Home » Media Coverage

Data Remains on Active Duty Discarded Computers Hold Secrets

Article: Homeland Defense Journal, April 2007, Vol. 5, Issue 4

Author: Tim Margeson
General Manager
CBL Data Recovery Technologies Inc.

Computers in almost any corporate or government environment are under constant attack by hackers, viruses and malware. They are even threatened from within by user error. However, sometimes a computer can still be a target long after it has retired from the field.

Discarded computers, even computers thought in disrepair, can still hold digital information that can be retrieved, even if it takes expertise beyond the average person.

And while it may sound cliché, information that falls into the wrong hands can be a deadly weapon. In today’s current political climate, the flow of some data must be tightly controlled, even when it must be shared among allies.

There have been well-reported incidents of military computer data ending up in places it shouldn’t be:

• In June 2006, the Department of Veteran Affairs reported the recovery of a stolen laptop computer and external hard drive that contained sensitive information including the birth dates and Social Security numbers for millions of veterans and military personnel. Fortunately, the data had not been accessed according to the FBI.

• A couple of months prior, US forces in Afghanistan were checking into reports that stolen computer hardware containing military secrets was being sold at a market beside the Bagram Air Base. Shopkeepers at a market next to the base, outside Kabul, had been selling memory drives stolen from the facility, according to the Los Angeles Times. The disks reportedly contain personal details about US soldiers, military defenses and lists of enemy targets.

• A United Kingdom man searching for computer parts in a garbage pile in April 2005 came across a laptop containing a host of sensitive defense secrets, including 70 top-secret files outlining details of an army camp and navy base.

Most of the time, the primary concern of any government or corporation is making sure their critical data is available on demand. But as the stories above illustrate, there clearly is a need to go the extra mile to destroy confidential digital data so it does not end up in the wrong hands.

Government departments, ministries and other defense agencies may be not even be aware that employees are discarding confidential data when they discard computer hardware.

Such data-ridden computers can be discarded in a number of ways. Some may be turned in for a new model when leases are to be retired, or may simply be “inventoried” and placed in a storage room to gather dust. Old computers may also be donated to charity or auctioned off or sold to the general public at large with the data still residing on the computers’ hard drives.

Whether they are discarded individually or en masse, these computers may still contain data unbeknownst to the user. Much of that data could be the software applications and trivial information, but frequently the information left on these computers can be extremely sensitive.

In fact, these computers sometimes contain highly sensitive information related to national security, government intelligence, government policy, personnel records or information related to citizens that the government is obligated to protect and not disclose under privacy legislation.

The Alpha, Bravo, Charlie of Data Loss and Destruction
Data on computers, despite apparent loss due to natural disaster, equipment failure, human error or security breaches, is rather resilient it can survive some of the most vicious attacks, even if it’s no longer in a condition to be accessed by the average user. Digital information often thought irrevocably lost can be and is frequently retrieved by data recovery specialists; that means it can be recovered technically savvy individuals with less than noble intentions.

What many users don’t realize is that when most computers delete a file, the contents of the file aren’t actually gone. The file is still on the hard drive until the operating system re-uses that space on the disk to write new data. Some individuals assume a password protects a drive, but a password can be reset with the right software.

To guarantee a deleted file is really deleted, it is necessary to overwrite the data sectors of that file. Until the old data is actually overwritten by new information, it can be recovered by programs that read disk sectors directly, such as forensic software, commercially available data retrieval software or data recovery techniques.

There are a number of ways to destroy or make inaccessible data on hard drives: degaussing, overwriting, data encryption and media destruction are some of the methods which are utilized to safeguard against disclosure of sensitive information.

The process of wiping sensitive data from any hard drive is the best method of data destruction: it guarantees the data can’t be reconstructed through laboratory techniques. Wiping should be done when any computer hardware containing sensitive data is moved from a secure facility to a less secure environment for re-use. Software-based data destruction methods are inexpensive and easy to use for the average computer user or seasoned IT staff.

A more severe approach to data erasure is degaussing, which can render the hard drive inoperable because the magnetic media is erased. Degaussing can prevent computers from being recycled for educational use, charitable donation or resale to the general public.

A less extreme means of data erasure is the removal of sensitive data from storage devices in a manner that guarantees the data can’t be reconstructed using normal system capabilities. Clearing is feasible when the storage media is reused within the same computer and same office. For example, if the computer is simply being cleaned up for a new staff member taking over from a departing staff member, it is remaining in the same secure and controlled environment.

Clearing can be accomplished by overwriting the unassigned system storage space on the disk. A single overwrite of a file or all system storage is usually enough to make sure that previous information cannot be rebuilt.

In extreme cases where the destruction of data must be guaranteed and the chance of retrieval must be eliminated, physical destruction of the hardware is the best course of action. Media may generally be destroyed by using a number of methods, including an abrasive substance on magnetic disk or drum recording surface. Corrosive chemicals can have the same desired effect, but regardless, the entire recording surface must be completely removed before disposal. Destruction of the drive (or the entire computer, for that matter) can also be achieved by being smelted, disintegrated or incinerated at a metal destruction facility or through incineration.

Even if the decision is made to destroy the hardware completely, it is still a good idea to purge media before submitting it for destruction.

SOP
Different countries have different standards for destruction of digital information. The United States Department of Defense has approved both overwriting and degaussing for purging data, although the effectiveness of overwriting cannot be guaranteed without examining each specific situation. In Canada, for example, the RCMP recommends the drives be “cleansed” by a triple overwrite of the RCMP DSX disk-overwrite software or a third-party equivalent that meets RCMP overwrite guidelines.

While making sure sensitive data does not fall into enemy hands should be standard operating procedure, it is just as important to make sure the data in question is no longer needed; if it is, make sure it can be found somewhere else. Destruction of data should be aligned with any departmental document-retention policy. If you do an excellent job of destroying data, even a data recovery expert might not be able to recover it!

Tim Margeson is General Manager of CBL Data Recovery Technologies Inc., a leading international provider of data recovery services to consumer, enterprise and public-sector clients who experience data loss disasters.