Slashdot Mirror
On-Call-IT Assists In Government Data Destruction
covaro writes "Seems those on-site computer services may be helping to cover up government dirty deeds these days. The Wall Street Journal reports: 'Investigators learned that [Office of Special Counsel head Scott Bloch, who has been under investigation since 2005] erased all the files on his office personal computer late last year. They are now trying to determine whether the deletions were improper or part of a cover-up, lawyers close to the case said ... Bypassing his agency's computer technicians, Mr. Bloch phoned for Geeks on Call, the mobile PC-help service ... Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards. The process makes it nearly impossible for forensics experts to restore the data later.'"
And what to do with the old one? Throw away and let some scavenger hunter find the data? Wiping a drive like this sounds like the easiest way to get rid of it, compared to the alternatives.
c++;
Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards.
You have to wonder - For those who can't do such things themselves, wouldn't it cost less to just buy a new HDD, and take a sledgehammer (or thermite, where readily available) to the old one?
Sure, for most Slashdotters who can do their own "seven level wipe" (or whatever number the current rumors claim works infallably), saving a few hundred bucks for "good enough" makes sense. But if you plan to spend the money either on a drive or an "expert", why not just physically trash the drive?
This is a Rove smear, he is investigating Rove, and Rove always tries to smear anyone who tries to uncover his dirty lies.
a resounding recommendation for Geeks on Call.
Unless they happen to be ex-DoD IT employees, trying to make ends meet.
WARNING: Smartphones have side effects--most of them undocumented.
"The process makes it nearly impossible for forensics experts to restore the data later."
Notice the wording: _nearly_ impossible. But not impossible, huh?
Lessoned learned: don't trust a seven-pass DOD 5220.22-M. Use a 35 pass ( http://en.wikipedia.org/wiki/Gutmann_method ) because you never know who wants your private collection of pr0n.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
They just called a geek squad to cover their tracks!
It's strange how there's no outrage over these kinds of things. The need for transparent government is seriously overlooked.
And what to do with the old one? Throw away and let some scavenger hunter find the data?
Sledge hammer applied repeatedly.
Industrial shredder.
Thermite.
Persistant application of a grinding wheel.
Personally tossing in a large crucible of molten steel.
Fuming sulfuric acid.
We may not all have the resources to do all of the above, but I'd bet most of us can find a way to physically reduce a HDD to very very small chunks, if not completely dissolving/melting it at a molecular level.
Assuming, of course, (like most /.ers will), that this guy is automatically completely Guilty (well, the magical word "Rove" was invoked, so he must be, by association...), then I wonder who among those screaming for his head will accept that if he *is* guilty, he has the Right not incriminate himself.
Then again, the Inquisitors won't need the data, they can just torture whatever information they need out of him, in order to help prove that the current Administration is devil-spawn, while the promises of those who oppose it will be fulfilled, and All Will Be Made Right In The World, if only you elect them instead this next time.
No, this isn't a Troll. Think about it, before reacting, for once.
(Cluebat: There ain't no difference between the parties up there - their sole aim is to get and keep power, and the way they do that is by telling a different set of lies about what they'll do in order to get elected. Citation: See "Current Congress".)
Time for a third party. Time for a political Monkeywrench Gang.
Chances of that happening: Slim, to None.
Forecast: Same political shit, different day.
Sigh.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
...plausible deniability...
Taking a hammer (or thermite) to a hard drive is considerably more suspicious than saying you "wiped your drive because you thought you had a virus". In todays security-conscious environment, an overzealous old guy wiping his drive in such a manner can easily be spun into something done with a good conscience... or if you're feeling brave, stupidity...
How about Hanlon's Razor; "never attribute to malice, what can be attributed to stupidity".
And that's your perfect answer "Oops I'm sorry, I wanted to make sure my virus had gone. I didn't realise it would get rid of evidence as well..." - this guy's smart, but probably not smart enough...
Don't bother hiring IT services to wipe drives, just use DBAN.
