Re: Hmm...

"James" <djcameron60616@xxxxxxxxx> writes:


Walter Roberson wrote:
In article <1159578047.495830.58060@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<mike4ty4@xxxxxxxxx> wrote:

But is it possible to INDUCE a crash somehow? Can a crash on a "modern"

No.

drive do that type of damage? What I want is a mechanism inside a
computer
that will achieve the following once activated:

A bomb.


1. Destroy all the data on the system to "military-level", ie. not even
the
US Government could recover the data from the drives. This means
physical destruction of the magnetic media. A good head crash that
scrubs off all the magnetic material ought to do that.

No it does not mean physical destruction, but if you want physical
destruction then destroy it. Or did you want some button you could push
when the police storm in the door to destroy the drive?


No, typical modern drives are rated to about 100 g, and their
control logic has been moved onto the drive where you can't get to it
to force it to misbehave.

At the very least, you'd need custom control logic -- and I doubt
highly that you'd be able to arrange the head crash to get -all- of
the media in that case.

High security installations apparently use expensive high-security
drives, and don't mind using solid state instead of magnetic media,
and don't mind using an EMP pulse to erase data. Watch out with
solid state, though, as typical DRAM does -not- lose all of its
information immediately; a paper was published a couple of years ago
showing that you could recover a fair bit of information if you could
get power back to the chips within a short time (on the order of 5 minutes.)


3. Safety. Thermite, etc. are not options as those would probably burn
down the building the thing is in. I want the computer destroyed but
with little or no harm to the surroundings.

Then you don't want your security enough. If the information is not
valuable enough to be worth risking a few lives, then it isn't valuable
enough to worry about making it impossible for the US government
to recover -any- of it.


If you are storing officially classified information that was legally
obtained, then the information-holding authorization was
conditional upon following official storage and disposal practices.
If you don't know what those disposal practices are then ask up
the chain. I won't tell you what they are: "Those who tell, don't know.
And those who know, can't tell."

If you are holding classified information for the US government,
then you don't worry about destroying it to the point that the
US government cannot recover it: you worry about destroying it to
the point that -other- governments or organizations can't recover it.
And you'd follow official procedures, however long they took; and
if you were in a covert intelligence situation then you'd have
access to experts on protecting the data.

If you are holding classified information for a country that
cannot permit the US government to see any of it, then follow the
procedures and technologies approved by that country.

If the data is -not- officially classified, but it is still vitally
important that the US government not be able to recover any of it...
the only kind of highly sensitive information I can think of that is
not a product of illegalities is certain human rights related information
(historically, the US has sometimes backed repressive regimes). If
you are operating in the shadow area where what you are doing is
legal but sensitive enough that some part of the US government
might realistically Be Out To Get You, then you probably need to worry
about a lot more than hard drives -- why bother to seize a computer
when putting a bug on it (or on you) might be nearly as useful?

Question on this topic. I read a newspaper article where a major (big
ten) university's "property disposition department", who was
responsible for destroying hard drive data (whethern administration,
faculty, or student data) - had "destroyed all data on hard drives
according to policy" - but was unsuccessful. They essentially ran
software to delete the data, and then on audit, they found that they
recovers student papers, administrative financial information,
including student/staff SSN information.

Sounds like incompetence to me.



So, if the following was performed, what would the likelihood of data
destruction be?:
1. Perform a "normal" deletion through the OS.

Trivial to recover.

2. Run software on the drive for the DOD three step process.

What the the dod 3 step process?

3. Use a disk editor to "zero" all bytes.

Disk editory? I think I would rather write over them with "random" bytes.
Probably unrecoverable with modern drives, but maybe not.


4. Install a lower grade (not one installed on before) to partition
and format.

??? No idea waht "install a lower grade" means.

5. Use yet another OS to do a format/verify.

Trivial to overcome
6. Encrypt or scramble data to the drive in an alternate language
(piss-poor source code as a language or mixed incoherent source code
allowed here as a substitute on this step), filling all bits on the
drive.

This is just overwriting with random data.

6a. Write incoherent random documents and staff flyers to the drive
(may load from a usb device if necessary)

staff flyers? Just write random stuff to the whole drive.

dd if=/dev/urandom of=/dev/hdd bs=1M



7. Run a handheld magnetic device over the drive.

Trivail to recover.

8. Dismantle the drive, including all platters if possible.

Trivial to recover.

9. If not, "freeze" the platter(s). Throw or catapult it to a
sidewalk or wall with a minimum 150'.

Trivial to recover.

10. Collect as many pieces as possible and toss into a loose bag and
then toss into a alligator filled swamp.

Trivial to recover.

11. Go out and enjoy an adult beverage.

Even more trivial to recover.



Would this do the trick?
oNo.

Over write with random data, then open the drive and put it into a furnace
and heat the platers red hot.

.