Slashdot Mirror
The Great Zero Challenge Remains Unaccepted
An anonymous reader writes "Not even data recovery companies will accept The Great Zero Challenge and only four months remain! We've all heard how easily data can be recovered from hard drives. We're told to make multiple overwrites with random data, to degauss drives and even physically destroy them just to be extra safe. Let's get the word out. The challenge is almost over! It's put up or shut up time. Can you recover the data?"
Based on nothing more than personal suspicion, I think many professional recovery firms may be in the business of simply running expensive tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they'll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee. Powerful recovery tools can be purchased for a few hundred dollars now anyway. My opinion is that the recovery business is a focus around confidence that a professional will be doing the recovery and that you or your employees won't worsen the situation. In the event that a drive with critical data fails and you don't have a backup, who wants to be the person responsible for damaging the disk during recovery?
Anyway, IMHO this whole debate should be moot by now. If you want to secure your drive use full disk encryption (now freely available in TrueCrypt) and when it comes to destroying the data just overwrite the header area a thousand times with random garbage. It will take only a second or two, and the whole drive will be useless to anyone.
Of course it would also be nice if more manufacturers were producing encrypted disks as standard with verified schemes (there have been some lemons purporting to be secure that really aren't) so that we wouldn't have to do encryption in software.
000 000, 0 000 0000 0000000 0 0 0 0000 00000! 000 0 000 000 0000000 000 000000 00000? 00 000 000000!
000 000 00 0000 000.
That word "percent", I don't think it means what you think it means...
No sig today...
So the prize for winning is a $60 hard drive, plus $40? Damn, I don't know why people aren't just jumping all over that!
Also, disassembling the drive is against the rules of the challenge, unless you're a "established data recovery business ... or a National government law enforcement or intelligence agency".
This "challenge" is stupid.
Interestingly, the most important thing is missing from the summary -- the prize. So, what the prize is you ask?
An incredible, unbelievable, astonishing and amazing amount of... wtf... fourty (40) US Dollars? Yes, you heard that right! No wonder nobody has shown any interest in participating.
Full quote from the site: Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".
First of all, do data recovery firms ever *claim* they can recover from a zeroed drive? No, they don't. The claim is that government-level forensic analysis *might* be able to recover data with only a single overwrite, with very sensitive expensive equipment. Not terribly surprising the FBI wouldn't take them up on this challenge.
Second of all, someone is supposed to waste a lot of time and money for just a cheap drive and a piece of paper from some entity no one has ever heard of?
And they're doing this to "prove" that this type of data recovery can't be done?
This has to be the lamest challenge that's ever been issued.
Sometimes it's best to just let stupid people be stupid.
The challenge does not seem well designed. First of, the person attempting it has to pay postage both ways, deposit $60 with the organization hosting the challenge and forfeit the deposit if the drive is not returned in the same condition as it was when sent (how are you going to use a scanning tunneling microscope if you don't take it apart), they only get three days, and the reward is a whopping $40.
What changed under Obama? Nothing Good
Okay, here are my 3 reasons why a company would not accept this challenge:
(1) economical:
- I am asked to mail 60 USD to a random address, who claim they will return it to me if I send the harddisk back. This is a risk (how do I know it is not a scam?)
- In any case, I lose shipping charges both ways
- Maximum gain is 40$, plus an obscure web site calls me King of data recovery.
- Risk + Cost >> Gain
(2) International
I am asked to ship a US Postal money. A WHAT? Hello, creditcard? Paypal? Normal internaional cheque?
(3) Disassembly
All reasons I've heard for doing something more than dd is that there might be residual magnetic charge on the platter that is ignored by the filesystem. According to the rules of engagement, only some weird collection of institutions ("established data recovery business located in the United States of America" or "National government law enforcement or intelligence agency (NSA, CIA, FBI)") may disassemble the drive. How am I going to detect residual charge if I cannot disassemble it?
The last arguments compounds the first two, as only US Companies can disasseble, and disassembly voids the deposit, meaning I am certainly out 60$.
Next time that they want to be "noble and just to dispel myths, falsehoods and untruths", they should make a challenge that is actually interesting to any party to pick up.
Given my general level of paranoia, I recommend overwriting zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data complete off magnetic media. Bur or shred the media; it's cheaper to buy media new than to lose your secrets.
Because all data recovery companies have electron-tunneling microscopes on hand for recovery and aren't just running a Linux distro with a modified ext3fs to ignore "deleted" inodes. The longest AES key I've cracked is 28 bits (in Python, no less!). Yet we still use a minimum of 128, more likely 256. It's not the guys running recover I'm worried about. It's the spooks with electron f'ing microscopes and a direct connection to AT&T.
Three rights make a left. Freedom of speech, freedom of the press, freedom of assembly.
It's an urban legend. You can't recover erased bits. If you could it would imply that you can store at least two bits in the space of one. Disk companies have a pretty good idea what their heads and surfaces can do. Do you think they'd be passing up big $$$ by under-utilizing their disk's capacity?
There is that one Usenix conference "paper" foating around out there, but if you read it carefully it does not give a single example of one recovered bit.
If you've ever looked at the waveform coming off a disk head, you'd wonder with all the x/y noise and jitter how they can get even ONE bit out of that hairball. The answer is, they can, just barely, by applying all the sync, gating, PLL, and deglitching tricks, just barely reliably recover bits at the maximum recording density possible.
