Become a fan of Slashdot on Facebook
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Customer data ends up on "re-used" devices sold to random members of the public. Pandemonium.
They could wipe, certify the wipe, and then re-sell, but someone will shirk their duties and pandemonium again.
It's really cheaper for them to just shred the devices and buy new ones. One data breech averted will buy A LOT of hard drives.
"you get extremely lucky and have the resources of a first world nation state"
"you get extremely lucky and have the resources of a first world nation state"
That's what they thought when they shredded paper documents at the US embassy in Tehran in 1979. Some time later, with the assistance of hundreds of workers and a bunch of Scotch Tape, they were reassembled.
Soon, a couple of robots equipped with magneto-optical scanners could easily sort through dumpsters of metal chips and scan them. Something akin to genomic sequencing software can match the edges and reassemble a complete disk image. And the Chinese will build them for a fraction of our cost.
Soon, a couple of robots equipped with magneto-optical scanners could easily sort through dumpsters of metal chips and scan them. Something akin to genomic sequencing software can match the edges and reassemble a complete disk image. And the Chinese will build them for a fraction of our cost.
No, it won't be magneto optical - on today's hard drives the bits are much too small to be viewed like it was in the paper awhile back.
Anyhow, one should note the magnetic coating peels off the base metal so just sending it through the shredder tends to rip up the layers quite well. Given we're also crushing very powerful magnets at the same time to bits there's a good chance the surface will be irrecoverable.
If you want to be sure, send the metal back to a smelter so you can make a new hard drive from it. The high temperatures will raise whatever magnetic domains are left to over the curie temperature and scramble it.
I normally use 200g of thermite for a 3.5" spinner. It's enough to get inside and slag the platters and it's fun to do.
I work at a smelter plant, and tossing discarded hard disks into the furnace (1550C/2820F) does the trick... ;-)
Nobody will go to that much effort just to retrieve banking data. There are far easier ways to do it, like social engineering. Or in the case of China's CCP, just by using their backdoors that are already embedded in every modern electronic device.
I am generally in favour of stronger environmental protections and better reuse and recycling. However, in this case secure destruction of old storage media is often the only way to be sure that nothing sensitive will leak. I've personally helped several friends and family over the years who have had disasters of one kind or another with their data storage: "failed" drives, "erased" files, that kind of thing. Even with only my general geek skills, I managed to recover most of the data for most of the people without needing extra equipment. Real data recovery specialists can do things like physically taking apart or reprogramming a drive and they have much more effective equipment to scan with in some situations too.
If I could reliably audit that all information ever stored on a drive had been encrypted and that the decryption keys had been thoroughly destroyed so the information really was irretrievable, and then someone ran a secure wiping tool appropriate to the drive type for good measure, maybe I'd trust that as a clean-up process. But how often is that ever really the case?
But did you know the data could be recoverable from the shredded discs? Since they don't wipe them, if reassembled the data would be recoverable with enough forensic knowledge.
For many, many years, it has been standard procedure to wipe the disks before they are shredded.
They could wipe, certify the wipe, and then re-sell, but someone will shirk their duties and pandemonium again. It's really cheaper for them to just shred the devices and buy new ones. One data breech averted will buy A LOT of hard drives.
They could wipe, certify the wipe, and then re-sell, but someone will shirk their duties and pandemonium again.
It's really cheaper for them to just shred the devices and buy new ones. One data breech averted will buy A LOT of hard drives.
And ultimately, that's the problem. It is impossible to tell, just by looking at a drive, if it has been properly wiped, and it is impossible to examine millions of drives and guarantee that 100% of them have been properly wiped. If just one drive slips through it could possibly contain sensitive information. But it is possible to shred 100% of all drives and it is possible to tell, just by looking at it, that a drive has been shredded.
Ok but how do you tell if it's the 8TB drive you asked to be shredded and not an old 500GB drive that someone slipped in so he could take home the 8TB one?
