Slashdot Mirror
On-Call-IT Assists In Government Data Destruction
covaro writes "Seems those on-site computer services may be helping to cover up government dirty deeds these days. The Wall Street Journal reports: 'Investigators learned that [Office of Special Counsel head Scott Bloch, who has been under investigation since 2005] erased all the files on his office personal computer late last year. They are now trying to determine whether the deletions were improper or part of a cover-up, lawyers close to the case said ... Bypassing his agency's computer technicians, Mr. Bloch phoned for Geeks on Call, the mobile PC-help service ... Bloch had his computer's hard disk completely cleansed using a "seven-level" wipe: a thorough scrubbing that conforms to Defense Department data-security standards. The process makes it nearly impossible for forensics experts to restore the data later.'"
And what to do with the old one? Throw away and let some scavenger hunter find the data? Wiping a drive like this sounds like the easiest way to get rid of it, compared to the alternatives.
c++;
They just called a geek squad to cover their tracks!
It's strange how there's no outrage over these kinds of things. The need for transparent government is seriously overlooked.
And what to do with the old one? Throw away and let some scavenger hunter find the data?
Sledge hammer applied repeatedly.
Industrial shredder.
Thermite.
Persistant application of a grinding wheel.
Personally tossing in a large crucible of molten steel.
Fuming sulfuric acid.
We may not all have the resources to do all of the above, but I'd bet most of us can find a way to physically reduce a HDD to very very small chunks, if not completely dissolving/melting it at a molecular level.
Replace the HDD and somebody somewhere would know and think I stole the disk or data, wipe it and I just say I was removing porn. Porn would get me fired, stealing the HDD or data would get me fired and thrown in jail.
Meh. I'm not terribly impressed. I'm guessing all the guy did was show up, ran a copy of DBan charged him $300 (because it's a government job), then left. Not that he did anything wrong. At least he knew the difference between formatting a drive and securely wiping it.
Raging in an online forum won't do anything for the world around you. To see change, you must take action.
Or a screw-driver followed by steel wool on the platters.
BTW, nitric acid would likely be more effective than sulphuric. And a mix of nitric and hydrochloric (commonly known as aqua regia) will probably do an even better job. The nitric acts as an oxidizing agent while the hydrochloric can help complex some of the resulting metal ions making the mixture more effective. Sulphuric would probably just get rid of some of the organic coatings in the time that it would take the aqua regia to chew through all the metals.
sounds like there is a business selling physically destructable drives - a drive witha an easy open case, and a method to physcially damage the platter
when i was a kid, an older geek guy told me, with admiration in his voice, about collins radio, and the manual that went with its equpiment for the military.
the 1st page of hte manual said something to the effect, if this equipment is about to be captured by the enemey, here is one thing you can do in 1 min to render the equiment unusable....
I tried destroying an old 1.2GB hdd with about 700MB of bad clusters using a sledgehammer. It was actually surprisingly robust under the blows from the hammer.
Just in case you are wondering what I was trying to hide, it was bank account details from about ten years ago.
Not that I have a better idea but I was under the impression that this method was obsolete.
Also I wonder if this does not hasten the death of the drives it is used on.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
I just have a little gripe. It seems to me that we /. types and the public in general are obsessed with portraying anything the government of (insert western country here) does in a negative light. I think we've lost sight of the fact that the vast majority of people working in the public service sector are hard working neighbors of ours that go to work every day and do their part in an attempt to make society better. This isn't to say that the bureaucracy doesn't often screw up, create inefficiencies and from time to time do shady things, but more often than not these problems are the effect of a handful of idiots that have enough power to make things happen. Just like in a neighborhood, any large entity will have all types of people; good, bad, honest, dishonest, etc. Constant unending criticism from the general public neither productive or effective. It simply serves to cheapen the efficacy of justified criticism when it is in fact needed. What this guy did is without question 'shady' (not to mention illegal) but it doesn't reflect on the leadership as a whole. We have many good, hard working leaders, and many more working behind the scenes to make ours some of the best living in the world. Don't lose sight of that. Just my two cents.
