Posted on 01/16/2003 7:33:41 AM PST by vannrox
|
'Cleaned' hard drives reveal secrets |
14:32 16 January 03 |
Will Knight |
Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.
Simson Garfinkel and Abhi Shelat, graduate students at the Massachusetts Institute of Technology, analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers, as well as email messages and pornographic images.
The pair wrote a program to scour the disk drives for any trace of credit card information. They found card numbers on 42 drives of the drives they bought.
One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page.
Much of the information the researchers found had been "deleted" before the disks were sold. But simply deleting a file with most computer operating systems does not remove it from the hard drive, it only removes a tag pointing to the file.
Furthermore, even re-formatting the disk does not properly remove the contents of files.
"Most techniques that people use to assure information privacy fail when data storage equipment is sold onto the secondary market," the researchers write in an article to appear in the IEEE magazine Security and Privacy. "The results of even this limited initial analysis indicate that there are no standard practices in the industry [for sanitizing disks]."
The study, entitled Remembrance of data passed: a study of disk sanitization practices, concludes that overwriting disks with random data, preferably more than once, should be sufficient to wipe them clean. But only 12 per cent of the drives they bought had been cleaned in this way.
They also note that it may be possible to recover information even when it has been overwritten with random data. This would require the use of magnetic force microscopy to measure the subtle magnetic changes that occur during each overwrite.
Finally, the researchers add that cryptographic file systems would improve hard drive security by requiring authentication before revealing data. But they say this type of system is very rarely used. |
14:32 16 January 03 |
|
|
© Copyright Reed Business Information Ltd.
|
|
It is true that simply deleting data does not remove it from a drive, allowing it to be easily recovered. Even one or two overwrites will not make it totally secure from people with the correct equipment. But this heavy duty utility from Norton will do the job.
They SHOULD smash them, but I assure you they miss a bunch of them. BTW a good friend, who works for one of those friendly government groups in Washington that goes by three letters, swears they can recover info that has been overwritten three times.
Laugh if you want, but I love it when he sings "Bridge Over Troubled Water".
Newer drives have glass platters, making this more fun.
You'll get a couple of hellacious refrigerator magnets and the platter assembly makes a nice paperweight for your desk (especially if you can get hold of the old Seagate 1.2M 5.25 inch full-height SCSI drives).
Two weeks ago I had a HD replaced under warrenty. I asked the tech about how the returned units are handled. He said that all the returned units are sent through a large magnet upon receipt as SOP. He did mention that HDs replaced for the IRS are retained by the agency and are destroyed. Although he didn't detail how this was accomplished, I imagine it involves magnets, followed by physical destruction.
If the hard drive is still usable, they overwrite with 0s, then overwrite with 1s, then allow the drive to be reused at the appropriate security classification or higher (i.e., a SECRET drive can be reused as SECRET or TOP SECRET, but not as CONFIDENTIAL or UNCLASSIFIED).
If the drive is damaged beyond repair, it is physically destroyed.
You have a pretty clean drive lets say. One overwrite is not enough to erase data if someone wants it. The accepted standard for initial "cleaning" is a pattern write followed by the complement of that pattern followed by a random pattern. What this does, in effect, is to subject the recording media to an AC pattern like AC current. The more times you write the pattern/complement(opposite) pattern, the more you essentially apply an AC current to the media which scrambles the particles. The random pattern then further obscures the original information. The minimum would be one write of each.
You could improve your Constitution method by offsetting it on susequent writes ie, do as normal initially, then store another smaller file on the "clean" drive and write the Constitution file again. This does not guarantee that the AC effect is in force but certainly will cause different data to be written the second or subsequent times.
There are commercial programs out there that do this for you and are not expensive.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.