>And what to do with the old one?
Take it to a service and have it shredded. In fact, since a lot of forensic data recovery is done with scratch files, etc., that may be stored separately, take the whole computer to a service and have it shredded. (Yes, at least here in DC, there are such services.)
Since this wasn't his computer, but his employeers' computer, I expect that he may find that his easure wasn't as effective as he would of liked, and that he may now be in a lot of trouble.
Or a screw-driver followed by steel wool on the platters.
BTW, nitric acid would likely be more effective than sulphuric. And a mix of nitric and hydrochloric (commonly known as aqua regia) will probably do an even better job. The nitric acts as an oxidizing agent while the hydrochloric can help complex some of the resulting metal ions making the mixture more effective. Sulphuric would probably just get rid of some of the organic coatings in the time that it would take the aqua regia to chew through all the metals.
? Throwing your old hard disc on the fire is highly effective and free regardless of your level of technical knowledge and does not require paying someone to repeatable wipe your old one or for you to trust they are competent enough to have done it correctly.
All that remains is to find the tapes ...
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
"determine whether the deletions were improper or part of a cover-up, lawyers close to the case said"
Like plain old deceit as opposed to actual fraud?
Or an ordinary murder as opposed to a bloody execution?
I'm glad these lawyers have their standards straight.
What, hard drives are indestructible? Goodbye, bricks!
I just read Slashdot for the articles.
sounds like there is a business selling physically destructable drives - a drive witha an easy open case, and a method to physcially damage the platter
when i was a kid, an older geek guy told me, with admiration in his voice, about collins radio, and the manual that went with its equpiment for the military.
the 1st page of hte manual said something to the effect, if this equipment is about to be captured by the enemey, here is one thing you can do in 1 min to render the equiment unusable....
Select your hard drive from the list on the left. Note that you can erase either a whole drive, or just a selected partition.
Click on the Erase tab, then on the Security Options button.
Click on the 7-Pass Erase radio button. On Tiger (10.4) it says this provides a "highly secure erasure" of the drive; on Leopard it names the MIL-STD document that the erasure conforms to.
Click the OK button, then the Erase button, then confirm that you really want to wipe your drive.
Wait a long time.
Coverup!
For the truly paranoid, there is also a 35-pass erase option.
Request your free CD of my piano music.
You have a virus infection on a laptop which has an unknown history of security sensitive data being stored onto it. The previous or current owner can tell you just what data is important still.
You don't know just what the virus might have transmitted. Possibly this is not the first such case with unknown consequences.
So you just get rid of the virus for now, and leave unknown amounts of sensitive but no longer needed data there for the next virus which is bound to happen eventually?
Sorry, but I consider it eminently sensible to use the opportunity to actually clean out dangerous garbage before it blows up around your head next time.
Yes, this is not necessary for virus removal (iff the virus gets removed properly). It is to guard against sensitive but no longer needed data coming into the wrong hands later on.
Whether the "wrong hands" this has been for have been virus writers or law enforcement or both: one can't know without being involved.
All these thoughts come to mind:
1. What did they charge the GOVERNMENT to do this?
2. Should I be upset that this guy needed to use my tax money to hire an outside company to do something when my tax money goes for a goverment IT person making $100K+ that could do it or that the person could have used the theoretical $700 hammer to get the job done?
3. Did Geeks on Call have licensed software to do the job? (OK aBB reference)
4. Did Geeks on Call backup the data to a portable drive to take back to the office (Yes I know this was BB, but who else does this?)
So many questions and no answers. I'm sure I could think of more.
I tried destroying an old 1.2GB hdd with about 700MB of bad clusters using a sledgehammer. It was actually surprisingly robust under the blows from the hammer.
Just in case you are wondering what I was trying to hide, it was bank account details from about ten years ago.
