Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

A New Technique to Quickly Erase Hard Drives 458

Posted by CowboyNeal
from the clean-and-clear dept.
RockDoctor writes "Stories about 'wiped' hard drives appearing on eBay (and other channels) and being stuffed with personably-identifiable data are legion; rarer are spy planes having to land on enemy territory, but it happened in 2001 to a US spy plane over an un-declared enemy (China, and that's a topic in itself). Dark Reading reports the development of a technique to securely wipe a hard drive in seconds, and which is safe for flying. (The safe for flying criterion rules out things like fun with packing the drives in thermite. Also thermiting the drives may not erase the platters to the standard required, which is moderately interesting itself."
This discussion has been archived. No new comments can be posted.

A New Technique to Quickly Erase Hard Drives

Comments Filter:
  • Re:New technique? (Score:2, Informative)

    by ballermann (124688) on Saturday June 17, 2006 @10:49AM (#15554921) Homepage
    FTFA: The researchers concluded that permanent magnets are the best solution.
  • Re:Wrong word? (Score:3, Informative)

    by Tavor (845700) on Saturday June 17, 2006 @10:53AM (#15554944)
    "Definitions of legion on the Web: * host: archaic terms for army * association of ex-servicemen; "the American Legion" * a large military unit; "the French Foreign Legion" * horde: a vast multitude" via Google's "define" search
  • Re:New technique? (Score:5, Informative)

    by Anonymous Coward on Saturday June 17, 2006 @10:53AM (#15554945)
    Aluminum can act oddly in the presens of magnetic feels. see this link [pureenergysystems.com] for information on how it might be able to bens platters.
  • Re:Thermite... (Score:3, Informative)

    by Harmonious Botch (921977) on Saturday June 17, 2006 @10:57AM (#15554963) Homepage Journal
    Actually, it's the iron that comes out molten; the aluminum is tied up as solid aluminum oxide. Nonetheless, it is a good question.
  • Degaussing Technique (Score:5, Informative)

    by Kadin2048 (468275) <slashdot.kadin@xox[ ]et ['y.n' in gap]> on Saturday June 17, 2006 @11:03AM (#15554986) Homepage Journal
    It depends on the type of magnetic field used and how it's applied. If you just put a drive platter (or magnetic tape, or floppy disk) into a static magnetic field, you might bend the platters or disturb the media, without actually destroying the data itself.

    I'm most familiar with procedures for erasing magnetic tape than hard drives. The conventional method that I was always taught was to put the tape very close to source of a strong alternating electromagnetic field (so easy way is to just have a small coil hooked up to the wall socket). Then -- and this is the important part -- you move the media away from the coil, while the coil is still operating. So it goes from the near field out to where the field is basically no longer having any effect, but without the field going off. The result is that different layers of the media end up with different magnetic fields: as the media moves further and further away from the coil, the field is no longer able to saturate the center of it, so it's left with a certain state. The material just next to that gets left with a different state, because by then the coil's field has changed directions. So you end up with different magnetic states (polarizations) being written to the media both in the depth direction, and lengthwise (as you pull the tape along past the coil). I guess the thickness of the "stripes" would depend on characteristics of the media, plus the frequency of the coil's field and the speed with which the media was moving past it. I just always moved it slowly away at a few inches per second, personally.

    Just holding the media next to a magnet, even an AC electromagnet, and turning the magnet on and off, doesn't erase the data as effectively as moving the media from close to the coil to far away. Or at least that's what I was always told. I suppose if you had a circuit that powered down the coil slowly, it would have much the same effect.
  • Re:New technique? (Score:5, Informative)

    by tomhudson (43916) < ... <nosduh.arabrab>> on Saturday June 17, 2006 @11:13AM (#15555023) Journal

    Poster wrote:

    Powerful magnets do rather little to wipe hard drives

    If you had read the article , you would have found that they ARE using magnets to wipe the hard drives. FTFA:

    The researchers concluded that permanent magnets are the best solution.
  • Wiping disks... (Score:3, Informative)

    by Gordonjcp (186804) on Saturday June 17, 2006 @11:28AM (#15555072) Homepage
    ... by overwriting twice with random data will destroy any data beyond recovery. You can't use special things to read residual magnetic data off the platters, unless you're habitually using 25-year-old hard disks. Modern drives use very complicated modulation schemes, unlike old MFM drives.
  • Wrong (Score:5, Informative)

    by bwd (936324) on Saturday June 17, 2006 @11:45AM (#15555123) Homepage
    The paper you are quoting from is horribly out of date and very little of that applies to modern drives. This post [slashdot.org] does a good job of explaining Gutmann's more recent comments.