... that they overcharged the shit out of this guy. $1100 to run a utility? Score.
Why is there no policy in the government that means his use of another company to remove data from his system was an automatic breach with serious consequences. I have implemented that policy in my company, namely don't install unapproved software or attempt to change any setting at all without IT approval.
This sig is encrypted
From OP: "Think about it, before reacting, for once."
From parent: "In Bush's America..."
So your kneejerk reaction is to criticize the current administration. While completely ignoring the fact that a Clinton Administration is completely capable of doing the exact same BS, for the exact same reasons. In fact, they have, and will - it is well known that the one thing you *don't* want to do is to cross The Hillary, not if you want to keep your sack intact. We saw what happens to folks back when Bill was Prez. Same shit, different Party.
Strawberry, neither of them gives a shit about you and your concerns, not really. They just want you to keep falling for the same bi-partisan media mania bullshit, so that they can both keep getting elected. They love their power at your expense, and if you perpetuate the two party system (by voting for candidates from either party, or by propagating either partys political message of scorn for the other side, like you did in the above post), it will never get any better for you as an individual Citizen. Your Rights, your Powers as a Citizen of the USA, your spending power over the money *you* make will all be in continual decline as long as you are willing to accept the false message of dichotomy that continually comes down from the halls of power, via the channels of information pressed on you by the mass-media kingmakers.
My hopes for my fellow Americans in general: Rid yourself of affiliation with Democrats and Republicans, in thought, word, and deed. Become independent and thoughtful. Don't automatically accept propaganda and political prejudice as Truth. See things for what they are. Demand change, and be willing to work for it. Call to account those folks who are in power up there in DC, and make them do what they say, or kick them out.
They are not there to play politics for their party, they are our elected employees, and should be working for *us*.
Stepping up to the plate and becoming The Boss (as we should) won't be easy, and demands that we open our eyes to the reality of the situation we are in right now.
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
which can be accessed with Secure Erase, a free disk wiping utility.
Takes a few minutes, and is allegedly more secure than DBAN but still not as secure as physical destruction.
You're welcome.
http://greenobyl.com/ please.... think of the children!!
I can envision this hidden back room, where Republicans and Democrats cast off their pretentions of being "different" and laugh about all this. "Hey Bob, I've been in power for 8 years now, people are demanding change...so why don't you go out there and show how bad I am and how good you are. They'll vote for you, and we can still keep the same power structure where we both benefit!"
From parent: "I take your point, but I simply don't believe that previous administrations were "just as bad". They weren't; the trend has been downward for a while."
Not so, for what it's worth, despite (or more probably, *because of*) what you might see/hear "reported".
I know some insiders, including a good friend in the Secret Service, and I've heard the stories first-hand. Much of the truth about politicians in general, and in this case, the Clintons in particular, *never* gets close to being reported truthfully. The ties between politicians and media, the "favors" swapped back and forth, keep the Truth about the downright nastiness of those folks out of the public eye.
From historical readings, I think it has always been this way, sadly.
I find it interesting that you have such strong political viewpoints about American candidates, being at the remove that you are. I don't have the time in my life to study objectively the political affairs of another nation and its politicians in order to form strong opinions about it/them, and I damned sure don't believe what I read about them in the press, because it is just too obvious that these media companies have an agenda for my thoughts...
"...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
Let's suppose for a moment that whatever was on that hard drive would prove him guilty of all charges; the penalty for that would be severe, like a stiff fine and jail time.
Now let's suppose he did a good job of destroying all the evidence, now he can only be tried for destroying evidence, which is pretty bad, but perhaps not as bad as whatever it is he actually did.
If you were wanted for heinous crimes against humanity (I don't know uhh... biological warfare!), and the only person with any proof winds up dead at your hands, you just need to defend yourself against the murder charge.
-Billco, Fnarg.com
Thirty years ago, there was a huge uproar about some guy erasing a few minutes of tape. Nowadays, politicians get away with destroying evidence while under investigation...and the media doesn't even raise a stink. He who controls the media, indeed.
