Slashdot Mirror
Study: 78% of Resold Drives Still Contain Readable Personal or Business Data (consumerist.com)
itwbennett writes: Blancco Technology Group, which specializes in data erasure, bought 200 secondhand PC storage drives (PDF) from eBay and Craigslist to see if they could recover any of the old data saved inside. Their findings: 78 percent of the drives contained residual data that could be recovered, 67 percent still held personal files, such as photos with location indicators, resumes and financial data, and 11 percent of the drives also contained company data, such as emails, spreadsheets and customer information. Only 10 percent had all the data securely wiped, Blancco said. The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results." As for why so many of the drives contain unwanted information, the report says it has to do with the difference between "deleting" data and "erasing" data. Your files aren't actually deleted when you drag them to the Trash or Recycle Bin, or by using the delete key -- shocking, I know. You can format a drive to erase the data, but you have to be careful of the format commands being used. A quick format, which was used on 40% of the drives in the sample, still leaves some residual data on the drive for someone to possibly access. A full format, which was used on 14% of the drives, will do a better job in removing unwanted files, but it too may still miss some crucial information. The solution Blancco recommends: buy a tool to perform complete data erasure.
dd if=/dev/zero of=/dev:sdb
or for the paranoid
dd if=/dev/urandom of=/dev/sdb
Why buy an expensive product when a simple one-liner will do the same job
Delete the block containing the keys.
For this threat model, this is the perfect answer (if you trust the encryption, that is).
No need for some "secure erase" snake oil.
You don't have to buy a secure hard drive erasure tool, DBAN does a reliable job for most drives and is free. SSDs are a new kink in the mix that means that some really advanced tools could retrieve data from the drives, even after a complete wipe but, if you're going up against people that dedicated, I recommend a sledgehammer instead.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
Why do people even sell old hard drives, let alone BUY used drives that may be full of bad sectors or viruses?
-=This sig has nothing to do with my comment. Move along now=-
Set a password for the drive and issue an ATA secure erase using hdparm. This will get all the remapped sectors as well. Procedure documented here
https://ata.wiki.kernel.org/in...
I already bought a data erasure tool years ago, it's my trusty 16oz ball peen hammer.
Have you ever fallen asleep at the keybhanusdiog?
"Craigslist" and "Hard drive" used in the same sentance I'm expecting either an interesting story or a punchline at the end of it.
This story bugs me in part because there's a pretty blatant conflict of interest.
The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results."
There's every reason to want the results to seem as severe as possible because that drives sales. While not necessarily invalidating the results, it's like trusting Coca-Cola to impartially study the effects of sugary drinks on health, ExxonMobil to study the impacts of burning fossil fuels on climate change, or the makers of any dietary/weight loss supplement to study the health effects of their product. There are always ways to tweak the methodology to get the desired outcome. With this study, the obvious way to bias the results is to buy hard drives from people who might appear to be more or less technically skilled based on the content of their listing and profile.
I'm not saying that there's such a bias here but the possibility has to be considered. That's the problem with these types of studies. And when it's linked to a product like that, it reads very much like a Slashvertisement. I don't actually think Slashdot received any money for this story or any others, but I don't think it's good journalism.
Can Intelligence Agencies Read Overwritten Data?
Daniel Feenberg
National Bureau of Economic Research
Cambridge MA
Claims that government intelligence agencies can recover overwritten data on disk drives have been commonplace for many years now. The most commonly cited source for this claim is a paper, "Secure Deletion of Data from Magnetic and Solid-State Memory", written by Peter Gutmann in 1996. Gutmann believes that an overwritten sector can be recovered under examination by a sophisticated microscope and this claim has been accepted uncritically by numerous people.
However, all of the references cited by Gutman refer to experiments where Scanning Tunneling Microscopy was used to examine individual bits, and some evidence of previously written bits was found. Although there is a lot of literature on the use of Magnetic Force Microscopy(MFM) or Scanning Tunneling Microscopy (STM) to image bits recorded on magnetic media, the apparent purpose point of this literature is to test and improve the design of hard drive read/write heads, not to retrieve overwritten data. While I agree that overwritten bits might be observable under certain circumstances, Gutmann doesn't cite anyone who claims to be reading the under-data in overwritten sectors, nor does he cite any articles suggesting that ordinary wipe-disk programs are not completely effective.
Gutmann claims that "Intelligence organizations have a lot of expertise in recovering these images", but, out of the 18 references in his paper, none refer to anyone actually doing that. Subsequent articles written by many other authors do make that claim, but they only cite Gutmann. Charles Sobey has written a paper "Recovering Unrecoverable Data" with some quantitative information on this point. He estimates that it would take more than a year to scan a single hard drive platter with current MFM technology, and tens of terabytes of image data would have to be processed.