Ok but how do you tell if it's the 8TB drive you asked to be shredded and not an old 500GB drive that someone slipped in so he could take home the 8TB one?
You scan serial numbers as they're fed into the shredder which logs it in whatever compliance system. For high security requirements and attestation companies will provide video of each drive's inventory scan and physical destruction. Yes, someone could, in theory, swap out S/N labels and go through all that...but there's a point where every process is vulnerable to a knowledgeable and privileged bad actor.
Cryptographic erase (i.e. irretrievable deletion/separation from decrypt key) is an option, but that
Everything can be subverted with enough effort. The point is that trying to wipe the drives has a possibility of failing by accident, making it much more vulnerable.
The resale value of 5 year old storage media that has seen 5 years of heavy use would be virtually nothing in any case.
That's just the cost of physical security. Nobody can ever re-use any of your storage devices -- preferably, not even you, lest data from the previous mission remain in unused space.
The cost of the used storage is low, and the cost of a data breach is high. Either the priorities need to change (for better reasons than "it's wasteful"), or shredding will probably remain the most cost-effective answer. It's not like a mining GPU where it just has a decreased lifespan -- there is no way to be sure someone won't take apart a device and go after the data with a lab full of gear, if need be.
And the cost of labor for the wipe is more than the value of the device on the used market. If it's a hard drive the you can hope for is that they recycle the metal. If is an SSD then it's the landfill, I doubt there is anything worth recycling in there.
Honestly, they got all this info from "industry insiders" who seem entirely unaware of what's actually involved in securely wiping a drives.
The fact that the don't mention NIST 800-88 or anything even vaguely referencing it is telling. Are there options? Yes. Are those options more complicated, costly, and likely to have errors preventing data destruction? Also yes.
In the scheme of doing business, the cost of hard drives is really not even a line item (ok, maybe for blackblaze) especially when compared
If it's a hard drive the you can hope for is that they recycle the metal. If is an SSD then it's the landfill, I doubt there is anything worth recycling in there.
If it's a hard drive the you can hope for is that they recycle the metal. If is an SSD then it's the landfill, I doubt there is anything worth recycling in there.
And fixing problems like those might be where the most practical benefits will eventually found. If we had more efficient and cost-effective ways to recycle old electronic devices while still allowing the actual data storage elements to be physically trashed beyond recovery before any further processing, that would be ideal. That might not be economically possible with current devices, but then it looks like a challenge to design new devices with better complete lifecycles to me.
"I say we take off and nuke the entire site from orbit. It's the only way to be sure."
"If we let one [piece of data] slip through, we lose the trust of our customers."
The whole "DoD compliant destructive security" of storage devices was idiotic from the beginning, albeit based largely on a lack of knowledge.
We've been doing this for 30+ years at this point, and it's never provided more than a token improvement in security. At one point, it could've been excused - there was no scientific study on the matter, and it was based largely on folklore related to magnetic reconstruction from ghost bits, likely based on out-of-date "best practices" founded in the 1960s.
There have been numerous tests and challenges offering millions for double-zero-overwrite data recovery, as well as forensic analysis saying such test are more than sufficient to assure destruction. But, aside from that... most on-disk data formats today are so complex and difficult to understand that recovery of any meaningful data as-is would only be able to be accomplished by a handful of people. A drive out of a proprietary raid set, with raid keys, or a disk from a ZFS vdev, for instance? Good luck. You're not going to get any actionable data from that.
I mean, c'mon: this is a standard from the same people who blow up and burn US supplies and materials in-theater when they leave rather than transport it home. "Yeah, sure, we'll just thermite this tank and leave it, nbd". You really don't want to be replicating governmental wartime cost models, do you? Very wasteful.
The whole "DoD compliant destructive security" of storage devices was idiotic from the beginning, albeit based largely on a lack of knowledge.
The whole "DoD compliant destructive security" of storage devices was idiotic from the beginning, albeit based largely on a lack of knowledge.
