Destroy everything
On Habré, materials with the description of the process of information recovery from various devices often appear. The service is in demand, almost everyone has probably come across a sudden "death" of a flash drive or hard disk. But, what happens to the devices of your company after the accounting department writes them down? Who gives sponsored organizations who just throws away. There are many options. But attackers may well take the opportunity to gain access to your data or the data of your company by somehow getting your devices!
We will not talk about encryption and software such as anti-virus - these topics are already sufficiently covered, including on this resource. Let's talk about the things that most people face in reality much less often - about how to guaranteedly destroy on the carriers of important information everything that is written there now, and also what was written down once.
So you or your company need to get rid of the information. Not even for the purpose of hiding it - a banal case - in the case of the transfer or sale of previously used computers or devices. What do you do?
With the permission of Habrazhiteley, we start not with electronic devices, but with plain paper. Alas, despite the many decisions about the introduction of paperless workflow - without papers in our country is impossible. As a result, everyone eventually accumulates on the table and around him a certain slide of information:
')
As a rule, the paper is simply thrown into the trash - sometimes torn in half. As a result, in the news we read another report that a container was found in the back with ... or something similar (there are many cases, examples shown first in Google search can be found here , here , here , here ). In the nineties, worn-out bills simply dumped into abandoned silos. I imagine the surprise of the metal hunters who uncovered the remnant of silos and saw its contents . And this is not an extreme case - I think that many as a result of visits to government agencies received prints on the back of old documents (often with personal data).
More advanced companies use shredder. Just do not forget that the required degree of grinding depends on the importance of the information being destroyed. Paper shredders come in five levels of privacy. The higher the level, the higher the grinding rate and the harder it is to recover the recycled document.
Shredders are straight (parallel) and cross cutting. The latter, of course, provide a greater level of security. An additional advantage of cross-cutting is that the cut paper is compressed in the waste container more tightly than with direct cutting. As a result, the container must be released much less frequently.
Old money by the way can also be destroyed in this way. Here you can see what 500 thousand rubles look like.
Naturally the attacker may try to recover the data. The easiest way to do this is by digitizing the fragments and using computer technology .
What remains for the paranoid? To deal with papers, as with vampires - to burn, and dispel the ashes to the wind? It is logical, but there are problems in this case. I think the fragment quoted below will be remembered by many:
But seriously, we need a different quote:
The company can burn the documents itself, and can use the services of specialized firms. But we never forget that drawing up an act and the presence of a commission at destruction is necessary. Otherwise, it can turn out like this .
Naturally, the above are not all ways to destroy the paper. For example, we add the cooking list — the process of destruction of documentation that takes place on a paper machine, which completely eliminates the possibility of even partial recovery, as paper documents enter the pulper, pass through a fine grinding mill, mixing with water and chemical reagents, turns into a uniform suspension , which serves as the basis for the production of new sanitary products.
But we will finish with paper and we will pass to electronic information dear to heart. Here the destruction is much more complicated.
The first problem is already obvious right away - information can be everywhere. An attacker can be important, not only information stored on workstations, servers and personal devices (yes, yes, yes. Personal devices also need to think) in an explicit form. Both on the personal computer, and in a local area network not only those data about which the ordinary user knows are stored. For example, the settings of the network card can help to know the parameters of the local network data stored in RAM can often contain secret information in the clear, usually stored in encrypted form. Strangely enough, many people forget that NTFS can easily store data in a stream. There are many options, we will not list everything.
Naturally, this situation did not go unnoticed by regulators and standards governing the rules of destruction exists in many. For example, 5220.22-M of the US Department of Defense recommended by the MPAA as a standard for shredding and cleaning digital media. NIST Special Publication 800-88 lists information destruction methods on a wide variety of devices and media. Let's say for the paper carriers already mentioned, the NIST standard prohibits cleaning the media from data and says that when burning, unburned residues should be brought to the state of white ash, and when cutting, the fragments should not exceed 0.25 millimeter.
