Slashdot Mirror
The Great Zero Challenge Remains Unaccepted
An anonymous reader writes "Not even data recovery companies will accept The Great Zero Challenge and only four months remain! We've all heard how easily data can be recovered from hard drives. We're told to make multiple overwrites with random data, to degauss drives and even physically destroy them just to be extra safe. Let's get the word out. The challenge is almost over! It's put up or shut up time. Can you recover the data?"
Based on nothing more than personal suspicion, I think many professional recovery firms may be in the business of simply running expensive tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they'll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee. Powerful recovery tools can be purchased for a few hundred dollars now anyway. My opinion is that the recovery business is a focus around confidence that a professional will be doing the recovery and that you or your employees won't worsen the situation. In the event that a drive with critical data fails and you don't have a backup, who wants to be the person responsible for damaging the disk during recovery?
Anyway, IMHO this whole debate should be moot by now. If you want to secure your drive use full disk encryption (now freely available in TrueCrypt) and when it comes to destroying the data just overwrite the header area a thousand times with random garbage. It will take only a second or two, and the whole drive will be useless to anyone.
Of course it would also be nice if more manufacturers were producing encrypted disks as standard with verified schemes (there have been some lemons purporting to be secure that really aren't) so that we wouldn't have to do encryption in software.
challengers: they never appear.
"If for any reason you're not satisfied with our service, I hate you."
000 000, 0 000 0000 0000000 0 0 0 0000 00000! 000 0 000 000 0000000 000 000000 00000? 00 000 000000!
000 000 00 0000 000.
That word "percent", I don't think it means what you think it means...
No sig today...
Okay, so what's the logical fallacy at work here?
The operating system that wiped the disk is not the one that was running on the PC, but a "known good" one. Otherwise a rootkit in the PC could lie to the wiping software about overwriting the disk.
The disk wiping completes successfuly overwriting all the blocks, not just the first few blocks of partition table and directory structure - all the data must be overwritten.
Although I use DBAN by preference because it's faster and wipes multiple drives at once, dd is a capable choice.
For "failed to wipe" drives, physical destruction is required.
Help stamp out iliturcy.
So the prize for winning is a $60 hard drive, plus $40? Damn, I don't know why people aren't just jumping all over that!
Also, disassembling the drive is against the rules of the challenge, unless you're a "established data recovery business ... or a National government law enforcement or intelligence agency".
This "challenge" is stupid.
Interestingly, the most important thing is missing from the summary -- the prize. So, what the prize is you ask?
An incredible, unbelievable, astonishing and amazing amount of... wtf... fourty (40) US Dollars? Yes, you heard that right! No wonder nobody has shown any interest in participating.
Full quote from the site: Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".
Ugly unprofessional website, a prize purse of $40USD (plus the hard drive), restrictions that the drive can't be disassembled.....I can't imagine why they're having trouble getting interest. Raise the purse to $10,000 and you might have something.
In addition, according to Wikipedia, what he proposes is actually impossible, at the very least an electron microscope would be needed.
Can't say I'm entirely disappointed by this story, though. At least I learned something that I was ignorant of before.
Qxe4
First of all, do data recovery firms ever *claim* they can recover from a zeroed drive? No, they don't. The claim is that government-level forensic analysis *might* be able to recover data with only a single overwrite, with very sensitive expensive equipment. Not terribly surprising the FBI wouldn't take them up on this challenge.
Second of all, someone is supposed to waste a lot of time and money for just a cheap drive and a piece of paper from some entity no one has ever heard of?
And they're doing this to "prove" that this type of data recovery can't be done?
This has to be the lamest challenge that's ever been issued.
Sometimes it's best to just let stupid people be stupid.
By using multiple overwrites, your are future-proofing versus new technologies that, if I understand it, would be able to duplicate what a team could currently achieve with an electron microscope and a lot of boring work.
All this challenge does is show that no one is willing to recover data for a free drive and forty bucks. Since the assumed ways to recover data that has been overwritten all cost way more than this, it's as if I issued a challenge to anyone who could demonstrate digging into the ground and finding oil, and the reward is a hundred dollars. Pretty good odds no one would "disprove" that either, just because it's not worth a hundred dollars to an oil company to parse, digest, and follow the instructions to obtain a hundred bucks.
It's about money.
Since the "reward" offered seems to be less than the regular fee that a company would charge for such, why would any recovery company waste resources on it?
Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".
Maybe they should offer a better prize to get more people to participate
He did SpinRite and is a real hard drive Guru. Someone should send him a email.
www.grc.com
BTW,it is a good idea to wipe unused space with zeros. because, after de-fragmenting your drive would be full of duplicate chunks of data. and if you wipe free space with 0, it would be more 'clean' so that in case of disaster, its easier to recover individual files.
I would guess that lack of measurable incentive to do the recovery is what they are seeing. why the hell would a professional bother doing this for $40? I know I wouldn't. Put up some real money and your data will be recovered in no time.
The only way one could recover data here would be play on small change in alignment of the head to see what was before the 0, however, the instruction specifically prevent disassembling the hard drive... why do they even ship it then ?
\u262D = \u5350
Okay, here are my 3 reasons why a company would not accept this challenge:
(1) economical:
- I am asked to mail 60 USD to a random address, who claim they will return it to me if I send the harddisk back. This is a risk (how do I know it is not a scam?)
- In any case, I lose shipping charges both ways
- Maximum gain is 40$, plus an obscure web site calls me King of data recovery.
- Risk + Cost >> Gain
(2) International
I am asked to ship a US Postal money. A WHAT? Hello, creditcard? Paypal? Normal internaional cheque?
(3) Disassembly
All reasons I've heard for doing something more than dd is that there might be residual magnetic charge on the platter that is ignored by the filesystem. According to the rules of engagement, only some weird collection of institutions ("established data recovery business located in the United States of America" or "National government law enforcement or intelligence agency (NSA, CIA, FBI)") may disassemble the drive. How am I going to detect residual charge if I cannot disassemble it?
The last arguments compounds the first two, as only US Companies can disasseble, and disassembly voids the deposit, meaning I am certainly out 60$.
Next time that they want to be "noble and just to dispel myths, falsehoods and untruths", they should make a challenge that is actually interesting to any party to pick up.
From the FAQ: Because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used. They tell others this. Like chaos, it perpetuates itself until everyone believes it. Lots of good, usable hard drives are ruined in the process
Well, that might be right, private recovery companies may not be able to recover data in that case, but this does not mean this is not possible for government agencies.
Given my general level of paranoia, I recommend overwriting zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data complete off magnetic media. Bur or shred the media; it's cheaper to buy media new than to lose your secrets.
Because all data recovery companies have electron-tunneling microscopes on hand for recovery and aren't just running a Linux distro with a modified ext3fs to ignore "deleted" inodes. The longest AES key I've cracked is 28 bits (in Python, no less!). Yet we still use a minimum of 128, more likely 256. It's not the guys running recover I'm worried about. It's the spooks with electron f'ing microscopes and a direct connection to AT&T.
Three rights make a left. Freedom of speech, freedom of the press, freedom of assembly.
I would expect that the resources that would be required (for the equipment and the expertise) to make a serious attempt at this are out of reach for most. I'm sure the likes of organizations such as the NSA have already attempted this, but as to whether or not they had any success..well I'm sure that information is classified.
--
WI-FIzzle Blaahhggg.. I just post useful code snippets and linux information here
Censorship is obscene. Patriotism is bigotry. Faith is a vice. Slashdot 2.0 sucks.
It's an urban legend. You can't recover erased bits. If you could it would imply that you can store at least two bits in the space of one. Disk companies have a pretty good idea what their heads and surfaces can do. Do you think they'd be passing up big $$$ by under-utilizing their disk's capacity?
There is that one Usenix conference "paper" foating around out there, but if you read it carefully it does not give a single example of one recovered bit.