In one section of Gutmann's paper he suggests overwriting with 4 passes of random data, probably because he anticipates using pseudo-random data that would be known to the investigator. However, a single write is sufficient if the overwrite is truly random, even given an STM microscope with far greater powers than those in his references. In fact, data written to the disk *PRIOR* to the data whose recovery is sought will interfere with recovery just as much as data written after -- the STM microscope can't tell the order in which data is created. It isn't like ink on paper, where later applications are physically on top of earlier markings.
After posting this information to a mailing list, I received a reply suggesting that the recovery of overwritten data was an industry, and that a search on Google for "recover overwritten data" would turn up a number of companies offering this service commercially. Indeed it does turn up many firms, but all are quite explicit that they can only recover "overwritten files", which is quite different from overwtitten data. An overwritten file is one whose name has been overwritten, not its sectors. Likewise, partitioning and formatting typically affect only a small portion of the physical disk, leaving plenty of potential for sector reads to reveal otherwise hidden data. There is no implication in any of the marketing materials that these firms can read physically overwritten sectors.
Of course it has been several years since Gutmann published his original paper, so maybe microscopes have gotten better? Yes, but data densities have gotten higher too. I spent some time looking at STM websites and failed to find a single laboratory claiming it had an ability to read overwritten data.
Recently I was sent a piece by Wright, Kleiman and Sundhar (2008) who show actual data on the accuracy of recovered image data. While the images do include some information about underlying bits, the error rate is so high that the results are nearly useless, with recovery of maybe one word out of several thousand.
The requirem
I've not been impressed with the editing, as well, but I find the moderation to be much more disruptive these days. I've had to start browsing at -1 all of the time just to see perfectly fine comments that are at -1 for some reason. It defeats the purpose of having a mod system if I have to disable it all the time, ya know? Once a good comment ends up at -1 it's like it never gets seen by the mods again, so it will likely remain at -1. I think that anyone with mod points should automatically be shown the -1 threshold view so that they see all comments. At least that allows for the comment to possibly be modded up to its rightful score. Otherwise some other way is needed to get wrongly -1 comments back up. Maybe any comment that's at -1 ends up at 0 again after 10 minutes for instance. Well regardless of how it's fixed this is a problem that needs to be fixed. Most submissions here get well under 100 comments, and nearly all are below 200. It's not 2001 any longer, when many submissions here would easily get 500 or more comments. Comments are scarcer now, so their value is higher. That's why a badly modded comment is a serious problem now. We need to see good content, not have it suppressed.
At least for hard disk drives, what happened to just using the low level tools? .iso file that is distributed.
Historically it was dead easy to run them from DOS. Still looks like it's possible, e.g. with Seagate it's an
See there, page 6/20, section G. : (an emphasis added)
http://www.seagate.com/files/s...
Seagate is not responsible for lost user data. Erase Drive is available for Seagate or Maxtor drives only. ... BLAH BLAH BLAH
Five choices are available under this section:
Secure Erase. This method uses the drive firmware to erase the data by overwriting the data
with zeros. In Enhanced Erase mode, all previously written user data shall be overwritten,
including sectors that are no longer in use due to reallocation. Secure Erase requires a user
password to run which is deleted at the conclusion of the procedure. If your drive does not have
a user password, SeaTools for DOS will set a temporary password "idrive" without the quotes.
This password will be removed at the end of the Secure Erase so you never need to actually use
it to access your drive. If
No idea if you have a UEFI computer, maybe you need to use BIOS emulation, maybe it works, maybe it doesn't because you lack BIOS emulation etc.
But then, they've got a Windows version as well. The pdf for that is harder to read says it's from October 2015. It has a changelog.
It's more terse but says stuff like :
http://www.seagate.com/files/w...
- SED Crypto Erase
Self-Encrypting Drive Instant Secure Erase. If the drive supports hardware
encryption, this menu will be displayed. Like Full Erase this command will permanently destroy
access to all user data on the drive, but will do so by the erasure of the drive encryption key which
takes less than one minute to complete. Both SAS and SATA drives are supported, but the boot
drive should not be listed as an available choice.
- Sanitize Erase
Write zeros to all user data sectors on the SATA drive including unallocated and
cache sectors. This command is mostly found on SSD drives
Failing vendor tools, see what the FLOSS punks have
https://tinyapps.org/docs/wipe...
So, a quote, with a bolding on what I thought was fun.
