The Nemim.gen Trojan
This clever piece of malware evades forensic examination by deleting its own components.
Page 2 of 4
This clever piece of malware evades forensic examination by deleting its own components.
A way to securely erase paper:
“The key idea was to find a laser energy level that is high enough to ablate – or vaporise – the toner that at the same time is lower than the destruction threshold of the paper substrate. It turns out the best wavelength is 532 nanometres – that’s green visible light – with a pulse length of 4 nanoseconds, which is quite long,” Leal-Ayala told New Scientist.
“We have repeated the printing/unprinting process three times on the same piece of paper with good results. The more you do it, though, the more likely it is for the laser to damage the paper, perhaps yellowing it,” he says. The team have found toner-paper combinations in which almost no appreciable traces of toner can be seen after lasing and in which the paper suffers “no significant mechanical damage.”
EDITED TO ADD (3/21): More than one reader has pointed out that this system is not secure, nor do its inventors make any claims of security.
DARPA held an unshredding contest, and there’s a winner:
“Lots of experts were skeptical that a solution could be produced at all let alone within the short time frame,” said Dan Kaufman, director, DARPA Information Innovation Office. “The most effective approaches were not purely computational or crowd-sourced, but used a combination blended with some clever detective work. We are impressed by the ingenuity this type of competition elicits.”
Lots of information about the contest and the winners here. This is the winning entry. And this is the original input for the challenge.
“Reliably Erasing Data From Flash-Based Solid State Drives,” by Michael Wei, Laura M. Grupp, Frederick E. Spada, and Steven Swanson.
Abstract: Reliably erasing data from storage media (sanitizing the media) is a critical component of secure data management. While sanitizing entire disks and individual files is well-understood for hard drives, flash-based solid state disks have a very different internal architecture, so it is unclear whether hard drive techniques will work for SSDs as well.
We empirically evaluate the effectiveness of hard drive-oriented techniques and of the SSDs’ built-in sanitization commands by extracting raw data from the SSD’s flash chips after applying these techniques and commands. Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual file sanitization are effective on SSDs.
This third conclusion leads us to develop flash translation layer extensions that exploit the details of flash memory’s behavior to efficiently support file sanitization. Overall, we find that reliable SSD sanitization requires built-in, verifiable sanitize operations.
How not to destroy evidence:
In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show.
The article wasn’t explicit about this—odd, as it’s the main question any reader would have—but it seems that the man’s digestive tract did not destroy the evidence.
It can be impossible to securely delete a file:
What are the security implications of Volume Shadow Copy?
Suppose you decide to protect one of your documents from prying eyes. First, you create an encrypted copy using an encryption application. Then, you “wipe” (or “secure-delete”) the original document, which consists of overwriting it several times and deleting it. (This is necessary, because if you just deleted the document without overwriting it, all the data that was in the file would physically remain on the disk until it got overwritten by other data. See question above for an explanation of how file deletion works.)
Ordinarily, this would render the original, unencrypted document irretrievable. However, if the original file was stored on a volume protected by the Volume Shadow Copy service and it was there when a restore point was created, the original file will be retrievable using Previous versions. All you need to do is right-click the containing folder, click Restore previous versions, open a snapshot, and, lo and behold, you’ll see the original file that you tried so hard to delete!
The reason wiping the file doesn’t help, of course, is that before the file’s blocks get overwritten, VSC will save them to the shadow copy. It doesn’t matter how many times you overwrite the file, the shadow copy will still be there, safely stored on a hidden volume.
Is there a way to securely delete a file on a volume protected by VSC?
No. Shadow copies are read-only, so there is no way to delete a file from all the shadow copies.
File deletion is all about control. This used to not be an issue. Your data was on your computer, and you decided when and how to delete a file. You could use the delete function if you didn’t care about whether the file could be recovered or not, and a file erase program—I use BCWipe for Windows—if you wanted to ensure no one could ever recover the file.
As we move more of our data onto cloud computing platforms such as Gmail and Facebook, and closed proprietary platforms such as the Kindle and the iPhone, deleting data is much harder.