If you've ever looked at the waveform coming off a disk head, you'd wonder with all the x/y noise and jitter how they can get even ONE bit out of that hairball. The answer is, they can, just barely, by applying all the sync, gating, PLL, and deglitching tricks, just barely reliably recover bits at the maximum recording density possible.
And all those pictures they show of bit patterns lingering under large erased areas are actually counter-examples. They prove that you can detect periodic bit patterns under large erased areas. Duh. In the real world the underlying data is not periodic, and the erasure isn't smooth or periodic either. If you overwrite real typical data with random data, you can't recover the original data. Shannon and company, you know.
Uh-oh. I think they forgot to overwrite the region of the .jpg containing the filenames multiple times with random colours!
.... to recover all the zero's
The fact that you only allow 3 days upon receipt of the drive plainly shows your ignorance of how hard drives work.
It takes a long time to take magnetic force microscope (MFM) images of the drive. Researchers at Georgia Tech could do your challenge, but not in 3 days and not for your lame 'prize.'
So, you can't disassemble the drive, and you have to get data off a tiny fraction of the drive.
Data recovery companies are in the business of repairing physical damage and a few "oh shit" cases. They're not going to use an STM to look at a drive. However, the Mossad or CIA is quite willing to spend any amount of money to spy on you if you're a target. If you're got HIPPA stuff on it, destroy the drive. If you've got old logs on it, /dev/zero is fine.
Their offer if you win: a whopping $40 (plus you get to keep the drive!). No way in hell you can recover data after dd for $40. My time alone is worth more than that. Offer me $40,000 and I'll consider it.
This post expresses my opinion, not that of my employer. And yes, IAAL.
"Forensic data recovery" may have worked on overwritten drive space before, back when mechanical tolerances and drive heads were sloppy. Modern drives are a much different story. There is little to no room for "magnetic slop" surrounding a written bit. If there were, the drives would simply not work well!
Last month, I challenged every female olympic gymnast to prove she was over 16 by having sex with me. (The age of consent is 16 in my state). To date, every gymnast has ignored me, with the exception of 1 whose boyfriend threatened to kill me. Therefore, we now have proof that all the female olympic gymnasts are under 16 and should be disqualified.
Do you even lift?
These aren't the 'roids you're looking for.
If you were a data recovery company, you would gain an ENORMOUS reputation if you were to complete the challenge. And the cost? Shipping.
That is the cheapest publicity they would ever receive... and what publicity they would receive!
They're all in bed with each other! :O
:O!
Maybe they *can* actually recover the data BUT they DON'T so that all the criminals believe the hype and go merrily on with their criminal ways believing dd will keep them safe.
PM
nobody will restore your once written over hdd for 100 bucks.
Whereas technically it's an interesting thing, it obviously isn't economically.
Can anyone tell me what's so fundamental about the "dd" command that there's not even no chance the data could be recovered?
eg. Asking the special Unix team if it was possible after a "dd" - as if Unix writes to the disk in some special way that Windows doesn't.
I agree with the challenge though. It can't be done.
No sig today...
... it is merely old tech that is no longer relevant. In the old days of sloppy mechanical tolerances (and read-write heads), it was possible to leave traces that were misaligned with the main bits of the current data. With good custom drivers and software, it was often possible to recover some of this data.
This is of course no longer true what with much tighter tolerances, smaller and vertical magnetic domains, and so on. I think that is the point of this challenge.
"Argument is an intellectual process. Contradiction is just the automatic gainsaying of any statement the other person makes."
"No it isn't."
"It is."
"Not at all."
"Now look."
(Rings bell) "Good Morning."
From the site: Legitimate data recovery firms know this. They will not take the challenge. Neither will a national government agency.
Okay, well first of all, it wouldn't be in the interest of any government law enforcement to accept this challenge. Why would they? To show us what they can and can't do? I think it's in their best interest to keep that to themselves and keep us wondering.
I don't know if the overwriting thing is a myth or not. I don't know enough about the physics of it to even approach an answer. On the other hand, I've had conversations with people who build gadgets for spooks and they have stuff that a lot of people here would probably consider impossible. The government hires some of the brightest minds for this kind of stuff.
I've learned to forgo the word "impossible" when it comes to this kind of stuff. You just never know. On the other hand, I don't really care one way or the other. I don't keep anything on my hard drives that I'd worry about the government finding.
Because you are giving the very concept print space (and your own time) right here on slashdot! Who cares about the website? Others would be blogging about it all over the place.
It is likely that there is a hysteresis in the platter causing a "0" written on top of a "1" to be slightly "weaker" than a "0" written on top of a "0".
On old tape, this hysteresis was about 10%, and was actually visible with a magnetic loupe, so depending on s/n ratio, you could recover quite a bit, no pun intended.
The problem with a HDD is that the signal from the heads go through a lot of signal processing including Extended PRML or EPRML. There is also an algorithm like RZ to not have a long series of the same bit written physically. If you take the electrical output from the read head, you will have a big task reconstructing the data, even if there only good data.
The only places today that can analyze well what is read physically is at HDD manufacturers research lab, and probably using custom HW to read the platter that collects all the errors and offsets. For a recovery company to do this, they probably would have to invest millions of $$$, so they will not.
So bottom line is that you could send the drive in to Western Digital, and they could probably recover the raw data with about 90% accuracy. If that is enough for the error recovery to chew on, I am not sure, but here and there, long strings would be recovered. They can for sure give the exact probability for the recovery of a bit.
WD however does not have any incentives to demonstrate that wiping their drives with "0" is not sufficient. aux contrare, they may consider this an undesirable property. Therefore, the only ones that can recover this is unwilling.
So the challenge remains unaccepted.
don't cut it off www.mgmbill.org
See, here I was thinking a Cylon. Number 6 specifically.
I've got an opinion on this issue. And I have a challenge for mister Great Zero Challenge.
If you can determine my opinion, you win.
The prize: A brand new american one dollar bill.
Just send me $20 for shipping and handling.
And you can be king of guessing my opinion.
It's not a competition run by a large website so there won't be any publicity and the reward is smaller than what you pay out. Even if I was 100% sure I could do it I wouldn't bother.
Hmm. Could someone explain exactly how the electron-tunneling microscope could help recover data? And, could it really be used to recover more than a couple of bits?
If anyone were able to do this, the terms say they have to disclose their methodology. No company in their right mind would give away their trade secrets for the paltry sum of $40.
Why would anybody enter this "contest"?
I would certainly believe, for what it's worth, that you can't recover the data from an overwritten drive without disassembling it. That's a "well, duh" statement. You have to get at the physical media. And it's certainly going to cost you more than the forty dollars, minus the amount you paid for round-trip shipping, that you could win.
http://www.geoffreylandis.com
Is the challenge not fundamentally flawed? The rules require that the drive be returned after 3 days in the same condition it was sent in. This immediately precludes invasive methods of data recovery and requires the firm to use only the drive's on board electronics to access it. The drive's on-boards are not going to pick up any residual magnetism in the platters as they over-wrote the data. They are only sensitive enough to read the residual field they applied in the first place. (obvious by design) If the default heads picked up residual traces of previous data all our hard drives would be pretty useless, wouldn't they?
By adding this requirement you handicap the recovery firms to an extent that obviously they won't try it. The proper way to do this would be to have a series of drives available that can be put through proper invasive data recovery processes.
Play me online? Well you know that I'll beat you. If I ever meet you I'll "/sbin/shutdown -h now" you. -Weird Al, kinda.
1. if you don't accept this simple the challenge, you definitely scam your customers. Some will take notice, and you lose more.
2. if you accept the challenge and WIN, then you get free advertising. (If you accept but lose, you still get some bad PR, but at least you can say the drive was fake).
