INFO SECURITY: Nuking your Data

So you’ve got a hard drive, USB drive, etc and you don’t use it anymore and want to either give it to a friend, donate it to a school, etc, or just plain old ditch it.

Well, normally, you’d just either do a format, or hammer it into pieces.  With both options, you run the risk of opening yourself up and letting whomever is interested in gaining your information off of the drive you either ‘formatted’ or ‘destroyed’.  As a matter of fact, there was a case several years ago with the state of Pennsylvania.

They ‘donated’ computers to a school.  Wonderful idea, great way to save on spending, right?  Wrong.  Yes, they did save money for the school system, but a reporter got a hold of one of the hard drives and ended up recovering an untold amount of data off of the ‘wiped’ drive.

The only sure fire way to destroy data on a drive is to melt it down.  Just destroying the device into pieces won’t do unless you use a special shredder and end up turning it into dust.  Even broken into pieces, a DVD/CD can be recovered (at least parts of it anyhow).

Software such as EnCase will allow you to recover data on an amazing amount of destroyed data and I have both seen and heard of cases where criminals had thought they had ‘destroyed’ the hard drive by smashing it with a hammer, but ended up only pissing the investigators off and working harder to find something.

Now, you could either spend thousands of dollars on a hard drive shredder (prices range from $999.99 to $19,999.99) or spend a few minutes downloading and burning a CD/DVD of a tool that I’ve used many times, Darik’s Boot and Nuke (D.B.A.N).

I have used this as I have said many times and for fun, I tried a test.  I picked up a smallish hard drive (around 500 meg, it was about $5.00) and filled it with all sorts of documents and pictures.  I then ran D.B.A.N on it and handed it over to my a friend who had access to a copy of EnCase.  Now, EnCase is one of the premiere forensic tools out there.  It has been known to pull data off of things that others could not.

My buddy worked on this drive for several days and was unable to pull anything but a few small snippets off of it and those weren’t really worth enough to do anything.  In other words, if this was a criminal case, there’d be no electronic forensic evidence for them to use against me.

You can pick up a copy of D.B.A.N here: http://dban.sourceforge.net/

D.B.A.N is an open source project that is housed on SourceForge’s servers.  It can be run from a floppy, CD, DVD, USB Flash drive and supports both IDE, SCSI and SATA hard drives.  It’ll work on both the PC and the MAC platforms and can be set to even automatically wipe any hard drive that it sees.  It’s protected under the GNU General Public License.

Below are several screen shots of the application in progress and overall, it’s fairly simple to use, BUT…BE WARNED. If you use it, you’re not going to get the data back, so make sure you’re aware of what you’re wiping.  This could be both a great tool for saving your ass or for creating havoc within a target’s environment.

Several of the methods used to wipe the data are:

- DoD Short – It over writes the disk 3 times. Fairly long process
- DoD 5220.22-M – It over writes the disk 7 times.  LONG process
- Gutmann Wipe – Writes a series of 35 patterns over the device including 8 random and 27 preset data streams.
- Pseudo-Random Number Generation (PRNG) – Also known as deterministic random bit generator.  It’s an algorithm for generating numbers that approximates random numbers. It’s not true random, but it’s sufficient for the intended use.

Overall, I like it.  It’s cheap (you can’t get any cheaper than free), it’s easy and it’s something that will do the job that it’s intended to.

So what are your thoughts on this? What are some of the tools that you’ve used in the past to erase your data?

As always, let me know if this article was helpful or just a bunch of geek rambling and thanks for taking the time.

—————————————————————————————

~Norm W.
Information Security Correspondent

Norm W. is an information security engineer currently employed as a CONUS civilian contractor. He has worked in the computer industry for the past 20 years and holds several security and non-security related IT certifications. Norm has worked with multiple agencies in the private and public sector as well as foreign companies and agencies to resolve information security issues.

Be Sociable, Share!

20 thoughts on “INFO SECURITY: Nuking your Data”

  1. Great article norm. I personally have used a DOD short wipe and I had a buddy whose father owned one of those machines that shred cars. So I have used both of those. This seems by far easier than either of those. So it is downloaded and stored on a USB drive. Great find, thanks.

