will get the weight down. OK, maybe they cut it in half.
They do need one device per drive. You missed the part about the drive being automatically pulled into the device, and the part about a twist handle as a backup.
In other words, this is a drive enclosure. The drive sits in the safe part of the enclosure most of the time, connected to a destruction actuator. Nobody is going to be running around the airplane yanking out drives.
Probably a few drives could go into a mechanically complicated (less reliable) shared enclosure. Doing everything that way is no good. Equipment may come from different suppliers, with different technology. Think of a flying datacenter with rackmount systems from a variety of different vendors. (the prime contractor has to make it all fit, but isn't supposed to do a custom redesign of every subcontractor's computer) Also you have the matter of ongoing upgrades.
I just have to wonder aloud for the sake of curiosity what effect a (perhaps slightly modified) medical defibrillator would have. Maybe replace the conductive paddles with said electromagnets?
The US aircraft alluded to was a US Navy EP-3E Aries II, a slow four-engined turboprop plane based on a passenger airliner. It's a surveillance aircraft, not a spy plane. It's out in the open, in international airspace (usually), and a modern military will immediately pick up on where it is and what it's doing. It's completely dependent on international treaties to not get shot down by whoever it's checking out. A SR-71 or U-2 on a secrete high-altitude flight over a hostile nation it isn't.
125 lbs' worth of equipment to securely scramble a hard drive? Let me guess, the contractor is going to spend time "miniaturizing" it and charge several hundred grand per unit, right?
I have a solution, with the total weight being under 5 lbs and total cost being under $130 (not counting any logic/switching required to enable it).
Keep in mind:
- the aircraft is disabled
- flight instrument interference is a non-issue
- The HDD not only does not have to be usable, it is intended to be unusable after this process
- 12V, 24V, and 48V taps should all be readily available in the aircraft (NiMH batteries would suffice)
Ready?
Here are the required components:
- a heavy-duty consumer-level inverter costing under $100 in bulk
- a Radio Trash (or generic) degausser costing well under $30 in bulk.
Total weight: under 5 lbs. Renders a hard drive unusable in a couple of seconds.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Data on Flash memory (e.g. usb drives) has a tendancy to burn in. The longer it's in there the more it burns in. There's no real way to counter this. The only way to theoretically wipe it is to do several passes each a few weeks apart.
So you'd have to really completeley destroy the drive. which basically means something like thermite, which, as the submitter mentioned, is unsuitable for aircrafts.
Everytime I hear of the milatary using these (and losing them, which they seem to do regularly), it pisses me off. They must have had an IT guy telling to never use that stuff, and to encrypt their data. For some reason the higher ups just seem to not get the point, and they still use it, and leave them behind in their rented cars.
I do love "!" but not as much as I love "..."...
If I needed to destroy a the data on a drive in seconds I would simply heat it well above the curie temperature for the magnetic material being used. If you are feeling really paranoid add a variable field strength magnet as well - once above the curie temperature you wouldn't need much of a magnet to make sure things were well scrambled.
I used to have a better sig but it broke.
What the **** is the US government doing violating Chinese airspace without permission or clearance?
This is an act of war.
This has never bothered the US before, why should it now?
Seven puppies were harmed during the making of this post.
I have commonly heard it said that overwritten data can be recovered, so I went Googling for a rebuttal to this argument. Turns out, you appear to be right! Recovering of overwritten data is largely a myth. /me continues to use good ole' shred.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Yes, lines 1, 2 and 4 are correct. They are Slashdot usernames.
Line 3 is obviously a Digg imposter.
Step 1. In emergency, overwrite data with Chinese porn.
Step 2. Actually, there's no need for step 2.
The way that one-time-pads work, if "attack at dawn" is a possible result, then so are:
attack at dusk
eat more veges
Where's Waldo?
hoist the sail
What you say!!
Zerowing Rules
Do you get it?
search google.
Cryptonomicon.
This is ending
Game is ending
Fire is ending
Heat is ending
What is ending
Iraq is ending
USAF is ending
It isnt ending
Now, which one was the correct decryption?
