|
Data loss made easy Renderman, 9/20/99 Www.Hackcanada.com RenderMan@Hackcanada.com "Bang, Bang, Bang. Police open up!" This is a sound that we all never want to hear but live in fear of. Now depending on which of Santa's lists your on, most don't have too much to fear by statistics, but it all depends on what you've done. If you've done something really bad, really public, or just really dumb, you may find yourself on the receiving end of a warrant. Most cops nowadays aren't the dimwit Blarney Fife types that we all wish they were. They now know that in any raid, computer storage media can mean a lot of evidence in the courts. For hackers, this may be all the evidence the prosecution need to corroborate the charge. How to cover your ass! v1.0 Unlike the early days of computers, cops/feds know now that valuable data (evidence) can be lost if the systems are tampered with, mishandled, or interfered with by either the suspect or the police themselves. Police are briefed before any computer related raid as to what a disk is, what a CD-ROM is, what a hard disk is, and how not to damage each. They have no idea what any other computer stuff is or means but they know that if they break it, they are in trouble. Gone are the days of cops just yanking the power cord and hauling the system away, valuable data can be lost by this action. Now the goal is to secure the system from the suspect, and from any other interference until someone who knows about computer forensics can be called in to determine the best course of action for removal of the system and the data it contains. If the someone comes a knocking and you've been doing illegal things, first off, don't panic (yet). Ask through the door what it's about. If it's the neighbor looking for his dog, stay cool. But if it's a "bang, bang, bang, we have a warrant", fjear! Small surveillance camera's bought for cheap at radio shack or any of the new "spy" shops, strategically placed at the major entrances, can be invaluable by being able to determine if it's one cop asking for a spare doughnut, or the freaking swat team about to beat down your door using your neighbor to get you to open the door. Now some people are thinking, "If I hear them coming, I'll just erase my HD". Here is a test, go to the main entrances of your dwelling, time how long it takes for you running at full tilt to get to your computer(s). Not long is it? Now imagine the police (or other agency) running that same route and pointing a very large gun at your head. Now do you think that you would have time to thoroughly erase your hard drive, or even start? Police would be briefed on what to do if they saw "Formatting c:" on the screen. With the current data recovery techniques available to the average consumer, you can recover a formatted hard drive in minutes. Normally on a FAT16 (32) drive (there are far too many standards to go into but this sums it up) when you delete data, the pointer to the data is removed but the data still remains until that cluster of the drive gets overwritten. Even if you manage to erase some files and write over the space there is still a magnetic "afterimage" that can be reconstructed. The NSA standard to be absolutely sure that data is erased is to write 1's or 0's over the drivespace 7 times. Try formatting your drive 7 times before the cops come into the room. Another method one may consider is encryption. Cops come a knocking, encrypt all your data. It may sound good but it's still not practical for our application. Most encryption is fairly slow (10 gig in 5 seconds would be considered adequately fast) and with today's larger and larger hard drives, it becomes impossible to assure complete encryption before it can be interrupted. The encryption algorithms themselves can also be your biggest enemy. Most decent encryption (large key size) is heavily regulated as to where it can be used. If you decide to write your own encryption for your data with a larger key than 64 bit, in the united states, it's another thing they can charge you with. Recent talk of key escrow and built in back doors don't make encryption a comforting barrier between you and a cellmate named bubba for the next 30 years. What about de-magnetizing the hard drive. For many years we had it drilled into our heads at school and home that magnets and computer disks do not mix. But have you ever held a large magnet over a diskette and tried reading it? Often it will corrupt but not destroy. This method is half-decent but the problem is 1. The magnetic coil needed to generate a strong enough field to erase the whole drive would have to be very large, and 2. require a larger burst of power that is not easy to produce without a large number of capacitors. So this method is rather bulky, but could be used if you are an electronics type of person but it's hard to determine if it's been adequately erased. Many data recovery companies can revive a degaussed hard drive depending on the strength and exposure. Recap: We have ruled out deletion, degaussing, and encryption. What about destruction? Now this is a subject to consider carefully. Simply taking a hammer to a hard drive would render it useless for normal use but it is amazing what they can recover data from nowadays. The government has the time, money, and resources to sweep up the pieces and put it back together to get data off of it (depending on the severity of what you did and how badly they want your data). Same rule applies for explosive destruction of the hard drive, they can still reconstruct the pieces, and you also run the risk of explosives charges added to your list and blowing yourself up in the process. Liquids have little to no effect on the platters on a hard disk and a corrosive substance would be very dangerous to work with and may not get the whole drive. If you really want to destroy your data in a quick, non-recoverable way, melting is about your only option any more. The Thermite reaction is a very fast acting, very hot, very stable, exothermic reaction. Typically used to create molten iron on the spot, usually at construction sites. It typically burns at 2200 degree's centigrade, hot enough to melt through the hard drives outer casing and onto the platters. At normal room temperature the mixture is very stable and not something to fear. Now I'm not going to tell you how to make it, I'm very tired of seeing headlines "kid blown up with bomb made from instructions off net" and I don't want to be responsible for any more. So if you really want to know, I would suggest finding a copy of "The big book of mischief", grabbing a high school chemistry text book, or just searching the web for "Thermite". Using something like several model rocket engine ignitors hooked off multiple lines to batteries, you can hook them too (preferably several) safety switches making a safe but effective trigger. This can set off this reaction very quickly and once it starts, it cannot be put out. The cops are knocking and you see in your handy surveillance camera's that they are not alone, hit the switch(es) and nuke the hard drive(s). You may want to keep a fire extinguisher nearby so that when the officers arrive and you're in cuffs, they can keep your place from burning down. You could even take this further and wire the detonator to a serial port and have it rigged to go off if it's unplugged improperly or the system is tampered with. This may be a little more extreme than is necessary but it's an idea. The thermite reaction has the added advantage that it's not an explosive so you avoid extra charges and if you make adequate modifications to where you put your hard drive you can keep everything else from going up in smoke and avoid arson charges too. When considering disks it is not a difficult matter. 3.5" floppies stored in a tamper box with a commercial tape degausser can be made to go off if the box is not opened properly. Many of us have cd recorders that one can "archive" information to. An old microwave can destroy a cd-rom in about 3 seconds. Just find an old klunker at a garage sale and use it to store your disks in and hook the start button to the aforementioned trigger for your thermite device. This file is meant as food for thought and not as the definitive guide on data destruction. I encourage you all to think of ways to cover your ass. But in the first place don't do anything to get yourself arrested. A little social engineering with data recovery companies can be most informative. RenderMan www.Hackcanada.com RenderMan@Hackcanada.com