Slashdot Mirror
On-Call-IT Assists In Government Data Destruction
covaro writes "Seems those on-site computer services may be helping to cover up government dirty deeds these days. The Wall Street Journal reports: 'Investigators learned that [Office of Special Counsel head Scott Bloch, who has been under investigation since 2005] erased all the files on his office personal computer late last year. They are now trying to determine whether the deletions were improper or part of a cover-up, lawyers close to the case said ... Bypassing his agency's computer technicians, Mr. Bloch phoned for Geeks on Call, the mobile PC-help service ... Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards. The process makes it nearly impossible for forensics experts to restore the data later.'"
Surely if you are that worried you just have the tech install a new (and probably bigger and faster) hard disc? Would be quicker and cheaper.
Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards.
You have to wonder - For those who can't do such things themselves, wouldn't it cost less to just buy a new HDD, and take a sledgehammer (or thermite, where readily available) to the old one?
Sure, for most Slashdotters who can do their own "seven level wipe" (or whatever number the current rumors claim works infallably), saving a few hundred bucks for "good enough" makes sense. But if you plan to spend the money either on a drive or an "expert", why not just physically trash the drive?
This is a Rove smear, he is investigating Rove, and Rove always tries to smear anyone who tries to uncover his dirty lies.
a resounding recommendation for Geeks on Call.
Unless they happen to be ex-DoD IT employees, trying to make ends meet.
WARNING: Smartphones have side effects--most of them undocumented.
"The process makes it nearly impossible for forensics experts to restore the data later."
Notice the wording: _nearly_ impossible. But not impossible, huh?
Lessoned learned: don't trust a seven-pass DOD 5220.22-M. Use a 35 pass ( http://en.wikipedia.org/wiki/Gutmann_method ) because you never know who wants your private collection of pr0n.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
They just called a geek squad to cover their tracks!
It's strange how there's no outrage over these kinds of things. The need for transparent government is seriously overlooked.
Assuming, of course, (like most /.ers will), that this guy is automatically completely Guilty (well, the magical word "Rove" was invoked, so he must be, by association...), then I wonder who among those screaming for his head will accept that if he *is* guilty, he has the Right not incriminate himself.
Then again, the Inquisitors won't need the data, they can just torture whatever information they need out of him, in order to help prove that the current Administration is devil-spawn, while the promises of those who oppose it will be fulfilled, and All Will Be Made Right In The World, if only you elect them instead this next time.
No, this isn't a Troll. Think about it, before reacting, for once.
(Cluebat: There ain't no difference between the parties up there - their sole aim is to get and keep power, and the way they do that is by telling a different set of lies about what they'll do in order to get elected. Citation: See "Current Congress".)
Time for a third party. Time for a political Monkeywrench Gang.
Chances of that happening: Slim, to None.
Forecast: Same political shit, different day.
Sigh.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
...plausible deniability...
Taking a hammer (or thermite) to a hard drive is considerably more suspicious than saying you "wiped your drive because you thought you had a virus". In todays security-conscious environment, an overzealous old guy wiping his drive in such a manner can easily be spun into something done with a good conscience... or if you're feeling brave, stupidity...
How about Hanlon's Razor; "never attribute to malice, what can be attributed to stupidity".
And that's your perfect answer "Oops I'm sorry, I wanted to make sure my virus had gone. I didn't realise it would get rid of evidence as well..." - this guy's smart, but probably not smart enough...
Surely, there are ways to retrieve the data.
For example, if the hard drive included porn, they could just subpoena the geek squad's own hard drives. I'm sure there'd be a copy. Of course, it depends if you really want to see certain White House personalities getting blow jobs from interns. Being Republicans, they'd be same-sex interns, of course. And they'd be interspersed with images saved from goat.se.
Or you could just torture the hard drive until it reveals all. Everyone knows torture works.
On a more serious note, can anyone clarify if retrieval using a SQUID ( http://en.wikipedia.org/wiki/SQUID ) would be possible?
Save the people some money, hit it with a hammer (not one of the $500 dollars ones, a cheap one from Ace Hardware or something), through it in the Potomac, and get a new one.
Don't bother hiring IT services to wipe drives, just use DBAN.
All that remains is to find the tapes ...
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
"determine whether the deletions were improper or part of a cover-up, lawyers close to the case said"
Like plain old deceit as opposed to actual fraud?
Or an ordinary murder as opposed to a bloody execution?
I'm glad these lawyers have their standards straight.
sounds like there is a business selling physically destructable drives - a drive witha an easy open case, and a method to physcially damage the platter
when i was a kid, an older geek guy told me, with admiration in his voice, about collins radio, and the manual that went with its equpiment for the military.
the 1st page of hte manual said something to the effect, if this equipment is about to be captured by the enemey, here is one thing you can do in 1 min to render the equiment unusable....