Patents Drive Free Software as Hurricanes Drive Construction Industry
Duh. And data recovery companies probably get a good bit of business from law enforcement - who would be very upstet at such a security breach. So, duh, they win 40 dollars and some lame title and lose millions in business.
But it doesn't matter anyway. My friend's house got broken into while his mother was in bed. They were right in her bedroom and stole her purse which had 3000.00 in it. They got prints off a GLASS tabletop and sent them off, apparently to the cornfield. It's been nine months and no one has replied.
It seems very unlikely the police are going ot be interested in you unless they strongly suspect you have been very, very bad. Perhaps if its a very high profile case or you have enough money they actually stand to recover their investment in the investigation they might actually do some of this high end stuff. Most people simply aren't worth more than "high end" script kiddie efforts at data recovery, so it's all moot anyway.
File "8890 KB" name is alpgen_w1jet_pt20_r07_245.tar
Am I right?
I've just spent the last two days with a POS gateway, Knopix and many, many hard drives dangling out of the case while I write randomized cruft to the 600 some gigs of old drives.
I guess I have to take the author's word for it that the recovery companies refused to work on the drive and disregard the "conventional wisdom". I'm really tempted to format one of the drives, dump some data, dd it and see if I can pull anything worth while off of it. Has anyone tried this themselves with any of the forensics tools out there?
Well, I'm almost done with all the old drives; I might as well finish up the project.
This one's tricky. You have to use imaginary numbers, like eleventeen... --Hobbes
Hmmm, you get to keep the drive if you win which also means you get to keep any data recovered. If it's filled with pirated music that could add up to a lot of money at $750 per track.
People who bite the hand that feeds them usually lick the boot that kicks them
(plus an obsolete hard disk, list cost sixty dollars, resale value about five dollars)
http://www.geoffreylandis.com
The company which demonstrates this ability would be internet legend. It would be named in every discussion about recovery and safe deletion schemes. Too bad it can't be done.
Forensic companies typically charge much, much more for their services than $40.00 -- THE REWARD IS A JOKE IN AND OF ITSELF. It is also not in their interest to prove that they can do this... as it could result in really bad PR for the company -- or business entanglements and liability that they may not be willing to enter into.
They should offer this challenge up to hackers.
Imagine a reference design of a freely available data recovery tool up on "http://freshmeat.net".
I wonder what the chances are that the anonymous contributor of this "news item" is 16systems themselves? What an excellent way to raise publicity for their "contest" with a terrible prize that would net them some valuable information!
I will check that you have deleted all personal and private data and tell you anything which could be potentially used by others (not me)
The few people who MIGHT have the capability to look beyond what is written on the drive and see patterns remaining from previous data are most likely the ones who would prefer that the concept remain vague and unproven.
And it will likely be ignored for many of the same reasons. http://www.conservapedia.com/Conservapedia_challenge
I think somebody needs their money back from their forensics certification.
Your hair look like poop, Bob! - Wanker.
This whole submission sounds like an ad for '16Systems.' None of the data recovery agencies have accepted the challenge! Only four months remain! Can YOU recover the data?!
Please.
Contests have entry fees.
For $100, the entry fee will pay for the cost of the drive and shipping, so drive disassembly should not be an issue.
Nobody plays a game like this for the prize cash, but for the bragging rights.
The disk should have had on it instructions on how to retreive the money. Like bank account information and access code.
Sorry, that's completely false. If Microsoft or Google or NSA or CIA put this out, then people would be scrambling to do it for free. The unfortunate reality is that you're not big or famous enough for people to care.
One way to gain attention other than being big and famous is to throw a lot of money at it. $40 is not a lot of money despite how many pizzas it would buy.
$300? That's for running what's pretty much an "undelete" like any shareware program can do.
$3,000, and you might get what amounts to a sector dump.
Not at all true. I priced this out for a friend that had removed data beyond what the simple undelete commands you mentiioned can do. The real cost is more along the lines of $700, and you get real data files back.
$3000 is more along the lines of, the actual physical disk inside the case has been disturbed and you are talking about recovering whatever data you can. That starts to get real pricey, really quickly.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If it is possible and as difficult as said, why would someone give up their secret?
"You also must publicly disclose in a reproducible manner the method(s) used to win the challenge."
1. Buy a $50 hard drive.
2. Sell it for $60 in some competition with impossible terms.
3. ???
4. Profit.
Many drives logically relocate bad sectors when media errors occurs. Note that after this - no DD command will be able to override the previous physical location of the said sector. Potentially, someone can perform physical scrutiny in order to retreive the data from those sectors.
...did these guys get the idea that anyone who knew what they were talking about claimed that it was possible to recover data from an overwritten drive without taking it apart?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
16 Systems website looks like is a web-page assignment from an 1980's HTML tutorial.
The services listed are BASIC/Javascript end-of-chapter exercises.
The only thing new in this world is the history that you don't know.[Harry Truman]
You mean the NSA's entry hasn't arrived yet?
I suggest that the drive to be tested be the one with all the Chinese gymnasts original birth certificates on it.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Coming back to slashdot after reading reddit for a while, it is a very weird feeling not to be able to vote on posts.
This post written under Gentoo-linux with an SCO IP license.
A 2.5" 30GB laptop unit. It had Firefox stored passwords on it and other things I would consider "personally classified". I got what I needed off of it and used dd to zero it out. Took quite a while to run. When it was done I tossed it in the dumpster. Am I worried? Not one bit - and I didn't need this article or the original TFA to tell me that.
IMO every "security" solution for sale in the computing sector has some degree of snake oil and hype attached to it. That goes for anti-virus software and software firewalls as well. The best products are the ones that get almost no attention because they're free, like GPG.
Kindly sir, I am a Nigerian Prince trying to transfer some data from a zero-ed out hard drive to my cousin in the U.S.A. If you would kindly deposit $60 into my bank account, I will send you the hard drive. Upon your transmission of the data to my cousin, I will promptly return your $60, plus $40 for your effort. You may also keep the hard drive.
Your friend,
Prince Njeme Nawabi, P.O.S.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
Agenda? Unless he is able to make money out of this 'scam', what other motivation is there? And going by what he has described, I do not think he is making money here.
On a more general level, I see a worrying trend here - most of us here are taking a negative position very early whenever something like this comes up. Sure, there is always a possibility, but why start on negative? This is not a story on Creationists, for example.
I generally decommission hard drives with a sledgehammer and an anvil. I feel safe that my data cannot be recovered by anybody, including 16-Systems, all the data recovery companies, and agencies of the US Government.
However, if you would like to prove me wrong, send me $60 (which I will refund when you return the remains of the drive). If you can read my browser history (saying "you looked at Slashdot" is not going to do it) I will provide you with a tasty BBQ sandwich, the likes of which you have never had before. And you get to keep the baggie of crushed hard drive parts.
Seriously, the data recovery people are in business to recover **accidentally** deleted or damaged data. Deliberately deleted is another story all together.
there are 3 kinds of people:
* those who can count
* those who can't
They should allow disassembly of the drive. Presumeably, if it's possible to recover the data, you need to use something other than that stock read/write head. Somebody else mentioned electron microscopes. Not sure what you'd see with that. Can you see magnetic domains with an electron microscope? Maybe that's how the real spooks do it.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
This story was submitted by an AC.
Why would you submit a story as an AC? To hide something.
What on earth is there to hide in this story? Either the very posting of it (say your employer doesn't condone spending time on Slashdot), or the authorship of the story.
As the story itself reads suspiciously like advertising copy, it is tempting to conclude that it came from 16systems.com, the sponsor of the contest.
Nothing to see here, except the Slashdot editors falling asleep at the wheel again.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
If you're just talking about recovering a bunch of social security numbers or your husbands porn stash, fine, this is a perfectly good challenge.
