IDEA: Self Distruct

[Uncle John]

I've been thinking about this idea for a program for quite a while but have been hesitant to share it since the program could be used for good as well as bad purposes (ie. virus). On the other hand isn't that the case with all technology. So here goes...
If you are as old as me you will remember that the starting scene from every episode of the TV series mission impossible starts the same way. Secret agent Jim retrieves a tiny tape cassete from some hidden location in a public place (e.g. under a shelf in a phone booth) places it in a player and listens to his instructions for his next "impossible" mission. At the end of the recording the voice says something like "this tape will self destruct in x seconds". Shortly after the cassete fizzles and dissolves. The fizzling is a great visual effect but the main point is that the information on the tape was destroyed.
I'm sure that there are scores of people around the world that wished they could destroy the data held on the hard disk of the laptop or USB flash drive drive that has been lost or stolen and that is where my idea comes in.
There are scores of remote access programs around that will allow you to operate a PC over the internet. Why not have a program running on the remote PC that will poll for a destruct command initiated by the authorized custodian of the data? If program receives the command it will automatically delete the specified data on media in question regardless of where it might be.
Given the astonishing fines (and jail terms) organisations place on unauthorised access to data nowadays and the many stories in the media about lost PCs with sensitive data etc., I'm sure my "self destruct" idea will be very popular. 

[scancode]

I'd go for correctly implemented encryption. No need to pull the kill switch

[Deozaan]

See Skrommel's DoOrDel.

[f0dder]

See Skrommel's DoOrDel.

-Deozaan (October 12, 2008, 03:45 PM)

"Bypassing it is simple", says the page.

+1 to scancode, proper encryption is the way to prosperity.

[40hz]

I'd go for correctly implemented encryption. No need to pull the kill switch

-scancode (October 12, 2008, 03:38 PM)

Agree with scancode & f0dder.

Encryption's far better than deletion for security. Encryption can be done in one pass. t would take multiple read/writes to securely delete something such that it would be difficult to recover. And the huge amount of disk activity would be enough to tip somebody off that something unusual was going on. Anybody with a modicum of technical knowledge would put two and two together in about a minute and just kill power to the box. Encryption could be set to silently run in the background and do its work without unusual disk activity.

There was a program called Dead Man's Switch that did something similar except it activated automatically if you didn't contact it. Basically, it would initiate a number of actions (i.e. send out e-mails, encrypt files, etc.) if it didn't hear from you after a predefined interval. It was originally written around the time of Win2K. I don't believe it's being maintained any more (the author was probably worried about liability if it ever malfunctioned) but it is still available for download if you google it. Use with caution since it's dependent on the system time reported in Windows. If you (or some piece of malware) monkeys with your date or time settings, it can accidentally be triggered.

The real weakness with this type of software, however, is that it only stops casual thieves and morons. That's because it relies on the stolen device to be running in order for it to work, A real data thief will just pull the drive out of the machine and mount it on another PC so that none of the executables will be active. Then he can browse what's on it at leisure. Once he grabs what he wants, he'll just wipe it with something like DBan, install a Linux distro, and head on over to a flea market (preferably out of state) to dump it.

In order for what you're proposing to be usably effective, it would have to be hardware-based, controlled by the BIOS, and use to a serialized hard drive keyed to only work with a specific motherboard. That puts it in OEM territory. I believe there are already some laptops that implement full disk encryption using such a system.

(Hmmm...finally starting to get a little worried about that 8GB JPG "Art Collection" you've got, eh? )

[f0dder]

40Hz: encryption would obviously have to be applied before the system is stolen - ie., either full-system encryption with TrueCrypt, or a single partition or container file where your data is stored. And of course it only stops people from getting your precious data, it doesn't prevent people from re-selling the stolen hardware.

Btw, I don't believe you really need multi-pass disk wiping these days, unless you want to guard yourself against NSA and electron microscopes. A single 0-pass should be sufficient to wipe against what normal people's hardware could be exposed to.

[40hz]

40Hz:[/b] encryption would obviously have to be applied before the system is stolen

-f0dder (October 12, 2008, 06:24 PM)

Agree. After the fact security measures are no security measures at all. But I have seen "big iron" systems that would initiate encryption operations if they detected they were being hacked. It was done that way for efficiency reasons since the older machines had problems with the processing overhead required for crypto in a multi-user timeslice topology. I only mentioned it because I still see people proposing "encrypt-on-threat" systems despite the fact that the IT world has long since abandoned the idea. (I think the Bruce Willis movie Live Free or Die Hard probably had a lot to do with the current revival.) I should have been more clear that I wasn't endorsing post facto encryption approaches. With the speed of today's CPUs, on-the-fly encryption is fast enough that you don't gain any advantage by not using it, assuming you actually do need encryption.