      (Quote This Comment)

  2. How would you rate Freeraser?

      (Quote This Comment)

  3. I have used Freeraser– if you wipe a 300+ gig hard drive on DOD wipe you might as well leave your computer in a closet for a week cuz it fucking takes forever

    I don’t know about the speed if you use Darik’s Boot and Nuke (D.B.A.N) – Norm can chime in on that one

    ~James G

      (Quote This Comment)

  4. I am a DBAN user myself and I have erased several HDs with it. I remember shipping back a notebook to the US and because of an export-controlled import into my country, I decided to wipe the HD instead of asking for an re-export to the USA… (WTF!) Worked quite well but took several days.

    I usually split my DVD backups before putting them into the trashcan because I figure out it’s too much work to recover the pieces.

      (Quote This Comment)

  5. How would you rate Freeraser?  

    I have never personally used it. I haven’t heard anything bad about it, but I also haven’t heard anything good. I’ve looked at it in the past and my thoughts on it are if you’re using a Windows system and want to make sure individual files are dead, it’s not that bad a deal. But, remember, if the drive itself is recovered and someone takes a REAL close look at it, there’s more than likely a good chance that they’re going to recover at least part of the data since it’s stored in multiple locations. For the average user though, it’s not a bad deal since it’s free and you don’t kill a drive with it.

    I usually split my DVD backups before putting them into the trashcan because I figure out it’s too much work to recover the pieces.

    That’s definitely a good idea, I’m assuming (since you’re an intelligent guy) that you’ve got the DVD backups encrypted. Good idea to do if they’re not, but either way, depending on who’s after them, it’s never too much work to recover the pieces. I’ve heard stories of ‘cherry’ investigators having to sift through garbage dumpsters to find all the pieces of either a hard drive or DVD/CD to make sure they find all of it.

    The thing that would help for the CD/DVD is this. Make sure you get the double layer ones when you’re buying them. I’m not talking about the double layer data ones, I’m talking about the double layer of plastic on them. Most of the double layer data ones have that any how and if I’m not mistaken most of the DVD’s come like that. This way, when you break them, you can actually strip the silver covering off along with the second layer. Once that layer comes off, just take some sandpaper to the exposed side and it’s as good as being melted down.

    The part that holds the data (for anyone not familiar with it) is that silver layer on the disc. That’s the portion that get’s written on, it’s not like a record, it doesn’t get ‘grooves’ in it like a record. It’s ‘etched’ into the layer. The layer is almost like gold leaf. If you’ve ever held that, you know how flimsy it is, but the DVD doesn’t stick like gold leaf does.

    Now, you can still take sand paper to the disk itself, but a good investigator (hacker) can still get the disk to a point where they can recover data. Either remove the covering entirely, or shred the disk is my favorite option.

    Like I said though, encrypting and breaking it up is better than just tossing in the trash.

      (Quote This Comment)

  6. I don’t know about the speed if you use Darik’s Boot and Nuke (D.B.A.N) – Norm can chime in on that one

    I can say that a 100+ G drive will take between 3-5 hours depending on the speed of the drive, the memory present and the device. It’s not something that you can run in a few minutes to do a ‘system meltdown’ per say.

    If you’re looking for that, best bet is to do a POWERFUL electromagnet. One good quick jolt from that and it’ll be bedtime for bonzo for the drive/system/memory, etc.

    I’ve heard (don’t know how true it is) that there are a few black hats out there that have their ‘office’ with only one way in. Around that door, they have an electromagnet set up so that unless they specifically deactivate it, it’ll fry anything that is taken through the door. That includes USB, hard drives, cell phones, tablets, computers, etc. I’ve even heard one guy went so far as to put it on a backup power supply in case the ‘feds’ cut the power before they ‘confiscate’.

    I could see that in a high security area, but for the home, that’s a bit over the edge.

      (Quote This Comment)

  7. Good article, and some good info.

    Just my $.02 but I do think you can over do it on data destruction. A typical ex-mil Joe Suburb with some financial data on a HDD? I’d do a 3-pass at most. In a pinch? I’d still use a hammer with no prior wipe. 99% of the time that is all you need.

    Infosec incidents, like all crime*, can pretty much be put into 2 categories; A crime of opportunity, and a targeted attack. If you take a hammer to a HDD, that is going to defeat all crimes of opportunity. If you are the victim of a targeted attack, you have more to worry about than data forensics.