If you're talking about protecting the latest nuclear warhead plans or the names of every spy your country has in operation "nuke it from orbit, it's the only way to be sure." Data recovery companies are not your threat. Your threat is a government agency that can dismantle the drive and use customized read heads to read the magnetic variations across the area of a single bit.
And, of course, a government agency is sure as hell NOT going to volunteer for this experiment, thus alerting the world to the fact that "dd is not enough."
And, of course again, if your data really is that sensitive, you're almost certainly already under the "nuke it from orbit" set of directives, because you know better.
This doesn't pass the smell test. It seems analogous to the crackpot who runs around screaming "Every PhD geologist is scared to debate me! They know I'm onto their dirty littlc secret - the center of the earth is made of chewy caramel!"
The point is that "fear of losing" isn't the only possible reason for this "challenge" not being taken up. It's equally likely that commercial data recovery entities see this as a completely pointless waste of their time. Is this "16 Systems" an actual known entity, or is this just yet another Slashdot submission where someone is trying to shill their unknown company?
#DeleteChrome
According to our Unix team, there is less than a zero percent chance of data recovery after that dd command.
What does a *LESS* than zero chance mean? Is it some quantum thing? It's so well erased that it's gone beyond mere zeros and into a realm of strange probabilities and potentialities of data that never was or possibly could have been? Could all the results of the alternate decisions in my life be revealed by erasing my drive having someone try to recover it?
disassemble the drive???
WTF, how are they expecting to get recovery.. this sucks, its unfair.
If my interpretation is correct, you're still $20 behind [....] since if you win you get to keep the drive, but apparently aren't refunded your $60 deposit.
Wrong interpretation! From TFA:
If you damage the drive, then your deposit will not be returned.
So, (if MY interpretation is correct) you will always get your deposit back if you return the drive in good order or win.
But I have to agree that it's not quite the amount of money I'd do it for, even if I were able to.
What person will donate an airborne act of love?
Who is going to enter this "challenge" from some random website for the chance to win 40 bucks? Even if I had a program that I knew 100% would work, I wouldn't be worth my time to plug in the drive and run the program for 40 bucks. Stu...pid.
... if using older recording technology that has gaps between tracks and records zeros in raw form. Today's recording involves multi-level coding and scrambling, where even all-zeros will have a big mash-up of flux values, and overlaps the gaps to some degree.
If that 80 GB drive that had been zeroed-out with dd had recorded Osama bin Laden's exact location, you can be sure the data recovery experts at certain nameless US government agencies would scramble to get hold of that drive, regardless. And it would not surprise me if they can recover some data from it. They would not be worried about getting their $60 deposit back, and the drive will likely be destroyed as a hard drive as we know it. The tab for such recovery could be in the millions of dollars, but for that kind of data, it would be worth it.
Is the data on your computer with that to someone?
now we need to go OSS in diesel cars
The prize has nothing to do with this. It's simply a proof of concept trial showing that data recovery is mostly FUD (especially in the case of a seized computer).
"The best way to accelerate a Macintosh is at 9.8m/sec^2" -Marcus Dolengo
My mom attended a litigation support conference where NSA actually claimed to be able to read a drive's contents after SEVENTEEN zero overwrites. Who are they though... just another multibillion dollar spy agency affiliated with the very guys that actually invented computers...
This is my sig.
Maybe - just maybe - they used a weak passphrase for the encrypted answer? *grin*
Files and folders WERE copyable.
Like... to a more than one hard drive. Each of which could be zeroed. And mailed.
Mit der Dummheit kämpfen Götter selbst vergebens
Well... it IS over 10000 - yen.
If you account the value of the drive too.
Mit der Dummheit kämpfen Götter selbst vergebens
The reputation of the challenger has NOTHING to do with the legitimacy of the challenge, which stands for itself. If you were a data recovery company, you would be completely foolish to ignore this.
Nobody will take it because they are not confident that they can do it. Q.E.D.
Why are you concentrating on the "reputation" and competence of the challenger? Those have nothing to do with the challenge at hand: a disk drive was overwritten ONCE with zeros with the Unix dd command. Can somebody recover the data? It doesn't take a genius or a big budget to make this challenge. But the fact that NOBODY so far has picked it up DOES say something.
According to my math team, probabilities don't go below zero percent.
I would think if you were running an intelligence agency or similar and had the ability to retrive erased data from modern hard drives you would make sure that information about that ability (both the fact you could do it and how you did it) was classified.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
You can tap into what comes off the read head without disassembling the drive.
As for electron microscopy, would that really get any useful data back? I doubt it. The surface of the drive will be a complete mess and there's an awful lot of atoms there.
No sig today...
Electron Scanning Dildo is, let alone an ESM. (Hey don't knock it till you tried it- its that HV tickle that really gets you.
You're forgetting the cost of their resources and what they could be earning doing a real job instead...a little more than shipping!
The X prize was NOT about the money! Do you honestly think that Mojave and Scaled Composites actually even made their money back by winning the X prize??? If so, you need to sit down with a calculator and re-think a few things. (Answer: no)
It isn't about the money! It is about what is possible and what isn't, and the reputations of those who show what the truth is. Virgin, Rutan, et al. will make a fortune. But they sure as HELL did not enter the contest for the prize money. To do so would have been stupid.
So, why did they do it? The answer is obvious, and I won't even bother to put it here.
There's not one shred of evidence that anybody ever has recovered a single bit from an erased drive.
As for "only governments, blah blah" ... governments don't really have equipment or expertise that top universities don't have.
No sig today...
So you're not allowed to (for example) exploit redundancy or error checking on the drive itself? If dd wrote zeros, that's what'll be read unles you can get "lower" than normal drive access.
This challenge has nothing to do with the security of your wipe. Rather, it has everything to do with dd successfully writing zeros given normal access.
Wikileaks, no DNS
They have provided the simple and easy way to win this challenge and you do not even need to open the drive or even have it in your possession.
They have posted a PGP encrypted file with the answers. Just crack the encryption on that file and find the answer they are looking for.
Only a fool would demonstrate how they could do this and ruin any chances of people becomming comfortable with zeroing drives for a mere $60 hard drive and $40 cash.
Are these guys smoking crack ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Ok, yes, I agree it says something. Namely, that companies in this field have no interest in a no-name site's seriously flawed challenge.
Remember, they are in the business of recovering data erased or damaged by accident. They have plenty of high profile references showing they are capable of that. You might have a point if this challenge was directed at the creators of disk erasing software, but come on... This challenge is about as serious and professional as me posting "send money pls" in a blog. That is very much relevant to whether a company would take it seriously or not.
I am a bit surprised nobody's come up with a link to a privacy organization's article about something like this though. I have a hard time imagining no organization or newspaper has ever done something similar, then sent the disk in for recovery and reporting the result. For an actually corporation, the money we're talking about isn't worth mentioning.
The people most likely to have this capability are also the least likely to want to publicize that fact. There is also the issue that you don't use the resources of such a facility without a good reason and the funding to pay for it.
Mea navis aericumbens anguillis abundat
Once again, the site is irrelevant. The relevant thing is the challenge. I wonder why you focus on the presenter of the challenge so much when that is not at all important to the subject at hand.
In any case, no. Data recovery services are in the business of data recovery, however it got erased. "Safe-wipe" software is very common these days and some people use it in place of their trash can on a daily basis. It is built into Mac OS X. The ability to recover data that has been overwritten with 0s would be very much a service in demand today.
And you completely missed the point about reputation. A company that proved it could do this would be a company that people would go to. They would gain MUCH more than just prize money; they would gain lots of business.
6 months is about the bare minimum.
2 years would be better.
There is a clean-room effort. There is the actual reading of the platters, which is damn slow when you can't use the original head. (since oversampling is needed, this could be weeks or months!) There is the reverse engineering of the insanely complicated encoding. There is the writing of software to fly a virtual head over a virtual disk.