Explanation
According to National Institute of Standards and Technology (NIST) Special Publication 800-88: Guidelines for Media Sanitization, Secure Erase is "An overwrite technology using firmware based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure." The guidelines also state that "degaussing and executing the firmware Secure Erase command (for ATA drives only) are acceptable methods for purging."
Benefits
Can securely wipe most PATA/SATA hard drives manufactured this century
Reportedly restores peak performance to SSD drives (though SE fails to securely wipe some SSDs) [hummm...]
hdparm/Linux offers much better hardware support than HDDErase/MS-DOS
Overwrites blocks marked as bad by the hard drive (which DBAN and similar tools ignore)
Though speed (vs. block erase wiping tools like DBAN) is often cited, the difference is negligible.*
Regardless of whether Gutman's claims in 1996 were valid back then, they fundamentally relied on loose manufacturing tolerances of certain mechanical attributes of the drives of that era. Drive tech has completely changed in the last 20 years in the race for increased data density, and those old faults are no longer relevant.
That said, if you want to keep your data safe today, there are a few things to consider:
1. Drives are made for reliability as a primary goal, not secure erasure. A drive that detects a fault will silently place a new copy of the data on a sector reserved for migrating away from bad sectors, leaving the original data in place, never to be overwritten again. No "secure delete" operation will be effective on it.
2. NIST recommends that when security is your main concern, you should be encrypting the data on the drive. When it comes time to wipe the drive, simply erase all copies of the key.
3. If you have any doubt about your ability to wipe a drive, physically destroy it. The risk is rarely worth the $20 you might get for it on the resale market.
John
Some SSDs use lossless data compression (analogous to gzip) to pack more sectors into fewer physical pages so that they don't have to spend quite as much time erasing pages. To avoid this possibility, you might want to use a cipher to generate noise that the drive's firmware cannot compress.
Use shred -n 7 /dev/sda - dd is hardly sufficient, especially if my finances are involved.
NAME shred - overwrite a file to hide its contents, and optionally delete it
/dev/hda, and those files usually should not be removed. The optional
/etc/fstab file, as documented in the mount man page (man mount).
SYNOPSIS shred [OPTION]... FILE...
DESCRIPTION
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
Mandatory arguments to long options are mandatory for short options
too.
-f, --force change permissions to allow writing if necessary
-n, --iterations=N overwrite N times instead of the default (3)
--random-source=FILE get random bytes from FILE
-s, --size=N
shred this many bytes (suffixes like K, M, G accepted)
-u, --remove[=HOW]
truncate and remove file after overwriting; See below
-v, --verbose
show progress
-x, --exact
do not round file sizes up to the next full block;
this is the default for non-regular files
-z, --zero
add a final overwrite with zeros to hide shredding
--help display this help and exit
--version
output version information and exit
If FILE is -, shred standard output.
Delete FILE(s) if --remove (-u) is specified. The default is not to
remove the files because it is common to operate on device files like
HOW parameter indicates how to remove a directory entry: 'unlink' =>
use a standard unlink call. 'wipe' => also first obfuscate bytes in
the name. 'wipesync' => also sync each obfuscated byte to disk. The
default mode is 'wipesync', but note it can be expensive.
CAUTION: Note that shred relies on a very important assumption: that
the file system overwrites data in place. This is the traditional way
to do things, but many modern file system designs do not satisfy this
assumption. The following are examples of file systems on which shred
is not effective, or is not guaranteed to be effective in all file sys
tem modes:
* log-structured or journaled file systems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
* file systems that write redundant data and carry on even if some
writes fail, such as RAID-based file systems
* file systems that make snapshots, such as Network Appliance's NFS
server
* file systems that cache in temporary locations, such as NFS version 3
clients
* compressed file systems
In the case of ext3 file systems, the above disclaimer applies (and
shred is thus of limited effectiveness) only in data=journal mode,
which journals file data in addition to just metadata. In both the
data=ordered (default) and data=writeback modes, shred works as usual.
Ext3 journaling modes can be changed by adding the data=something
option to the mount options for a particular file system in the
In addition, file system backups and remote mirrors may contain copies
of the file that cannot be removed, and that will allow a shredded file
to be recovered later.
GNU coreutils online help:
Report shred translation bugs to
Packaged by Cygwin (8.23-4) Copyright © 2014 Free Software Foundation,
Inc. License GPLv3+: GNU GPL version 3 or later
. This is free software: you are
free to change and redistribute it. There is NO WARRANTY, to the
extent permitted by law.
AUTHOR Written by Colin Plumb.