You're not going to get shit from any quality 7 level whipe. They'd be lucky to get anything reusable from far less whipes especially considering he did this a year ago and likely has written data to the drive since then further whiping anything left on there.
Well, in his defense employees should have the right to permanently remove personal data from their work stations such as emails, web surfing history, porn or whatever other private data a person might collect. Unfortunately the overbroad destruction of evidence or obstruction charges are not preventing any reasonable level of privacy. Most importantly is these changes are new and people weren't given any real warning that they were about to lose the right to clear their system of personal data.
Now, obviously this guy had more to hide than personal data.
and NO Geek Squad should have more than thought twice about assisting a public official KNOWN to be under investigation or at least scrutiny to do a 7 layer whipe. Unless they had no idea who he was they should have question why a public official needed a DOD level whipe on his laptop.
I wouldn't say they are at fault, but it's not a very responsible thing to do, assisting public officials in destroying data.
I have a solution. We don't really need that data as proof. Lets just waterboard him until he gives us a confession. PROBLEM SOLVED ! Hey... it's not tortue, the GOP says so.
Select your hard drive from the list on the left. Note that you can erase either a whole drive, or just a selected partition.
Click on the Erase tab, then on the Security Options button.
Click on the 7-Pass Erase radio button. On Tiger (10.4) it says this provides a "highly secure erasure" of the drive; on Leopard it names the MIL-STD document that the erasure conforms to.
Click the OK button, then the Erase button, then confirm that you really want to wipe your drive.
Wait a long time.
Coverup!
For the truly paranoid, there is also a 35-pass erase option.
Request your free CD of my piano music.
You have a virus infection on a laptop which has an unknown history of security sensitive data being stored onto it. The previous or current owner can tell you just what data is important still.
You don't know just what the virus might have transmitted. Possibly this is not the first such case with unknown consequences.
So you just get rid of the virus for now, and leave unknown amounts of sensitive but no longer needed data there for the next virus which is bound to happen eventually?
Sorry, but I consider it eminently sensible to use the opportunity to actually clean out dangerous garbage before it blows up around your head next time.
Yes, this is not necessary for virus removal (iff the virus gets removed properly). It is to guard against sensitive but no longer needed data coming into the wrong hands later on.
Whether the "wrong hands" this has been for have been virus writers or law enforcement or both: one can't know without being involved.
All these thoughts come to mind:
1. What did they charge the GOVERNMENT to do this?
2. Should I be upset that this guy needed to use my tax money to hire an outside company to do something when my tax money goes for a goverment IT person making $100K+ that could do it or that the person could have used the theoretical $700 hammer to get the job done?
3. Did Geeks on Call have licensed software to do the job? (OK aBB reference)
4. Did Geeks on Call backup the data to a portable drive to take back to the office (Yes I know this was BB, but who else does this?)
So many questions and no answers. I'm sure I could think of more.
I just have a little gripe. It seems to me that we /. types and the public in general are obsessed with portraying anything the government of (insert western country here) does in a negative light. I think we've lost sight of the fact that the vast majority of people working in the public service sector are hard working neighbors of ours that go to work every day and do their part in an attempt to make society better. This isn't to say that the bureaucracy doesn't often screw up, create inefficiencies and from time to time do shady things, but more often than not these problems are the effect of a handful of idiots that have enough power to make things happen. Just like in a neighborhood, any large entity will have all types of people; good, bad, honest, dishonest, etc. Constant unending criticism from the general public neither productive or effective. It simply serves to cheapen the efficacy of justified criticism when it is in fact needed. What this guy did is without question 'shady' (not to mention illegal) but it doesn't reflect on the leadership as a whole. We have many good, hard working leaders, and many more working behind the scenes to make ours some of the best living in the world. Don't lose sight of that. Just my two cents.
... that they overcharged the shit out of this guy. $1100 to run a utility? Score.
Why is there no policy in the government that means his use of another company to remove data from his system was an automatic breach with serious consequences. I have implemented that policy in my company, namely don't install unapproved software or attempt to change any setting at all without IT approval.
This sig is encrypted
which can be accessed with Secure Erase, a free disk wiping utility.
Takes a few minutes, and is allegedly more secure than DBAN but still not as secure as physical destruction.
You're welcome.
This is not shocking news. After all, corporations and gov't are merely quid-pro-quo whorehouses sold to the highest bidder. When the gov't needs illegal wire-taps, Verizon and Sprint allow them secret rooms to listen in on calls. When Haliburton (and KBR) need more revenue, the gov't hands out no-bid contracts. When the gov't dislikes literature, Amazon and Wikipedia ban the book "America Deceived". We The People had our gov't sold out from beneath us.