    Plus, some people have called into question a lot of the sources used in that paper. It seems that some of the sources don't even exist.

  • by Animaether (411575) on Saturday June 17, 2006 @11:58AM (#15555162) Journal
    GP probably meant by 'powerful' magnets the kind you can get at scientific supplies shops, or even (in slightly less powerful degree) at ThinkGeek.

    The 'powerful' in the article refers to the power akin to an MRI scanner. Ever see that video of somebody holding a scissor on a string several feet away from the aperture, and the scissor points straight to it with some duress on the holder's finger from the string when the MRI is on?

    Suffice to say that nobody in a home/office environment is going to have one those 'powerful' magnets laying around.

    Me - I settled for "Darik's Boot and Nuke" as part of the Eraser program to wipe two old computers, and will again for a third shortly. They never had highly classified or particularly sensitive information - just stopping the casual users from retrieving old porn. I hate porn pirates.
  • Re:Joe does it (Score:5, Informative)

    by gweihir (88907) on Saturday June 17, 2006 @12:26PM (#15555247)
    Now if it's just some random joe with an undelete program he got for $19.99 at the local shop then a single pass is often enough, more sophisticated software only tools might get past a few,

    Let me correct that: There is no way in this universe software can recover anything from a disk overwritten once with zeros. It is fundamentally impossible.

    Also to Peter Gutman's paper: It is still relevant, but the technology has changed. Gutman is very relevant for things like floppy disks (that can hold 100MB, but are used only for 2MB). But todays HDDs go so close to the limits of the amount of data that can be physically present on a disk (as dictated by S/N ratio and surface area), that even a single overwrite with random data may be completely unrecoverable with any technology. Nobody really knows.
  • Re:First question: (Score:5, Informative)

    by Jackmn (895532) on Saturday June 17, 2006 @12:43PM (#15555306)
    Encryption can be broken. Always.
    One time pads cannot be broken.

    Strong encryption algorithms with suitably long key lengths will take longer than the lifetime of the sun to crack (barring the possibility of quantum computing taking off).
  • Re:New technique? (Score:5, Informative)

    by Cromac (610264) on Saturday June 17, 2006 @12:44PM (#15555318)
    According to the article, yes it is more effective than a hammer. It said that techniques such as crushing the drive still allowed the data to be recovered, given enough time.

    Other methods, including burning disks with heat-generating thermite, crushing drives in presses, chemically destroying the media or frying them with microwaves all proved susceptible to sensitive, patient, recovery efforts.
  • Re:First question: (Score:3, Informative)

    by gweihir (88907) on Saturday June 17, 2006 @01:17PM (#15555445)
    Actually, No matter what cipher you'll be using or how large the keys you're using are:
    One can always use brute force to find a solution.


    P.S.: And before I forget: This is wrong as well unless you can do a known-plaintext attack (i.e. cheat). If you do not already know what the plaintext is, there is a minimal amount of ciphertext and knowledge you need. And it needs to be more than the entropy in the key. If it is not, you cannot brute-force it. For example the Enigma is completely secure, unless you encrypt more than about 4kb of german text with a key.

  • by r00t (33219) on Saturday June 17, 2006 @01:29PM (#15555493) Journal
    Sure, they say they will get the weight down. OK, maybe they cut it in half.

    They do need one device per drive. You missed the part about the drive being automatically pulled into the device, and the part about a twist handle as a backup.

    In other words, this is a drive enclosure. The drive sits in the safe part of the enclosure most of the time, connected to a destruction actuator. Nobody is going to be running around the airplane yanking out drives.