I remember decommissioning a system back in the 90s that had these old hard-drives with platters that were about 12 inches in diameter. We had to take them apart then take a belt-sander to both sides of each platter. Then they were sent to a facility to be melted down.
That's pretty nuts, considering how deep the magnetic field was in those old MFM drives.
I used to do it programmatically. Just plug it in and check blocks beginning, end, middle and say 50 random. If the last pass is all zeros then they should all be zeros. The problem is when you have a big old roll away cart full of them. Some may not even spin up anymore. I had that happen with some old digital Vax blue drives also known as bricks because that's what they looked like. A blue plastic brick. As long as they were running they kept on going. Remove power and we'd lose some. I'm surprised any of
The biggest problem is, by looking at the drive from the outside, there is no way to distinguish which devices have critically sensitive data, and which have been properly wiped. That means there is always room for human error as drives get moved around, or get mixed up, and non-wiped devices could get put back into use (or even worse, sold). That is: It's a human factors problem, not a technical one.
Shredding doesn't have that ambiguity.
... most on-disk data formats today are so complex and difficult to understand that recovery of any meaningful data as-is would only be able to be accomplished by a handful of people. A drive out of a proprietary raid set, with raid keys, or a disk from a ZFS vdev, for instance? Good luck. You're not going to get any actionable data from that.
... most on-disk data formats today are so complex and difficult to understand that recovery of any meaningful data as-is would only be able to be accomplished by a handful of people. A drive out of a proprietary raid set, with raid keys, or a disk from a ZFS vdev, for instance? Good luck. You're not going to get any actionable data from that.
Yes, that is 100% correct. Wiping a hard drive is easy. On any drive manufactured in the last 25 years, the data density is so great that a single pass of all zeros will rendered the drive completely "wiped". BUT How do you examine millions of drives and guarantee that 100% of them were wiped properly? It simply is not possible. Shredding is *VERY* wasteful, but it is the only thing that is 100% guaranteed effective.
""From a data security perspective, you do not need to shred," says Felice Alfieri, a European Commission official"
If you as an individual will not accept criminal liability for a failure anywhere this non-destructive security is done, then you and Felice are full of hot air. As a European Commission official, his statement is ludicrous and should be criminal
A software wipe is not reliable because many of those drives probably aren't being disposed of for no reason, many of them will be faulty or won't even start. You could disassemble them and put the disks in a working drive (which is exactly what an attacker will do if you decide to just throw out the bad disks without wiping), but that would require a cleanroom, staff proficient in data recovery and probably more manhours than what those drives are worth. Relying on the data on the disk being in formats that
Filesystem-level encryption has been standard across most operating systems for a decade+ at this point. If you can't figure out how to use your computer properly, you've got no business being in charge of data security.
I wrote a file and device wiper, but these days I just set whole-device encryption with an ephemeral key and dd /dev/zero to the encrypted device. It's just as fast, but a little more secure. It's always best to encrypt data in the first place, but there is still risk of a leak, if the keys are leaked as well, so still best to overwrite at least the area were intermediate keys are stored (like freebsd's geli does, to allow master key changes).
Whether or not slightly misaligned overwrites might allow for rec
The whole "DoD compliant destructive security" of storage devices was idiotic from the beginning, albeit based largely on a lack of knowledge. [...] At one point, it could've been excused - there was no scientific study on the matter, and it was based largely on folklore related to magnetic reconstruction from ghost bits, likely based on out-of-date "best practices" founded in the 1960s.
The whole "DoD compliant destructive security" of storage devices was idiotic from the beginning, albeit based largely on a lack of knowledge.
At one point, it could've been excused - there was no scientific study on the matter, and it was based largely on folklore related to magnetic reconstruction from ghost bits, likely based on out-of-date "best practices" founded in the 1960s.
The "lack of knowledge" is yours, and demonstrated in your speculation about history.
