'Cleaned' hard drives reveal secrets

New Scientist ^ | 14:32 16 January 03 | Will Knight

[vannrox]

'Cleaned' hard drives reveal secrets

14:32 16 January 03

Will Knight

Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.

Simson Garfinkel and Abhi Shelat, graduate students at the Massachusetts Institute of Technology, analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers, as well as email messages and pornographic images.

The pair wrote a program to scour the disk drives for any trace of credit card information. They found card numbers on 42 drives of the drives they bought.

One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page.

Privacy failure

Much of the information the researchers found had been "deleted" before the disks were sold. But simply deleting a file with most computer operating systems does not remove it from the hard drive, it only removes a tag pointing to the file.

Furthermore, even re-formatting the disk does not properly remove the contents of files.

"Most techniques that people use to assure information privacy fail when data storage equipment is sold onto the secondary market," the researchers write in an article to appear in the IEEE magazine Security and Privacy. "The results of even this limited initial analysis indicate that there are no standard practices in the industry [for sanitizing disks]."

Data remembrance

The study, entitled Remembrance of data passed: a study of disk sanitization practices, concludes that overwriting disks with random data, preferably more than once, should be sufficient to wipe them clean. But only 12 per cent of the drives they bought had been cleaned in this way.

They also note that it may be possible to recover information even when it has been overwritten with random data. This would require the use of magnetic force microscopy to measure the subtle magnetic changes that occur during each overwrite.

Finally, the researchers add that cryptographic file systems would improve hard drive security by requiring authentication before revealing data. But they say this type of system is very rarely used.

14:32 16 January 03

Return to news story

  © Copyright Reed Business Information Ltd.

 

[DensaMensa]

PGP Wipe Disk Wiping Utility Fails to Remove the Contents of Alternate Data Streams on NTFS Drives

See www.securitytracker.com

[DensaMensa]

}But for anyone interested in the free one, I did find a site

Site says it is for Win95/98. Nothing about 2000/XP.

[ASA Vet]

There is No Such Agency.

[DensaMensa]

Okay! So after 120+ messages and lots of conflicting information, how about this one?

How effective is a simple reformat such as is done by WinXP or others prior to a clean install? How high does that method of "scrambling" rise on the scale of Hard Drive Cleaning effectiveness? Thanks.

[MarkL]

Some government agencies, as well as data recovery houses, are able to recover data from drives that have been "cleaned" with commercial "secure" file deletion programs. However, it's very difficult, time consuming, and expensive to do this, and the level of expertise is limited to just a few high tech firms, or intelligence agencies of governments.

A few years ago, a client (a government agency) needed to have a hard drive replaced under warranty, and the supervisor was upset that they would have to pay for the new hard drive, since the old one could not be returned to the manufacturer. According to departmental regulations, any device capable of storing information could NOT be released, and had to go through a metal shredder! This is certainly one way to ensure that the data was gone! lol

Mark

[MarkL]

I wonder what the US Gov does to dispose of "classified" hard drives? I sort of imagine it involves fire, or some equivalent of your heavy duty hammer. Financial institutions should treat their old drives the same way.

I posted something on this before I read your post... Metal shredder.

Mark

[MarkL]

To the best of my knowledge, a LLF will clean everything off the disk. (Low Level Format)

For end users, this is enough, but security experts, data recovery houses, and government agencies can still recover data that's been formatted this way.

Mark

[HoustonCurmudgeon]

Close but no cIgAr !

BTW I was offered a job with your agency in 71 but didn't want to go to Turkey.

[Redcloak]

According to the notice, none of the wiping programs mentioned in this thread will wipe alternate data streams. However, this is seen only when the wiping program is being used to wipe individual files. If the alternate stream's parent file is deleted, a free space wipe will nail it since it's tagged as free space at that point.

(For those who are wondering, "alternate data streams" refers to items such as thumbnail views of graphics. For example, Pete Townsend could have wiped the individual naughty files from his computer, but if he had been looking at the pics with Explorer's thumbnail viewer, the thumbnails would still be on his hard drive. An investigator could then examine the free space on the drive and find them. Had Pete immediately ran a free space wipe after deleting the files, the thumbnails and their parent files would have been wiped.)

[Fiddlstix]

I was refering to a Low Level Format. It is a lot different than just using the "Format" command.

Some Info about LLF is Here
J

[Flying Circus]

Against a serious attempt at data recovery, it is worthless. If you have serious concerns with what data can be recovered from you hard drive, don't bother any approach that depends on the drive itself to overwrite the data. In my opinion there are only 2 ways to destoy the data permanently and dependably in a HDD: complete physical destruction of the disks in the drive or a high strength degaussing field.

[sd-joe]

It is effective to keep your average next door neighbor out of it.

It is NOT effective to keep people with the right equipment and the will to get the data out of it.

[VaBthang4]

Hint...


Hydrochloric Acid or a sledgehammer.

[sd-joe]

Yes but "low level format" is still a magnetic write.

The problem is the residual magnetic effects left over from the original writes.
That is why the ONLY safe method (other than physical destruction) is multiple writes with different patterns. It seems that about 7 re-writes gets one pretty close to being unreadable.

[contrarian]

I use a program called filevac that comes with a program I use called IECLEAN which scrubs internet explorer each time I log off. Filevac lets me scrub 16 times if I want. I do that about once a month , takes hours I tell it to run and go to bed...Would like to hear from freepers via freepmail if they have any experience or have an educated opinion about this program

[DensaMensa]

}[ordinary low level formatting]...is effective to keep your average next door neighbor out of it.

That sounds good enough for 99%+ of all average users needs. Anything beyond that can become an obsession IMHO.

[sd-joe]

"That sounds good enough for 99%+ of all average users needs"

Yeah, for home users.

Certain businesses have legal responsibilities to maintain security of data, and could face serious financial penalties if the data got out. Some Financial, Legal, and Medical operations come to mind.

For instance in this article, someone should get in serious dodo for the ATM hard drive that had data recovered from it.

[PoorMuttly]

Muttly have hammer.

Muttly want Thermite.

Thermite good.

[mlmr]

He must be the world's oldest graduate student...

[DensaMensa]

}For instance in this article, someone should get in serious dodo for the ATM hard drive that had data recovered from it.

Yeah, the article doesn't say, but the tech could have just tossed it without doing anything to it for all we know. Could be simple carelessness. May have even had a 'THIS IS FOR THE MAIN STREET ATM' sticker on it to help attract attention. :/)