    Probably a few drives could go into a mechanically complicated (less reliable) shared enclosure. Doing everything that way is no good. Equipment may come from different suppliers, with different technology. Think of a flying datacenter with rackmount systems from a variety of different vendors. (the prime contractor has to make it all fit, but isn't supposed to do a custom redesign of every subcontractor's computer) Also you have the matter of ongoing upgrades.

  • by Anonymous Coward on Saturday June 17, 2006 @01:30PM (#15555494)
    You might be glossing over the flight critical requirement though. "Keep the key in RAM" is likely not something that would be allowed.. or incredibly hard to get certified. Would have to prove (which is harder than just showing) that while in flight, there was no way the key could get lost, or changed, or ... such that the software could get locked down in flight. I don't think that it would be impossible, just that the hoops you might have to go through may make other options more attractive.

    I work on UAV's, so we have to care about this a lot.

    Check out some of the standards:
    DO-178B [wikipedia.org]
    Or STANAG 4044, but I don't have a good link.
  • Not a spy plane! (Score:5, Informative)

    by Bowling Moses (591924) on Saturday June 17, 2006 @02:00PM (#15555588) Journal
    The US aircraft alluded to was a US Navy EP-3E Aries II [wikipedia.org], a slow four-engined turboprop plane based on a passenger airliner. It's a surveillance aircraft, not a spy plane. It's out in the open, in international airspace (usually), and a modern military will immediately pick up on where it is and what it's doing. It's completely dependent on international treaties to not get shot down by whoever it's checking out. A SR-71 or U-2 on a secrete high-altitude flight over a hostile nation it isn't.
  • by SargeantLobes (895906) on Saturday June 17, 2006 @02:38PM (#15555701)
    Wouldn't it be easier to use a flash memory chip?

    Data on Flash memory (e.g. usb drives) has a tendancy to burn in. The longer it's in there the more it burns in. There's no real way to counter this. The only way to theoretically wipe it is to do several passes each a few weeks apart.

    So you'd have to really completeley destroy the drive. which basically means something like thermite, which, as the submitter mentioned, is unsuitable for aircrafts.

    Everytime I hear of the milatary using these (and losing them, which they seem to do regularly), it pisses me off. They must have had an IT guy telling to never use that stuff, and to encrypt their data. For some reason the higher ups just seem to not get the point, and they still use it, and leave them behind in their rented cars.

  • Re:Joe does it (Score:3, Informative)

    by DamnStupidElf (649844) <Fingolfin@linuxmail.org> on Saturday June 17, 2006 @02:50PM (#15555735)
    Let me correct that: There is no way in this universe software can recover anything from a disk overwritten once with zeros. It is fundamentally impossible.

    That depends on how much attackers know about a given drive. If they can rewrite the drive firmware to give raw access to disk tracks and sub-track positioning, there's a lot that can be done in software without opening the drive.

    But todays HDDs go so close to the limits of the amount of data that can be physically present on a disk (as dictated by S/N ratio and surface area), that even a single overwrite with random data may be completely unrecoverable with any technology. Nobody really knows.

    Hard disks are very far from any theoretical maximum in magnetic storage for a few reasons. The first is that the read/write heads are moving very fast and are roughly linear in nature, e.g. they use tracks and can't analyze 2D regions on the disk as well as a stationary head could, or a head free to move in two dimensions over a point on the disk. Second, hard disk drives must have a very low error rate which means that any recording and subsequent reading must have a high redundancy both in terms of information theory and track width. Basically, the technology that allows a 100GB disk to move tens or hundreds of TB of data over its lifetime with little or no data loss provides plenty of redundancy to read at least some data that is partially overwritten with random data. Third, increasing data density available per disk platter directly implies that at least the older platters were not using anything close to the theoretical maximum of the media. Some data density comes from the magnetic property of the platters, but a lot more comes from the read/write heads and new encoding schemes. With each advance in head technology, it becomes much easier to read more information off existing platters, making data recovery easier.