The technology to recover bits from drives where the data was merely over-written was well studied, and proven, into the 1980s. As technology progressed from the '80s, it did not become physics-ally virtually impossible until much, much later (in "computer years").
A simple demonstration of data recovery using a SEM was part of a school course (at MIT) in the mid-80s.
Later on, when storage technology was better, fancy stati
So you're certain no improvements will be made in data recovery while the data is still valuable? I think it's unlikely, but I'm in no way certain.
Benefit of not-shredding disks: you get maybe a hundred dollars for a used hard disk on the secondary market.
Cost of not shredding disks: $155 million settlement for failing to erase a hard disk.
Seems to me the decision is not a hard one. And, as the article says, "If we let one [piece of data] slip through, we lose the trust of our customers."
By the way, you can only erase a hard disk if it's working. A significant subset of them are going to be excessed because they're not working, but could be made to work if you put enough effort into it (more costly than buying a new one). And those you have to shred anyway.
Benefit of not-shredding disks: you get maybe a hundred dollars for a used hard disk on the secondary market.
If that. The whole premise of the article is nutty. An old drive isn't worth much. Shredding disks is fast and cheap. You can have a truck show up and shred them by the thousands. When you add in the overhead of labor to wipe drives, including assurance and testing (if you're reselling them, you're going to want to be damn sure you really wiped them), actually marketing them or contracting with a
"By the way, you can only erase a hard disk if it's working."
Allow me to introduce you to my friend here, Mr. High Power Degausser.
That's going to wipe track indexing marks etc and render the drive unusable too - no different from putting it through a physical shredder. It's completely stupid to want to reuse a discarded drive -
It's being tossed for a reason and the cost of wiping, validating and formatting is not going to be worth whatever little life is left in the drive.
Would you want to keep your data on a 5 year old drive that's been thrashed in a datacenter for its entire life? I thought not.
Benefit of not-shredding disks: you get maybe a hundred dollars for a used hard disk on the secondary market. Cost of not shredding disks: $155 million settlement for failing to erase a hard disk. Seems to me the decision is not a hard one. And, as the article says, "If we let one [piece of data] slip through, we lose the trust of our customers." By the way, you can only erase a hard disk if it's working. A significant subset of them are going to be excessed because they're not working, but could be made to work if you put enough effort into it (more costly than buying a new one). And those you have to shred anyway.
Benefit of not-shredding disks: you get maybe a hundred dollars for a used hard disk on the secondary market.
Cost of not shredding disks: $155 million settlement for failing to erase a hard disk.
Seems to me the decision is not a hard one. And, as the article says, "If we let one [piece of data] slip through, we lose the trust of our customers."
By the way, you can only erase a hard disk if it's working. A significant subset of them are going to be excessed because they're not working, but could be made to work if you put enough effort into it (more costly than buying a new one). And those you have to shred anyway.
This is key, the chances of recovering data from a drive that has been wiped and filled with random 1's and 0's multiple times is miniscule and the cost massive... However the real risk is that Gerald the IT flunkie forgets to wipe a drive at all because he forgot which ones were finished or didn't realise he didn't wipe disk 5 and puts it in with the clean ones. Groups of people will be hanging out to buy ex-banking disks on the off chance that this will happen. Human error is the serious risk here, sh
apple needs an easy way to change the main disk out / make it easy to do an full wipe so you not trashing the full system. Do you want to trash an $10K+ mac pro / mac studio or an $400-$1000K apple disk?
Why does Apple need to do this? Once you buy their product, it's your problem, not Appe's.
That full wipe better meet DOD standards, or it won't change anything. It might not even then.
Yes, a bank or a financial institution absolutely will put a $10k Mac Pro in a crusher. If it stores data, it has to be destroyed. There have been cases of destroying input hardware like buckling spring keyboards with no storage at all, just because some keyboards in the company had the ability to record macros.
