Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Great Zero Challenge Remains Unaccepted

timothy posted more than 5 years ago | from the no-fair-guessing-porn-names- dept.

Data Storage 496

An anonymous reader writes "Not even data recovery companies will accept The Great Zero Challenge and only four months remain! We've all heard how easily data can be recovered from hard drives. We're told to make multiple overwrites with random data, to degauss drives and even physically destroy them just to be extra safe. Let's get the word out. The challenge is almost over! It's put up or shut up time. Can you recover the data?"

cancel ×

496 comments

Do many companies really do EFM recovery? (5, Insightful)

DigitAl56K (805623) | more than 5 years ago | (#24903075)

Based on nothing more than personal suspicion, I think many professional recovery firms may be in the business of simply running expensive tools that scan through the partition and file table area and perhaps even the entire disk to locate data that has either been marked erased or had references removed (for a full disk scan) and then restoring it. Perhaps they'll also move the spindle from a dead drive into a new case to complete the operation, but I doubt there are many companies that will actually do electron force microscopy for you and even fewer that will do it at anything other than an astronomical fee. Powerful recovery tools can be purchased for a few hundred dollars now anyway. My opinion is that the recovery business is a focus around confidence that a professional will be doing the recovery and that you or your employees won't worsen the situation. In the event that a drive with critical data fails and you don't have a backup, who wants to be the person responsible for damaging the disk during recovery?

Anyway, IMHO this whole debate should be moot by now. If you want to secure your drive use full disk encryption (now freely available in TrueCrypt) and when it comes to destroying the data just overwrite the header area a thousand times with random garbage. It will take only a second or two, and the whole drive will be useless to anyone.

Of course it would also be nice if more manufacturers were producing encrypted disks as standard with verified schemes (there have been some lemons purporting to be secure that really aren't) so that we wouldn't have to do encryption in software.

Re:Do many companies really do EFM recovery? (4, Interesting)

anagama (611277) | more than 5 years ago | (#24903153)

Although the drive has to be in a living system and not on the shelf, it's worth noting the cold boot attack: http://citp.princeton.edu/memory/ [princeton.edu]

Q. What encryption software is vulnerable to these attacks?

A. We have demonstrated practical attacks against several popular disk encryption systems: BitLocker (a feature of Windows Vista), FileVault (a feature of Mac OS X), dm-crypt (a feature of Linux), and TrueCrypt (a third-party application for Windows, Linux, and Mac OS X). Since these problems result from common design limitations of these systems rather than specific bugs, most similar disk encryption applications, including many running on servers, are probably also vulnerable.

Re:Do many companies really do EFM recovery? (4, Informative)

DigitAl56K (805623) | more than 5 years ago | (#24903245)

Although the drive has to be in a living system and not on the shelf, it's worth noting the cold boot attack

Not in this context because we're talking about how intentionally wipe the data from a drive, e.g. when you want to erase the data and dispose of the disk. The cold boot attack, although interesting, has nothing to do with recovering data from a drive after someone has attempted to destroy it, unless your implication is that someone would try to overwrite the header a split second before someone like the FBI breaks the door down. Even then, simply unmounting the volume will wipe the key from memory. If you have time to attempt an erasure you have time to unmount the disk. If you are in a situation where you have enough time to write zeros all over the drive, as in this challenge, you are certainly not at risk from the cold boot attack.

Re:Do many companies really do EFM recovery? (1)

anagama (611277) | more than 5 years ago | (#24903335)

As I said: "the drive must be in a living system". I figured people would think of a "living system" as one in which the drive is installed and the computer running. I suppose I was wrong.

I think what is most interesting about the cold boot attack is how a system that was thought to be extremely secure, can fall to really smart people. Some really smart person/group in the future may figure out how to recover the old data on a drive despite zeroing or encrypting. Unless the drive is actually destroyed, there is always a chance, no matter how small, that the data will be recovered. Pirates had it right: dead men tell no tales.

the drive must be in a living system??? (2, Funny)

niiler (716140) | more than 5 years ago | (#24903597)

See, here I was thinking a Cylon. Number 6 specifically.

I think you got it at the beginning. (3, Insightful)

khasim (1285) | more than 5 years ago | (#24903179)

It's about money.

Since the "reward" offered seems to be less than the regular fee that a company would charge for such, why would any recovery company waste resources on it?