    To be clear, if you take a hammer to a HDD, or snap a DVD in half, you can’t use any automated forensics tools on it (like Encase). This means you are hand mounting the HDD platter onto a spindle, spinning it by hand, and using an electron microscope to read the individual bits. Can this be done? Sure. Is it worth it? It is completely dependent on the data* you are trying to keep secret.

    Before the criminal* is going to do that, there are MUCH easier ways to target you. Again, we are talking about a DIRECTED attack, not a crime of opportunity.

    Most of the time, if someone is going to target you, it’s going to be well before you start up DBAN. The easiest way is something called an “Evil Maid” attack. This is where someone gains physical access to your computer, without your knowledge, and modifies it to bypass your security in some way (this is a gross oversimplification, but there is a lot written about this elsewhere). So you are guarding against a person or group that has the resources to rebuild smashed computer hardware… What’s on your front door? A Kwikset? Are you in an apartment where you can CHANGE your deadbolt to be better than the K-Mart special? Will your building manager let in “law enforcement” (real or fake)? Even if you are rocking a Fort Meade level Medeco deadbolt, those are fairly easy to bypass (google Marc Weber Tobias AND medeco). If you are up against the type of people who can rebuild a smashed HDD platter, chances are they have someone on their team who can bypass your home security system.

    Now what about a man-in-the-middle attack. How certain are you that that copy of DBAN hasn’t been neutered? Did you check the MD5 hash on it? Sourceforge uses mirrors. How certain are you that the DBAN archive on the University of East Douchebag campus that you used hasn’t been compromised? Maybe you have a copy of DBAN that does nothing other than flash your HDD LED for 45 hours. Do you have a way of verifying the wipe afterwards?

    One other thing to consider; DBAN may work very well now. Is your attacker willing to sit on your HDD for 5 years? What is the lifespan of your data? SQUIDs are coming a long way (http://en.wikipedia.org/wiki/SQUID). A 35 pass random write ain’t what it used to be, 5 years from now. How are you going to future-proof?

    Now, I know a lot of this stuff is outside the scope of this article. I would argue though, that the average home user doesn’t need anything more than a hammer and a decent paper shredder that can handle the occasional DVD. My main point is that IF YOU ARE the person who needs a 35 pass DoD level wipe, you had better make sure you CAN answer all these questions. Chances are you are already “owned” well before they get to forensics, if you can’t.

    Regarding that EM field in the door thing; that was in Cryptonomicon by Neal Stephenson (great book). I can’t see that working in real life. The field would have to be SO strong, that your biggest concern would be cancer, not law enforcement. It may work on a TAPE backup, but HDD and especially solid-state? No way.

    *I define “crime” in this comment as all offensive attacks against a target, whether they are legal or not. Also “data” is defined as anything you are trying to hide, illegal or not.

      (Quote This Comment)

  8. Good info Norm! The same holds true with cell phones, there are some great charities out there, which will gladly accept your old cell phones. Problem is, that data, your contacts, and all those old phone numbers that you used to call are probably still in the phone. Even when you delete the data or do a factory reset the data is more than likely still there. I’m not saying don’t donate your phone, its just something to think about before you do!

      (Quote This Comment)

  9. One other quick comment.

    Because power can be cut to a building during a raid, I don’t believe a lot of criminals are using EM based “system meltdown” failsafes. I HAVE heard of groups using that old OPSEC standby; Thermite. Not even remotely safe but extremely easy to make, and if you are a criminal safety is probably not concern #1.

      (Quote This Comment)

  10. Just my $.02 but I do think you can over do it on data destruction.

    Well, I am paranoid, so… ;)

    And if someone gave you a penny for your thoughts, and you threw in your two cents worth, isn’t someone getting cheated?

    A typical ex-mil Joe Suburb with some financial data on a HDD?I’d do a 3-pass at most.In a pinch?I’d still use a hammer with no prior wipe.99% of the time that is all you need.

    Again, I’m paranoid…But, I still say even if you do use a hammer, I’d still suggest a 3 pass at minimum before doing it. My personal preference is that I’ve never gotten rid of a hard drive. I still have ones sitting around that are a couple hundred meg in size. Just can’t bring my paranoid ass to get rid of them.