Shredding has one advantage over erasing -- it's trivially verifiable. Was this hard drive erased securely? You can't know without some pretty specialized equipment and thorough testing. Was it shredded securely? Just see if it goes through this sieve.
I know an IT consultant who offers to securely destroy drives for his customers. When he returns them to the customers with large caliber bullet holes through the platters they're pretty convinced the data is gone. It's not milspec grade destruction; I
I sense a missed business opportunity. He should be charging money to go along with him out to the desert or wherever he goes Office Space on the gear. I bet a lot of clients would happily pay extra to shoot some hardware that has been vexing them for years.
Shredding has one advantage over erasing -- it's trivially verifiable.
Shredding has one advantage over erasing -- it's trivially verifiable.
If you shred it into small pieces, how do you know that the pile of shredded pieces you can see started out as *your* drives, or as hard drives at all?
I once worked at a shop where some jobs would involve having storage devices wiped by overwriting for reuse, or physically destroyed if there were any issues wiping them...but some clients wanted devices wiped and then physically destroyed. Not even military stuff, maybe finance and healthcare at most.
Data on disk is encrypted, key is in BIOS. Pull the drive, it's no good (IT needs to do key management if they want recovery options).
that BIOS / TPM key is also likey some where in your AD as well.
That is great right up until some bug emerges in the FDE software for a release or two that writes part of the key to the disk, or chooses weak keys, or ...
Shit like that happens in software. The next thing you know you find out 100s of old drives got e-bay'd that might be recoverable...
Now I agree that combine that with a wipe (questionable to what degree you can do that some SSD platforms) and the actual risk is vanishingly small. Certainly good enough you me and most SMBs to resell used disk - but I can
Most of these drives in question are server drives which are typically not encrypted...so while cryptographic erase has it's merits (and issues, see below) it generally won't apply. SED might be a possibility, but that adds expense, complexity, and cannot be erased simply by separating from the system.
As for client devices/drives - assuming your laptops still have removable drives...ahemappleahem - yes, wiping TPM (or separating from laptop) is a valid cryptographic erase and typically good enough outside
I can buy 4 Tb enterprise SAS hard drives for $150 - $200 new. How much to do you think they go for used? Now take into account all the labor for tracking, wiping, processing, and shipping them. You'll be losing money.
Better to just call one of the shredding services that'll shred them on-site in the truck and give you a certificate of destruction with serial numbers to file away for the auditors/lawyers.
New 4 TB enterprise drive $50.05 at Newegg, S&H included, about 5 minutes ago. I'm not sure I could find a vendor charging as much as $150 for a measly 4 TB hard drive. Storage is dirt cheap these days.
New 4 TB enterprise drive $50.05 at Newegg, S&H included, about 5 minutes ago. I'm not sure I could find a vendor charging as much as $150 for a measly 4 TB hard drive. Storage is dirt cheap these days.
New 4 TB enterprise drive $50.05 at Newegg, S&H included, about 5 minutes ago. I'm not sure I could find a vendor charging as much as $150 for a measly 4 TB hard drive. Storage is dirt cheap these days.
Erm... What enterprise is buying from Newegg? Our SAN disks are provided by NetApp or EMC, our server disks by Dell (even though they're just Samsungs/WD/whatever). I don't disagree that storage is as cheap as it has ever been and it's definitely not worth the risk of reusing drives that could potentially have PII on them... but lets not pretend the 4TB, consumer grade 5400 RPM drive for £70 is in any way "enterprise". A 4TB consumer grade SSD is still £300, an NVME a bit more than that... h
Yeah, I was wondering what the point of the article is.
It's your hard drive/SSD/etc. You do whatever you want with it. And often times, the data stored on the drive is far more valuable than the physical value of the drive. It may hurt to shred a $20k SSD, but if you have a use for such a large SSD, the data you put on it is probably worth a ton of money to the company or the loss of it could subject the company to millions in fines.