Final link (before Google Books caves to pressure and drops the title):
America Deceived (book)
Iirc, someone found out that, at least when dealing with commercial data recovery services, *none* were able to recover anything at all after but a single dd wipe with /dev/null or /dev/urandom on modern hard drives. What'd they miss?
http://greenobyl.com/ please.... think of the children!!
Let's suppose for a moment that whatever was on that hard drive would prove him guilty of all charges; the penalty for that would be severe, like a stiff fine and jail time.
Now let's suppose he did a good job of destroying all the evidence, now he can only be tried for destroying evidence, which is pretty bad, but perhaps not as bad as whatever it is he actually did.
If you were wanted for heinous crimes against humanity (I don't know uhh... biological warfare!), and the only person with any proof winds up dead at your hands, you just need to defend yourself against the murder charge.
-Billco, Fnarg.com
I suspect that even after a single zero pass, the disk has to be mounted in some sort of electron microscope. Maybe it can stay mounted but the heads have to have analog circuitry attached. In either case, the question is over magnetism remaining after overwriting. I suspect that three good [uncracked] pseudorandom passes is more than sufficient. But perhaps not if more than 10% magnetism remains after over-write (which I doubt because the BER would then be beyond ECC).
If the IT folks are worried about security and evidence (and if he is being investigated, they probably would want to be) - shouldn't they have taken some physical security measures? Disable boot from CD/floppy/USB, password protect BIOS, and physically lock the case? Sure you can crack the BIOS, or bust the lock/case - but I doubt Geeks On Call would go that far.
This is totally a legal issue, not technical.
It's also a legal issue for the customer, who hires the tech service, not the tech service.
I haven't opened any drive more recent than a 200MB (i.e. >10 yrs old), but all I needed to do that was a torx driver. I've never encountered one built to resist intentional opening (unless you count those stickers!) The platters are a non-magnetic material (aluminum in my experience, though I hear glass is used, too) coated with a thin layer of ferromagnetic material. I'm pretty sure that a few minutes with an orbital sander on this layer would make it "effectively unrecoverable" by even the best data recovery house. It's hard to say what the pattern of magnetic orientations might have been once they're scattered in a completely random pile of dust. You give me 30 minutes, I'll make sure your data can't be read. And, I can get some windchimes and rare earth magnets at the same time! Bonus!
Mac OS X uses the 7 & 35-pass Gutmann method for securely deleting files. Deleting files is not wrong, that's why we delete them! Incidentally, both President Bill Clinton and George W. Bush use Apple Macintoshes for their personal and profession computers. Probably for this and other reasons.
The DoD standard calls for inverting all bits (i.e. each byte ~0xff), then all 1, then all 0, then verify. In reality, a single overwrite with random data will keep forensics experts from finding the data itself; they can MFM the drive but the hardware takes years and years to run and can't reconstruct the data accurately really (it's statistical, you have either 1.001 or 0.001 after writing, but you've done this so many times you have like 1.037 or 0.049 etc, the numbers go up and down...).
Forensics experts can glaringly tell when you've faked dates on files or wiped files due to the placement of data on the drive by sector itself. They can't get the data, but they can tell you what you did with it. It's like paleontology, but you can only tell that bones were there, and not what kind or shape or size.
Support my political activism on Patreon.
A U.S. official overseeing a probe of former Bush aide Karl Rove yesterday refused to give federal investigators copies of "personal files" he deleted from his office computer, after it was discovered he hired a private computer-help company to erase all the hard drives belonging to him and two deputies. Special Counsel Scott J. Bloch hired a firm to perform a DoD-wipe, guaranteeing the files could never be restored. Bloch said he suspected his computer was infected by a virus - an unorthodox remedy. The receipt for the work performed makes no mention of a virus. Bloch refuses to turn over other files saved online and claims no documents relevant to any investigation have been purged. "We don't do a seven-level wipe for a virus," said a manager of Geeks on Call - the firm that was hired.
"Flyin' in just a sweet place,
Never been known to fail..."
Laptops are rarely backed up. Even if they are its typically only what the user wants to backup. Archiving files at the server level (email, web, and ftp proxies) would be the better choice.
And why didn't this guy just do a simple google search and use a DBAN boot disk? Moron had to call for help...
... $1100 for a tech guy or at least ten times that amount for a lawyer explaining what was on the hard-drive. Score.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Oh, wait. This is a gov't operation. Never mind.
Have gnu, will travel.
