SoylentNews is people
SoylentNews
I once read in a news article (can't find it now... sorry) that apparently if you overwrite data with other data on a hard drive that the previous data is unrecoverable. So, would overwriting the entire hard drive with cat videos be just as effective as all these other "professional" security protocols that are used?
janrinok: Data erasure is important when you want to prevent anyone from recovering whatever was written on the storage device in the first instance. But there are many potential problems including just how secure does the erasure have to be, what hardware is controlling the reading and writing to the disk, are you attempting to delete data on a spinning rust device, a more modern SSD , or a thumb drive, and who are you trying to prevent from reading the data? If you are just trying to prevent a regular Joe Soap from reading what you once securely stored on a hard drive then simple overwriting might be enough. However, if you are concerned that law enforcement or a government agency might be interested in the drive's contents then you will have to take more stringent precautions. Ultimately, many of the highest classifications of data can only be securely erased by full degaussing or the physical destruction of the device. The link details the various standards that are deemed as acceptable to securely erase data to meet specific documented requirements.
Presumably, if you are worried that someone might have access to your data then you have already taken the precautions of encrypting it. However, poor encryption is worse than no encryption at all - at least with the latter you know that your data is vulnerable. With a weak encryption you might incorrectly believe that your data is secure when, in truth, it is not. This might result in you taking risks that you wouldn't otherwise take with the physical protection of the drive itself. The military and government agencies often insist that drives are secured in an approved security container when not actually in use to prevent anyone actually getting to the data in the first instance. If at home you simply leave your drive in the computer or lying around in plain view then anyone entering your home can steal it. How much protection you need to give depends upon the value of the data to you and how much you need to ensure that no-one else can get to it.
Many proprietary encryption programs use an 'in-house' encryption scheme in the incorrect belief that it is more secure than the recognised encryption methods that have been rigorously tested and mathematically proven. Other systems might have back-doors or make the decryption algorithms available to LE or government agencies. I personally would strongly recommend against using these encryption systems because they might only be giving you a false sense of security. However, if your data is already encrypted with a recognised encryption system with a strong pass phrase and salt then you are well on your way to preventing anyone from ever getting access to the data even if they have the drive in their possession. Note that encryption that is 'unbreakable' today might not remain so with advances in computing and perhaps the discovery of encryption flaws. Essentially, if it is considered good enough for the military and government agencies then it is probably sufficient for your needs.
It is important to realise that, any time your data is inside your computer and viewable, then any encryption is already defeated. If you have valuable data that is protected by nothing more than a computer in hibernation then anyone who can awaken the computer has full access to the data.
So now we finally get to the question that the submitter asked. How secure is overwriting as a method of data deletion? If the data is already securely encrypted then perhaps no further action is required, or simply overwriting it with cat videos will probably be enough to prevent anyone but the most determined attacker from ever reading the data. It will certainly be enough to stop the vast majority of people from getting anything useful from the disk drive. If you believe that the data on the drive must never be recovered by anyone else then the physical destruction of the drive might be warranted. The actual requirement probably lies between those 2 extremes. Only you know the value of the data on the disk drive and how important it is that it is not disclosed.
I now invite everyone to contribute their own experiences, tips and advice regarding data erasure....
(Score: 5, Interesting) by The Mighty Buzzard on Tuesday April 17 2018, @06:21PM (9 children)
I prefer the shotgun method.
My rights don't end where your fear begins.
(Score: 4, Funny) by DannyB on Tuesday April 17 2018, @06:45PM (3 children)
This approach might leave recoverable sectors on spinning rust.
Discharging a firearm within city limits is a big no-no. As it should be. From the 29th floor you probably can't hit a fence post accurately.
The lower I set my standards the more accomplishments I have.
(Score: 2) by The Mighty Buzzard on Tuesday April 17 2018, @06:48PM
It's not so much the range that gets you as the elevation. Firing from well above or below a target will throw anyone who isn't used to doing so off for at least a few shots.
My rights don't end where your fear begins.