Before proceeding to the choice of the method of destruction, do not forget that:
Due to the fact that conventional hard drives still retain their popularity due to the very attractive cost, and their capacity is sufficient to store everything your heart desires, then hard drives with SATA interfaces (just in case: everything mentioned below also concerns and other interfaces (IDE, SCSI) have become the most common place to find your data. And, no matter how funny - many of their users do not suspect that erasing data from hard drives is not so easy. First, in most cases, deleting a file actually means deleting or links to a file, or parts of it — the place is considered to be freed, but the data is saved and overwritten only when something else is written to that place. This feature is used by numerous utilities for recovering accidentally deleted data. But even if you write new data over old ones or change the partition boundaries (and even format the disk!), You can still restore old data. The fact is that at the edges of the magnetized track areas of magnetization are preserved - they are used for restoration. In order to completely erase the data, you need to overwrite them according to the rules. There are several standards for this. For example:
There is no need to perform these operations manually - special utilities have been created to overwrite data.
However, as early as November 2007, the US Department of Defense recognized rewriting suitable for cleaning magnetic devices, but not suitable for data destruction. Only degaussing or physical destruction is considered appropriate (DSS Clearing & Sanitization Matrix). In particular, the problem may be due to the fact that there may be areas in storage devices that have become inaccessible to conventional means. For example, magnetic disks may mark up new bad-sectors after the data has been written. Modern hard drives often automatically move small sectors of the records that the OS may not even be aware of. Attempts to prevent residual information by overwriting may fail, since data residues may be present in areas that are not formally available. Storage devices using various sophisticated methods can lead to inefficiency of overwriting, especially for application to individual files. Journaling file systems increase data connectivity by writing, duplicating information, and applying transactional semantics. In such systems, leftover data may be located outside the usual “location” of the file. File systems may use copy-on-write or contain an embedded version control system. RAID-like technologies lead to the fact that file data is written to several places at once for fault tolerance. And defragmentation leads to the fact that the disk remains the data. Many options
Again, rewriting is a long thing. And the "mask show" has not been canceled. What if you need to urgently destroy everything? Such funds are. As a rule, in such cases the disk is undermined: next to it, the required amount of explosive is placed in a special device. Alternatively, it is exposed to a slowly decreasing or increasing powerful magnetic field. Those who want to purchase the appropriate device can type in the search bar “emergency information destruction device”. There are many options, so I will not give examples.
Still more fun with modern mobile devices and memory.
J. Alex Halderman, et al. Lest We Remember: Cold Boot Attacks on Encryption Keys . Research from 2008. Residual information was found in DRAM, with a decay time from seconds to minutes at room temperature and "a whole week without power when cooled with liquid nitrogen." The authors of the study were able to use a cold-boot attack to obtain an encryption key for several encryption systems for the entire disk. Despite some memory extinction, they were able to use redundancy in the form of storage that occurs after key conversion for efficient use, such as in key sequences. The authors recommend leaving the computer to turn it off, and not leave it in “sleep mode”. Subsequently, demonstrated the recovery of data from mobile devices using the room in the freezer.
Fortunately, according to NIST, erasing files on a mobile phone is quite simple: you need to manually erase everything that was recorded, reinstall the system, and restore the default settings. But for the guaranteed destruction it is necessary to destroy the apparatus either by grinding it or melting it.
Similar measures to destroy information are recommended for network devices, copiers, etc.
If you use flash drives, then there is a tool for and for them. To avoid suspicion of advertising, you can independently find in the search for "USB with the possibility of information destruction." Again, according to the standard, to erase information, you just need to overwrite it, and to destroy the device, burn or wipe it into powder.
To clear the memory, it is recommended to turn off the power and remove the batteries, if any. Well, destruction - standard burning or abrasion.
And do not forget about the archives. Data on optical CD / DVD discs cannot be erased for obvious reasons, so these media must be destroyed. It is not enough just to break the disc in half or use a microwave to destroy. The pieces are quite large, and the files are written to such disks sequentially, so the probability of "pulling out" most of the data is preserved. So, if you do everything according to the standards (and the standards are written by people who are in the subject), you need to grind the disks into pieces to a grain size of a quarter of a millimeter or burn to a state of white ash.
We will not list less common media.
And the last :
We will not talk about encryption and software such as anti-virus - these topics are already sufficiently covered, including on this resource. Let's talk about the things that most people face in reality much less often - about how to guaranteedly destroy on the carriers of important information everything that is written there now, and also what was written down once.