And all those pictures they show of bit patterns lingering under large erased areas are actually counter-examples. They prove that you can detect periodic bit patterns under large erased areas. Duh. In the real world the underlying data is not periodic, and the erasure isn't smooth or periodic either. If you overwrite real typical data with random data, you can't recover the original data. Shannon and company, you know.
Last month, I challenged every female olympic gymnast to prove she was over 16 by having sex with me. (The age of consent is 16 in my state). To date, every gymnast has ignored me, with the exception of 1 whose boyfriend threatened to kill me. Therefore, we now have proof that all the female olympic gymnasts are under 16 and should be disqualified.
Do you even lift?
These aren't the 'roids you're looking for.
Agreed. They should save the expense of shipping the drive and just email a drive image instead. Being all zeros, it should compress well...
That is the cheapest publicity they would ever receive... and what publicity they would receive!
Yes, what publicity they would receive? :) I've never heard of 16systems.com before, their site is barebones with almost no articles. I dare say they caught a lucky break with this Slashdot article. Maybe I'm wrong, but it seems that there is no obvious publicity to be had (before now). And should recovery firms respond to everyone with a small website who issues a challenge?
... it is merely old tech that is no longer relevant. In the old days of sloppy mechanical tolerances (and read-write heads), it was possible to leave traces that were misaligned with the main bits of the current data. With good custom drivers and software, it was often possible to recover some of this data.
This is of course no longer true what with much tighter tolerances, smaller and vertical magnetic domains, and so on. I think that is the point of this challenge.
It is likely that there is a hysteresis in the platter causing a "0" written on top of a "1" to be slightly "weaker" than a "0" written on top of a "0".
On old tape, this hysteresis was about 10%, and was actually visible with a magnetic loupe, so depending on s/n ratio, you could recover quite a bit, no pun intended.
The problem with a HDD is that the signal from the heads go through a lot of signal processing including Extended PRML or EPRML. There is also an algorithm like RZ to not have a long series of the same bit written physically. If you take the electrical output from the read head, you will have a big task reconstructing the data, even if there only good data.
The only places today that can analyze well what is read physically is at HDD manufacturers research lab, and probably using custom HW to read the platter that collects all the errors and offsets. For a recovery company to do this, they probably would have to invest millions of $$$, so they will not.
So bottom line is that you could send the drive in to Western Digital, and they could probably recover the raw data with about 90% accuracy. If that is enough for the error recovery to chew on, I am not sure, but here and there, long strings would be recovered. They can for sure give the exact probability for the recovery of a bit.
WD however does not have any incentives to demonstrate that wiping their drives with "0" is not sufficient. aux contrare, they may consider this an undesirable property. Therefore, the only ones that can recover this is unwilling.
So the challenge remains unaccepted.
don't cut it off www.mgmbill.org
That was my thought, too. Reading through the challenge page, all I could think was "a whole 40 bucks?!?" I mean, even if I could do it, I'm not sure I'd waste my time for 40 bucks and the title of "recovery king".
This guy's the limit!
And the drive being fake is a distinct possibility here. The guy has an agenda, that's pretty clear. And where's the accountability? Why should we believe him when he says what has been done to the drive? Any more than we believe British barristers representing the late Mr. Ongopongo of Nigeria in their claims that they have some millions of dollars they want to give you?
Because we want to believe him, because his claim is very plausible? Sorry, that doesn't increase the accountability or invalidity of this "challenge".
Unless acceptable witnesses can observe (a) the original status of the drive, (b) what was being done to it, and (c) the drive being kept secure from interference from (a) onwards, it must be treated as suspect. No matter how honorable the intent is. Intent is worth shit, and any company or researcher that would be foolish enough to enter this "challenge" would be tainted with same.
The few people who MIGHT have the capability to look beyond what is written on the drive and see patterns remaining from previous data are most likely the ones who would prefer that the concept remain vague and unproven.
Read the source.
If you feed it a long string of zeros and don't give it any stopping conditions, it activates the drive's vacuum pump and removes all of the air. This step eliminates the cushion keeping the heads off of the disk, so while "writing" zeros, they're also shaving a layer of magnetic material.
This is more than sufficient to wipe your drive and prepare for a fresh install, unless your drive uses vertical bits. Keep in mind, though, that hard drives are like wood floors. You can only plane them two, three times, tops, before they have to be replaced.
Can you be Even More Awesome?!
The terms of the challenge indicate that you cannot disassemble the drive.
Have you actually read the terms?
"If the challenger is an established data recovery business located in the United States of America (We would need to see Articles of Incorporation, a current business license and one other form of business identification in order to determine that they are indeed a professional, for-profit, established data recovery business) or a National government law enforcement or intelligence agency (NSA, CIA, FBI), then we will allow these type of organizations to disassemble the drive and to keep the drive for thirty (30) consecutive days. "
Kindly sir, I am a Nigerian Prince trying to transfer some data from a zero-ed out hard drive to my cousin in the U.S.A. If you would kindly deposit $60 into my bank account, I will send you the hard drive. Upon your transmission of the data to my cousin, I will promptly return your $60, plus $40 for your effort. You may also keep the hard drive.
Your friend,
Prince Njeme Nawabi, P.O.S.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
For $40?
I don't do anything IT-related for $40. I'd charge $120 to lean down and press your power button.
Comment of the year