    This means you are hand mounting the HDD platter onto a spindle, spinning it by hand, and using an electron microscope to read the individual bits.Can this be done?Sure.Is it worth it?It is completely dependent on the data* you are trying to keep secret.Before the criminal* is going to do that, there are MUCH easier ways to target you.

    I agree on this 100% and for simplicity didn’t really go into it due to the ‘targeted audience’. I know there are quite a few operator/LEO types on here and geared it more to them. But it still holds true for ‘average joes’ out there as well. Maybe not in the same extent, but…

    The easiest way is something called an “Evil Maid” attack. This is where someone gains physical access to your computer, without your knowledge, and modifies it to bypass your security in some way (this is a gross oversimplification, but there is a lot written about this elsewhere).So you are guarding against a person or group that has the resources to rebuild smashed computer hardware… What’s on your front door?A Kwikset?Are you in an apartment where you can CHANGE your deadbolt to be better than the K-Mart special?Will your building manager let in “law enforcement” (real or fake)?Even if you are rocking a Fort Meade level Medeco deadbolt, those are fairly easy to bypass (google Marc Weber Tobias AND medeco). If you are up against the type of people who can rebuild a smashed HDD platter, chances are they have someone on their team who can bypass your home security system.

    Or otherwise known as social engineering.

    man-in-the-middle attack. How certain are you that the DBAN archive on the University of East Douchebag campus that you used hasn’t been compromised? Do you have a way of verifying the wipe afterwards?

    Good points, but goes beyond the content of this specific article. I have either covered those topics in other posts or have them in future articles.

    One other thing to consider; DBAN may work very well now.Is your attacker willing to sit on your HDD for 5 years?What is the lifespan of your data?SQUIDs are coming a long way. How are you going to future-proof? Now, I know a lot of this stuff is outside the scope of this article.I would argue though, that the average home user doesn’t need anything more than a hammer and a decent paper shredder that can handle the occasional DVD.My main point is that IF YOU ARE the person who needs a 35 pass DoD level wipe, you had better make sure you CAN answer all these questions.Chances are you are already “owned” well before they get to forensics, if you can’t.

    Again, as I stated earlier, I was gearing it more towards someone that was in an ‘unfriendly’ area and working with their personal data as well as some of the LEO/Operator types that are here, but yes, those are things that need to be taken into consideration. A good paper shredder would be good for either a DVD or CD, most of the ones for home use however tend not to last too long when shredding things other than paper (unless it’s designed for the use). And for the home user, a 3 pass would be fine.

    Regarding that EM field in the door thing; that was in Cryptonomicon by Neal Stephenson (great book).I can’t see that working in real life.The field would have to be SO strong, that your biggest concern would be cancer, not law enforcement.It may work on a TAPE backup, but HDD and especially solid-state?No way.*I define “crime” in this comment as all offensive attacks against a target, whether they are legal or not.Also “data” is defined as anything you are trying to hide, illegal or not.  

    I knew it was in the book, (yes I agree, great book), but I’ve heard of a few people playing around with the idea and experimenting. I don’t know how far they got and a friend of mine and I even toyed with the idea ourselves, but figured by the time we got finished with it, the money would be too much for the benefit. Basically, you’d have to build an MRI machine around the door. And yeah, it would definitely work on tape backup, and I could see it working with the HDD’s. Not sure about the solid-state, it’d almost have to be something that’s connected directly to the drive itself (which theoretically could be done).

    Great response, I appreciate the differing view(s) on the subject. It helps keep me on my toes knowing that there are others on this site that are into the security stuff as well. I also take it as it stands that all of these are just comments on the article and not an attack against either my knowledge or information, so please anyone out there that’s wanting to comment and/or ‘argue’ the point so to speak, feel free to do so. I welcome them and if I’m wrong about something, I appreciate the opportunity to learn from it.

    I think I speak for everyone here when I say that we are NOT omniscient on our individual topics. We are human (mostly) and therefore make mistakes, have lack in judgment and memory (especially as we get older). I think also this is why I like this site over some others out there in that everyone here is willing to learn from others and not have the “I Am God” complex on a subject.

    Also, again, thanks everyone for taking the time.

      (Quote This Comment)

  11. My personal preference is that I’ve never gotten rid of a hard drive. I still have ones sitting around that are a couple hundred meg in size. Just can’t bring my paranoid ass to get rid of them.

