On-Call-IT Assists In Government Data Destruction

covaro writes "Seems those on-site computer services may be helping to cover up government dirty deeds these days. The Wall Street Journal reports: 'Investigators learned that [Office of Special Counsel head Scott Bloch, who has been under investigation since 2005] erased all the files on his office personal computer late last year. They are now trying to determine whether the deletions were improper or part of a cover-up, lawyers close to the case said ... Bypassing his agency's computer technicians, Mr. Bloch phoned for Geeks on Call, the mobile PC-help service ... Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards. The process makes it nearly impossible for forensics experts to restore the data later.'"

Re:Why not just by a new hard disc

[pla]

And what to do with the old one? Throw away and let some scavenger hunter find the data?

Sledge hammer applied repeatedly.

Industrial shredder.

Thermite.

Persistant application of a grinding wheel.

Personally tossing in a large crucible of molten steel.

Fuming sulfuric acid.

We may not all have the resources to do all of the above, but I'd bet most of us can find a way to physically reduce a HDD to very very small chunks, if not completely dissolving/melting it at a molecular level.

Re:Hire someone???

[mh1997]

You have to wonder - For those who can't do such things themselves, wouldn't it cost less to just buy a new HDD, and take a sledgehammer (or thermite, where readily available) to the old one?

My DoD owned computer at work has the serial numbers recorded for all hardware installed inside the case.

Replace the HDD and somebody somewhere would know and think I stole the disk or data, wipe it and I just say I was removing porn. Porn would get me fired, stealing the HDD or data would get me fired and thrown in jail.

Re:Why not just by a new hard disc

[cab15625]

Or a screw-driver followed by steel wool on the platters.

BTW, nitric acid would likely be more effective than sulphuric. And a mix of nitric and hydrochloric (commonly known as aqua regia) will probably do an even better job. The nitric acts as an oxidizing agent while the hydrochloric can help complex some of the resulting metal ions making the mixture more effective. Sulphuric would probably just get rid of some of the organic coatings in the time that it would take the aqua regia to chew through all the metals.

Re:Why not just by a new hard disc

? Throwing your old hard disc on the fire is highly effective and free regardless of your level of technical knowledge and does not require paying someone to repeatable wipe your old one or for you to trust they are competent enough to have done it correctly.

Re:Why not just by a new hard disc

[jonbryce]

I tried destroying an old 1.2GB hdd with about 700MB of bad clusters using a sledgehammer. It was actually surprisingly robust under the blows from the hammer.

Just in case you are wondering what I was trying to hide, it was bank account details from about ten years ago.

Re:Exactly as I suspected

[bhima]

Not that I have a better idea but I was under the impression that this method was obsolete.
Also I wonder if this does not hasten the death of the drives it is used on.

Most new HDDs have intenral "secure wipe" function

which can be accessed with Secure Erase, a free disk wiping utility.

Takes a few minutes, and is allegedly more secure than DBAN but still not as secure as physical destruction.

You're welcome.

Re:Why not just by a new hard disc

[Torvaun]

There are plenty of places out there that do data recovery, and some of them can retrieve quite a lot of data from hard drives that have been through house fires and the like. If your fire doesn't leave the platters in a molten pool of metal, it's not good enough.

Re:Exactly as I suspected

[bogie]

Gutmann method was only meant for drives from like 20 years ago. I believe he later stated that a few wipes of random data were about the best you could do.

Re:Security depends on attack capabilities

[boa13]

This paper provides a great explanation of the current state of the data recovery industry. How modern hard drives work, how they fail, how they can be recovered, myths and realities.

[PDF] Recovering Unrecoverable Data

Unless the company has made great advances in the product they advertise at the end of the paper, you can be sure that two passes are more than enough to prevent anyone from recovering your data. Intelligence agencies are more likely to kidnap and torture you than invest the extraordinary time and money to get your bits back.

"Overwriting Everything" is surprisingly hard

[billstewart]

It's usually pretty easy to overwrite most of the data on a disk. But the operating system, disk controller, and various drivers make it hard to get absolutely everything, so depending on what you're trying to hide, you may not want to risk that.

• Bad Block Remapping - Once a block goes bad enough to not be reliably writeable, or reliably readable, it'll get mapped out and replaced by another block, and after that, nothing's going to erase it. Normal tools aren't going to be able to access it, but forensics tools usually can.
• Host Protected Area - HPA is a really annoying feature introduced in ATA-4 in 2001 which lets the disk driver hide data from the normal operating system tools and requires special BIOS tricks to access. It seems to have a couple of common uses - OEM-provided recovery operating systems, and making disk drives appear smaller than they actually are (for instance to let you use s 160-GB drive on a computer that doesn't know about drives >128GiB. There are some rootkits that use HPA to hide themselves. I'm currently annoyed at Maxtor because some of their external-USB-disk enclosures use HPA to map large non-OEM drives down to 128GiB, including the 500GB drive I bought to replace a failing 200GB drive, and not only do Maxtor and Seagate's tools not seem to be able to fix the drive, neither do the Linux tools I was able to find....
  

So if you want to overwrite everything on a disk, you may need to talk to the disk controller at a lower-than-usual level rather than using your regular OS tools, and there still may be blocks that the controller can't successfully overwrite.