Data loss made easy

Renderman, 9/20/99 (updated 12/01/99)
Www.Hackcanada.com
RenderMan@Hackcanada.com


"Bang, Bang, Bang. Police open up!"

	This is a sound that we all never want to hear but live in fear of.
        Now depending on which of Santa's lists your on, most don't have too
        much to fear by statistics, but it all depends on what you've done. If
        you've done something really bad, really public, or just really dumb,
        you may find yourself on the receiving end of a warrant. Most cops
        nowadays aren't the dimwit Blarney Fife types that we all wish they
        were. They now know that in any raid, computer storage media can mean
        a lot of evidence in the courts. For hackers, this may be all the
        evidence the prosecution need to corroborate the charge.

How to cover your ass! v1.0

	Unlike the early days of computers, cops/feds know now that valuable
        data (evidence) can be lost if the systems are tampered with,
        mishandled, or interfered with by either the suspect or the police
        themselves. Police are briefed before any computer related raid as to
        what a disk is, what a CD-ROM is, what a hard disk is, and how not to
        damage each. They have no idea what any other computer stuff is or
        means but they know that if they break it, they are in trouble. Gone
        are the days of cops just yanking the power cord and hauling the
        system away, valuable data can be lost by this action. Now the goal is
        to secure the system from the suspect, and from any other interference
        until someone who  knows about computer forensics can be called in to
        determine the best course of action for removal of the system and the
        data it contains.

	If the someone comes a knocking and you've been doing illegal things,
        first off, don't panic (yet). Ask through the door what it's about. If
        it's the neighbor looking for his dog, stay cool. But if it's a "bang,
        bang, bang, we have a warrant", fjear! Small surveillance camera's
        bought for cheap at radio shack or any of the new "spy" shops,
        strategically placed at the major entrances, can be invaluable by
        being able to determine if it's one cop asking for a spare doughnut,
        or the freaking swat team about to beat down your door using your
        neighbor to get you to open the door.

	Now some people are thinking, "If I hear them coming, I'll just erase
        my HD". Here is a test, go to the main entrances of your dwelling,
        time how long it takes for you running at full tilt to get to your
        computer(s). Not long is it?  Now imagine the police (or other agency)
        running that same route and pointing a very large gun at your head.
        Now do you think that you would have time to thoroughly erase your
        hard drive, or even start? Police would be briefed on what to do if
        they saw "Formatting c:" on the screen.

	With the current data recovery techniques available to the average
        consumer, you can recover a formatted hard drive in minutes with 
        commercially available software in any computer store. Normally
        on a FAT16 (32) drive (there are far too many standards to go into but
        this sums it up) when you delete data, the pointer to the data is
        removed but the data still remains until that cluster of the drive
        gets overwritten. Even if you manage to erase some files and write
        over the space there is still a magnetic "afterimage" that can be
        reconstructed. The NSA standard to be absolutely sure that data is
        erased is to write 1's or 0's over the drivespace 7 times. Try
        formatting your drive 7 times before the cops come into the room.

	Another method one may consider is encryption. Encrypted file 
        systems (like Puffer for linux) are a good way to go.  With an 
        encrypted file system you can on the fly keep sensitive things encrypted.
        If you get raided it's already hashed and locked, definatly a good way 
        to go, however only a step in a soulution.  The encryption algorithms
        themselves can also be your biggest enemy. Most decent encryption
        (large key size) is heavily regulated as to where it can be used.
        If you decide to write your own encryption for your data with a
        larger key than 64 bit, in the united states, it's another thing they
        can charge you with. Recent talk of key escrow and built in back doors
        don't make encryption a comforting barrier between you and a cellmate
        named bubba for the next 30 years.

	What about de-magnetizing the hard drive. For many years we had it
        drilled into our heads at school and home that magnets and computer
        disks do not mix. But have you ever held a large magnet over a
        diskette and tried reading it? Often it will corrupt but not destroy.
        This method is half-decent but the problem is 1. The magnetic coil
        needed to generate a strong enough field to erase the whole drive
        would have to be very large, and 2. require a larger burst of power
        that is not easy to produce without a large number of capacitors. So
        this method is rather bulky, but could be used if you are an
        electronics type of person but it's hard to determine if it's been
        adequately erased. Many data recovery companies can revive a degaussed
        hard drive depending on the strength and exposure.

Recap:  We have ruled out deletion and degaussing, and encryption is only part of the solution. What about destruction?

	Now this is a subject to consider carefully. Simply taking a hammer to
        a hard drive would render it useless for normal use but it is amazing
        what they can recover data from nowadays. The government has the time,
        money, and resources to sweep up the pieces and put it back together
        to get data off of it (depending on the severity of what you did and
        how badly they want your data). Same rule applies for explosive
        destruction of the hard drive, they can still reconstruct the pieces,
        and you also run the risk of explosives charges added to your list and
        blowing yourself up in the process. Liquids have little to no effect
        on the platters on a hard disk and a corrosive substance would be very
        dangerous to work with and may not get the whole drive. If you really
        want to destroy your data in a quick, non-recoverable way, melting is
        about your only option any more.
	
	The Thermite reaction is a very fast acting, very hot, very stable,
        exothermic reaction. Typically used to create molten iron on the spot,
        usually at construction sites. It typically burns at 2200 degree's
        centigrade, hot enough to melt through the hard drives outer casing
        and onto the platters. At normal room temperature the mixture is very
        stable and not something to fear. Now I'm not going to tell you how
        to make it, I'm very tired of seeing headlines "kid blown up with bomb
        made from instructions off net" and I don't want to be responsible for
        any more. So if you really want to know, I would suggest finding a
        copy of "The big book of mischief", grabbing a high school chemistry
        text book, or just searching the web for "Thermite". Using something
        like several model rocket engine ignitors hooked off multiple lines to
        batteries, you can hook them too (preferably several) safety switches
        making a safe but effective trigger. This can set off this reaction
        very quickly and once it starts, it cannot be put out. The cops are
        knocking and you see in your handy surveillance camera's that they are
        not alone, hit the switch(es) and nuke the hard drive(s). You may want
        to keep a fire extinguisher nearby so that when the officers arrive
        and you're in cuffs, they can keep your place from burning down. You
        could even take this further and wire the detonator to a serial port
        and have it rigged to go off if it's unplugged improperly or the
        system is tampered with. This may be a little more extreme than is
        necessary but it's an idea. The thermite reaction has the added
        advantage that it's not an explosive so you avoid extra charges and if
        you make adequate modifications to where you put your hard drive you
        can keep everything else from going up in smoke and avoid arson
        charges too.

	When considering disks it is not a difficult matter. 3.5" floppies
        stored in a tamper box with a commercial tape degausser can be made to
        go off if the box is not opened properly. Many of us have cd recorders
        that one can "archive" information to. An old microwave can destroy a
        cd-rom in about 3 seconds. Just find an old klunker at a garage sale
        and use it to store your disks in and hook the start button to the
        aforementioned trigger for your thermite device.  One can go as far as 
	making a network file server in a case of cinder blocks so as to contain
	the thermite and limit damage.


	This file is meant as food for thought and not as the definitive guide
        on data destruction. I encourage you all to think of ways to cover
        your ass. But in the first place don't do anything to get yourself
        arrested.

	A little social engineering with data recovery companies can be most
        informative.

RenderMan
www.Hackcanada.com
RenderMan@Hackcanada.com

*Note, this is a living document and will be updated from time to time as tecnology changes.