[kml_flashembed movie="http://www.youtube.com/v/1SCZzgfdTBo" width="600" height="390" wmode="transparent" /]

Ten days ago, CBS ran a segment on the Evening News entitled “Copy Machines, A Security Risk?” Watch the video here.

This past February, CBS News went with [John] Juntunen [of Digital Copier Security] to a warehouse in New Jersey, one of 25 across the country, to see how hard it would be to buy a used copier loaded with documents. It turns out … it’s pretty easy.

After buying four copiers, they started to examine them. One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division. Another machine from the Buffalo Police Narcotics Unit revealed the targets of a narcotics raid. The third machine contained copies of pay stubs that revealed names, addresses and social security numbers. On the fourth machine from a New York insurance company, they found 300 pages of medical records that included prescriptions, blood test results and the like.

It’s not that the manufacturers of these products are negligent; all of them offer options to either encrypt or erase the documents. The problem is that the people who lease the copiers either don’t understand or don’t want to pay for the protection the options provide.

Ignorance is no excuse; failing to implement suitable security is negligence and a serious breach of federal privacy laws. Besides that, once a used copier leaves the warehouse, there’s no telling where it might end up. The CBS reporter gave this summary:

The day we visited the New Jersey warehouse, two shipping containers packed with used copiers were headed overseas – loaded with secrets on their way to unknown buyers in Argentina and Singapore.

How we lookin’? Not good.

The least expensive option would have been to train a staff member on how to use an old PC to hook up the drives and run the HDDerase utility. (See How to Quickly & Securely Erase a Hard Drive.) For various reasons, the client wasn’t in favor of this; they wanted someone “in the know” to do it.

After determining that there was little likelihood of any truly sensitive data sitting on those hard drives, I suggested a brute force approach: Physically damage the drives, then take them to a community recycling center and dispose of them. The total cost of this approach would be around $100. The client agreed.

The photo above shows the result of 3-4 sharp blows with the root-cutter end of a cutter mattock applied to the platter end of the hard drive case. The photo below shows the resulting damage to the platters.

You could argue that this isn’t enough destruction to meet regulatory security standards and you would be right. My rebuttal would be this: 1. There probably isn’t anything of value on those drives; 2. The cost of trying to recover anything on those drives would be prohibitive; and, 3. Where they’re going tomorrow, no one will know who owned those drives and wouldn’t care anyway if they did. Bottom line: The drives will be shredded and recycled as originally planned at a fraction of the cost.

Sometimes, it just takes a little common sense to deal with these issues.

Why, all of a sudden, is everyone concerned about secure file deletion? I hesitate to say it’s a sign of the poor economy, but perhaps people consider it even more important to protect their personal information when the idea of losing control of their assets—and their lives–through the incompetence of corporate “managers” and well-intentioned but clueless politicians is more abhorrent than losing control through the outright thievery of Internet gangs. It’s weird. I harped on people about securing their data all along and mostly, my advice fell on deaf ears. Now people are worried. And it’s not because they see more spam email phishing attempts, it’s because they feel they can’t trust anyone anymore, not their formerly respected captains of industry, and certainly not their elected officials.

But, I digress. This post is about security tools, not politics, so I’m now officially off of my soapbox.

I recently posted an article about SDelete, a tool that can be used to securely delete files and folders on a hard drive. There’s another little known, useful tool that has been built into the OS since Windows 2000: cipher.exe. Microsoft provides the following in Knowledge Base article 315672:

How to Use the Cipher Security Tool to Overwrite Deleted Data

To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command. Use the following steps:

1. Quit all programs.
2. Click Start, click Run, type cmd, and then press ENTER.
3. Type cipher /w:driveletter:\foldername, and then press ENTER. Specify the drive and the folder that identifies the volume that contains the deleted data that you want to overwrite. Data that is not allocated to files or folders will be overwritten. This permanently removes the data. This can take a long time if you are overwriting a large space.

One more tool you can use to mollify your paranoid clients.

Using SDelete

SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild card characters as part of the directory or file specifier.

Usage: sdelete [-p passes] [-s] [-q] <file or directory>
sdelete [-p passes] [-z|-c] [drive letter]

-c     Zero free space (good for virtual disk optimization).

-p passes     Specifies number of overwrite passes.

-s     Recurse subdirectories.

-q     Don’t print errors (quiet).

-z     Cleanse free space.

SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, which is overkill (see The Great Drive Wiping Controversy Settled at Last), but ensures your data is deleted forever. There is one caveat: SDelete securely deletes file data, but not file names located in free disk space. If you want to be completely sure that all traces of a file are gone, be sure to use the –c or –z option.

#####

Want to see even more useful, little known tools? Check out Sysinternals Live:

Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.

You can view the entire Sysinternals Live tools directory in a browser at http://live.sysinternals.com.

NIST gets the prize: One pass is enough to delete data such that it can not be recovered.  A paper published in December last year; “Overwriting Hard Drive Data: The Great Wiping Controversy” by Craig Wright, Dave Kleiman and Shyaam Sundhar R.S. as presented at ICISS2008 and published in the Springer Verlag Lecture Notes in Computer Science (LNCS) series, proves beyond doubt that data can’t be recovered from a wiped drive even if one uses an electron microscope. As Craig Wright puts it in a post on the SANS Computer Forensics blog:

Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data from a drive using an electron microscope are negligible. Even speculating on the possible recovery of an old drive, there is no likelihood that any data would be recoverable from the drive. The forensic recovery of data using electron microscopy is infeasible… The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest.

That sure makes life easier for those of us who have to deal with secure deletion of sensitive data. I’ll use my copy of Darik’s Boot and Nuke (DBan) with one pass from now on and get those retired hard drives wiped in no time.

According to CMRR, “The Secure Erase (SE) command was added to the open ANSI standards that control disk drives, at the request of CMRR… The SE command is implemented in all ATA interface drives manufactured after 2001 (drives with capacities greater than 15 GB)….

“Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure.”

Secure Erase is a DOS-based program, so you need to make a bootable floppy, CD, or flash drive that boots DOS, FreeDOS, or a Windows 95/98/ME rescue disk. Download the freeware HDDerase, extract HDDerase.exe to your bootable media, boot the computer to a command prompt, and execute HDDerase.exe (HDDerase.exe must be run from an actual DOS environment and not a Window based DOS command shell).

In about an hour or two, depending on the size of the hard disk, you’ll have a drive that can be safely disposed of or re-deployed without fear. If you plan to re-deploy the disk, you’ll have to create a new partition and format the disk before you’ll be able to use it again.

I’ve used this handy utility many times to sanitize disks that contained data subject to the Health Insurance Portability and Accountability Act (HIPAA). All normal attempts to discover any trace of identifiable data on my test drives failed to reveal anything usable.