There are plenty of places out there that do data recovery, and some of them can retrieve quite a lot of data from hard drives that have been through house fires and the like. If your fire doesn't leave the platters in a molten pool of metal, it's not good enough.
I see your informative link, and raise you a pithy comment.
"Well, in his defense employees should have the right to permanently remove personal data from their work stations such as emails, web surfing history, porn or whatever other private data a person might collect...reasonable level of privacy."
There is no such thing as a reasonable level of privacy for the things you list [regardless of gov/corp status]. An employee has no right to use the employer's equipment/services for personal purposes, that includes "emails, web surfing history, porn or whatever other private data a person might collect" - it should not be on the PC unless it [the PC] is yours.
I field this issue on a regular basis [desktop admin weenie for a smallish health insurance company]. We have the full backing of management to immediately delete any unathorized apps/data ["...yes, I did remotely delete iTunes and all of the music files on this PC, please address your complaints to Corporate Data Security, the Ethics and Compliance department, HR and every manager in my food chain...would you like their cell phione numbers?.."]. Despite the assumption that everyone seems to have that you have privacy at your place of employment you actually have very little [restroom with no camera/mic...thats about it]. The PC,hard disk, network, innerweb connection, email systems, telephone and every bit of airspace on the property are paid for by the employer - you have rights to pretty much none of it as an employee.
Gutmann method was only meant for drives from like 20 years ago. I believe he later stated that a few wipes of random data were about the best you could do.
If you wanna get rich, you know that payback is a bitch
This paper provides a great explanation of the current state of the data recovery industry. How modern hard drives work, how they fail, how they can be recovered, myths and realities.
[PDF] Recovering Unrecoverable Data
Unless the company has made great advances in the product they advertise at the end of the paper, you can be sure that two passes are more than enough to prevent anyone from recovering your data. Intelligence agencies are more likely to kidnap and torture you than invest the extraordinary time and money to get your bits back.
Until people can get over the two party scam; (the false parameters perpetrated onto the people of this country and constantly reinforced by the media); until people can get over that, see it for what it is, and look past it - we can't even begin to think about truly reforming things.
Unfortunately I think it's too late to reform the elections system and false two part (opposite sides of the same coin) system. I hope it's not, but I am being realistic. Whether you believe it or not, the US government is being run as a criminal enterprise, and has been for quite some time. We have a group of insiders exploiting and manipulating everything; mainly via intelligence services - disregarding the rule of law; running international drug trafficking rings from production to wholesale for street sale (again, this is a fact, Iran Contra stumbled on to one of these oeprations and the agency's own documents prove this) which help fund all sorts of unamerican things.
This group of people is involved in so many things and is behind the descent into fascism in America. From what I can tell, here is what the future looks like in America:
You're going to see puches for laws (and tons of media coverage) about two things: One, how dangerous the internet is and how it is a tool for both recruiting terrorists and carrying out research and attacks; also that is is being used to "radicalize" american youth. This media and legislative stuff has already started. The internet provides too much information from too many uncontrolled sources and provides too great of a potential for oganization for the powers that be to allow it to continue uncontrolled.
You're going to see media coverage about American citizens being terrorists; especially people who look like good ol American kids. Likely trials of these people being publicized. The collapse of the dollar.
There will likely be another terrorist attack in the next 10 months. It will be (or at least will seem to be) a massive nuclear or biological/checmical attack, probably in multiple cities, definitely in DC. My guess is that it will be blamed on normal looking Americans...Martial law will be declared..The constitution will be suspended which cannot be reviewed by congress for at least 6 mo (yes, this is law, which has been made stronger by the current administration, and our fearless leader who has given himself sole authority to declare a "national emergency event" and to "ensure continuing constitutional government," look it up) Private defense contractors like Blackwater will be on the streets, people will be rounded up. The COG plan will kicxk in, FEMA will be in charge.