Re:I think you got it at the beginning. (4, Insightful)

gEvil (beta) (945888) | more than 5 years ago | (#24903641)

That was my thought, too. Reading through the challenge page, all I could think was "a whole 40 bucks?!?" I mean, even if I could do it, I'm not sure I'd waste my time for 40 bucks and the title of "recovery king".

it is PR (2, Insightful)

someone1234 (830754) | more than 5 years ago | (#24903717)

1. if you don't accept this simple the challenge, you definitely scam your customers. Some will take notice, and you lose more.

2. if you accept the challenge and WIN, then you get free advertising. (If you accept but lose, you still get some bad PR, but at least you can say the drive was fake).

Re:Do many companies really do EFM recovery? (4, Insightful)

Justus (18814) | more than 5 years ago | (#24903213)

If you want to secure your drive use full disk encryption (now freely available in TrueCrypt) and when it comes to destroying the data just overwrite the header area a thousand times with random garbage. It will take only a second or two, and the whole drive will be useless to anyone.

Except, of course, that the point of the challenge is that instead of encrypting and whatnot (which can be a good idea for other reasons, but I digress), you could just overwrite the drive with 0's once and dispose of the drive safely. This is most likely substantially faster than what many people propose, like overwriting many times or physically destroying the disk.

However, I think their methodology is pretty flawed. The reward for completing the challenge is $40 and the drive itself (which is worth $40-60). You also have to pay shipping, which will run maybe $10-15. I know that it's really not worth it for me to spend any time trying to recover the data from the drive—probably a fairly lengthy process—just for $85.

Not so. (2, Insightful)

Jane Q. Public (1010737) | more than 5 years ago | (#24903403)

If you were a data recovery company, you would gain an ENORMOUS reputation if you were to complete the challenge. And the cost? Shipping.

That is the cheapest publicity they would ever receive... and what publicity they would receive!

Re:Not so. (5, Insightful)

DigitAl56K (805623) | more than 5 years ago | (#24903525)

That is the cheapest publicity they would ever receive... and what publicity they would receive!

Yes, what publicity they would receive? :) I've never heard of 16systems.com before, their site is barebones with almost no articles [16systems.com] . I dare say they caught a lucky break with this Slashdot article. Maybe I'm wrong, but it seems that there is no obvious publicity to be had (before now). And should recovery firms respond to everyone with a small website who issues a challenge?

You are arguing against yourself. (1, Offtopic)

Jane Q. Public (1010737) | more than 5 years ago | (#24903573)

Because you are giving the very concept print space (and your own time) right here on slashdot! Who cares about the website? Others would be blogging about it all over the place.

Re:Not so. (2, Insightful)

Henneshoe (987210) | more than 5 years ago | (#24903605)

I hope that was sarcasm, because really who hasn't heard of 16systems.com and their (not so) great challenge. The publicity from winning this is next to nothing.

Re:Not so. (1)

maxume (22995) | more than 5 years ago | (#24903781)

Some guy says that he created the files on the disk and then deleted/overwrote them. Maybe he did. Maybe he didn't.

If you are a busy data recovery company, this guy doesn't have enough of a reputation for the publicity to be worth the risk that he didn't.

Re:Not so. (0)

Anonymous Coward | more than 5 years ago | (#24903791)

Exactly the opposite of what you said -- and if they don't crack it on the challenger's limited timetable, they get known as a company that can't recover data.

Lots of downside on this one for an established company.

Re:Do many companies really do EFM recovery? (1)

Rich0 (548339) | more than 5 years ago | (#24903659)

Moreover, if I were concerned about people with the resources to detect residual data on a zereoed hard drive, I certainly wouldn't trust cryptography. If the crypto system is ever defeated chances are whoever has your drive could recover almost everything on it even without resorting to scanning/tunneling electron microscopes and all that.

Multiple writes with random data is the only way to be REALLY sure. If you don't anticipate government-scale attackers then a simple zeroing is sufficient - and /dev/zero is a whole lot faster than /dev/urandom on most systems.