(Score: 2, Funny) by Anonymous Coward on Tuesday April 17 2018, @11:57PM (1 child)
Oh, the degradation of marksmanship among Americans! If only there was some national organization which could promote shooting skills, firearms safety, and data eradication.
(Score: 4, Funny) by chromas on Wednesday April 18 2018, @01:41AM
The FBI?
(Score: 3, Funny) by Azuma Hazuki on Tuesday April 17 2018, @07:24PM (2 children)
I don't trust that to truly get rid of all of it. If we're talking physical destruction of the drive, bloody well *destroy* it, with something like Thermite. Technically, the "information" is still out there, but good luck trying to reconstitute it :D
I am "that girl" your mother warned you about...
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 18 2018, @04:22AM (1 child)
I guess what I find so puzzling is why somebody will take so much precaution with a piece of trash, but when it was alive and well, had it ONLINE in a system known to be insecure, and not be raising much of a ruckus about that.
I would posit that the drive is much more likely to be hacked, when it was online, spinning, and connected to the 'net, that it will ever be in the community dump. Even it it is still perfectly operational.
I can't tell you how many used hard drives I have purchased that had data still on them. The probability was whether or not it landed in the hands of a bad guy. In my case, it landed in the hands of someone who wanted a box for his bits, and the bits that were already in there were considered useless, the drive reformatted, and overwritten. I had no use whatsoever for a disk full of someone's real estate transactions.
Last year, I found a computer in a dumper.. looked like someone had at it with a sledgehammer. I took it anyway, thinking of it as a heatsink donor for some high power LED lights. Turns out I got about 10GB of memory, a six-core AMD processor, some useful USB to various forms of flash memory adaptors, and a 2TB hard drive out of it, still perfectly functioning. The only things ruined were the case was smashed, the motherboard was cracked, and the power supply was damaged. I was surprised - given how extensive the damage looked, as to how well the computer's innards simply bent under the external stress, and the disk drive survived intact. I wanted a hard drive for some low-level backup stuff, so it got wiped and is now storing some interim backup of some stuff that is too good to throw away, but too useless to keep. You know, stuff like old porn.
Funny thing, had I been employed by that company, I sure would not have spent all that time destroying a perfectly good computer; I would have DBAN'd the disk and repurposed the machine... It puzzles me why companies often choose extremely ineffective and costly methods. I guess a smashed computer case means a lot more to a lot of business folks than de-DBANning a disk. Good theater. Hollywood style.
Had I been malicious, I could have caused a lot of people headaches, but I do not do things like that. In creating that much shit, some is bound to come splatter ME as well! Best just take the drive and use it for its intended purpose: storing my bits. I have no use for the bits that was on it, so Format C: is good enough for me. Just gives me a blank slate to work with ( Yes, I know the old data is still there, but my OS considers it all available for overwrite, until I mark it off as in use. ).
My guess is a DBAN'd disk at the surplus store, sold to God-knows-who, is still several orders of magnitude more secure than that disk was when it was in the machine, all of its data intact, especially if it was running on a Microsoft system. All those damned backdoors, they find more every day, and even the security patches introduce more of them. Can't even trust the silicon anymore, with all this Intel Management Engine stuff that gives all appearances of being the poster child of No Such Agency.
(Score: 2) by Azuma Hazuki on Wednesday April 18 2018, @07:48PM
People Don't Get Computers. I think we're all a little solipsistic here about this, kind of implicitly assuming everyone has at least some bare basic knowledge of their computers and how the parts inside work. Nope. It's seriously worse than cars with these people, which is weird since a computer is way the hell less complicated.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @09:36AM (1 child)
Thermite is what you want. And when in doubt: C4. Shout-out to Mythbusters, of course ;)
(Score: 2) by The Mighty Buzzard on Wednesday April 18 2018, @10:58AM
I've already got the TLAs paying too much attention to me just for being a veteran, thanks. I'll stick with less flashy methods.
My rights don't end where your fear begins.