When hackers, competitors or governments apply the right technologies, the data you thought you had destroyed, and which has stumbled outside the corporate gates on discarded PC hard disk drives, backup tapes and other zombie media, comes alive again. Opportunists are quick to use this data to extract their pound of flesh.
Take the case of the insurer that thought it had wiped the hard drives on retired PCs clean before disposing of them. Someone who bought one of those PCs and discovered sensitive data on it is blackmailing the company, says Bob Houghton, president of Redemtech Inc., a Hilliard, Ohio-based recycler of PCs and other IT products. And since the breach involved customer data, the company must disclose it to its customers under a California privacy law.
The IT staff may have simply overlooked erasing that PC in the disposal process. But the true horror is that in many cases, even wiped data on those 1,000 PCs you just sent out the door can be resuscitated.
And third-party vendors that claim to wipe PC disks before disposing of them don’t always do the job right, either. One IT executive at a large financial services company outsourced the task to four different vendors. Now she’s in litigation with three of them, according to Gartner Inc. analyst Frances O’Brien.
Redemtech says that on average, 25 per cent of the systems it audits still have data on them even though IT thought the systems had been wiped clean. IT managers don’t realize that their own best practices, if they have them, aren’t being followed. And even when they are, the erasure process may simply transport the data to the land of the undead.
Consider the options. An fdisk breaks the partition but leaves data on the drive that any disk utility can read. A quick format only overwrites the system area of the disk. A low-level format overwrites most data in sectors accessible by the operating system but leaves many areas untouched. Consumer-grade disk-wiping tools supposedly overwrite every sector, but data recovery specialists say they often retrieve data that these tools have left behind.
Then there’s degaussing – applying a strong magnetic field to the disk to erase it. This works well for backup tapes, but many degaussers aren’t powerful enough to erase newer hard disk drives. And since degaussing renders the drive inoperable, there’s no easy way to verify erasure. Redemtech and others use specialized tools to erase disk drives. Their technicians boot a custom utility from a DOS diskette or CD, and the software addresses the IDE or SCSI disk controller circuitry directly, bypassing the operating system installed on the target hard disk drive. But even then, data zombies lurk in the shadows.
A disk drive head is smaller than the track within which it must write. It plows along the track like a luge sled, leaving its mark through the centre while spraying some data up along the sides. A single erasure pass leaves much of this roadside data intact – a phenomenon called residual magnetism. Although the data is now out of the realm of easy recovery, if it’s valuable enough – say, the recipe for Coca-Cola or an early earnings report – organizations with the right resources may take a shot at it. The process involves removing the platters from the disk drive and using very expensive equipment to access the residual data.
To minimize this risk, disposal firms dealing with sensitive data make at least three erasure passes, and sometimes seven or more, to wash away as much residual data as possible. At that point, mere mortals probably can’t retrieve your data. “The NSA would still be able to recover data off that drive. They have very sophisticated equipment,” claims Tony Thornton, Redemtech’s MIS IT director. Then again, if the National Security Agency in the U.S. Dept. of Defense is reading your media, you probably have much bigger problems.
In the end, there’s only one way to know for certain that your data won’t rise again: physically shred hard disk drives and other storage media. But the correct action to take depends on the risk. For most PCs, a multi-pass erasure will suffice. But if the process doesn’t include an audit trail with specific snapshots of the sectors that verify erasure, be prepared to see your data rise again.