If you think this is exagerating, this is a great primer on why we aer in such a precarious position, (without even getting into any of the documentation, etc):
http://www.youtube.com/watch?v=RjALf12PAWc (The blueprint for crushing democracy, the 10 things which have happened in the US which indicate that we are fucked).
I highly recommend these articles (or anything by Catherine Austin Fits): http://solari.com/learn/articles_risk.htm
Also, the SPP (or North American Union) will be brought in after the collapse of the dollar or a massive attack.
I know this is dark and depressing stuff and that some people just refuse to even consider it being true. Unfortunately it is all laid out; the legal framework, the political blueprint for what is happening, and plenty of people with inside knowledge of some of this stuff are talking.
So my point really is that if you are comparing the corruption of the Bush administration to that of the Clinton administration you are wasting time and energy. They are both corrupt, they are both working toward the same end, basically. Yes, times were better (especially superficially) when Clinton was president, but overall the sickness in our system had already started long before either of them.
A U.S. official overseeing a probe of former Bush aide Karl Rove yesterday refused to give federal investigators copies of "personal files" he deleted from his office computer, after it was discovered he hired a private computer-help company to erase all the hard drives belonging to him and two deputies. Special Counsel Scott J. Bloch hired a firm to perform a DoD-wipe, guaranteeing the files could never be restored. Bloch said he suspected his computer was infected by a virus - an unorthodox remedy. The receipt for the work performed makes no mention of a virus. Bloch refuses to turn over other files saved online and claims no documents relevant to any investigation have been purged. "We don't do a seven-level wipe for a virus," said a manager of Geeks on Call - the firm that was hired.
"Flyin' in just a sweet place,
Never been known to fail..."
Really, a single wipe with random data would *almost* do it. It would render the system unrecoverable, but my guess as to why the DOD requires 3 wipes is that if you're talking about nuclear launch codes, you'd only need to recover a few bytes of information to get very, very valuable data. If you knew exactly where to look, and knew exactly what you were looking for, it's conceivable that you could re-create the missing data based on residual magnetic signatures and complex mathematical analysis of the exact levels of magnetic field for each bit. There are many values between "on" and "off". It wouldn't be easy, but the KGB had a lot of resources dedicated to such follies.
I couldn't imagine even a determined individual could recover anything from a drive that's been wiped twice, but the DOD always tends to overdo everything, so thrice is the magic number. Anything more is just wearing out your magnetic media.
-Arthur
Cave ne ante ullas catapultas ambules
That's the polar opposite of the perfect answer. This is a government computer we're talking about. End-users aren't to be performing maintenance, contracting out maintenance, or any other such notion. The idea of "oops, I must've got a virus" complete bullshit: any IT department worth its paycheck has ensured their systems are virus-proof. In the event that a virus did manage to make its way through, mandatory SOP would be for the in-house shop to determine how security was compromise, the extent of the damage, and ensure that the issue has been resolved properly. Now take that up a notch for government systems, and "oops!" is far from a perfect excuse.
This fucker needs to be investigated.
I actually read something about being able to detect many additional magnetic fields on a drive if you really need to recover data. The trick is to dismantle it instead of using it's own read/write head. I think it was using a scanning electron microscope.
:-)
The gist of the article was that when data's stored for a long time, it has a detectable effect on the surrounding areas. So, no matter how many times you overwrite the data, the signature of the original is still detectable if you have sufficient resources to throw at it.
Was a fascinating read, but it was a long time ago when I read that, and I'm too lazy to google a link for you I'm afraid
Notice the wording: _nearly_ impossible. But not impossible, huh?
This is likely just incompetent journalism. There is zero evidence that anybody can recover data after one overwrite with zeros on a modern drive.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So if you want to overwrite everything on a disk, you may need to talk to the disk controller at a lower-than-usual level rather than using your regular OS tools, and there still may be blocks that the controller can't successfully overwrite.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Remember folks. It's the seriousness of the charge, not the lack of evidence that's important.
Guilty until proven innocent seems to be the mime around here.
Life is not for the lazy.