Destroy everything

    On Habré quite often there are materials describing the process of recovering information from various devices. The service is in demand, almost everyone probably faced the sudden "death" of a flash drive or hard drive. But what happens to the devices of your company after the accounting department writes them off? Who gives sponsored organizations, who just throws away. There are many options. But attackers may very well take the opportunity to gain access to your data or your company’s data by getting your devices anyway!

    We will not talk about encryption and software such as anti-theft - these topics are already adequately covered, including on this resource. Let's talk about those things that the majority have to deal with in reality much less often - how to guarantee to destroy everything that is recorded there now, as well as what was once recorded on the carriers of important information.

    So you or your company need to get rid of the information. Not even for the purpose of concealing it - a commonplace case - in the case of the transfer or sale of previously used computers or devices by someone. What will you do?

    With the permission of the Habrazhitel, we begin not with electronic devices, but with plain paper. Alas, despite the many decisions on the implementation of paperless workflow - without papers in our country is impossible. As a result, each person over time accumulates on the table and around it a certain hill of information:

    Pavel sat on the bed and read the last letters of the Central Committee that he found under his friend’s pillow.
    “What have you done, robber, of my apartment!” Okunev shouted with feigned indignation. - Uh, wait, wait, comrade! Why, you read secret documents! Let this be in the hut!
    Smiling, Pavel put the letter aside:
    “There is just no secret here, but instead of the lampshade on the light bulb, you really had a document that was not subject to publication. He even burned at the edges. You see?
    Okunev took the burnt sheet and, glancing at the headline, hit his forehead with his palm:
    - And I was looking for him for three days, so that he would fail! He disappeared as he sank into the water! Now I recall that it was Volintsev on the third day that he made a lampshade from it, and then he himself searched until the seventh sweat. - Okunev, carefully folding the sheet, put it under the mattress. “ Then we'll put everything in order,” he said reassuringly.

    Nikolai Ostrovsky. As the Steel Was Tempered.

    Typically, the paper is simply thrown into the trash - sometimes torn in half. As a result, in the news, we read the next report that a container with ... or something similar was found in the backyards (there are many cases, with examples shown first in a Google search you can find here , here , here , here ). In the nineties, worn out bills simply dropped into abandoned silos. I can imagine the surprise of metal hunters who exposed the remainder of the silos and saw its contents . And this is not an extreme case - I think that many as a result of visits to state institutions received printouts on the back of old documents (often with personal data).

    More advanced companies use a shredder. Just do not forget that the required degree of grinding depends on the importance of information being destroyed. Paper shredders come in five levels of secrecy. The higher the level, the higher the degree of shredding and the more difficult it is to recover the recycled document.

    • The first level is used for documents of general use, cutting strips with a maximum width of 12 mm.
    • The second level is used for official documents, creating strips up to 6 mm wide.
    • The third level is already confidential documents. As a result of his work, strips up to 2 mm wide or fragments up to 4 mm wide and up to 60 mm long appear.
    • The fourth level is suitable for classified documents. Those who use it will receive pieces of paper up to 2 mm wide and up to 15 mm long.
    • The fifth level will destroy the top secret data of documents by grinding into fragments up to 0.8 mm wide and up to 13 mm long.

    The sixth level of secrecy is not regulated by the international standard DIN 32757-1, but manufacturers of shredders distinguish this degree of secrecy. A document passed through a shredder of the 6th degree of secrecy literally turns to dust - the size of the fragments is only 0.8 × 6 mm.

    Shredders are direct (parallel) and cross cutting. The latter, of course, provide a greater level of security. An additional advantage of cross cutting is that the cut paper is compressed more densely in the waste container than with direct cutting. As a result, the container must be emptied much less frequently.

    Old money, by the way, can also be destroyed in this way. Here you can see what 500 thousand rubles are like.

    Naturally, an attacker may try to recover data. The easiest way to do this is by digitizing the fragments and using computer technology .

    What remains for the paranoid? What to do with papers, as with vampires - to burn, and to scatter ashes downwind? It is logical, but there are problems in this case. I think many will recall the fragment quoted below:

    “Let me see,” Woland held out his hand, palm up.
    “Unfortunately, I cannot do this,” the master answered, “because I burned it in the stove.”
    “I'm sorry, I won’t believe it,” Woland answered, “this cannot be.” Manuscripts do not burn. - He turned to the Behemoth and said: - Come on, Behemoth, give me a novel.
    The cat instantly jumped out of the chair, and everyone saw that he was sitting on a thick bundle of manuscripts. The upper specimen cat bowed to Woland.

    M.A. Bulgakov, “The Master and Margarita”.