Re:Do many companies really do EFM recovery? (4, Insightful)

arth1 (260657) | more than 5 years ago | (#24903701)

The conditions are also made to trick ignorant journalists. Anyone knowing a bit about file systems know that being able to restore some data from a drive is a heck of a lot easier than being able to restore file names, which they demand. Not only do you have to be able to restore the sectors that contain the file name metadata, but you need knowledge of the file system in question, and how exactly it stores its file names. If it's stored in byte swabbed format, you won't even recognize it as a file name.
Try to do a dd to a file of a working partition and then extract the file names from it. Unless it's a DOS partition or other ancient format, it's not easy, and that's with no zeroing.

Yes, the "contest" is a farce, and any company that enters into it will lose credibility just by entering.

Re:Do many companies really do EFM recovery? (0)

Anonymous Coward | more than 5 years ago | (#24903779)

Exactly, and even more so. The software recovery tools fail against the zero right. They only work against format and standard delete, since the drive is not completely zero written. After that, you must 'damage' the drive to get at the data... most people will not go after that level of recovery unless the data is highly valuable. That kind of recovery is also very expensive to do. $40 does not even begin to cover the cost. Instead, if they really are serious about this challenge. They should take it in and pay the big fee to see if they can and allow the drive to be damaged.

Re:Do many companies really do EFM recovery? (2, Informative)

mikael (484) | more than 5 years ago | (#24903493)

I had an old drive which failed - one of those laptop Travelstar's that were known as 'deathstars' for the number of times they had died from overheating. Data recovery companies gave me a quote for anywhere between 300 pounds and 800 pounds, depending upon whether they would have to remove the spindle/platters from the drive and place them into a new one.

Fortunately, I managed to recover all the data from this drive for free, by putting it in external USB enclosure, place this in a freezer to cool it down, then give the enclosure a quick twist once the enclosure was plugged into an USB port. That was enough to recover the data.

You can recover the partition data of a drive erased using 'fdisk' by running the 'testdisk' utility.
(written by Christophe Grenier of http://www.cgsecurity.org/ [slashdot.org] ">CG Security

Re:Do many companies really do EFM recovery? (1)

BPPG (1181851) | more than 5 years ago | (#24903565)

... when it comes to destroying the data just overwrite the header area a thousand times with random garbage. It will take only a second or two, and the whole drive will be useless to anyone.

but that's the point they're trying to make; that's a myth and it's not necessary.

We're talking tin-foil hat, big brother paranoid level security here though. Your mom's not going to find the porn you deleted on your hard drive that was written over with random garbage, or had the headers deleted. But a super cyber-ninja might (not will, but might) be able to find a particular private key that you left on that same hard drive. And overwriting with garbage is really overkill, zeroes are all that's necessary.

Everything that 'might' happen is a security risk. If you think I'm being an alarmist, then stop thinking about security. It's necessary to talk in such absolutes. Using a random garbage writer is, well, random. With random, there's almost no chance of it happening. On the other hand, using straight zeroes, it's not possible to recover data from a disk full of zeroes at all. No multiple obsessive compulsive garbage writing necessary. Simple, elegant, and true.

That's the point of this challenge; it's because they don't think it's possible and all the smart people already know it's not possible. This is just to dispel the myths. Data destruction can be trivially achieved with just dd and /dev/null.

challengers (1)

pxlmusic (1147117) | more than 5 years ago | (#24903081)

challengers: they never appear.

Re:challengers (4, Insightful)

anagama (611277) | more than 5 years ago | (#24903199)

The challenge does not seem well designed. First of, the person attempting it has to pay postage both ways, deposit $60 with the organization hosting the challenge and forfeit the deposit if the drive is not returned in the same condition as it was when sent (how are you going to use a scanning tunneling microscope if you don't take it apart), they only get three days, and the reward is a whopping $40.

Re:challengers (1)

Drantin (569921) | more than 5 years ago | (#24903371)

It does allow for it to be taken apart by any registered data recovery services, and also allows them to keep it for 30 days instead of the 3 normal people get.

000 00 00000 000000000 (5, Funny)

MillionthMonkey (240664) | more than 5 years ago | (#24903101)

000 000, 0 000 0000 0000000 0 0 0 0000 00000! 000 0 000 000 0000000 000 000000 00000? 00 000 000000!

000 000 00 0000 000.