So you or your company need to get rid of the information. Not even for the purpose of hiding it - a banal case - in the case of the transfer or sale of previously used computers or devices. What do you do?
With the permission of Habrazhiteley, we start not with electronic devices, but with plain paper. Alas, despite the many decisions about the introduction of paperless workflow - without papers in our country is impossible. As a result, everyone eventually accumulates on the table and around him a certain slide of information:
')
Pavel sat on the bed and read the last letters of the Central Committee, which he found under his friend's pillow.
- What are you, a robber, did from my apartment! - Okunev shouted with mock indignation. - Uh, wait, wait, comrade! Yes, you read the secret documents! Here let this in the hut!
Pavel, smiling, put the letter aside:
- There is just no secret here, but instead of a lampshade on a light bulb, you really had a document that was not subject to disclosure. He even burnt at the edges. See?
Okunev took the burned sheet and, glancing at the headline, slapped himself on the forehead with his hand:
“And I searched for him for three days so that he failed!” Disappeared, as sunk into the water! Now I remember that it was Volyntsev on the third day that he made a lamp shade from it, and then he himself was looking for a sweat. - Okunev, carefully folded the sheet, put it under the mattress. “ Then we put everything in order,” he said reassuringly.
Nikolay Ostrovsky. As the Steel Was Tempered.
As a rule, the paper is simply thrown into the trash - sometimes torn in half. As a result, in the news we read another report that a container was found in the back with ... or something similar (there are many cases, examples shown first in Google search can be found here , here , here , here ). In the nineties, worn-out bills simply dumped into abandoned silos. I imagine the surprise of the metal hunters who uncovered the remnant of silos and saw its contents . And this is not an extreme case - I think that many as a result of visits to government agencies received prints on the back of old documents (often with personal data).
More advanced companies use shredder. Just do not forget that the required degree of grinding depends on the importance of the information being destroyed. Paper shredders come in five levels of privacy. The higher the level, the higher the grinding rate and the harder it is to recover the recycled document.
- The first level applies to common use documents, cutting into strips with a maximum width of 12 mm.
- The second level is used for official use documents, creating strips up to 6 mm wide.
- The third level is already confidential documents. As a result of his work, stripes up to 2 mm wide or fragments up to 4 mm wide and up to 60 mm long appear.
- The fourth level is suitable for secret documents. Those who use it will receive pieces of paper up to 2 mm wide and up to 15 mm long.
- The fifth level will destroy the completely secret data of documents, grinding into fragments up to 0.8 mm wide and up to 13 mm long.
Shredders are straight (parallel) and cross cutting. The latter, of course, provide a greater level of security. An additional advantage of cross-cutting is that the cut paper is compressed in the waste container more tightly than with direct cutting. As a result, the container must be released much less frequently.
Old money by the way can also be destroyed in this way. Here you can see what 500 thousand rubles look like.
Naturally the attacker may try to recover the data. The easiest way to do this is by digitizing the fragments and using computer technology .
What remains for the paranoid? To deal with papers, as with vampires - to burn, and dispel the ashes to the wind? It is logical, but there are problems in this case. I think the fragment quoted below will be remembered by many:
“Let me see,” Woland extended his hand, palm up.
“I, unfortunately, cannot do this,” answered the master, “because I burned it in the oven.”
“Sorry, I won't believe it,” answered Woland, “this cannot be.” Manuscripts do not burn. - He turned to Behemoth and said: - Come on, Hippo, give me a novel.
The cat instantly jumped up from the chair, and everyone saw that he was sitting on a thick bundle of manuscripts. The upper copy of a cat with a bow gave Woland.
MA Bulgakov, "The Master and Margarita".
But seriously, we need a different quote:
“I told you, Tikhonov, that your amateurishness will not bring you to goodness ...” And, laughing, he explained: “The documents are in the stage of half-burning and charring.” For research on the macroreductor they need
transfer to the next phase - incineration ...
Ashukin secured a piece of paper on a ceramic plate, put it into a muffle
the oven and turned on the switch.
...
