'Cleaned' hard drives reveal secrets

New Scientist ^ | 14:32 16 January 03 | Will Knight

[vannrox]

'Cleaned' hard drives reveal secrets

14:32 16 January 03

Will Knight

Discarded and recycled computer drives can reveal financial and personal information even when apparently wiped clean, MIT researchers have found.

Simson Garfinkel and Abhi Shelat, graduate students at the Massachusetts Institute of Technology, analysed 158 second hand hard drives bought over the internet between November 2000 and August 2002. They were able to recover over 6000 credit card numbers, as well as email messages and pornographic images.

The pair wrote a program to scour the disk drives for any trace of credit card information. They found card numbers on 42 drives of the drives they bought.

One drive had previously been used in an ATM cash machine and contained 2868 different numbers, as well as account and transaction information. Another drive contained a credit card number within a cached web page.

Privacy failure

Much of the information the researchers found had been "deleted" before the disks were sold. But simply deleting a file with most computer operating systems does not remove it from the hard drive, it only removes a tag pointing to the file.

Furthermore, even re-formatting the disk does not properly remove the contents of files.

"Most techniques that people use to assure information privacy fail when data storage equipment is sold onto the secondary market," the researchers write in an article to appear in the IEEE magazine Security and Privacy. "The results of even this limited initial analysis indicate that there are no standard practices in the industry [for sanitizing disks]."

Data remembrance

The study, entitled Remembrance of data passed: a study of disk sanitization practices, concludes that overwriting disks with random data, preferably more than once, should be sufficient to wipe them clean. But only 12 per cent of the drives they bought had been cleaned in this way.

They also note that it may be possible to recover information even when it has been overwritten with random data. This would require the use of magnetic force microscopy to measure the subtle magnetic changes that occur during each overwrite.

Finally, the researchers add that cryptographic file systems would improve hard drive security by requiring authentication before revealing data. But they say this type of system is very rarely used.

14:32 16 January 03

Return to news story

  © Copyright Reed Business Information Ltd.

 

[Cooter]

Simson Garfinkel was in my incoming class ('87) at MIT. I think he's been in or around MIT ever since. CLick on the link to see his bio.

[btcusn]

When stationed at Prearl Harbor, we used the ONLY 100% method of wiping a hard drive. 1st, crushed it with a sledge.
2nd Melted it into a puddle in a furnace.
Try reading THAT hard drive.
Jack

[LBGA]

Fascinating history about this genius. I posted a link to this article on a technical discussion list and someone provided an NPR interview with Simon. (I know we don't like NPR, but this is an interesting interview).

NPR interview with Simson Garfinkel

[jpl]

Were you guys C.S.? My favorite software company of all time, Infocom, was founded at your campus. They were legendary back in the early and mid 80s. Man I miss those days...

[Redcloak]

I wonder what the US Gov does to dispose of "classified" hard drives?

They hide them behind a copier at Los Alamos.

[buffyt]

great suggestion ...........
smash them if you are throwing them out anyway

[buffyt]

My son took Ritalin and still did the kinds of things Simson did. He is 21 and still does things like that. Was into computers before computers were cool. Genius thinker. Ritalin for ADD kids makes them speed up, not slow down. It calms hyper kids and makes the attention deficit kids more active. Only works if you have ADD or Hyperactivity, and doesn't work on all people. Gary just sat and daydreamed without Ritalin. With Ritalin, he was alert and active and into everything. Actually made him more hyper. It is a stimulant, not a depressant. He was leaving the case off his computer when he was very young, it was easier than putting it on and taking it off, cause he was always installing new drive, hard drive, etc. He was a computer nerd before computer nerds were cool. [Bill Gates]

[Libertarianize the GOP]

bump

[blackdog]

His dad's office is about four blocks from PBS/WHYY/NPR broadcasting studio's in Philly. Simson would be an interesting interview. A shame it's wasted on NPR.