    Seriously, we need a different quote:

    “I told you a long time ago, Tikhonov, that your amateurism will not bring to good ...” And, laughing, he explained: “Documents are at the stage of half-burning and charring.” For research on a macro reproducer, they must be
    transferred to the next phase - incineration ...
    Ashukin fixed the sheet on a ceramic plate, put it in a muffle
    furnace and turned on the switch.
    - Done! - said Ashukin and took out a plate from the oven. The sheet turned light gray and some obscure badges appeared on it more distinctly. A tangible smell of paper burning floated in the room. Ashukin put the plate in the cooling chamber for several minutes.

    Arkady Weiner, George Weiner. Visit to the Minotaur

    The company can burn documents itself, and can use the services of specialized firms. But we never forget that the preparation of the act and the presence of the commission during the destruction is mandatory. Otherwise, it may turn out like here .

    Naturally, not all paper destruction methods are listed above. For example, we supplement the list with cooking, the process of destroying documentation that occurs on a paper machine, which completely eliminates the possibility of even partial restoration of it, since paper documents enter the pulper, pass through a fine grinding mill, mix with water and chemicals, and turn into a homogeneous suspension , which serves as the basis for the production of new sanitary products.

    But finish with the paper and move on to the sweet heart of electronic information. Here, destruction is much more complicated.

    The first problem is immediately obvious - information can be everywhere. An attacker may not only care about the information stored on workstations, servers, and personal devices (yes, yes. You also need to think about personal devices) explicitly. Both on the personal computer and in the local network are stored not only the data that the average user knows about. Let's say the network card settings can help you find out the local network settings; data stored in RAM can often contain open secret information, usually stored in encrypted form. Oddly enough, many forget that NTFS can store data in streams. There are many options, we will not list all.

    Naturally, such a situation did not go unnoticed by regulators and the standards governing the rules of destruction exist in many. For example, US Department of Defense 5220.22-M , recommended by the MPAA as a standard for shredding and cleaning digital media. NIST Special Publication 800-88 lists the methods of destroying information on a wide variety of devices and media. For example, for the already mentioned paper media, the NIST standard prohibits cleaning the media from data and says that when burning, unburned residues should be brought to the state of white ash, and fragments should not exceed 0.25 millimeters when cutting.

    Before proceeding to the choice of the method of destruction, do not forget that:

    • spectacular frames of films usually show us how, in the event of an enemy invasion, secret scientists for some reason begin to destroy monitors. True, after this, usually the assistant to the main villain hands the leader a flash drive with carefully recorded super secret information, which no one thought to destroy. Accordingly, the conclusion is simple. Before you destroy something, determine the places and devices where the really important is stored. Employees should understand that by deleting a file through Explorer, they don’t destroy it, they just move it to the Recycle Bin, from where it can be easily restored, since the Recycle Bin is not cleaned up. Company politicians should take into account that a document opened from an attachment in a letter is not a fact that it will then be deleted from the Temp folder. Editors, email clients, archivers, and others like them, have the habit of not destroying temporary files. Deleting an important file is not a fact that deletes all copies of it. It would seem elementary - but how many companies on the computers of employees set up automatic cleaning of all places where temporary files are accumulated?
    • the possibility and speed of recovery of seemingly destroyed data in many cases depends on the capabilities of the one who is interested in the data: an amateur hacker from your own company or a secret service that has a good potential for recovering everything and everything;
    • determining what is important for the hacker and what is not is difficult. Absolutely insignificant in your opinion data can give the direction of further search for those interested in you. Therefore, if in doubt - destroy, do not be afraid to overdo it.

    Due to the fact that ordinary hard drives still retain their popularity due to their very attractive cost, and their capacity is sufficient to store whatever you like, then hard drives with SATA interfaces (just in case: the following applies to drives and other interfaces - IDE, SCSI) have become the most common place where you can find your data. And, funny as it may seem, very many of their users do not suspect that erasing data from hard drives is not so simple. First, in most cases, deleting a file actually means deleting either links to the file, or parts of it - the place is considered to be freed, but the data is saved and will be overwritten only when something else is written to this place. This feature is used by numerous utilities for recovering accidentally deleted data. But even if you write new data on top of the old ones or change the partition boundaries (and even format the disk!) - the old data can still be restored. The fact is that at the edges of the magnetized path magnetization regions are preserved - they are also used for restoration. In order to completely erase the data, you need to overwrite them according to the rules. There are several standards for this. For instance:

    • RD of the State Technical Commission of Russia “Automated Systems. Protection against unauthorized access to information. Classification of Automated Systems and Information Protection Requirements ”of 1992 requires a two-time random write cleaning in the freed memory area;
    • Dod 5220.22M (national standard of the US Department of Defense) - 2 cycles of rewriting with pseudo-random numbers with further verification of the quality of rewriting;
    • NAVSO P-5239-26 (used by the US Navy) - provides for 3 rewriting cycles, first all “1”, then all “# 7FFFFF”, then a pseudo-random sequence, after which the verification procedure occurs;
    • AFSSI S020 (US Air Force standard) - the first cycle - all “0”, then all “F”, then pseudo-random numbers, and then verification of 10% of the overwritten data.