I just have a little gripe. It seems to me that we /. types and the public in general are obsessed with portraying anything the government of (insert western country here) does in a negative light. I think we've lost sight of the fact that the vast majority of people working in the public service sector are hard working neighbors of ours that go to work every day and do their part in an attempt to make society better. This isn't to say that the bureaucracy doesn't often screw up, create inefficiencies and from time to time do shady things, but more often than not these problems are the effect of a handful of idiots that have enough power to make things happen. Just like in a neighborhood, any large entity will have all types of people; good, bad, honest, dishonest, etc. Constant unending criticism from the general public neither productive or effective. It simply serves to cheapen the efficacy of justified criticism when it is in fact needed. What this guy did is without question 'shady' (not to mention illegal) but it doesn't reflect on the leadership as a whole. We have many good, hard working leaders, and many more working behind the scenes to make ours some of the best living in the world. Don't lose sight of that. Just my two cents.
... that they overcharged the shit out of this guy. $1100 to run a utility? Score.
Why is there no policy in the government that means his use of another company to remove data from his system was an automatic breach with serious consequences. I have implemented that policy in my company, namely don't install unapproved software or attempt to change any setting at all without IT approval.
This sig is encrypted
which can be accessed with Secure Erase, a free disk wiping utility.
Takes a few minutes, and is allegedly more secure than DBAN but still not as secure as physical destruction.
You're welcome.
http://greenobyl.com/ please.... think of the children!!
I have done a similar thing, they are surprisingly resilient. However in the battle between hammer and harddrive, the stamina of the hammer eventually wins out.
My reasons were the hard drive for some reason made my PC unstable, so I took a few months frustrations out on it. After that day my PC worked fine.
Let's suppose for a moment that whatever was on that hard drive would prove him guilty of all charges; the penalty for that would be severe, like a stiff fine and jail time.
Now let's suppose he did a good job of destroying all the evidence, now he can only be tried for destroying evidence, which is pretty bad, but perhaps not as bad as whatever it is he actually did.
If you were wanted for heinous crimes against humanity (I don't know uhh... biological warfare!), and the only person with any proof winds up dead at your hands, you just need to defend yourself against the murder charge.
-Billco, Fnarg.com
There are plenty of places out there that do data recovery, and some of them can retrieve quite a lot of data from hard drives that have been through house fires and the like. If your fire doesn't leave the platters in a molten pool of metal, it's not good enough.
I see your informative link, and raise you a pithy comment.
I suspect that even after a single zero pass, the disk has to be mounted in some sort of electron microscope. Maybe it can stay mounted but the heads have to have analog circuitry attached. In either case, the question is over magnetism remaining after overwriting. I suspect that three good [uncracked] pseudorandom passes is more than sufficient. But perhaps not if more than 10% magnetism remains after over-write (which I doubt because the BER would then be beyond ECC).
"Well, in his defense employees should have the right to permanently remove personal data from their work stations such as emails, web surfing history, porn or whatever other private data a person might collect...reasonable level of privacy."
There is no such thing as a reasonable level of privacy for the things you list [regardless of gov/corp status]. An employee has no right to use the employer's equipment/services for personal purposes, that includes "emails, web surfing history, porn or whatever other private data a person might collect" - it should not be on the PC unless it [the PC] is yours.
I field this issue on a regular basis [desktop admin weenie for a smallish health insurance company]. We have the full backing of management to immediately delete any unathorized apps/data ["...yes, I did remotely delete iTunes and all of the music files on this PC, please address your complaints to Corporate Data Security, the Ethics and Compliance department, HR and every manager in my food chain...would you like their cell phione numbers?.."]. Despite the assumption that everyone seems to have that you have privacy at your place of employment you actually have very little [restroom with no camera/mic...thats about it]. The PC,hard disk, network, innerweb connection, email systems, telephone and every bit of airspace on the property are paid for by the employer - you have rights to pretty much none of it as an employee.
I tried that once, too, and won't try it again. Just boring a few holes through it with a drill press is a lot easier. While it's perhaps not quite as destructive as actually scrubbing the platters or shredding them, it does enough for most purposes. It also makes the drive obviously un-usable, which I figure means it's more likely to stay in the trash than one that looks functional.