Re:000 00 00000 000000000 (0, Redundant)

thermian (1267986) | more than 5 years ago | (#24903237)

11111 111 1111 111 11111 11 11111 1111111111 :)

Re:000 00 00000 000000000 (1)

Toe, The (545098) | more than 5 years ago | (#24903291)

2

(ala Futurama, I believe)

This must be Room 12A (0)

Anonymous Coward | more than 5 years ago | (#24903551)

"Argument is an intellectual process. Contradiction is just the automatic gainsaying of any statement the other person makes."
"No it isn't."
"It is."
"Not at all."
"Now look."
(Rings bell) "Good Morning."

Re:000 00 00000 000000000 (0)

Bogtha (906264) | more than 5 years ago | (#24903627)

That's just what I'd expect a monkey like you to say.

"....less than a zero percent chance" (4, Funny)

Joce640k (829181) | more than 5 years ago | (#24903109)

That word "percent", I don't think it means what you think it means...

Re:"....less than a zero percent chance" (4, Funny)

Reality Master 101 (179095) | more than 5 years ago | (#24903225)

I think their problem is with understanding the concept of "zero", rather than "percent". Either that, or your understanding of hyperbole is flawed. :)

The whole article is full of comedy gold (1)

Joce640k (829181) | more than 5 years ago | (#24903523)

eg. Asking the special Unix team if it was possible after a "dd" - as if Unix writes to the disk in some special way that Windows doesn't.

I agree with the challenge though. It can't be done.

Re:The whole article is full of comedy gold (1)

TrekkieGod (627867) | more than 5 years ago | (#24903725)

eg. Asking the special Unix team if it was possible after a "dd" - as if Unix writes to the disk in some special way that Windows doesn't.

It's not because Unix writes to the disk in some special way, it's because nobody outside their unix team would know wtf the "dd" command does, so it had to escalate to them once they explained what they did to the drive.

I agree with the challenge though. It can't be done.

Not for a $40 reward, that's for goddamn sure. I'm not willing to spend time searching for a file that isn't deleted, and they just forgot where they saved it. Yes, I would charge over $40 to use the "find" command.

Re:"....less than a zero percent chance" (5, Funny)

cortesoft (1150075) | more than 5 years ago | (#24903499)

Nah, you can have a negative percent chance of succeeding in a task. For example, if you have a -5% chance of succeeding, not only will you fail every time you make an attempt, you will also fail 1 in 20 times that you don't even try.

Re:"....less than a zero percent chance" (5, Funny)

antifoidulus (807088) | more than 5 years ago | (#24903555)

I've been looking for a slashdot comment that succinctly sums up my life, and now I've found it!

Re:"....less than a zero percent chance" (0)

Anonymous Coward | more than 5 years ago | (#24903735)

Well, 0% chance means that it's anything inside the interval [0%, 1%) with probability 99%. Another example: 0.00% means 99%-confidence interval [0%, 0.01%).

Pop Quiz (1)

DingerX (847589) | more than 5 years ago | (#24903115)

Okay, so what's the logical fallacy at work here?

Re:Pop Quiz (1)

phantomfive (622387) | more than 5 years ago | (#24903231)

Your logical fallacy? Laziness, I guess. Or general failure to read the article.....

not trying to insult you (or maybe I am, I don't know, but I have nothing personal against you), but the prize purse is $40, as has been mentioned several times already in the comments, and what he is proposing is probably impossible, and if it's not, whoever has that ability probably won't want to share the technique for a mere $40.

Re:Pop Quiz (1)

pla (258480) | more than 5 years ago | (#24903675)

Your logical fallacy? Laziness, I guess. Or general failure to read the article.....

Er, no, you missed the GP's point. He referred to argumentum ad ignorantiam [fallacyfiles.org] , one of the classic logical fallacies: Absence of evidence does not mean evidence of absence (or feasibility).

In this case, it applies because the test has a one-sided bias... If someone accepted the challenge and succeeded, it would of course prove the viability of recovering a wiped drive. IF, however (as has happened), no one succeeds at the challenge... That doesn't prove the task as impossible.

Re:Pop Quiz (3, Interesting)

WK2 (1072560) | more than 5 years ago | (#24903771)

Sumary of the fallacies I've seen mentioned on Slashdot so far:
1) lack of reward ($40, plus used 80GB drive worth $30-$40 new, minus shipping).
2) risky. You have to pay a deposit of $60, you have to pay shipping, and you only get the drive for 3 days.
3) You aren't allowed to take the drive apart, which, theoretically, would be necessary for EMF recovery
4) lack of publicity. Many of us didn't even know about the challenge until today. Most professionals probably will have never heard about the challenge even when it is over.