- Done! - said Ashukin and took out the plate from the oven. The sheet became light gray and some strange icons appeared on it more clearly. In the room there was a noticeable smell of burning paper. Ashukin put the plate for a few minutes in the cooling chamber.
Arkady Weiner, Georgy Weiner. Visit to the Minotaur
The company can burn the documents itself, and can use the services of specialized firms. But we never forget that drawing up an act and the presence of a commission at destruction is necessary. Otherwise, it can turn out like this .
Naturally, the above are not all ways to destroy the paper. For example, we add the cooking list — the process of destruction of documentation that takes place on a paper machine, which completely eliminates the possibility of even partial recovery, as paper documents enter the pulper, pass through a fine grinding mill, mixing with water and chemical reagents, turns into a uniform suspension , which serves as the basis for the production of new sanitary products.
But we will finish with paper and we will pass to electronic information dear to heart. Here the destruction is much more complicated.
The first problem is already obvious right away - information can be everywhere. An attacker can be important, not only information stored on workstations, servers and personal devices (yes, yes, yes. Personal devices also need to think) in an explicit form. Both on the personal computer, and in a local area network not only those data about which the ordinary user knows are stored. For example, the settings of the network card can help to know the parameters of the local network data stored in RAM can often contain secret information in the clear, usually stored in encrypted form. Strangely enough, many people forget that NTFS can easily store data in a stream. There are many options, we will not list everything.
Naturally, this situation did not go unnoticed by regulators and standards governing the rules of destruction exists in many. For example, 5220.22-M of the US Department of Defense recommended by the MPAA as a standard for shredding and cleaning digital media. NIST Special Publication 800-88 lists information destruction methods on a wide variety of devices and media. Let's say for the paper carriers already mentioned, the NIST standard prohibits cleaning the media from data and says that when burning, unburned residues should be brought to the state of white ash, and when cutting, the fragments should not exceed 0.25 millimeter.
Before proceeding to the choice of the method of destruction, do not forget that:
- With spectacular film frames, we are usually shown how, in the event of an enemy invasion, secret scientists for some reason begin to destroy monitors. The truth after that usually the assistant to the main villain pulls the leader of the flash drive with carefully written super-secret information, which no one thought to destroy. Accordingly, the conclusion is simple. Before you destroy something, determine the places and devices where the really important is stored. Employees should understand that by deleting a file through the "Explorer", they do not destroy it, but just move it to the "Basket", from where it is simply restored, since the "Basket" is not cleaned elementarily. Company policies should take into account that a document opened from an attachment to a letter is not a fact that it will then be deleted from the Temp folder. Editors, email clients, archivers and others like them do not have to wipe temporary files. Deleting an important file is not a fact that deletes all copies of it. It would seem elementary - but how many companies on employees' computers are configured to auto-clean all the places where temporary files accumulate?
- The ability and speed of recovery of seemingly destroyed data in many cases depends on the capabilities of someone who is interested in data: an amateur hacker from your company or a secret service, which has quite a good potential to restore everything and everyone;
- To determine what is important for a hacker and what is not is difficult. Absolutely irrelevant in your opinion data can give the direction of further search for those interested in you. Therefore, if in doubt, destroy, do not be afraid to overdo it.
Due to the fact that conventional hard drives still retain their popularity due to the very attractive cost, and their capacity is sufficient to store everything your heart desires, then hard drives with SATA interfaces (just in case: everything mentioned below also concerns and other interfaces (IDE, SCSI) have become the most common place to find your data. And, no matter how funny - many of their users do not suspect that erasing data from hard drives is not so easy. First, in most cases, deleting a file actually means deleting or links to a file, or parts of it — the place is considered to be freed, but the data is saved and overwritten only when something else is written to that place. This feature is used by numerous utilities for recovering accidentally deleted data. But even if you write new data over old ones or change the partition boundaries (and even format the disk!), You can still restore old data. The fact is that at the edges of the magnetized track areas of magnetization are preserved - they are used for restoration. In order to completely erase the data, you need to overwrite them according to the rules. There are several standards for this. For example:
- RD State Technical Commission of Russia “Automated systems. Protection against unauthorized access to information. Classification of automated systems and information protection requirements "from 1992 requires cleaning by double random writing to a free memory area;
- Dod 5220.22M (US Department of Defense national standard) - 2 rewriting cycles with pseudo-random numbers with further quality control of rewriting;
- NAVSO P-5239-26 (used by the US Navy) - provides for 3 cycles of rewriting, first all “1”, then all “# 7FFFFF”, then a pseudo-random sequence, after which the verification procedure occurs;
- AFSSI S020 (USAF standard) - the first cycle - all "0", then all "F", then pseudo-random numbers, and then verification of 10% of the overwritten data.