For the most fun, though, nothing beats shooting them. (I'm a fan of 5.56mm at about 100 yards, since it keeps you well away from any flying debris.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Most people don't know what a hard disk is, what one looks like, how to get it out of their case, or what their options are. They call the tech guy and say "trash my data so no one can get it back". And the tech guy does that literally.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
I haven't opened any drive more recent than a 200MB (i.e. >10 yrs old), but all I needed to do that was a torx driver. I've never encountered one built to resist intentional opening (unless you count those stickers!) The platters are a non-magnetic material (aluminum in my experience, though I hear glass is used, too) coated with a thin layer of ferromagnetic material. I'm pretty sure that a few minutes with an orbital sander on this layer would make it "effectively unrecoverable" by even the best data recovery house. It's hard to say what the pattern of magnetic orientations might have been once they're scattered in a completely random pile of dust. You give me 30 minutes, I'll make sure your data can't be read. And, I can get some windchimes and rare earth magnets at the same time! Bonus!
Sorry, now that I reread your comment, you weren't saying that one couldn't destroy it, only that tossing it on a fire wouldn't be good enough. Now why didn't that sink in the first time? I think someone's been sanding my brain platters.
Mac OS X uses the 7 & 35-pass Gutmann method for securely deleting files. Deleting files is not wrong, that's why we delete them! Incidentally, both President Bill Clinton and George W. Bush use Apple Macintoshes for their personal and profession computers. Probably for this and other reasons.
The DoD standard calls for inverting all bits (i.e. each byte ~0xff), then all 1, then all 0, then verify. In reality, a single overwrite with random data will keep forensics experts from finding the data itself; they can MFM the drive but the hardware takes years and years to run and can't reconstruct the data accurately really (it's statistical, you have either 1.001 or 0.001 after writing, but you've done this so many times you have like 1.037 or 0.049 etc, the numbers go up and down...).
Forensics experts can glaringly tell when you've faked dates on files or wiped files due to the placement of data on the drive by sector itself. They can't get the data, but they can tell you what you did with it. It's like paleontology, but you can only tell that bones were there, and not what kind or shape or size.
Support my political activism on Patreon.
A U.S. official overseeing a probe of former Bush aide Karl Rove yesterday refused to give federal investigators copies of "personal files" he deleted from his office computer, after it was discovered he hired a private computer-help company to erase all the hard drives belonging to him and two deputies. Special Counsel Scott J. Bloch hired a firm to perform a DoD-wipe, guaranteeing the files could never be restored. Bloch said he suspected his computer was infected by a virus - an unorthodox remedy. The receipt for the work performed makes no mention of a virus. Bloch refuses to turn over other files saved online and claims no documents relevant to any investigation have been purged. "We don't do a seven-level wipe for a virus," said a manager of Geeks on Call - the firm that was hired.
"Flyin' in just a sweet place,
Never been known to fail..."
Laptops are rarely backed up. Even if they are its typically only what the user wants to backup. Archiving files at the server level (email, web, and ftp proxies) would be the better choice.
And why didn't this guy just do a simple google search and use a DBAN boot disk? Moron had to call for help...
... $1100 for a tech guy or at least ten times that amount for a lawyer explaining what was on the hard-drive. Score.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Oh, wait. This is a gov't operation. Never mind.
Have gnu, will travel.
hey, it's only *nearly* impossible, that means it is certainly possible.
MP3 Search Engine
Or just fill it with data and delete a few times. Once you're certain that every sector has been overwritten, you're clear.
No, you cannot read data back once it's been overwritten. Not even if you're the NSA. Not with modern drives, anyway, modern being "any drive made in the last ten years".