    There is no need to perform these operations manually - special utilities have been created to overwrite data.

    However, back in November 2007, the US Department of Defense recognized the rewriting as suitable for cleaning magnetic devices, but not suitable for data destruction. Only demagnetization or physical destruction is considered appropriate (DSS Clearing & Sanitization Matrix). In particular, the problem may be due to the fact that in storage devices there may be areas that have become inaccessible to conventional means. For example, magnetic disks can mark up new bad sectors after data has been written. Modern hard drives often automatically move small sectors of records that the OS might not even know about. Attempts to prevent residual information through rewriting may fail, as data residues may be present in formally inaccessible areas. Storage devices using various sophisticated methods can lead to overwriting inefficiencies, especially when applied to individual files. Journaled file systems increase data connectivity by recording, duplicating information, and applying transaction semantics. In such systems, data residues may be outside the usual “location” of the file. File systems can use copy-on-write or contain an integrated version control system. Technologies like RAID result in file data being written to several places at once for fault tolerance. And defragmentation leads to the fact that data remains are stored on the disk. There are many options performing recording, duplicating information, and apply transaction semantics. In such systems, data residues may be outside the usual “location” of the file. File systems can use copy-on-write or contain an integrated version control system. Technologies like RAID result in file data being written to several places at once for fault tolerance. And defragmentation leads to the fact that data remains are stored on the disk. There are many options performing recording, duplicating information, and apply transaction semantics. In such systems, data residues may be outside the usual “location” of the file. File systems can use copy-on-write or contain an integrated version control system. Technologies like RAID result in file data being written to several places at once for fault tolerance. And defragmentation leads to the fact that data remains are stored on the disk. There are many options that the file data is written to several places at once for fault tolerance. And defragmentation leads to the fact that data remains are stored on the disk. There are many options that the file data is written to several places at once for fault tolerance. And defragmentation leads to the fact that data remains are stored on the disk. There are many options

    Again, rewriting is a long business. But no one canceled the “mask show”. What to do if you urgently need to destroy everything? There are such funds. As a rule, in such cases, the disk is undermined: next to it, in the special device, the necessary amount of explosive is placed. Or they are exposed to a slowly decreasing or increasing powerful magnetic field. Those who wish to purchase the appropriate device can type in the search bar “emergency information destruction device”. There are many options, so I will not conduct examples.

    Still more fun with modern mobile devices and memory.

    J. Alex Halderman, et al. Lest We Remember: Cold Boot Attacks on Encryption Keys. A study from 2008. Residual information was found in DRAM, with a decay time of seconds to minutes at room temperature and “a whole week without power when cooled with liquid nitrogen”. The authors of the study were able to use the attack through a cold boot to obtain an encryption key for several encryption systems of the entire disk. Despite some memory fading, they were able to use the redundancy in the form of storage that occurs after converting keys for efficient use, such as in a sequence of keys. The authors recommend leaving the computer to turn it off, and not leave it in "sleep mode". Subsequently, they demonstrated data recovery from mobile devices by placing them in a freezer.

    Fortunately, according to NIST, erasing files on a mobile phone is quite simple: you need to manually erase everything recorded, perform a system reinstall, and restore the default settings. But for guaranteed destruction it is necessary to destroy the apparatus either by grinding it or by melting it.

    Similar measures of information destruction are recommended for network devices, copiers, etc.

    If you use flash drives, then there is a tool for and for them. So that there is no suspicion of advertising, you can independently find it in the search for "USB with the ability to destroy information." Again, according to the standard, to erase information, you just need to rewrite it, and to destroy the device, burn or rub it into powder

    To clear the memory, it is recommended that you turn off the power and remove the batteries, if any. Well, the destruction - a standard burning or abrasion

    And do not forget about the archives. For obvious reasons, data on optical CD / DVD discs cannot be erased, so these media must be destroyed. It’s not enough just to break the disk in half or use a microwave to destroy it. Pieces are obtained in a sufficiently large size, and files are written to such disks sequentially, so the likelihood of “pulling out" most of the data remains. So, if everything is done according to the standards (and the standards are written by people who are in the topic), you need to grind the disks into pieces to a grain size of a quarter millimeter or burn to a state of white ash.
    We will not list less common storage media.

    ANDlast one :
    Require discarded, damaged, or obsolete tapes and discs to be erased, demagnetized, shredded, or physically destroyed before disposal (e.g. shredding DVDs, destroying a hard drive), and update the asset management system records for destruction.

    Also popular now: