Hard Drive Killers. Coercive headshot
"Any value controls only the one who is able to destroy it" Dune, Frank Herbert
Today we will talk about how to quickly kill a 3.5 "hard drive.
')
About the highly successful capture of HDD by the secret services:
Imagine: you are already sawing the door (the manufacturer of which guaranteed that it will be sawn for at least 30 seconds), and you have a lot of interesting things on the hard disk. What are your actions?
My first thought:
But for this you need: a) to get to the HDD (from 10 to 100+ seconds) b) the disk starts to spark after 20 seconds. So attackers can get not completely baked "pancakes"
The second thought is to walk with a hammer prepared in advance at the desktop. A computer case is always unscrewed and hard not bolted, and hangs on the wires. For the laptop, it makes sense to put a cross in advance where to hit. According to my estimates - 10 seconds to make a chop. But something lately the cases of the disks are especially durable (especially the laptops), but there are still a few facts compromising physical abuse.
There are professional hard drive puncturers, it looks very impressive:
And there are uncles in white coats and clean rooms with atomic force microscopes:
There is a way to visually remove information:
A pair of droplets of a colloidal suspension of Fe 2 O 3 particles is applied to the hard disk plate with a syringe. Then, using a special cover glass, the suspension is smeared with a thin layer over its surface, on which magnetic contrast appears in reflected light. It is, in principle, sufficient for even the naked eye to assess the presence or absence of information - in the figure you can clearly see servo marks dividing the disc into sectors.
At 800-fold magnification of an optical microscope, separate servo marks become clearly visible, the data tracks recorded with a weaker field stand out a little worse.
And then there is residual magnetization (on flexible media, but who knows, maybe there is such a vulnerability on the HDD too):
In 2003, instead of the shuttle “Columbia”, this is what landed:
When the ashes were blown out and the case opened, they found the disks:
Restored 99% (400 mb) and even published the work in the journal based on the extracted data about the experiment in space.
If you engage in mechanical destruction, then at least to such an extent.
I, for reliability, still would fill in with acid and boiled. You never know on what shred find the number of a wallet with bitcoins.
The boys have such a thing - a magnetic force microscope .
It works like a record player, just a nano-sized needle.
The appearance of the complex analysis of magnetic waveforms
The coercive force is the magnetic field strength Hc, in which the ferromagnetic sample, which is initially magnetized to saturation, is demagnetized. Measure the coercive force by coercimeters.
Destruction in 1 second.
Before and after switching on the device.
1 - outer edge, 2 - surface defects of the magnetic plate, 3 - sector marking
According to available data, to ensure the information is erased by regulations, the magnetic field is set to be at least 450 kA / m. Taking into account the weakening of the field due to the disk enclosure, we take the minimum value of 500 kA / m
There are specialized devices that solve our problem - urgently destroy data on the hard disk.
They are built into the body of the working machine and quietly slumber, waiting in the wings. The hard drive is always in the right arms (read - mined). Structurally, devices are divided into 2 types - with a flat coil (disk outside) and with a cylindrical coil (disk inside).
We dig into several devices that are on the Russian market. We poke them with a screwdriver and coercimeters.
Peal and Impulse are equipped with autonomous power supply (enough for a day), as well as with all sorts of things that a real demolitioner dreams (or paranoid): a perimeter control sensor (read - stretch marks), a power outage timer (if the computer is cut out while you are not there, then everything will erase itself after a certain time), remote activators (radio and GSM channels), well, just a red button.
A little more about each.
Flat coil. It takes one 5-inch slot, plus the disk is attached to the device from the bottom close to the device's emitter. Installed in the computer case in the manner of a CD-ROM. It is powered by a 12 volt computer through a standard ATX block connector.
Pros :
Cons : the field is very dependent on the position in space relative to the radiator. At the edges, it is very low, and with a geometric progression decreases with distance from the plane, even in the center.
And so that the disk does not fly into orbit, it (for tests) was strengthened with a clamp.
Inside the coil looks like this (next to the HDD and the graph of the distribution of field strength at a distance from the center):
At a distance of half a distance from the center to the edge, the field more than doubles and goes to the edges to zero. ( Calculations )
The device itself and placement in the system unit. It is powered by 220 volts, equipped with a fuse and switch on the case. Full charging time is about 10 seconds.
Battery for autonomous work - separately:
Inside Peal - “classic solenoid”:
Pros: field uniformity within the entire volume of the solenoid (not counting the edges).
Minuses:
That is, this design has a high efficiency of generating a uniform magnetic field with significant costs for the structure and dimensions of the product.
Front and rear view:
The disk will be well inside, during operation it is cooled by a pair of fans located behind the unit.
The front can be connected: power (12V ATX), remote control keyfob (40 m), button, long-range radio channel, control via GSM (sending SMS), and a perimeter protection unit. Turns the device on and off with a key.
Inside is a classic solenoid.
The impulse is so severe that it is not on bolts, but on rivets. Thanks to the Detector Systems company for not regretting the device and allowing it to be drilled out.
From the photos you can see that in the Impulse (right), the hard drive feels spacious, there is a pair of cm on each side (but it doesn’t dangle, it is screwed on a sled), Ramspawn has a tight fit, and the Samurai has a coil that is even smaller than a pancake the disk (which is not very good, because the field geometry is uneven and will not cover the whole pancake)
Samurai
The button is recessed into the body, it is easier to press it with a clip or pen. Conveniently so that you do not accidentally press. After activation, the device is restarted.
The instructions say that it is forbidden to activate the Samurai several times in a row, and we honestly kept 10 minutes between activations.
After 7 activations, the device clicked loudly and smoke began.
Peal
Power button and activation button (activation works ALWAYS regardless of whether the device is fully charged or not)
Pulse
After switching on to the network, the device charges for 56 seconds, after which it is ready for activation.
There is protection from the cleaning lady: to activate erasing, the button must be pressed and held for more than 3 seconds. Heard "peep" says only that the button is working, and the device has understood that it is pressed. Moreover, the button starts to blink quickly, indicating that it is pressed and waits 3 seconds before the start. By pressing the button and quickly releasing, you can make sure that it is operational, but do not activate the system.
As Dr. House measures the temperature of a policeman, we will also push the probe into each device.
Since we are going to measure the field in 2 types of field emitters, then according to the theory inside the solenoid, the field is uniform, it is enough to measure it in the middle of the carrier by introducing the device probe to different depths. Measurements will be made with a probe with a sensor perpendicular to the plane of the solenoid. The probe is inserted into the solenoid. For convenience, the probes are calibrated with a centimeter scale.
The impact of a planar radiator strongly depends on the measurement site, and, since there are 4 information plates in our disk, how far the disk is from the radiator. will depend on the measurement result.
Slotted probe with a sensor perpendicular to the plane of the coil.
And here are the coercimeters:
Domestic milliteslameter TP2-2U, American GaussMeter GM-2.
Both devices have a laboratory class, that is, applicable for research measurements, have approximately equal characteristics, both record pulsed magnetic fields, both have probes for measuring the field perpendicular to the plane of the coil and parallel to the plane of the solenoid. Measurements are made by GM-2 in Gauss, TP2-2U in milliTesla. The main difference - the American captures pulsed fields from 2 ms, domestic - 0.1 ms.
One of the tasks was to make from it a device for measuring the power of the field INSIDE of the disk, that is, on the plates itself, where it affects the recorded information. The corpus is supposed to make its own adjustments to the behavior of the field, and we will try to get a result close to the combat one.
We even sawed the disc to take into account the screening
Probe me in hard drive!
Samurai burned so little data for him
The conversion factor is 1 millTesla = 10 Gauss = 0.796 kiloampere / meter. Based on the field standard - the value should be at least 500kP / m = 628mTl = 6280G.
For Impulse, we performed 2 types of test: we simply measured the field inside the device and, together with the drilled HDD, in order to estimate the attenuation coefficient from the body of the HDD itself. TC "Peal" works on the same principle, the attenuation coefficient should not differ much.
It can be seen from the table that the power of the field to the edge of the disc goes down sharply to the edge of the disc, while the pulse of the Impulse is less than 10% and even at the edge is included in the standard 500 kA.
The samurai has a giant value of tension in the center and no less a giant weakening as it moves away from the “epicenter”.
(The coil and the hardcore pancakes were not coaxial, and the center of the solenoid hits somewhere in the region. Perhaps due to the fact that there are two constructive types of hards. In this respect, the bulk solenoid doesn’t matter where the pancakes in the disk covers everything.)
Often, before storming, the light is cut down and the cellular and radio communications are jammed. A samurai, without autonomous power, becomes useless.
PS
“Brilliant” scene about emergency data erasure - 1:40:30:
Today we will talk about how to quickly kill a 3.5 "hard drive.
')
About the highly successful capture of HDD by the secret services:
The importance of the evidence was so great that to get a laptop I had to play the whole scene in the library where Ulbricht was taken. FBI agents (male and female) began a public quarrel. Ulbricht was distracted to look at them - and at that moment another agent quickly pulled the laptop out from under his hands. Then the standard arrest was made.
In the following hours, the FBI IT specialists carefully examined the laptop and took pictures of the screen, carefully checking that the laptop did not go into sleep mode (with encryption of information). Then they made a copy of the contents of the hard disk.
The computer has copies of Ulbricht's passports and driver's licenses, payroll payroll records for Silk Road employees, staff activity logs, scans of Silk Road admins IDs.
Ulbricht’s personal diary began in 2010, when Ross had the idea to create the Silk Road site and sell there cheaply hallucinogenic mushrooms that he grew. Ulbricht describes everything he did on a daily basis, including personal goals, daily work, and drinks with friends.
Imagine: you are already sawing the door (the manufacturer of which guaranteed that it will be sawn for at least 30 seconds), and you have a lot of interesting things on the hard disk. What are your actions?
Mechanical destruction
My first thought:
But for this you need: a) to get to the HDD (from 10 to 100+ seconds) b) the disk starts to spark after 20 seconds. So attackers can get not completely baked "pancakes"
The second thought is to walk with a hammer prepared in advance at the desktop. A computer case is always unscrewed and hard not bolted, and hangs on the wires. For the laptop, it makes sense to put a cross in advance where to hit. According to my estimates - 10 seconds to make a chop. But something lately the cases of the disks are especially durable (especially the laptops), but there are still a few facts compromising physical abuse.
There are professional hard drive puncturers, it looks very impressive:
And there are uncles in white coats and clean rooms with atomic force microscopes:
There is a way to visually remove information:
A pair of droplets of a colloidal suspension of Fe 2 O 3 particles is applied to the hard disk plate with a syringe. Then, using a special cover glass, the suspension is smeared with a thin layer over its surface, on which magnetic contrast appears in reflected light. It is, in principle, sufficient for even the naked eye to assess the presence or absence of information - in the figure you can clearly see servo marks dividing the disc into sectors.
At 800-fold magnification of an optical microscope, separate servo marks become clearly visible, the data tracks recorded with a weaker field stand out a little worse.
And then there is residual magnetization (on flexible media, but who knows, maybe there is such a vulnerability on the HDD too):
In 2003, instead of the shuttle “Columbia”, this is what landed:
When the ashes were blown out and the case opened, they found the disks:
Restored 99% (400 mb) and even published the work in the journal based on the extracted data about the experiment in space.
If you engage in mechanical destruction, then at least to such an extent.
I, for reliability, still would fill in with acid and boiled. You never know on what shred find the number of a wallet with bitcoins.
The boys have such a thing - a magnetic force microscope .
It works like a record player, just a nano-sized needle.
The appearance of the complex analysis of magnetic waveforms
Here is an example of how to read data bit by bit.
With the help of a narrower and more sensitive head when positioning with microsites, it is possible to read the previous record on the edges of the track. The deviation of the position of the recording head from the center of the track can lead to the fact that a significant part of the "old" data will remain unchanged from above or below at the edges of the track
Residual magnetization at the edges of the track (magnification 800x)
Record the entire HDD plate with logical zeros (00h). View of the zones of change of sign on the extreme track of the surface of the plate WD WDC 280
Decoding is performed in manual mode, using knowledge of the size of the clock frequency interval and its phase referencing to the image.
For each of the 16 possible sequences of logical data (0000, 0001, 0010, 0011, 0100, 0101, 0110, 0111, 1000, 1001, 1010, 1011, 1100, 1101, 1110, and 1111), when recording, there are characteristic images (patterns ) (more info here )
Residual magnetization at the edges of the track (magnification 800x)
Record the entire HDD plate with logical zeros (00h). View of the zones of change of sign on the extreme track of the surface of the plate WD WDC 280
Decoding is performed in manual mode, using knowledge of the size of the clock frequency interval and its phase referencing to the image.
For each of the 16 possible sequences of logical data (0000, 0001, 0010, 0011, 0100, 0101, 0110, 0111, 1000, 1001, 1010, 1011, 1100, 1101, 1110, and 1111), when recording, there are characteristic images (patterns ) (more info here )
Use the Force, Luke. Coercive force.
The coercive force is the magnetic field strength Hc, in which the ferromagnetic sample, which is initially magnetized to saturation, is demagnetized. Measure the coercive force by coercimeters.
Destruction in 1 second.
Before and after switching on the device.
1 - outer edge, 2 - surface defects of the magnetic plate, 3 - sector marking
According to available data, to ensure the information is erased by regulations, the magnetic field is set to be at least 450 kA / m. Taking into account the weakening of the field due to the disk enclosure, we take the minimum value of 500 kA / m
There are specialized devices that solve our problem - urgently destroy data on the hard disk.
They are built into the body of the working machine and quietly slumber, waiting in the wings. The hard drive is always in the right arms (read - mined). Structurally, devices are divided into 2 types - with a flat coil (disk outside) and with a cylindrical coil (disk inside).
We dig into several devices that are on the Russian market. We poke them with a screwdriver and coercimeters.
3 killers
Peal and Impulse are equipped with autonomous power supply (enough for a day), as well as with all sorts of things that a real demolitioner dreams (or paranoid): a perimeter control sensor (read - stretch marks), a power outage timer (if the computer is cut out while you are not there, then everything will erase itself after a certain time), remote activators (radio and GSM channels), well, just a red button.
TTX
POST (from the Internet)
SAMURAI X-Lite (from the product passport)
Impulse-6V (from the product passport)
- The intensity of the erasing magnetic field is not less than 450 kA / m
- Number of hard drives 1
- 2.5 '3.5' hard drive form factor
- Destruction of information on magnetic media, duration not more than 0.1 sec.
- The device’s readiness time for information destruction after power-up or previous operation is no more than 20 seconds.
- Rated mains voltage 220V, 50Hz from a 12V battery
- Power consumption when running on 220V, 50Hz, W
- in standby mode no more than 5 W
- pulsed no more than 90 W - Dimensions of the power section: products "Roll" (Module-1) 120x140x200 mm
- Operating temperature range from +5 ° to +40 °
- Offline duration of 24 hours
SAMURAI X-Lite (from the product passport)
- Power supply, V 12 ... 14
- Power consumption, W up to 75
- The strength of the e / m field when triggered, kA / m 450
- Current consumption in the "Security" mode, A not more than 0.1
- Current consumption in charging mode, A not more than 6
- Charging time of the power unit, sec to 10
Impulse-6V (from the product passport)
- Magnetic field strength, kA / m, not less than 500
- Readiness after switching on, s, not more than 60
- Erase time, sec, not more than 0.1
- Power supply device, constant voltage 12V
- Current consumption, mA, not more
in drive charge mode 1.5A
in working mode 20mA - Overall dimensions LxWxH, mm., Not more than 240x145x85
- Product mass, kg., No more than 3
- Battery life hours, at least 24
A little more about each.
Samurai
Flat coil. It takes one 5-inch slot, plus the disk is attached to the device from the bottom close to the device's emitter. Installed in the computer case in the manner of a CD-ROM. It is powered by a 12 volt computer through a standard ATX block connector.
Pros :
- field strength directly depends on the cross section of the coil, and in the center it is small; in the very center of the coil, near its surface, significantly higher values ​​of the field can be achieved with less energy.
- Small dimensions (the carrier only needs to be attached to the coil).
Cons : the field is very dependent on the position in space relative to the radiator. At the edges, it is very low, and with a geometric progression decreases with distance from the plane, even in the center.
And so that the disk does not fly into orbit, it (for tests) was strengthened with a clamp.
Inside the coil looks like this (next to the HDD and the graph of the distribution of field strength at a distance from the center):
At a distance of half a distance from the center to the edge, the field more than doubles and goes to the edges to zero. ( Calculations )
-5 to developer karma
Peal
The device itself and placement in the system unit. It is powered by 220 volts, equipped with a fuse and switch on the case. Full charging time is about 10 seconds.
Battery for autonomous work - separately:
Inside Peal - “classic solenoid”:
Pros: field uniformity within the entire volume of the solenoid (not counting the edges).
Minuses:
- large dimensions .
- Requires a large power current to create the desired values. When current passes through a solenoid, it tries to deform, that is, a sufficiently rigid framework is required on which it is wound.
That is, this design has a high efficiency of generating a uniform magnetic field with significant costs for the structure and dimensions of the product.
herak herak and in product
No comments
the disk is fastened with a screw ...
No comments
the disk is fastened with a screw ...
Pulse
Front and rear view:
The disk will be well inside, during operation it is cooled by a pair of fans located behind the unit.
The front can be connected: power (12V ATX), remote control keyfob (40 m), button, long-range radio channel, control via GSM (sending SMS), and a perimeter protection unit. Turns the device on and off with a key.
Inside is a classic solenoid.
The impulse is so severe that it is not on bolts, but on rivets. Thanks to the Detector Systems company for not regretting the device and allowing it to be drilled out.
more pictures of the entrails
marketable condition? - no, have not heard
Solenoid size comparison
From the photos you can see that in the Impulse (right), the hard drive feels spacious, there is a pair of cm on each side (but it doesn’t dangle, it is screwed on a sled), Ramspawn has a tight fit, and the Samurai has a coil that is even smaller than a pancake the disk (which is not very good, because the field geometry is uneven and will not cover the whole pancake)
Oh, and what is that button blinking here?
Samurai
The button is recessed into the body, it is easier to press it with a clip or pen. Conveniently so that you do not accidentally press. After activation, the device is restarted.
The instructions say that it is forbidden to activate the Samurai several times in a row, and we honestly kept 10 minutes between activations.
After 7 activations, the device clicked loudly and smoke began.
Peal
Power button and activation button (activation works ALWAYS regardless of whether the device is fully charged or not)
Pulse
After switching on to the network, the device charges for 56 seconds, after which it is ready for activation.
There is protection from the cleaning lady: to activate erasing, the button must be pressed and held for more than 3 seconds. Heard "peep" says only that the button is working, and the device has understood that it is pressed. Moreover, the button starts to blink quickly, indicating that it is pressed and waits 3 seconds before the start. By pressing the button and quickly releasing, you can make sure that it is operational, but do not activate the system.
Test
As Dr. House measures the temperature of a policeman, we will also push the probe into each device.
Since we are going to measure the field in 2 types of field emitters, then according to the theory inside the solenoid, the field is uniform, it is enough to measure it in the middle of the carrier by introducing the device probe to different depths. Measurements will be made with a probe with a sensor perpendicular to the plane of the solenoid. The probe is inserted into the solenoid. For convenience, the probes are calibrated with a centimeter scale.
The impact of a planar radiator strongly depends on the measurement site, and, since there are 4 information plates in our disk, how far the disk is from the radiator. will depend on the measurement result.
Slotted probe with a sensor perpendicular to the plane of the coil.
And here are the coercimeters:
Domestic milliteslameter TP2-2U, American GaussMeter GM-2.
Both devices have a laboratory class, that is, applicable for research measurements, have approximately equal characteristics, both record pulsed magnetic fields, both have probes for measuring the field perpendicular to the plane of the coil and parallel to the plane of the solenoid. Measurements are made by GM-2 in Gauss, TP2-2U in milliTesla. The main difference - the American captures pulsed fields from 2 ms, domestic - 0.1 ms.
One of the tasks was to make from it a device for measuring the power of the field INSIDE of the disk, that is, on the plates itself, where it affects the recorded information. The corpus is supposed to make its own adjustments to the behavior of the field, and we will try to get a result close to the combat one.
We even sawed the disc to take into account the screening
Probe me in hard drive!
results
The conversion factor is 1 millTesla = 10 Gauss = 0.796 kiloampere / meter. Based on the field standard - the value should be at least 500kP / m = 628mTl = 6280G.
For Impulse, we performed 2 types of test: we simply measured the field inside the device and, together with the drilled HDD, in order to estimate the attenuation coefficient from the body of the HDD itself. TC "Peal" works on the same principle, the attenuation coefficient should not differ much.
It can be seen from the table that the power of the field to the edge of the disc goes down sharply to the edge of the disc, while the pulse of the Impulse is less than 10% and even at the edge is included in the standard 500 kA.
The samurai has a giant value of tension in the center and no less a giant weakening as it moves away from the “epicenter”.
(The coil and the hardcore pancakes were not coaxial, and the center of the solenoid hits somewhere in the region. Perhaps due to the fact that there are two constructive types of hards. In this respect, the bulk solenoid doesn’t matter where the pancakes in the disk covers everything.)
Often, before storming, the light is cut down and the cellular and radio communications are jammed. A samurai, without autonomous power, becomes useless.
Appendix: magnitude of the coercive force of magnetic carriers
The table lists the magnetic media with the corresponding coercive force * of the carrier material. On the basis of this table, you can determine the necessary power to erase media.
Since each type of carrier has its own level of coercivity, it is important to use a device that erases enough power to reliably erase data. The power of the erasing field must be at least twice as high as the carrier's own coercive force. For example, if you want to erase a VHS tape with a coercivity level of 650 oersted, you need an erasing device with a capacity of at least 1300 oersted. The power values ​​of the erase devices with an overlap ratio of the coercive force of the carrier K = 2.5, which ensures guaranteed erasure, are given.
Magnetic field power required to erase magnetic media
Since each type of carrier has its own level of coercivity, it is important to use a device that erases enough power to reliably erase data. The power of the erasing field must be at least twice as high as the carrier's own coercive force. For example, if you want to erase a VHS tape with a coercivity level of 650 oersted, you need an erasing device with a capacity of at least 1300 oersted. The power values ​​of the erase devices with an overlap ratio of the coercive force of the carrier K = 2.5, which ensures guaranteed erasure, are given.
Magnetic field power required to erase magnetic media
PS
“Brilliant” scene about emergency data erasure - 1:40:30:
Source: https://habr.com/ru/post/254671/
All Articles