Yes, it can be done. No, it isn't affordable unless the drive belonged to Osama. The effort would require dozens of engineers who already have experience doing the job. You're looking at a price tag of 5 to 50 million dollars.
When I wrote "you would be completely foolish to ignore this", by this I meant the fact that they would gain reputation if they succeeded. I did not mean that they would be foolish not to accept the challenge. They are in fact NOT foolish to refuse the challenge, since they can't do it anyway.
I love that people are saying things like "well some secret government agency might be able to do it, but they will never tell"...
Ya right. How many man years of R&D go into disk drives every year. How many different types, manufacturers are there?
Every drive I'm sure is similar in operation, but they are all different. So this mysterious government agency would have to become experts in every detail of every device from every manufacturer. Give me a break, the return on investment is way too low. If you have the person that erased the drive, just toss them in gitmo, waterboard them till they talk. Much faster and more economical!
Assuming it's possible to retrieve overwritten data on a disk (which I seriously doubt), the only people capable of doing it are the engineers that designed and created the drive device.
Well, this does exclude Area 52, they have Alien technology that can extract all data ever written to the device!~ They can also extract all of your memories from your brain cells, put on your tin foil hats!
Glass platters look just like metal ones.
That have a mirror-like metal coating on them.
When a glass platter breaks, it isn't like
breaking normal glass. You don't get a few
big chunks and a few chips. You get zillions
of needle-like shards. They fly everywhere.
So the theory is that when you wrote the original data, the drive head didn't follow precisely the same path across the magnetic media than it did when you wrote zeroes. So maybe 90% of the width of the track was wiped out - but there could be 10% of the original data that's still there.
You can't recover it using the original drive heads because it's a digital system and a signal that's 90% zero and 10% data will read as a solid zero.
But if you open the drive and use a special head and some sensitive analog techniques, you can maybe read the narrow edges of the track and recover the "erased" data.
Writing the data many times probably works because the head takes a slightly different track each time and eventually will overwrite 99.999% of the original data and it can't be recovered.
What makes that challenge UTTERLY STUPID is that they don't allow the data recovery company to open up the drive. That means they can't selectively read the edges of the tracks and they can't recover the data. That make it an impossible challenge - which proves nothing because a determined competitor who wants to see your CEO's spreadsheets can open the goddamn drive!!
So - keep erasing your datas lots of times. Ignore the meaningless challenge results. I wouldn't smash up or even discard your hard drives though - simply overwriting it many times is fine.
Did you bother to read GP? We recovered data from magnetic storage. An no, not government nor universities.
don't cut it off www.mgmbill.org
A much better contest:
Working with the manufacturer, we have disabled hardware encryption and error-correction - one magnetic domain corresponds to one logical bit. The drive was factory-formatted with a standard pattern which is in the contest materials. Participants willing to sign an NDA will be given additional engineering data for the drive to help them find the tracks with the erased data on them.
We wrote zeros to this drives 10 times, then wrote random data to four complete cylinders spaced evenly on the drive, then wrote zeros to the entire drive. Contest materials include the exact cylinder numbers that have erased data.
Prize #1 - 50% recover in a sector-sized area
Prize awarded to the first team that recovers more than half of the bits in any consecutive 4096-bit area of any track on the disk. 4096-bits correspond to one sector but the prize will be awarded even if the recovered data crosses sector boundaries.
Prize: Up to $100,000 based on the amount of data recovered: $50,000 for recovering half the data in any one 4096-bit area, $100,000 for recovering half of the data in all of the erased areas, and a pro-rated amount based on the number of distinct 4096-bit areas that are at least 50% recovered. The winning team will have 7 days from submitting the first recovered data to submit any additional recovered data for an enhanced prize.
Prize #2 - complete sector recovery
Up to $100,000 in additional prize money can be earned if all data is successfully recovered: $50,000 for recovering all data in a logical sector, up to $100,000 on a pro-rated basis for recovering all data in additional logical sectors. The winning team will have 7 days from submitting the first recovered data to submit any additional recovered data for an enhanced prize.
If prize #2 is claimed before prize #1, the winner will be declared the winner of prize #1, and any additional complete sectors submitted on time will count toward both prizes."
Now that would be a useful contest.
Adjust prize money as needed to spur interest. Don't have an expiration date but do replace the drives with contemporary drives every few years. Offer a similar prize for "usb-memory-stick" devices that have wear-leveling and other tweaks that would invalidate the contest turned off.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If I wasn't afraid of some FBI "specialist" mistaking some random cached Japanese banner ad for child porn,
You mean they aren't one and the same?!?
Your proposal isn't totally useless, it may raise the number of recorded bits slightly above random chance, but it's nowhere near a complete solution. Even so, you wouldn't know which bits you think you recovered were recovered correctly.
Here's why:
*The key here is we need to know how to get past the auto-correction in the drives firmware
- This may not be possible on all drives.
Even when it is possible, there is no guarentee that your test drive will behave the same as the recovery drive. There is also no guarentee that the behavior will be the same under slightly different heat conditions, under slightly different magnetic conditions including the state of surrounding bits or partially erased bits, etc.
Exactly reproducing the conditions of an analog device is damn near impossible. The best you can do is get within X of where you are aiming for Y percent of the time. In some cases, that's good enough. In this case, it isn't.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The idea with recovering from a drive that's been overwritten once with zeros is that you disassemble the drive and deal with the platters directly, using a microscope or some other means. But they have a rule saying you can't disassemble the drive.
They requested suggestions... so I'm sending them this...
I recently became aware of your challenge, and I think it's a great idea. I applaud your initiative to dispell disinformation. I have to admit that, as it stands, I don't think your challenge will have any takers for three reasons:
1) Money... While I understand that many people make great contributions to our society for little or no compensation I think, in light of what your asking, your proposed reward is much to meager; and I say that not simply in deference to greed. I realize this is a competition you are financing out of your own pocket, and you have limited ability to fund it, but the feat you are asking may take hundreds of hours of research, understanding and custom analog circuit design, specific to at least that particular model of hard drive, if not the specific revision, or even that PARTICULAR individual item (compensating for the timing and balance characteristics of that particular unit). If this feat *WAS* accomplished it's important to realize that it would have almost no marketable value to owners of other drives. Hundreds of hours of engineering is hardly compensated for by $40, a used hard drive, and a little ego-boo...
There may be some that say that if this can't be done for $100, it's not worth doing. but if the data on the drives was millions of sensitive credit card records, or resellable sensitive medical records of either celebrities (to the paparazzi) or of more mundane consumers (to medical insurance companies), or sensitive goverment secrets, the recovery of data off a single hard drive could easily be worth millions, or in some cases peoples lives.
2) Specialization... Like I said, as I understand data recovery of OVERWRITTEN data, it's an analog matter of figuring the old values as some percentage of the current data values. This is a very specialized process probably best accomplished by the engineers who created the original drives... furthermore, it's not in THIER employers' best interest to see this myth debunked, as it prevents the market being flooded with cheap retired enterprise-quality hard drives.
3) Limitations... I am quite convinced that this challenge cannot be accomplished without at least replacing the HD's logic board, as the process requires direct access to the raw analog induction data comming directly off the disk. Also more than 3 days may be required to determine the specific physical characteristics of balance, timing and geometry of the specific unit you are providing. While you waive this stipulation for professional recovery houses, for the common hobbyist you are essentially tying their hands and removing any chance for them to compete. I realize that the internals of a hard drive are very sensitive, I think all participants should be at least allowed to replace the drive's logic board and have a few week shot at the device.
I personally have very little vested interest in this competion. While knowing if this feat can be accomplished, and having the particulars more readily availible, might be beneficial, at least professionally. I have very little circut design experience and can barely immagine designing something myself, much more complex than a toaster. I hope my suggestions will help this challenge become more valuable simply than determining that nobody felt willing to tackel this type of challenge for a C-note and a little noteriety.