Besides the shadiness which I completely agree is there I'm disappointed with Geek Squad. Granted coming in and quickly wiping systems regardless of the issue is what I've heard is their approach (not passing judgement either since the model works for general consumers) but didn't anybody from the tech to dispatch question whether they should be doing this? During my time consulting I certainly scrutinized all aspects of the tasks assigned to me since blindly following instructions in technology can lead to so many problems. Wonder what their liability, if any, is here as well since they should have known better than to wipe such a system.
That's just my POV... no more, no less.
This is nonsense. There is very good indication that a single overwrite with zeros on modern drives makes recovery completely impossible. And don't cite Gutman at me, read his addendums first. He agrees.
A seven times overwrite of a modern disk with some random passes in between cannot be recoverd from by any means in this universe, that has to read the data from disk. The disk cannot hold 7 times as many data. It is not a question of reading equipment, but a coating material limitations. Magnetic microscopy, or the like, cannot read what is not there.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
(Sadly, that's just a video of an iPhone -- couldn't find one of a hard drive.)
So if you want to overwrite everything on a disk, you may need to talk to the disk controller at a lower-than-usual level rather than using your regular OS tools, and there still may be blocks that the controller can't successfully overwrite.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
He should have wiped it first, THEN chucked it in the microwave for a couple of minutes, THEN reported to his boss that a power surge has destroyed his hard drive. You may also need to take a stun gun to the rest of the machine for that to hold up...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Government
Official
Most of the mouth-breathers who work for the government (especially the fogeys in the upper echelons) count themselves lucky if they know how to breath and spread bullshit at the same time.
Computers? That's like, magic or something...
In short, can you smell the Lud?
Chas - The one, the only.
THANK GOD!!!
This does work: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Improper could simply be a deviation of SOP, perhaps even due to a suspicion of the integrity of the IT dept. (GASP) It's unlikely, but it's still /possible/ and any investigator worth his salt would want to determine just how foul the play was before proceeding. The question here isn't whether the incident was inappropriate, it was. It's a question of motive, of degree.
And in the case of a murder, yes, that's exactly right, it would be prudent to determine the method and motivation behind it before moving forward with some kind of punishment. You are aware that both crimes (fraud and murder) prompt different penalties depending on the degree of the infraction according to US law? Not saying I agree with it, but that degree has to be ascertained before punishment can go forward.
When all he needed was a speedy and communicative developer. Yes sometimes the big mill has to start churning. And at other times, we just need a little app for a limited time.
8 of 13 people found this answer helpful. Did you?
How many Bush operatives are going to get nailed for deleting files?
If there's a legal requirement to keep something I read or write at work, I kind of just assume that deleting data will not eradicate it. You know -- if it's a felony to delete my email, I would just assume that IT would have that covered and be saving all of my email, instead of requiring me to archive it on my own computer (which isn't backed up).
This is one of the reasons they are going after Rove. He read some email and then deleted it. Add in IT idiots and all of the sudden it's a coverup -- turns out there was no archive other than his inbox.
For me, standard decommissioning procedure for any computer is the 7-pass option on the Mac OS X Disk Utility if it's an Apple, or Derek's Boot and Nuke if it's not. Not sure how DBAN would come up in routine maintenance, but in a secure government situation I could imagine a standard procedure of scrambling the drive whenever it needs a format, just in case you wind up replacing the disk instead.
While I agree with you that a few random passes will completely delete everything it touches, there is one tiny exception. As far as I remember, hard drives are built to be slightly larger than their advertised size, with firmware that recognizes and simply avoids bad sectors (given the size of modern hard drives, a bad sector or two is nothing). Occasionally, the HD Firmware will recognize an area going bad during daily use of the HD, copy the data to a good sector, and simply avoid the bad sector from then on, mapping it right out.
Performing a few random passes (or 35, for that matter) will never touch data in sectors that went bad during the use of the hard drive. The chance of that data being important and being recoverable is far less likely than you being struck by lighting twice (yes, I pulled that statistic out of my ass), so no one worries about it. But this is slashdot, so I felt a need to add to the conversation.
--
whereisstony.blogspot.com