You have to trust that these companies will delete your data when you ask them to, but they’re generally not interested in doing so. Sites like these are more likely to make your data inaccessible than they are to physically delete it. Facebook is a known culprit: actually deleting your data from its servers requires a complicated procedure that may or may not work. And even if you do manage to delete your data, copies are certain to remain in the companies’ backup systems. Gmail explicitly says this in its privacy notice.
Online backups, SMS messages, photos on photo sharing sites, smartphone applications that store your data in the network: you have no idea what really happens when you delete pieces of data or your entire account, because you’re not in control of the computers that are storing the data.
This notion of control also explains how Amazon was able to delete a book that people had previously purchased on their Kindle e-book readers. The legalities are debatable, but Amazon had the technical ability to delete the file because it controls all Kindles. It has designed the Kindle so that it determines when to update the software, whether people are allowed to buy Kindle books, and when to turn off people’s Kindles entirely.
Vanish is a research project by Roxana Geambasu and colleagues at the University of Washington. They designed a prototype system that automatically deletes data after a set time interval. So you can send an email, create a Google Doc, post an update to Facebook, or upload a photo to Flickr, all designed to disappear after a set period of time. And after it disappears, no one—not anyone who downloaded the data, not the site that hosted the data, not anyone who intercepted the data in transit, not even you—will be able to read it. If the police arrive at Facebook or Google or Flickr with a warrant, they won’t be able to read it.
The details are complicated, but Vanish breaks the data’s decryption key into a bunch of pieces and scatters them around the web using a peer-to-peer network. Then it uses the natural turnover in these networks—machines constantly join and leave—to make the data disappear. Unlike previous programs that supported file deletion, this one doesn’t require you to trust any company, organisation, or website. It just happens.
Of course, Vanish doesn’t prevent the recipient of an email or the reader of a Facebook page from copying the data and pasting it into another file, just as Kindle’s deletion feature doesn’t prevent people from copying a book’s files and saving them on their computers. Vanish is just a prototype at this point, and it only works if all the people who read your Facebook entries or view your Flickr pictures have it installed on their computers as well; but it’s a good demonstration of how control affects file deletion. And while it’s a step in the right direction, it’s also new and therefore deserves further security analysis before being adopted on a wide scale.
We’ve lost the control of data on some of the computers we own, and we’ve lost control of our data in the cloud. We’re not going to stop using Facebook and Twitter just because they’re not going to delete our data when we ask them to, and we’re not going to stop using Kindles and iPhones because they may delete our data when we don’t want them to. But we need to take back control of data in the cloud, and projects like Vanish show us how we can.
Now we need something that will protect our data when a large corporation decides to delete it.
This essay originally appeared in The Guardian.
EDITED TO ADD (9/30): Vanish has been broken, paper here.
Clear, the company that sped people through airport security, has ceased operations. My first question: what happened to all that personal information it collected on its members? An answer appeared on its website:
Applicant and Member data is currently secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will continue to secure such information and will take appropriate steps to delete the information.
Some are not reassured:
The disturbing part is that everyone who joined the Clear program had to give this private company (and the TSA) fingerprint and iris scans. I never joined Clear. But if I had, I would be extremely concerned about what happens to this information now that the company has gone defunct.
I can hear it now—they’ll surely say all the biometric and fingerprint data is secure, you don’t need to worry. But how much can you trust a company that shuts down with little notice while being hounded by creditors?
Details matter here. Nowhere do the articles say that Clear, or its parent company Verified Identity, Inc., have declared bankruptcy. But if that does happen, does the company’s biggest asset—the personal information of the quarter of a million Clear members—become the property of Clear’s creditors?
I previously wrote about Clear here.
The NSA had an incinerator in their old Arlington Hall facility that was designed to reduce top secret crypto materials and such to ash. Someone discovered that it wasn’t in fact working. Contract disposal trucks had been disposing of this not-quite-sanitized rubish, and officers tracked down a huge pile in a field in Ft. Meyer.
How did they dispose of it? The answer is encrypted in the story’s text!
The story sounds like it’s from the early 1960s. The Arlington Hall incinerator contained a grating that was to keep the documents in the flames until reduced to ash. The grate failed, and “there was no telling how long the condition had persisted before discovery.”
This seems like a really dumb idea.
Sidebar photo of Bruce Schneier by Joe MacInnis.