Btw, I don't believe you really need multi-pass disk wiping these days, unless you want to guard yourself against NSA and electron microscopes. A single 0-pass should be sufficient to wipe against what normal people's hardware could be exposed to.

Not sure I'm 100% with you on that. For the time being I'll concede your point based on what tech is generally available out there. But I've recently seen a few things at a private hackfest over in NYC that makes me wonder for how long. Amazing what can be accomplished with some ingenuity and a trip to your local electronics supply house.

Remember when software and music distribution on CD was considered 'secure' because not too many people had CD burners?

[Uncle John]

Thanks for all the comments. Encryption/password protection certainly seems like the way to go. I like the description of "Dead man's switch". I'll have a closer look at it. Thanks again. 

[Shades]

About the delete option as suggested by f0dder, I have to disagree. you would be amazed what a program Testdisk retrieves.I was at the time. after running that piece of freeware, there was a boatload of files retrieved and there was stuff in between those files that was over a year old. The only problem from this boatload was that the original filenames were not retrieved.

In my "defense" that could have been a setting that I missed (lack of GUI).
However, information that I thought was overwritten at least three times (I download a lot) was right there.

Let's just say that you don't lose that pr0n collection that easily ;-)

[jgpaiva]

Shades: notice that f0dder mentioned that 'a single 0-pass should be enough', that means delete the stuff using a 'secure' deletion, but on its lower setting.

[f0dder]

Shades: notice that f0dder mentioned that 'a single 0-pass should be enough', that means delete the stuff using a 'secure' deletion, but on its lower setting.

-jgpaiva (October 14, 2008, 03:27 AM)

Yeah, overwriting all the sectors of the disk with zeroes, not just deleting the files.

I wonder what it is 40Hz knows, though

[Edvard]

There are currently quite a few open-source data recovery tools available, and I'm not just talking about dd.
InformationWeek has an article on it (page 5 is the most interesting), with the most eye-opening being the Sleuth Kit and the Helix data forensics distro.

I don't know what 40hz saw, but I assume the same crowd knows these tools as well.

[f0dder]

There are currently quite a few open-source data recovery tools available, and I'm not just talking about dd.
InformationWeek has an article on it (page 5 is the most interesting), with the most eye-opening being the Sleuth Kit and the Helix data forensics distro.

I don't know what 40hz saw, but I assume the same crowd knows these tools as well.

-Edvard (October 14, 2008, 11:48 AM)

Do any of those have the ability to restore a volume that has been filled entirely with zeroes, though? I would assume you need some sort of hardware-based attack to be able to do that.

[Edvard]

From what I read, those tools are meant for recovering data from damaged file systems, not wiped, so maybe I was a bit too hasty replying, although those tools would be quite useful if the problem of "looking under the zeros" can be solved.
He did mention "a trip to your local electronics supply house" so it probably is some sort of hardware hack.

Either way, I agree that a tool such as Uncle John is looking for should do some sort of over-write, rather than simple deletion.

For the record, there is a DoD standard (the "NSA standard" is a bit of a myth... they just use the DoD standard) for such but the one everybody points to (DoD 5220.22-M or the NISPOM) is now outdated and the ODAA has published a process guide for secure handling of all media in classified environments (page 173 has the 'sanitization matrix').
Relevant procedures in order of complexity:

c. Overwrite all addressable locations with a single character utilizing an approved overwrite
utility.
d. Overwrite all addressable locations with a character, its complement, then a random
character utilizing an approved overwrite utility.
e. Each overwrite must reside in memory for a period longer than the classified data resided.
f. Overwrite all locations with a random pattern, then with binary zeros, and finally with
binary ones utilizing an approved overwrite utility.

Interesting...

[Edvard]

Or you could do it this way and have some fireworks to boot...

With the amount of personal data stored on your computer, we all understand the importance of destroying the data that is stored on the platters of a hard drive before disposing of it. There are many ways to destroy a hard drive; software, physical disassembly, drills, hammers, magnets/electromagnets, and acid, but none are quite as outrageous and dangerous as thermite.

http://hackaday.com/...orensic-destruction/

w00t!!

[f0dder]

I still think those "approved wipe" things are for NSA-style paranoia. Perhaps there's some magnetic residue that can be read by people who really want to as well as have the tools and the bleeping patience, but I'd feel pretty confident throwing a zero-overwritten drive out with the junk. I do tend to dismantle them first, though, because it's fun and the magnets rock.

PS: thermite rocks. Wish I had some ferrous oxide and the guts to turn my magnesium strips to powder... but I'm a bit afraid the involved friction could trigger the magnesium, and that wouldn't be so cool