The reason a one-time-pad is "completely unbreakable", even resisting brute-force cracking, is that every possible string of length X is a valid decryption result for some key. So without knowing the "correct" key, it is impossible to recover any part of the plaintext. The four character ciphertext "sjrw" could decrypt to any of the following strings, even if you found my working paper and were able to deduce that the first two letters were "go":
golf, gods, gore, gold, gone, gout, goal, goad, goat, gosh, goog, go.., go??
No plaintext has higher probability than any other of being correct...
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
Make that /dev/urandom or you could end up waiting a loooooong time for it to finish.
HAND.
Better yet: Replace 'bogus information' with 'goatse.cx'
Nothing like tricking someone into looking at ol' goatse --- except tricking someone into spending millions and millions of dollars to look at ol' goatse.
... still waiting for this free-as-in-beer free beer I keep hearing about.
The raptors have a window in its housing letting one can show off the platters. Why not make that window removable and when in need to erase the drive just pour in some sand while it's spinning. That will surely sand of anything magnetic. Or make the heads lower themselves on to the platter and lathe the magnetic layer off. When the magnetic top layer is shaved off into dust the platters are nothing more than metallic frisbees.
To clarify things, here's several scenarios for erasure:
/dev/random' isn't
/dev/pattern01' through 'dd /dev/pattern35'
"delete file" erasure: tell the OS that that part of a file system doesn't have any current ownership,
and that the filename doesn't exist, i. e. doesn't point to any data.
"overwrite sectors" erasure: direct the hard disk drive to put new, noninformative, data into the
spaces formerly occupied by a file's data (and maybe metadata, like the file's icon and such)
"multiple remagnetize" erasure: direct the hard disk drive to put all (in binary terms, both) physical
magnetizitions onto the data area, so that data's remnant traces are not informative
"whole-disk multiple" erasure: ensure that all areas on the hard disk and all other data-holding parts (flash ROM)
are multiply rewritten. This would make the bad-block list disappear, might even make the
original format (how many tracks and sectors) unknowable to an investigator.
After "delete file", unerase software can bring much data to light
by scanning the drive through the normal hardware. Because EVERYONE KNOWS THIS, there
are 'secure erase' options in many disk tools (Norton "Wipe File", Mac OS X "Secure Empty Trash" etc.)
Those secure erase tools do multiple "write-over-sector", but there are some
regulations that require "multiple remagnetize" erasure, and even 'dd
guaranteed there; you gotta pay money for a tool certified for that use. Here's why:
What everyone DOESN'T know, is that "write-over-sector" leaves behind some small regions
(magnetic domains) in places the read/write heads cannot access, which can be sensed by
exotic techniques (optical rotation, neutron scattering, electron beam microprobing). The
erase-35-times and DOD (military) multiple-erase requirements are aimed at this kind of
exotic stuff. Nothing you can do in software would get data back from "write-over-sector"
erasure.
The modern disk drive compacts the data into a serial bit stream of known bandwidth and
containing parity/error correcting code information, and DOES NOT put ones down on the
disk when ones are in the data (MFM, RLL, and suchlike encoding schemes are in use on ALL
media I'm aware of). This embedded-clock-and-data stream is hard to predict (what does
Hitachi use on sATA drives this week? I don't know. Does anyone?), but WITH KNOWLEDGE
of the encoding scheme, there are different recommended patterns for ensuring
erasure to the standard of 'put ones on every spot, then zeros on every spot' . The use of
software with ones in the DATA INPUT is not going to cause ones in the MAGNETIZED PATTERN,
but you can come up with a set of data inputs that DOES effectively hit every bit of the surface.
The famous paper on erasure has thirty-five scenarios for the encoding on the disk,
and attempts to give a full remagnetize (with 'dd
kinds of operations).
So, that's a third kind of erase, intended to remagnetize all portions of the disk surface.
The formal requirement to remagnetize the surface is ridiculously strict, becaue the exotic techniques
DON'T KNOW HISTORY. Those random little domains can be left over from the manufacturer's
bad-block scan, or from last December's diagnostic reformat, or from the camera run from last
week, or from this week's most sensitive information, or can be a combination of all of those.
Or, it could be a bit of cosmic ray induced damage. The exotic reconstruction technique
doesn't have any noise margin, it doesn't ignore the insignificant; noise is guaranteed.