There is no need to perform these operations manually - special utilities have been created to overwrite data.
However, as early as November 2007, the US Department of Defense recognized rewriting suitable for cleaning magnetic devices, but not suitable for data destruction. Only degaussing or physical destruction is considered appropriate (DSS Clearing & Sanitization Matrix). In particular, the problem may be due to the fact that there may be areas in storage devices that have become inaccessible to conventional means. For example, magnetic disks may mark up new bad-sectors after the data has been written. Modern hard drives often automatically move small sectors of the records that the OS may not even be aware of. Attempts to prevent residual information by overwriting may fail, since data residues may be present in areas that are not formally available. Storage devices using various sophisticated methods can lead to inefficiency of overwriting, especially for application to individual files. Journaling file systems increase data connectivity by writing, duplicating information, and applying transactional semantics. In such systems, leftover data may be located outside the usual “location” of the file. File systems may use copy-on-write or contain an embedded version control system. RAID-like technologies lead to the fact that file data is written to several places at once for fault tolerance. And defragmentation leads to the fact that the disk remains the data. Many options
Again, rewriting is a long thing. And the "mask show" has not been canceled. What if you need to urgently destroy everything? Such funds are. As a rule, in such cases the disk is undermined: next to it, the required amount of explosive is placed in a special device. Alternatively, it is exposed to a slowly decreasing or increasing powerful magnetic field. Those who want to purchase the appropriate device can type in the search bar “emergency information destruction device”. There are many options, so I will not give examples.
Still more fun with modern mobile devices and memory.
J. Alex Halderman, et al. Lest We Remember: Cold Boot Attacks on Encryption Keys . Research from 2008. Residual information was found in DRAM, with a decay time from seconds to minutes at room temperature and "a whole week without power when cooled with liquid nitrogen." The authors of the study were able to use a cold-boot attack to obtain an encryption key for several encryption systems for the entire disk. Despite some memory extinction, they were able to use redundancy in the form of storage that occurs after key conversion for efficient use, such as in key sequences. The authors recommend leaving the computer to turn it off, and not leave it in “sleep mode”. Subsequently, demonstrated the recovery of data from mobile devices using the room in the freezer.
Fortunately, according to NIST, erasing files on a mobile phone is quite simple: you need to manually erase everything that was recorded, reinstall the system, and restore the default settings. But for the guaranteed destruction it is necessary to destroy the apparatus either by grinding it or melting it.
Similar measures to destroy information are recommended for network devices, copiers, etc.
If you use flash drives, then there is a tool for and for them. To avoid suspicion of advertising, you can independently find in the search for "USB with the possibility of information destruction." Again, according to the standard, to erase information, you just need to overwrite it, and to destroy the device, burn or wipe it into powder.
To clear the memory, it is recommended to turn off the power and remove the batteries, if any. Well, destruction - standard burning or abrasion.
And do not forget about the archives. Data on optical CD / DVD discs cannot be erased for obvious reasons, so these media must be destroyed. It is not enough just to break the disc in half or use a microwave to destroy. The pieces are quite large, and the files are written to such disks sequentially, so the probability of "pulling out" most of the data is preserved. So, if you do everything according to the standards (and the standards are written by people who are in the subject), you need to grind the disks into pieces to a grain size of a quarter of a millimeter or burn to a state of white ash.
We will not list less common media.
And the last :
Require discarded, damaged, or obsolete film and discs to be erased, demagnetized, shredded, or physically destroyed before disposal (for example, shredding DVDs, destroying a hard drive), and update your asset management records to include shredding.
Source: https://habr.com/ru/post/264429/
All Articles