    The term “Target Rich Environment” comes to mind… :)

    Or otherwise known as social engineering.

    Yes and no. If it requires physical system bypass (picks, etc.), I wouldn’t count it as SE. If I talk your building super into letting me in by flashing a fake badge, then yeah.

    Again, as I stated earlier, I was gearing it more towards someone that was in an ‘unfriendly’ area and working with their personal data as well as some of the LEO/Operator types that are here, but yes, those are things that need to be taken into consideration.

    Completely understandable. And as I mentioned earlier, I realize it was out of scope. I just wanted to point out other things to consider. I feel that a lot of non-IT people read an infosec article, and tend to take it at face value, and as a single “magic bullet” solution. I always like to point out that there are ALWAYS out of scope factors to consider. I truly believe a false sense of security can be more dangerous than no security at all. If you THINK you are safe, you behave in ways you might not otherwise.

    Basically, you’d have to build an MRI machine around the door. And yeah, it would definitely work on tape backup, and I could see it working with the HDD’s.

    Exactly. The thing is, I’m not even sure it would work on HDD. They are resilient enough, that since the data would skew in only one direction, it would be fairly easy to reconstruct. If you knew the orientation of the device as it passed through a stationary field, you can predict how it moved. Then, with the quantum signatures of the bits, you could reconstruct it. It would have worked really well several years ago, but I think it would just be a frustration now.

    Not sure about the solid-state, it’d almost have to be something that’s connected directly to the drive itself (which theoretically could be done).

    I have personally read plans from the early-90′s (maybe even 80′s) on various boxes (usually a cheesebox), that incorporated a stungun into the device. Basically, take the stungun apart, rig the trigger to the housing, and the contact points to the device. If the device is opened by someone that doesn’t know it is there, it drops 10,000 volts to the NVRAM, frying the programming. Old-school, but effective.

    I also take it as it stands that all of these are just comments on the article and not an attack against either my knowledge or information, so please anyone out there that’s wanting to comment and/or ‘argue’ the point so to speak, feel free to do so. I welcome them and if I’m wrong about something, I appreciate the opportunity to learn from it.

    Yes, this is definitely never meant as a personal attack. I believe VERY strongly that the only real “security” is peer reviewed, and discussed. One person will always see things that someone else missed. That’s all this is meant as. That and I just love talking infosec.

      (Quote This Comment)

  12. “If you are up against the type of people who can rebuild a smashed HDD platter, chances are they have someone on their team who can bypass your home security system.”

    This.

      (Quote This Comment)

  13. As for DVD andf CD backup a good ol microwave for 10 seconds does a wonderful job. Take an old one and try it, makes really nice paterns :)

      (Quote This Comment)

  14. One word:

    FURNACE

      (Quote This Comment)

  15. What are your thoughts on the 35 pass security erase from Apple’s stock Disk Utility?

      (Quote This Comment)

  16. I really have no idea how to wipe out my computer’s history so when I bought a new computer I pulled the hard drive out of the old one and turned it to cinders with my cutting torch. It works.

      (Quote This Comment)

  17. I saw some documentary about wiping out all traces of yourself to go off the grid, and along with a high powers magnet the guy got a crappy microwave from a flea market or tag sale or something along those lines and fried everything until the microwave stopped running. I don\’t know if that would work, if it were me I\’d have a nice barrel fire in the backyard and turn them into toast. That\’s how I dispose of important mail, I toss it in the wood stove or in the summer make s\’mores.

      (Quote This Comment)

  18. A client I worked with used Acronis. Any reviews or thoughts?

      (Quote This Comment)

  19. You actually make it seem so easy with your presentation but I find this topic to be actually something which I think I would never understand.

    It seems too complicated and very broad for
    me. I am looking forward for your next post, I will try to get
    the hang of it!

      (Quote This Comment)

  20. Asking questions are in fact pleasant thing if you are not understanding anything entirely, however this piece of writing offers nice understanding yet.

    Also visit my site :: search engine visibility

      (Quote This Comment)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Upload Files

You can include images or files in your comment by selecting them below. Once you select a file, it will be uploaded and a link to it added to your comment. You can upload as many images or files as you like and they will all be added to your comment.