I applaud your efforts,
-Loren Osborn
Software Engineer
Loren Osborn
The main site boasts such useful tools as:
1. Test potential U.S. social security numbers and credit card numbers (!)
2. Recreate a credit card number that is missing one digit (!)
I must immediately pull out my wallet and "test" my SSN and bank card numbers; I can't wait to see if their software works! I'm reminded of the corny magic shows aired on prime time television in the 90s (cue Lance Burton) that could magically "guess" what number a viewer was thinking of after slapping 5 numbers on the screen and manipulating their decision in a series of simple logic that would confuse you only if you were a bowl of egg salad.
This post is seriously on Slashdot? Really?
This kind of service is not THAT expensive, if you shop around. Heck, some years ago Symantec would do your whole drive for $500.
Long gone are the days when drives stored things in a simple modulation format. That's what MFM hardrives were (MFM means Modified Frequency Modulation). Now harddrives store an analogue wave, and analyze it to determine the maximumly likely result for a given waveform. It's called EPRML, Extended Partial Response, Maximum Likelihood. You can Google for the specifics of how it works, but the general idea is there isn't a certain threshold beyond which something is 1 or 0. Rather it is an analogue wave of varying intensity and by looking at how it changes, the drive's processor can pick out the binary stream it is most likely to represent. Sounds like voodoo, but works really well and is extremely reliable.
Well, that means that data recovery of overwritten data just became a hell of a lot harder. It isn't a matter of saying "Well the current data is a 0, however it is on the high end of 0 so it was probably a 1 before." No now you have to be able to tell what the wave looked like beforehand, and interpret that.
Now maybe there's a way that it is possible, but I'm rather doubtful. There is, of course, also the time factor. Supposing you can do this, how long does it take you to read one byte? A second? A minute? Ok, how long are you willing to spend scouring a drive that has five hundred billion of those bytes? So not only do you need to be able to do this, but you need to be able to do it quite quickly if you are to have any hope of scanning a modern drive in a timescale that is useful.
.... when people throw down challenges no one gives a shit about, and proceed to proclaim victory by default.
If you mod me down, I will become more powerful than you can imagine....
Hard discs certainly do store multiple bits worth of information in the space one bit takes when read normally. Hard disc drives are intended to be reliable at reading the last-written data at high speed and without much care for track alignment.
To use a visual analogy (without considering clocking and encoding), imagine a hard disc writing data optically by spraying bit patterns (or printed letters) with small jets of black pigment at 70% opacity and whitewash also at 70% opacity. On reading the disc, the drive the controller treats anything with an an albedo than 50% as a "ink" and anything lighter as "paper."
It's not worth trying to make the pigments more opaque since that would just widen the radius of the portion of the spray that could cause a bit (or a part of a letter) to cross the 50% threshold.
Forensic analysis of the platter involves taking a full grey-scale picture of the platter. Even in the case where the bits line up exactly, it's possible to subtract the last written data in order to reveal the second-to-last written data. This process can be repeated for the write that occurred before that.
When the overlaid bits have differing alignments, either along the track or perpendicular to it, it's possible to clearly resolve more generations of writes than one could with perfectly overlaid writes.
Blancmange
The German computer magazine c't did try to get a disk that was overweritten once with zeros recoverd two years ago or so. All data recovery companies they contacted (all the major ones) said they could not do it and that it was likely impossible. So this is not newa at all. Even Gutman had an addendum that says tomething close for modern disks.
The source of all these stories is that it used to be possible, when disc coatings were more advanced than r/w head and electronics. That is not the case anymore. It is very likely that you cannot put much more data on the disk than a moder HDD does. That also means that a single overwrite is an unrecoverable deletion. Keep in mind, that due to the particulars of the modulation, an all zero overwrite does not take up less of the surfaces data storage cabaliluty as a fully random overwrite.
Basically the pople that claim recovery is possible are one or so decades behind the times. Nothing new.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Because of recent suggestions, as of September 6th, 2008, we are raising the prize to $500.00 USD (if the challenge is won) and only allowing professional, established data recovery companies to take the challenge. The deposit fee has been waived. The drive does not have to be returned. Since there is only one hard drive, only one company may take the challenge. We encourage others (perhaps more well-known and more reputable than us) to offer more drives in similar challenges. Help us carry on "The Great Zero Challenge" and put an end to random multiple-overwrite nonsense!"
Looks like somebody read the slashdot article..
... too lazy to RTFA but a simple:
... from a "linux rescue" prompt after booting and recent Linux CD or DVD will clear that pesky drive D: followed by a reboot to Windows and reformat to NTFS does just fine.
dd if=/dev/zero of=/dev/hda3 bs=512
Make sure you create a dummy partition between your boot C: drive and what later becomes D: because Linux and Windows are notorious for arguing over where that partition boundary is, hence "hda3" gets the third partition and its "sda3" if its a scsi hard drive.
And... don't save that pr0n forever. Whatareya a pre-vert?
"According to our Unix team, there is less than a zero percent chance of data recovery after that dd command."
Less than zero? So what happens? Your other data gets erased?
I'd get the Advertising Department to budget this. Either it's possible to do and costs less than a full page NY Times ad, or it's not as the authors want to imply.
First: The cause of this parania about multiple overwrtes is also caused by the spam of Evidence erasor (Note free and better software is available,e.g. google for washer). However these kind of program might fail when paired with advanced FS like NTFS & flash media.
Second:
A challange proves nothing. Bruce Schneider wrote about this 10 years ago.
And last: where does any data recovery company say that they can recover data from a whiped disk? Especially a establised company? Anyway, No way I am going to put some hours from a "High-Resolution Scanning Magnetic Microscope" to recover 500$. Beside that, any recovery company will quickly spend more than 500$ for any recovery.
Of course, this is complete and utter horseshit.
Actually its very plausible. Read about TEMPEST and TEMPEST certification. The computer is essentially a giant radio transmitter. The port lines might give you a better signal.
This is my sig.
Give me a break. Go back and read the OP, and the challenge. Sheesh.
And yes, they exist, but no, the price is not usually 5 digits. At least do some frigging research before arguing, okay?
Actually, I can answer my own question. No, you have not.
First, as has been mentioned in this thread several times, the reputation would not come FROM 16systems. Nobody cares who they are. The acclaim would come from bloggers doing what they are doing RIGHT NOW: discussing the damned thing on the internet. You have been part of this, so don't claim it doesn't exist.
Second, they don't have to prove to anybody that they are being honest. They have ALREADY PUBLISHED an encrypted TIFF file with the results. All they have to do is release the PGP encryption key, and their challenge is proven. Or... maybe you don't understand how that works?
Third, *I* am not the one who is not getting it here. A company that could recover files that have been overwritten by 0s (Mac "secure erase" for example) would be much in demand. They could make a LOT of money recovering files for people. THAT is the real motivation.
The Ansari X prize was not won by people who wanted the prize money. (It is a pretty safe bet that the $10M did not pay their expenses.) They wanted to prove it could be done, then they WANTED THE BUSINESS of the people who want them to do it. And they are getting it, and they are going to make a shitload of bucks. But it wasn't the prize money, which again, did not even pay their expenses.
The reason they are not doing it is that they CAN'T do it. That is the only real reason. If they could, they could make lots of money doing it, so they would want everybody to know that they could... and they would take the challenge.
You would do it once for less than $40 if you thought it would make you $400,000 over the next year in new business brought in because you proved you could do it. You would do it at your own expense. You would pay $1,000 to prove you could do it!
THAT is the whole point, in a nutshell. Anybody who could do this would have people lining up at their doors, wanting to lay down money for the service. Failing to even try to prove that they can do it demonstrates only one thing: they can't. The $40 thing is nothing but a red herring. Any company that could, would.