    There are a couple practical reasons simply overwriting a drive doesn't work very well. The first is that simply overwriting each sector on the disk with random data is not truly random. The error correction codes for the sector are still valid, which means that all the data on the track is predictable, making it easier to recover what was on the disk before. Since both the original overwritten data and the new "random" data are mathematically related, it is much easier to reconstruct the original data. Some drives have modes to access the raw tracks directly, and this mode could theoretically be used to write random data over the entire track, including ECC areas. It would also allow remapped sectors to be overwritten. Generally, after a sector has required error correction to be applied more than a set number of times the data is remapped to a set of spare tracks reserved for that purpose. Without raw access to the disk, there is no way to overwrite the original data from these remapped sectors which are still able to provide the correct data after error correction is applied.
  • Interesting stuff (Score:5, Informative)

    by TheSpoom (715771) * <slashdot@NOSpAM.uberm00.net> on Saturday June 17, 2006 @05:14PM (#15556198) Homepage Journal
    I have commonly heard it said that overwritten data can be recovered, so I went Googling for a rebuttal to this argument. Turns out, you appear to be right! Recovering of overwritten data is largely a myth. [actionfront.com] /me continues to use good ole' shred.
  • Some points (Score:1, Informative)

    by Anonymous Coward on Saturday June 17, 2006 @07:16PM (#15556561)
    Having worked in the advanced technology division of a major hard disk drive maker for over 8 years, it was interesting to read this discussion. Let me clarify a few points:
    1. Encryption may be an alternative way to solve this problem. Properly implemented, encryption is effective and cannot be broken.
    2. You need ONE device per plane. The idea is that the crew would pass each disk drive through the bulk eraser.
    3. The device cannot be made smaller/ligher (unless you reduce the size of the slot for the drive). You could use smaller form factor disk drives and reduce the bulk somewhat
    4. Completely overwritten data CANNOT be recovered from a modern disk drive. You will have to trust me on this. I am ready to pay a REALLY NICE bottle of wine to whomever can accomplish this feat.
    5. Even so, overwriting ALL your data is NOT an option just because the time required to do so (especially on a high-capacity disk drive) may exceed 30 minutes
    6. Making the disk platters out of some of the exotic materials suggested is not possible. Mechanical hardness requires the platters to be extremely hard. Think about it: The bits are so small and the head is flying just a few nm high, if the platters "give way", you will not be able to read the data. Also, the magnetic multilayers that comprise the actual storage media need an adequate substrate to be grown with the right magnetic and tribological properties. I hate to tell you, but hard disk drives are very sophisticated and highly optimized devices, even though this is not reflected in the purchase price....
    7. Throwing the drives out of the window, while in practice may work, does not give you the CERTAINTY that the data will not be recovered. Besides, this will work well from a plane or ship, but not so well from a terrestrial vehicle.
    8. There are a few other ways (which I cannot reveal here) to render recovery of the data EXTREMELY hard (impossible for all practical purposes), but the requirements said "unlimited time and resources"...

    In summary, it seems to me that Georgia Tech did a reasonably good job. It took them three years to come up with this. Had they asked any of the disk drive makers, we would have given them the solution in two weeks.
  • Re:First question: (Score:2, Informative)

    by shemnon (77367) on Saturday June 17, 2006 @10:17PM (#15557052) Journal
    Wrong, one time pads can be broken, but the problem is you aren't sure you have broken it. Take the cryptext "ABCDE" you can break a perfect one time pad, but unless you know the decrypted text you won't know if the word was "apple" or "venus" or "my dog" or "EDCBA."

    What makes a one time pad work so well is that you are not sure when you have broken it. This is due to the lack of a repeting block (which most current encryption uses to some extent) where you continue to get sensible results. after you get "apple" out of the cryptext.
  • by DigiShaman (671371) on Saturday June 17, 2006 @11:34PM (#15557228) Homepage
    That sounds nice and all, in theory. But I doubt anyone has ever recovered a file reading residual magnetic fields. Seriously! Just how DO you determain what group of bit/bytes belongs to what generation of residual fields? If you don't know what generation the bits are found on, then threading the data back togeather is meaningless. All you will get is random binary noise.
  • Nitpick. (Score:3, Informative)

    by warrax_666 (144623) on Sunday June 18, 2006 @03:17AM (#15557593)
    Make that /dev/urandom or you could end up waiting a loooooong time for it to finish.

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...