Basically, they are assuming that if nobody does the challenge, that nobody could.

The do have a valid point though. DOD 3-pass is more than enough for 99% of people. Common criminals and the FBI wouldn't recover that, and the NSA might not either. Destroying perfectly good drives is a waste of money and resources, and the practice should stop in 99% of cases.

Unfortunately, 16systems doesn't have enough funding to prove this. It would be nice if a more wealthy person/company would duplicate this challenge, but have several hard drives, pay shipping, have a reasonable reward ($5000+, the more the merrier), and be able to advertise the challenge better.

The key issues here (1)

symbolset (646467) | more than 5 years ago | (#24903127)

The operating system that wiped the disk is not the one that was running on the PC, but a "known good" one. Otherwise a rootkit in the PC could lie to the wiping software about overwriting the disk.

The disk wiping completes successfuly overwriting all the blocks, not just the first few blocks of partition table and directory structure - all the data must be overwritten.

Although I use DBAN by preference because it's faster and wipes multiple drives at once, dd is a capable choice.

For "failed to wipe" drives, physical destruction is required.

Wow, what a prize! (4, Insightful)

Dahan (130247) | more than 5 years ago | (#24903137)

So the prize for winning is a $60 hard drive, plus $40? Damn, I don't know why people aren't just jumping all over that!

Also, disassembling the drive is against the rules of the challenge, unless you're a "established data recovery business ... or a National government law enforcement or intelligence agency".

This "challenge" is stupid.

Re:Wow, what a prize! (5, Insightful)

agurk (193950) | more than 5 years ago | (#24903365)

Actually they also ask you to tell how you did it. Even though they claim it is not a scam it seems like a scam in the sense that they after this weird experiment have proven that recovery is impossible.

It is like me setting up a challenge - can ketchup stains be removed from my white t-shirt?

Send a self-addressed, postage-paid box you pay shipping both ways with packaging material to the address listed below along with a sixty $60 USD deposit United States Postal Service Money Order only and I will mail the t-shirt to you.

If you can remove the stain you get to keep the t-shirt and I will give you the amazing amount of money $50 and the right to become "official stain remover". Btw, if you can't prove you are a established ketchup removal business - you cannot use water or any other fluid.

If this challenge is not taken within a year I have the right to tell the world that the worlds dry cleaners can't remove ketchup stains. The whole clothes cleaning industry is a hoax.

Re:Wow, what a prize! (1)

Simon80 (874052) | more than 5 years ago | (#24903609)

This is exactly the problem with this challenge, there's no reason why anyone would participate. Anyone in the (forensic) data recovery business would probably prefer to keep quiet about what it takes to destroy data anyway, lest people make their lives more difficult.

Re:Wow, what a prize! (1)

gEvil (beta) (945888) | more than 5 years ago | (#24903691)

I think your analogy would be a bit more apt if the "prize" was closer to $5 and the t-shirt. But I totally agree with your assessment of the situation.

Re:Wow, what a prize! (3, Insightful)

Renraku (518261) | more than 5 years ago | (#24903375)

The challenge isn't stupid, the rewards are.

If this were an X-prize type of deal, it'd be a lot better. Who's going to bother with EFMing a drive for $40? I guess some college students with access to those machines might, but those are very fickle and easy-to-fuck-up machines..aka..kept under lock, key, and password.

Re:Wow, what a prize! (1)

kestasjk (933987) | more than 5 years ago | (#24903703)

Most sites which run ads would pay well over $40 just to run a story on /. , it is a truly pitiful prize.

Jeez (4, Insightful)

trifish (826353) | more than 5 years ago | (#24903147)

Interestingly, the most important thing is missing from the summary -- the prize. So, what the prize is you ask?

An incredible, unbelievable, astonishing and amazing amount of... wtf... fourty (40) US Dollars? Yes, you heard that right! No wonder nobody has shown any interest in participating.

Full quote from the site: Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".

Re:Jeez (5, Insightful)

7 digits (986730) | more than 5 years ago | (#24903293)

> Interestingly, the most important thing is missing from the summary

Not only that, but also the fabulous restriction:

"You may not [...] disassemble the drive"

This is ridiculous. A drive overwritten with zero data will, by definition, returns 0s through ATA commands. The reason why some people overwrite sensible data several time is to guard against a possible scanning transmission electron microscopy, which, of course would need the disk to be disassembled to be performed.