I don't really the see the problem here - the shredded materials can be rec
Put two similar drives side by side, one is security wiped, the other has HIPAA and PCI data on it.
If I'm in charge of patient or customer data, what to do with decommissioned drives is an easy choice; destroy it. This is true from the smallest business ( small medical offices ) to the largest corporations, and remains true as long as there's no easy, "at a glance" indicator of drive status.
And auditors shown the certified destruction logs (from an ISO xyz-123-abc compliant scrap company) are typically satisfied...there's not much they can what-if-what-if-what-if situations available for them to invent short of theft which is a tangential risk.
Take those same auditors and say you wiped them (cryptographically or otherwise) and they'll have LOTS of questions about process, ask for confirmations, and generally crawl up your ass until they find something or other to justify their existenc
There is too much risk of customer, competitive, trade secret, or other data getting out.
If there is no possible flow to leak data, then no data will leak. So shredding is the norm.
I'm majoring in cybersecurity and I know better than most not to trust software alone to do something you can only guarantee through physical means.
Reusing storage devices is an infosec NIGHTMARE.
Whoever wrote TFA and thought it would be worthy of slashdot's attention needs to hand in their geek card.
The closest I'd ever come to reusing a storage device in this context is recycling the raw materials and feeding them back into the supply chain to manufacture new ones.
I happen to know that
This problem is what LUKS/cryptsetup was made for. Without my boot SSD's /etc/key, all my hard drives just contain random numbers. Whenever one fails during warranty, I fearlessly RMA it (yep, sending my "data" or at least an array slice of it) to total strangers without even bothering to wipe it.
Sure, physical destruction is probably slightly safer, but WD won't credit me for a box full metal shards, and I want my free warranty replacement, dammit.
Wiping is optional anyway, because for some kinds of drive
I hope you wrote random out to the drive before you did a crypt on it. Otherwise it could all be zeros and they'd see where you wrote your stuff out. If it's all random to start with they're screwed.
I also use clevis to give the machine the key when it boots. This is for normal servers. If it's above public data I still type the key in.
Apart from all the other really good reasons listed in other comments, full disc overwrite is also really slow. If your process for this involves "take the disc and plug it into the disc eraser" then it's tediously slow compared to "shredder goes BRRRRR".
If your process involves keeping good enough track of your machines to ensure that you can be 100% (not just 99.99%) sure that you ran the "overwrite media" program on the machine before taking it out of the rack, then it's faster, but how good is your trac
The reason these devices are decommissioned is because they are obsolete and worn out. HDDs that old use much more power per unit of storage than more recent ones and require more redundancy due to the ever increasing likelihood of failure. SSDs that are being decommissioned are those that have already used much of their spare sectors.
The cost to clear them off and resell them (if anyone would even buy them for more than scrap value) is likely greater than the proceeds.
Are a thing. Storage device labels include barcodes for the model and serial number. Scripts used to wipe storage devices could log the model and serial of the block device to a central database. Storage devices being removed from the datacenter could then be forced to pass through a conveyorized scanning tunnel that would reject any devices not listed as wiped. Only failed storage devices would have to go to the shredder.
Even if the storage devices are deemed to be obsolete or worn out, storage devices
Secure deletion of storage is tricky. For solid-state, it is basically impossible except by physical destruction. Sure, you could do encryption, but that also needs to be done right and could still come back to bite you. So, while wasteful, I always recommend physical destruction in addition to regular deletion to customers. The expert time that would otherwise be needed is far more expensive than the residual value of the devices, and that is if you can get a qualified expert for this in the first place.
Essentially, this story is by somebody that does not understand the problem and that has failed to ask some actual experts.
You have a disk drive in your hand. Does it have data on it? Hmm.
You have a shredded disk drive in your hand. Does it have data on it?
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
'Princeton Isn't Free - But It Could Be'
Popular Censorship Circumvention Tools Face Fresh Blockade By China
A man is known by the company he organizes. -- Ambrose Bierce