Besides the shadiness which I completely agree is there I'm disappointed with Geek Squad. Granted coming in and quickly wiping systems regardless of the issue is what I've heard is their approach (not passing judgement either since the model works for general consumers) but didn't anybody from the tech to dispatch question whether they should be doing this? During my time consulting I certainly scrutinized all aspects of the tasks assigned to me since blindly following instructions in technology can lead to so many problems. Wonder what their liability, if any, is here as well since they should have known better than to wipe such a system.
That's just my POV... no more, no less.
This is nonsense. There is very good indication that a single overwrite with zeros on modern drives makes recovery completely impossible. And don't cite Gutman at me, read his addendums first. He agrees.
A seven times overwrite of a modern disk with some random passes in between cannot be recoverd from by any means in this universe, that has to read the data from disk. The disk cannot hold 7 times as many data. It is not a question of reading equipment, but a coating material limitations. Magnetic microscopy, or the like, cannot read what is not there.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
(Sadly, that's just a video of an iPhone -- couldn't find one of a hard drive.)
So if you want to overwrite everything on a disk, you may need to talk to the disk controller at a lower-than-usual level rather than using your regular OS tools, and there still may be blocks that the controller can't successfully overwrite.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
He should have wiped it first, THEN chucked it in the microwave for a couple of minutes, THEN reported to his boss that a power surge has destroyed his hard drive. You may also need to take a stun gun to the rest of the machine for that to hold up...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I used to do housecalls, and more than once I had to do a secure wipe due to a virus.. and especially rootkits. I used to use 7-pass before I discovered 3-pass was sufficient.
Then, I realized another use for DBAN, the rehabilitation of the disk.
In many cases where a hardware error is not involved, a bad disk goes back to the factory and the manufacturer does a low level wipe. A DBAN 35 pass PRNG stream run can give similar results to a low level wipe, rehabilitating the disk. I don't have a google full of datapoints, but they seem to last longer under stress after this process than drives fresh from the manufacturer.
Good luck!
Government
Official
Most of the mouth-breathers who work for the government (especially the fogeys in the upper echelons) count themselves lucky if they know how to breath and spread bullshit at the same time.
Computers? That's like, magic or something...
In short, can you smell the Lud?
Chas - The one, the only.
THANK GOD!!!
This does work: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Improper could simply be a deviation of SOP, perhaps even due to a suspicion of the integrity of the IT dept. (GASP) It's unlikely, but it's still /possible/ and any investigator worth his salt would want to determine just how foul the play was before proceeding. The question here isn't whether the incident was inappropriate, it was. It's a question of motive, of degree.
And in the case of a murder, yes, that's exactly right, it would be prudent to determine the method and motivation behind it before moving forward with some kind of punishment. You are aware that both crimes (fraud and murder) prompt different penalties depending on the degree of the infraction according to US law? Not saying I agree with it, but that degree has to be ascertained before punishment can go forward.
When all he needed was a speedy and communicative developer. Yes sometimes the big mill has to start churning. And at other times, we just need a little app for a limited time.
8 of 13 people found this answer helpful. Did you?
How many Bush operatives are going to get nailed for deleting files?
If there's a legal requirement to keep something I read or write at work, I kind of just assume that deleting data will not eradicate it. You know -- if it's a felony to delete my email, I would just assume that IT would have that covered and be saving all of my email, instead of requiring me to archive it on my own computer (which isn't backed up).
This is one of the reasons they are going after Rove. He read some email and then deleted it. Add in IT idiots and all of the sudden it's a coverup -- turns out there was no archive other than his inbox.
For me, standard decommissioning procedure for any computer is the 7-pass option on the Mac OS X Disk Utility if it's an Apple, or Derek's Boot and Nuke if it's not. Not sure how DBAN would come up in routine maintenance, but in a secure government situation I could imagine a standard procedure of scrambling the drive whenever it needs a format, just in case you wind up replacing the disk instead.
While I agree with you that a few random passes will completely delete everything it touches, there is one tiny exception. As far as I remember, hard drives are built to be slightly larger than their advertised size, with firmware that recognizes and simply avoids bad sectors (given the size of modern hard drives, a bad sector or two is nothing). Occasionally, the HD Firmware will recognize an area going bad during daily use of the HD, copy the data to a good sector, and simply avoid the bad sector from then on, mapping it right out.
Performing a few random passes (or 35, for that matter) will never touch data in sectors that went bad during the use of the hard drive. The chance of that data being important and being recoverable is far less likely than you being struck by lighting twice (yes, I pulled that statistic out of my ass), so no one worries about it. But this is slashdot, so I felt a need to add to the conversation.
--
whereisstony.blogspot.com