How can this ends on slashdot ? Don't know...

Re:Jeez (1)

Drantin (569921) | more than 5 years ago | (#24903399)

They do allow data recovery companies to disassemble the drive...

Re:Jeez (1)

Darkness404 (1287218) | more than 5 years ago | (#24903547)

Yes, but why would they? They can charge $300 for a business to get important data back, why bother with $40 and a HD?

Re:Jeez (1)

TheSHAD0W (258774) | more than 5 years ago | (#24903765)

You don't need to do a STEM, but you do need to get an analog read off the data head, which of course requires you to disassemble the drive to connect to the wires. This is why reconstruction costs big bucks, and why no one is going to take this challenge to win $40.

Re:Jeez (0)

Anonymous Coward | more than 5 years ago | (#24903401)

Full quote from the site: Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".

Better than becoming the "King of Limbo [youtube.com] ".

Re:Jeez (1)

Warbothong (905464) | more than 5 years ago | (#24903425)

Interestingly, the most important thing is missing from the summary -- the prize. So, what the prize is you ask?

An incredible, unbelievable, astonishing and amazing amount of... wtf... fourty (40) US Dollars? Yes, you heard that right! No wonder nobody has shown any interest in participating.

Full quote from the site: Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".

That's not fair. They also get to keep whatever broken pile of scrap remains of the drive after they've managed to scrap the file/folder names off it :)

This prize is so valuable that it is actually a kingdom.

Re:Jeez (2, Funny)

Anonymous Coward | more than 5 years ago | (#24903475)

Yes, but once the Nation of Data Recovery rises, that prize will seem a lot better.

Where are the challengers? (3, Insightful)

phantomfive (622387) | more than 5 years ago | (#24903161)

Ugly unprofessional website, a prize purse of $40USD (plus the hard drive), restrictions that the drive can't be disassembled.....I can't imagine why they're having trouble getting interest. Raise the purse to $10,000 and you might have something.

In addition, according to Wikipedia, [wikipedia.org] what he proposes is actually impossible, at the very least an electron microscope would be needed.

Can't say I'm entirely disappointed by this story, though. At least I learned something that I was ignorant of before.

Re:Where are the challengers? (1)

Bill, Shooter of Bul (629286) | more than 5 years ago | (#24903583)

Well, its not impossible, but it would require the disassemble of the drive and the use of some expensive machinery or possibly knowledge of the harddrive's circuitry. . If I were in college, it might be a neat research project, but they explicitly say that you cannot disassemble it unless you are a for profit company or governmental agency. But yeah, for the "prize" its just plain stupid.

I'd like to try that myself with my own disk. I have some sophisticated software that I've used in the past to recover lost items. When a hard drive is damaged and the magnetism of a bit can be close to the value needed for a 1, but not quite. So with several different scans it might show different values. I'm thinking if the zero was correctly written to the disk, it probably wouldn't be able to read it as a 1 with repeated tries. Maybe with the right magnetic field, externally applied you could bump the former one bits back to one without quite knocking up the original zeros to that level. So if the 1 bit was actually knocked down by dd to 0.5 (interpreted as 0) an increase of all the disk by .5 would bump it up to 1, but the old zeros would be at 0.5.

Give me tenure and three grad students (at least two Chinese) and I'll do it.

Re:Where are the challengers? (1)

fishbowl (7759) | more than 5 years ago | (#24903677)

>Raise the purse to $10,000 and you might have something.

Make the data on the drive be a key to an independently verifiable escrow account.
First person to arrive with the key, takes all. It's really very simple to create a challenge of this kind.

The prize can be "seen", and the independent party that releases the prize to the first comer, has specific conditions that must be met. Put a disinterested party in charge of this part of the contest.

Utter stupidity (4, Insightful)

Reality Master 101 (179095) | more than 5 years ago | (#24903165)

First of all, do data recovery firms ever *claim* they can recover from a zeroed drive? No, they don't. The claim is that government-level forensic analysis *might* be able to recover data with only a single overwrite, with very sensitive expensive equipment. Not terribly surprising the FBI wouldn't take them up on this challenge.

Second of all, someone is supposed to waste a lot of time and money for just a cheap drive and a piece of paper from some entity no one has ever heard of?

