'Cleaned' hard drives reveal secrets

New Scientist ^ | 14:32 16 January 03 | Will Knight

[vannrox]

'Cleaned' hard drives reveal secrets

14:32 16 January 03

Will Knight

Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.

Simson Garfinkel and Abhi Shelat, graduate students at the Massachusetts Institute of Technology, analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers, as well as email messages and pornographic images.

The pair wrote a program to scour the disk drives for any trace of credit card information. They found card numbers on 42 drives of the drives they bought.

One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page.

Privacy failure

Much of the information the researchers found had been "deleted" before the disks were sold. But simply deleting a file with most computer operating systems does not remove it from the hard drive, it only removes a tag pointing to the file.

Furthermore, even re-formatting the disk does not properly remove the contents of files.

"Most techniques that people use to assure information privacy fail when data storage equipment is sold onto the secondary market," the researchers write in an article to appear in the IEEE magazine Security and Privacy. "The results of even this limited initial analysis indicate that there are no standard practices in the industry [for sanitizing disks]."

Data remembrance

The study, entitled Remembrance of data passed: a study of disk sanitization practices, concludes that overwriting disks with random data, preferably more than once, should be sufficient to wipe them clean. But only 12 per cent of the drives they bought had been cleaned in this way.

They also note that it may be possible to recover information even when it has been overwritten with random data. This would require the use of magnetic force microscopy to measure the subtle magnetic changes that occur during each overwrite.

Finally, the researchers add that cryptographic file systems would improve hard drive security by requiring authentication before revealing data. But they say this type of system is very rarely used.

14:32 16 January 03

Return to news story

  © Copyright Reed Business Information Ltd.

 

[VOA]

bump

[CholeraJoe]

Foolproof method of cleaning hard drives: Apply two #4 buckshot rounds at close range. Gather all remaining pieces and submerge in concentrated sulfuric acid for two weeks. Pour residue down toilet. Keeps drains running clean, too.

[sd-joe]

You can buy Norton Utilities from any software distributor. It includes a program that is called something like Disk Wipe that will securely wipe a drive. You can set it to various levels of security (or paranoi) including a government security level. It does multiple overwrites with various characters.

It is true that simply deleting data does not remove it from a drive, allowing it to be easily recovered. Even one or two overwrites will not make it totally secure from people with the correct equipment. But this heavy duty utility from Norton will do the job.

[HoustonCurmudgeon]

I wonder what the US Gov does to dispose of "classified" hard drives? I sort of imagine it involves fire, or some equivalent of your heavy duty hammer. Financial institutions should treat their old drives the same way.

They SHOULD smash them, but I assure you they miss a bunch of them. BTW a good friend, who works for one of those friendly government groups in Washington that goes by three letters, swears they can recover info that has been overwritten three times.

[js1138]

I recently posted a link to photos on sciencenews.org showing a disk that had been overwritten. It was like tire tracks in a wet beach. the new tracks didn't exactly cover the previous tracks, so you could clearly see the pattern of both sets. Recovering data this way would be hellishly labor intensive, but then, Iran set people to piecing together shredded documents from our embassy.

[fight_truth_decay]

good point!..would look into someone using 38 different credit cards ;)

[Wolfie]

Simson Garfinkel?

Laugh if you want, but I love it when he sings "Bridge Over Troubled Water".

[js1138]

They sure can, but not when you smash them into little pieces with a heavy duty hammer...

Newer drives have glass platters, making this more fun.

[js1138]

There are separate programs for this. Norton probably dropped theirs because it wasn't effective enough.

[jpl]

The best thing really is to do a Hillary Clinton format. To execute this procedure, drop the incrimintaing hard disk out a ten story window, preferably making sure the drive lands on a hard surface.

[asformeandformyhouse]

I've found the BESTCRYPT and BCWIPE products to be good. Look for them at www.jetico.com.

[sd-joe]

Actually Norton's is still there, and it works very well.

[HairOfTheDog]

I agree. My checkbook balance is on my computer. Hard for anyone to get in too much trouble with that! They'd be mad they went to the trouble to find it!

At least one in the test was the former hard drive of an ATM machine.

[thatsnotnice]

Just get a set of torx (or tamper resistant torx) drivers and take the drive apart.

You'll get a couple of hellacious refrigerator magnets and the platter assembly makes a nice paperweight for your desk (especially if you can get hold of the old Seagate 1.2M 5.25 inch full-height SCSI drives).

[TroutStalker]

I wonder what the US Gov does to dispose of "classified" hard drives?

Two weeks ago I had a HD replaced under warrenty. I asked the tech about how the returned units are handled. He said that all the returned units are sent through a large magnet upon receipt as SOP. He did mention that HDs replaced for the IRS are retained by the agency and are destroyed. Although he didn't detail how this was accomplished, I imagine it involves magnets, followed by physical destruction.

[isthisnickcool]

[usastandsunited]

Did you read the part where just one, from an ATM, had 2800+ numbers? Hmmmmmmm

Oh ok. So that means the average hard drive has only about 28 credit card numbers on it. That's more like it.

[MrB]

I used BCWipe, DOD setting to wipe my drive before sending it back for replacement.
I believe the DOD setting overwrites 7 times...

[Poohbah]

I wonder what the US Gov does to dispose of "classified" hard drives?

If the hard drive is still usable, they overwrite with 0s, then overwrite with 1s, then allow the drive to be reused at the appropriate security classification or higher (i.e., a SECRET drive can be reused as SECRET or TOP SECRET, but not as CONFIDENTIAL or UNCLASSIFIED).

If the drive is damaged beyond repair, it is physically destroyed.

[oldcomputerguy]

and I have a clean drive.

You have a pretty clean drive lets say. One overwrite is not enough to erase data if someone wants it. The accepted standard for initial "cleaning" is a pattern write followed by the complement of that pattern followed by a random pattern. What this does, in effect, is to subject the recording media to an AC pattern like AC current. The more times you write the pattern/complement(opposite) pattern, the more you essentially apply an AC current to the media which scrambles the particles. The random pattern then further obscures the original information. The minimum would be one write of each.

You could improve your Constitution method by offsetting it on susequent writes ie, do as normal initially, then store another smaller file on the "clean" drive and write the Constitution file again. This does not guarantee that the AC effect is in force but certainly will cause different data to be written the second or subsequent times.

There are commercial programs out there that do this for you and are not expensive.