[Flashman_at_the_charge]

This is what passes for research at MIT these days?

[adx]

Where does one obtain thermite?

Sadly, if you try obtaining or mixing your own, you'll likely have BATF all over you for making destructive devices. Even at universities, chemistry profs have to get permission and file a buttload of paperwork just to mix up a batch for demonstration purposes (remembered from my days as a part-time student admin assistant for a bunch of profs).

[-YYZ-]

Yep, I was just having this discussion with someone yesterday, and I concluded that I wanted an old hard drive absolutely unreadable, I'd beat the crap out of it with a hammer until the platters were in lots of little pieces.

And as far as pulling data that has been overwritten off a drive goes, it may be possible, but as far as I know it is a painstaking process that wouldn't be used unless there was a very good reason. There's much easier ways to find credit card numbers and old porn.

[blackdog]

Forgive my broad brush. Of couse it never fits all circumstances, but the numbers do indicate the merit of my comments re: Amphetemines to children.

[Flying Circus]

Where I work, if we need to return a HDD to another manufacturer, we set it in a degaussing tool and let it run through a few cycles. That is the only way we trust the data to be erased sufficiently. Otherwise the drive should be crushed and completely dismembered- under no circumstances should the disks in the drive be allowed to remain intact. NEVER count on the drive to overwrite itself enough to erase old data.

[buffyt]

You are correct about the hyperactive/ADD nerds being brilliant. Our doctors told us that most doctors are hyperactive. That is how they make it through med. school, internship, rotations, etc. Never overmedicate. We got all the tests, for epilepsy, brain tumors, seizures, allergies, etc. Did the food tests to make sure it wasn't just a food allergy. He had EEG, EKG, blood tests, xrays, etc. ADD/Hyperactivity runs in my family. My mom is still hyper at 76 and my aunt is still hyper at 87, I can't keep up with them! Ritalin, when used in VERY SMALL DOSE, is equal to two cups of strong coffee and just helps the kids focus. If you medicate a kid to the point where he is a zombie, you are NOT doing him any favors. Ritalin helped my son focus and pay attention in class and gave him energy. It NEVER made him calmer or quieter.

[Redcloak]

That isn't quite as effective as you think. Each copy of a particular file, let's say it's called Constitution.pdf, is laid down over different deleted files. Thus each file's bit pattern varies subtly depending upon what was there first. The magnetic field of a particular 1 in one copy will not match its counterpart in another. It depends on whether there was a 1 or a 0 there to begin with. (And, to a smaller extent, what was there before that.) Since the files are the same, the common parts of the magnetic fields (i.e. the bit pattern of Constitution.pdf itself) may be subtracted away. This leaves behind the signal from the original data.

To really do away with the old data, each bit must be degaussed. A proper wiping program, such as PGP's Wipedisk, will write a sequence of 1s and 0s to each bit to remove the underlying magnetic signature.

[blackdog]

No it is not what passes for research, but it is what makes good fluff stories for alumni and the public. I don't think we get to hear most of what MIT is doing. If we did, I think that's a bigger problem. Even scientists like to have fun you know.

[dennisw]

One does not get to trap shoot, gallop horses, shoot rifles, rock climb, cook over a fire, and clean toilets at the B'nai Brith(sp?) summer camp.

I went to camp that was 85% Jewish, run by a Jewish family, and we shot rifles. The other stuff no.

[Rebelbase]

Bump for later.

[blackdog]

I took one of my wife's Adderall's last summer. Don't buy that two cup of coffee bullcrap. I was up for two days and spent my nights with that hummm going through my body I had not experienced since college. As most people on speed, I thought the world was great. That was until I came down and realized I had started about twenty new projects and finished not one...... Ritalin/Adderall is extremely potent speed. It's potential for abuse is scary. The other problem is what these people do when they are no longer children and are not on insurance that ponies up speed for adults. A long term amphetamine user who stops taking speed is an ugly scene.