And they're doing this to "prove" that this type of data recovery can't be done?

This has to be the lamest challenge that's ever been issued.

Re:Utter stupidity (0)

Anonymous Coward | more than 5 years ago | (#24903343)

Even somebody with sensitive equipment can't win. They stipulate that you cannot disassemble the drive. Modern hard drives have built-in micro-controllers with their own firmware. You'd have to disassemble just to bypass the software--which is convinced it's only reading zeroes.

If I wasn't afraid of some FBI "specialist" mistaking some random cached Japanese banner ad for child porn, I'd be content overwriting once with zeroes. But the government spends billions on equipment and man hours "saving the children". I'm not taking my chances knowing that said specialist will probably go up a pay grade for uncovering something - anything.

Re:Utter stupidity (1)

Henneshoe (987210) | more than 5 years ago | (#24903685)

Sorry to be offtopic, but I love you sig...It is a sad day, isn't it.

Electron microscope (0, Redundant)

Anonymous Coward | more than 5 years ago | (#24903177)

By using multiple overwrites, your are future-proofing versus new technologies that, if I understand it, would be able to duplicate what a team could currently achieve with an electron microscope and a lot of boring work.

All this challenge does is show that no one is willing to recover data for a free drive and forty bucks. Since the assumed ways to recover data that has been overwritten all cost way more than this, it's as if I issued a challenge to anyone who could demonstrate digging into the ground and finding oil, and the reward is a hundred dollars. Pretty good odds no one would "disprove" that either, just because it's not worth a hundred dollars to an oil company to parse, digest, and follow the instructions to obtain a hundred bucks.

The prize sucks (1)

tukang (1209392) | more than 5 years ago | (#24903181)

Should someone win, they get to keep the drive. They also will receive $40.00 USD and the title "King (or Queen) of Data Recovery".

Maybe they should offer a better prize to get more people to participate

Did they ask Steve Gibson? (0)

Anonymous Coward | more than 5 years ago | (#24903189)

He did SpinRite and is a real hard drive Guru. Someone should send him a email.

www.grc.com

0s are best (0)

Anonymous Coward | more than 5 years ago | (#24903195)

BTW,it is a good idea to wipe unused space with zeros. because, after de-fragmenting your drive would be full of duplicate chunks of data. and if you wipe free space with 0, it would be more 'clean' so that in case of disaster, its easier to recover individual files.

Non-challenge (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24903203)

I would guess that lack of measurable incentive to do the recovery is what they are seeing. why the hell would a professional bother doing this for $40? I know I wouldn't. Put up some real money and your data will be recovered in no time.

bad terms & conditions (1)

Arthur B. (806360) | more than 5 years ago | (#24903215)

The only way one could recover data here would be play on small change in alignment of the head to see what was before the 0, however, the instruction specifically prevent disassembling the hard drive... why do they even ship it then ?

Re:bad terms & conditions (4, Funny)

pegr (46683) | more than 5 years ago | (#24903431)

Agreed. They should save the expense of shipping the drive and just email a drive image instead. Being all zeros, it should compress well...

Re:bad terms & conditions (1)

Creepy Crawler (680178) | more than 5 years ago | (#24903517)

I used to crash BBSes doing exactly that.

Use Zmodem, upload a 1GB 0-file. Takes seconds, if that. When auto-decompressed, fills drive of machine and crashes it.

Rather effective. I'd assume that this same attack works on POSTing http gunk with gzip compression on. I havent tried..

why would anyone do this? (4, Insightful)

mrvan (973822) | more than 5 years ago | (#24903251)

Okay, here are my 3 reasons why a company would not accept this challenge:

(1) economical:

- I am asked to mail 60 USD to a random address, who claim they will return it to me if I send the harddisk back. This is a risk (how do I know it is not a scam?)
- In any case, I lose shipping charges both ways
- Maximum gain is 40$, plus an obscure web site calls me King of data recovery.
- Risk + Cost >> Gain

(2) International

I am asked to ship a US Postal money. A WHAT? Hello, creditcard? Paypal? Normal internaional cheque?

(3) Disassembly

All reasons I've heard for doing something more than dd is that there might be residual magnetic charge on the platter that is ignored by the filesystem. According to the rules of engagement, only some weird collection of institutions ("established data recovery business located in the United States of America" or "National government law enforcement or intelligence agency (NSA, CIA, FBI)") may disassemble the drive. How am I going to detect residual charge if I cannot disassemble it?