Seems the challanger has been reading Slashdot. From their web-site:
"Because of recent suggestions, as of September 6th, 2008, we are raising the prize to $500.00 USD (if the challenge is won) and only allowing professional, established data recovery companies to take the challenge. The deposit fee has been waived. The drive does not have to be returned. Since there is only one hard drive, only one company may take the challenge. We encourage others (perhaps more well-known and more reputable than us) to offer more drives in similar challenges. Help us carry on "The Great Zero Challenge" and put an end to random multiple-overwrite nonsense!"
assignment != equality != identity
If you don't believe him, why don't you just call the companies and tell them the same story? This is really easy to verify, you know.
I mostly agree with you, but you missed one point. Shannon's theorem (the third, if my memory serves) states that if you use the channel under its capacity, you can get a zero error transmission. But you can still use it over its capacity, it's just that you will get plenty of errors, of course. If you are lucky enough, you can still get gigabytes of information. Unfortunately, it will be valid bits interleaved with wrong ones, but with heuristic methods you can recover some valid files, or at least some data from them.
Still I can't imagine how to do it without without opening the disk, which you can't do if you are not a big company in the US (wtf?) or a national agency. That's why this contest is a serious shame.
This contest was poorly (either intentionally, or not) constructed. It is yielding the results expected: no takers. Whoever designed this challenged knows absolutely nothing about business. If someone is in business they are not idiots. Why would a business attempt to win a challenge when for a measely $500 dollars they would have to publicly disclose how they did it? This is suicide, give away their business secrets (their advantage) for $500 - That would be the end of their business. That's like offering to buy their business for $500. It would need to be something like $1,000,000 and maybe that wouldn't be enough... Whoever designed this challenge are idiots.. I am not sure it should have even made slashdot.
I have a challenge too. It's a 300GB harddisk on which i performed the same dd command.
There is no catch. The disk was full of porn. There is no money to be won, but you get to keep the porn if you restore it.
There is only one problem. I can't supply you all with a harddrive, so i made an image of the dd-ed harddisk.
Use the next command to create your own version of my dd-ed harddisk and start restoring the data.
dd if=/dev/zero of=myharddisk.img bs=1000 count=0 seek=$[1000*1000*300]
Privacy is terrorism.
Why is this even called "The Great Zero Challenge". How about "Last chance at $40 for reading folders from a dd'd harddrive." Is it possible? The answer is maybe, so you should overwrite the same areas a few times. Reading residual magnetization left over after a rewrite probably takes special equipment with sensitivity and positioning beyond the regular head included in the disk. You're basically talking differences between zeros - one of the zeros is not the same as another zero: this zero used to be a zero, that zero used to be a one. You'd need access to the signal levels coming from the head before the analog to digital conversion takes place in the harddrive. Does this conversion take place in one shot, from volts or amps to 0 and 1, or is there an intermediate digitization, say getting a voltage level value between 0 to 255, and then later a calibration in the factory sets the levels of 0 to say 0 to 40, and 1 being 200 to 255, 40 to 200 indeterminate or read error, these values being freely tunable for each different disk? Then if you could get access to that pre-zero-or-one 0 to 255 digitized signal, then you could say that zeros that are reading 10 used to be zeros, and zeros that are reading 30, used to be 1, and subsequent overwrites would get the surface closer to 10 and 19, then 10 and 15, and 10 and 11, until the two different values would be so close, 10 and 10, that you'd need a separate equipment to sense and digitize differences between 10.0000 and 10.0002, and even then the signal to noise ratio might be so small that it'd be impossible no matter how good your equipment is. Is the data still available to somebody with 40 bux? Nope. Is the data still theoretically available after a single dd with 0? For a US or Chinese spy agency willing to spend a few million bucks on the question, the answer is: most likely. But 10000 dd's would most likely make it unavailable to them too. What's the actual number of overwrites needed? That needs real data, at least from someone with a semi-cleanroom hobby shop, with a superprecise oscilloscope reading squarewaves off a surface. Otherwise we're just guessing. One dd might be enough, or 10 might be, or even 10000 may not be enough. So how secure does your data erasing have to be, as long as we're guessing?
I wonder if recovery after one overwrite might have been possible once, back when data densities were very low (like in the days of 20 megabyte hard drives) or even floppy drives.
These days hard drive manufacturers are busy using every last square micron of space on a platter. To do this they're keeping the data track narrow and well defined, and one of the ways they do that is to increase the coercivity threshold of the media, so the field needed to change the bits are stronger. The odds of there being enough oversplash off the sides, or residual magnetism in the track, to read the previous data has to be almost zilch by now, but it could have been possible at one time.
I challenge you to send an elephant to the moon and safely return it to the earth within this decade!
As you can see, any idiot can issue a challenge. Many challenges, even. The purpose of the reward is typically not to provide economic incentive for the person taking up the challenge. It is to let the public know that the challenge is worth taking seriously. The challenger is saying: not only do I think this can be done and should be done, it is important enough to deserve a substantial reward.
Of course, this exactly the opposite of the challenge under consideration, in which the challenger is saying: I don't think you can do this, but you can have a lollipop if you do.
http://xkcd.com/756//
Who cares about the cold boot attack? How likely is it that the bad guy (or your boss) is going to leap into your office to cold-boot attack your encrypted partition immediately after you shut down your machine?
What people also have to remember is that unless you ARE talking about data with national security type implications, commercial companies are all you are going to be facing anyhow. Sure, it is possible that the NSA or SIS or the like have some secret technique for recovering data from overwritten drives. Guess what? If they do, they aren't telling anyone, and that includes law enforcement, your company, etc. They wouldn't want anyone to know, lest a way be found around it.
Now, as for law enforcement agencies, well they don't have big secret research divisions. They buy products and services from regular commercial companies. Have a look at the weapons police use, for example. While they are sometimes variants that are not available to the general public due to various weapons laws, they are made by firearms providers you've heard of" Glock, Smith and Wesson, Sig Sauer, etc.
Same deal for forensic tools. By and large the most used tool for disk analysis, in fact the only one I've ever seen, is EnCase. It basically images an entire drive (including all empty space) and then allows you to look through it in various useful ways. However, this means that it is only looking at data currently on the drive. Anything overwritten even once isn't visible to it, since it is just pulling data through the drive's normal interface.
As a practical matter, the tools law enforcement uses need to be known because they are going to be scrutinized in court. In pretty much any court in any free nation when the question "What method was used to find this data?" is asked, an answer of "We can't tell you," isn't going to cut it. You discover that forensic methods of all sorts are subject to scrutiny. The way that DNA matches are done, the method for comparing paint chips, etc, all are open to be looked at. The investigators can't just say "Ummm ya, the DNA matches. We can't tell you how we know, we just do." Same deal for digital forensics.
So while there's certainly nothing wrong with running a good wipe as a CYA sort of measure, this paranoia of "OMG they can read your data no matter what!" needs to stop. For example we do DOD 5220.22 wipes at work because it is a good way to have ourselves covered if anyone asks. After all, it's an official DOD standard, if it's good enough for them it's good enough for us. However I've no illusions that it is necessary over a simple zeroing of the disk. Maybe if I was worried about the NSA reading our disks, but I'm not.
Yes intelligence agencies go to some extreme lengths (like wiping a disk, grinding it up and melting it down) but that's not because they think that is all needed, but because they don't want to find out they are wrong. When you are protecting national secrets, you don't take chances. However if you aren't, and people here aren't, then this paranoia is rather silly.
Maybe it was updated after the story was pasted to Slashdot?
If 16 systems is so sure they're right, why not make the reward $50 grand or so? They won't have to pay it, after all... right?
And make it part of the contract that challenge takers who *fail* won't be publicized (remove that obvious & large discouragement), and see if the response changes.
It might not -- as the average data recovery company's customer is NOT coming to them with a dd-wiped drive -- but hey, it'll make it more likely that someone will give it a shot.
As-is, it's all a bit silly.
The reason for longer crypto keys is long term data security. The idea with crypto is to keep the data secure, even if someone manages to intercept it, so long as they don't also get the key. However, what that means is that they have the encrypted data for as long as they like, and they can play with it as they like. So you use a big key for two reasons:
1) To make the amount of time an attack will take too long. All key-based crypto like AES can be brute forced, simple nature of the game. You can, in theory, just try every single key to find the right one. Well to prevent against that, you just need a large keyspace. Since it isn't that computationally expensive to use really large keys, you do it. Make it 10^50th years to test all the keys.
2) To guard against future improvements in the attacks against the crypto. Say that computers become a million times as fast. Also say that an attack is discovered that eliminates 99% of the keyspace. If you were not conservative with key sizes, well then maybe now you are screwed. However in the case of large key spaces like AES, still not a problem. Suppose a supercomputer now could test a trillion AES keys per second (not likely, but suppose). Now suppose both of those attacks become a reality, a computer a million times faster and 99% of the keyspace rendered invalid. You are still talking an attack time on the order of 50 BILLION years to get a 128-bit AES key.
Now, neither of these has anything to do with reading data from a harddrive. You don't "brute force" it. You are either able to read it, or you aren't. It isn't as though by just reading it over and over you get anything more. You either develop something that can figure out what was there before the current data, or you are screwed.
Using long encryption keys isn't the same as data deletion.
Silence is not assent to the truth of a proposition, Sir Thomas More's point of law to the contrary. Only the harmless substitute logic for thumbscrews and rubber hoses, but "Zero Challenge" is so recherche it deserves its own Isaac Asimov Three Laws of Cluelessness Award for 2008.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
As is usually the case, recovering the data from the storage medium is not the easiest way to do this.
Far simpler would be to bruteforce the GPG key encrypting the answer file, which is publically available on the challenge site. Faster still would be to threaten the person who knows the key.
They now offer a prize of $500 and have removed the deposit fee.
"We encourage others (perhaps more well-known and more reputable than us) to offer more drives in similar challenges."
First off, if the data recovery techniques only recovered data 50% of the time or less (as in your example), then the challenge's point is proven already. They can't reliably do it.
Second, probably the VAST MAJORITY of new business they would be getting would be 0ed files... due to common "secure erase" programs that typically write 0s to the disk. Like Mac OS X "secure erase" and Norton "wipe disk" in default mode. Nobody would be making money on overwritten files anymore because it would have been proven impractical! (If 0ed areas of the disk can't be reliably recovered, then more-or-less "random" overwriting would render the data unrecoverable, in a practical sense.)
I completely disagree that the reputation of 16systems matters, even a little. Did YOU know who the Ansari family were when they helped to establish the X prize? Did you care? And was it about the money (as you seem to keep insisting)? The X prize did not even meet the expenses of the winners. Gee, I wonder why they did it then? According to your argument, they would not have any motivation, because they wouldn't be making any money! But in fact, even though the prize did not give them a profit, they are going to be profiting anyway! Due to the reputation THEY made in winning the contest! Imagine that.
But all that aside, the whole contest is getting PLENTY of press right now, despite the relatively unknown sponsors... and YOU are contributing to it!
The data recovery companies probably charge considerably more than $500 for most recoveries. I don't see why they would waste their time on this contest. Sure, they get some bragging rights, but I don't think too many people heard about this contest.
The prize is $500 as from Sept 6th.
Fran
:):):)
1st 1st Poster of the new Millennium!
First, I am not the one who is still not getting it... if YOU had been reading the rest of the thread, you would have seen MY comments about that very thing. Yes this is the real world. So get real! If you were a data recovery service, you would NOT be doing most of your business with an electron microscope. The very notion is ludicrous. Very seldom would anyone want or need to go to that kind of expense. The vast majority of your business would be solving simpler problems... that is, if you could. And isn't that the point here?
What about PRACTICAL data recovery? If it takes an electron microscope to recover the data, I think the challenge's main point is already sufficiently demonstrated.
The encrypted picture containing the filenames has already been published, using PGP public-key encryption. When the contest is over, all they have to do is publish the public key, and any member of the public can decrypt the file and determine FOR THEMSELVES whether the names matched. There is no possibility of cheating this way. Unless -- as you seem to suggest -- they are "in on" some kind of publicity scheme? If so, they would (and would be able to) put more money into it than this! Also -- sorry to break the news to you -- but you are arguing against yourself! How could this be some kind of publicity stunt if, as you claim, this would not get sufficient publicity to make any money? You can't have that both ways!
But as for "prize money", THERE is where you miss the point. I have been using the analogy of the X prize. Did the winners make money by claiming the prize? Arguably no (their expenses were almost certainly bigger than the prize money). So why did they do it? Altruism? Hardly. They are going to be making loads of money because THEY earned the reputation of people who can Get It Done! And this not not dependent on the reputations of the sponsors. Who are the Ansari family anyway? Who were the other sponsors of the prize? Do you know? Do you care? Does it have anything to do with Space Ship One?
NO! Branson, Mojave, and Scaled Composites (Rutan et al.) got nearly all the publicity, not the sponsors. And they are going to be raking in the dough.
Did the people who failed to win the X prize "have their names dragged through the mud"??
No.
You have a point about the drive condition, though. Frankly I hadn't thought of that but I should have.
I still think the X is a valid analogy, though. The circumstances are not exactly the same, granted. But a winner would still have lots of good publicity, and the failure of anyone to take up the challenge is undermining credibility in their industry! To a serious degree? I don't know. But my faith in their abilities is near zero already, so I don't thing a showing by somebody would really hurt them very much.
In any case, I still think that the X prize is a more fitting analogy than the Randi prize. Anyone who could actually demonstrate their success would bring in lots of business!
I still say that lack of participation is good evidence of their lack of faith in their own methods.
Get real. The "hobbyists" never had the budget to actually make it work, and were tilting at windmills but were too stupid to realize it. The SERIOUS contenders for the Ansari X prize were people who had already sat down with their calculators, and KNEW that they would not be making a profit simply by winning the prize. Anybody else who continued to try anyway would have had to be idiots. But some of the non-idiots who were serious contenders are still working on achieving essentially the same goal! Hmmm... there isn't any prize money left, however. Do you think their motivation is imaginary?
So: the contenders had no existing reputation? That might be true of some, but my no means all (or even most). Check it out: http://en.wikipedia.org/wiki/Ansari_X_Prize
That argument carries no weight at all.
Lastly, I am not, and have not been, "rabid". I am just trying to point out to people where I feel their logic is flawed or spurious. Do you consider that a pointless exercise? I am willing to back down if someone can actually show me that I am wrong. So far I have not seen that demonstrated.
Look: I am not trying to say that this is the best-designed contest ever put out there, okay? I am simply trying to say that if I were a data-recovery company, and had a reasonable chance of doing this, I would snap it up. And I seriously believe that the reason it has not been, is that they simply can't do it reliably. There are lots of arguments on both sides, but none of those arguments actually prove anything. So: you know my opinion, I know yours. We are not likely to go much further than that, with the data we have.
As someone experienced in data recovery, I side with him that doing more than a zero write is unnecessary for 99.999% of the population. And if you needed more security, you would physically destroy the drive. There is the possibility of having relocated sectors with data that drive firmware hacking could allow you to access. In theory a drive written over once could have remnant magnetic fields that could be recovered with a electron microscope. That would require a clean room with multimillon dollar microscope and possibly months of expert labor. If an organization can do this they are not talking about it. Maybe a intelligence agency would do it if was important enough and they exhausted many other means to get the intel first.