The last arguments compounds the first two, as only US Companies can disasseble, and disassembly voids the deposit, meaning I am certainly out 60$.

Next time that they want to be "noble and just to dispel myths, falsehoods and untruths", they should make a challenge that is actually interesting to any party to pick up.

Re:why would anyone do this? (1)

hurfy (735314) | more than 5 years ago | (#24903619)

Forgot a biggie

(0) You also must publicly disclose in a reproducible manner the method(s) used to win the challenge.

You think the 3 letter agencies are going to tell us their secrets for $40 ?!?!? You think the professional recovery companies will either?

Since the consensus is that you will to disassemble it to some extent that pretty much wraps it up. The possible 'fame' is the only reason left and noone seems to know these people so that 'fame' doe not seem valuable enough.

Perhaps if Google sponsored it and you get your name on the home page for a few days and a nifty Google logo name thingie....

Still won't answer if the alphabet soup guys can do it tho. Maybe $10k some else might try and prove it possible that they could.

That is not a proof (1)

zebslash (1107957) | more than 5 years ago | (#24903253)

From the FAQ: Because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used. They tell others this. Like chaos, it perpetuates itself until everyone believes it. Lots of good, usable hard drives are ruined in the process

Well, that might be right, private recovery companies may not be able to recover data in that case, but this does not mean this is not possible for government agencies.

From The Experts (4, Insightful)

randomc0de (928231) | more than 5 years ago | (#24903261)

Given my general level of paranoia, I recommend overwriting zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data complete off magnetic media. Bur or shred the media; it's cheaper to buy media new than to lose your secrets.

Because all data recovery companies have electron-tunneling microscopes on hand for recovery and aren't just running a Linux distro with a modified ext3fs to ignore "deleted" inodes. The longest AES key I've cracked is 28 bits (in Python, no less!). Yet we still use a minimum of 128, more likely 256. It's not the guys running recover [sourceforge.net] I'm worried about. It's the spooks with electron f'ing microscopes and a direct connection to AT&T.

Resources required to perform such a feat.. (1)

mr_stinky_britches (926212) | more than 5 years ago | (#24903265)

I would expect that the resources that would be required (for the equipment and the expertise) to make a serious attempt at this are out of reach for most. I'm sure the likes of organizations such as the NSA have already attempted this, but as to whether or not they had any success..well I'm sure that information is classified.

--
  WI-FIzzle Blaahhggg.. I just post useful code snippets and linux information here [wi-fizzle.com]

An urban legend (4, Interesting)

Ancient_Hacker (751168) | more than 5 years ago | (#24903297)

It's an urban legend. You can't recover erased bits. If you could it would imply that you can store at least two bits in the space of one. Disk companies have a pretty good idea what their heads and surfaces can do. Do you think they'd be passing up big $$$ by under-utilizing their disk's capacity?

There is that one Usenix conference "paper" foating around out there, but if you read it carefully it does not give a single example of one recovered bit.

If you've ever looked at the waveform coming off a disk head, you'd wonder with all the x/y noise and jitter how they can get even ONE bit out of that hairball. The answer is, they can, just barely, by applying all the sync, gating, PLL, and deglitching tricks, just barely reliably recover bits at the maximum recording density possible.

And all those pictures they show of bit patterns lingering under large erased areas are actually counter-examples. They prove that you can detect periodic bit patterns under large erased areas. Duh. In the real world the underlying data is not periodic, and the erasure isn't smooth or periodic either. If you overwrite real typical data with random data, you can't recover the original data. Shannon and company, you know.
 

Re:An urban legend (1)

russotto (537200) | more than 5 years ago | (#24903351)

It's an urban legend. You can't recover erased bits. If you could it would imply that you can store at least two bits in the space of one. Disk companies have a pretty good idea what their heads and surfaces can do.

The idea is you wouldn't use standard heads.

It is NOT an "urban legend"... (4, Informative)

Jane Q. Public (1010737) | more than 5 years ago | (#24903527)

... it is merely old tech that is no longer relevant. In the old days of sloppy mechanical tolerances (and read-write heads), it was possible to leave traces that were misaligned with the main bits of the current data. With good custom drivers and software, it was often possible to recover some of this data.

This is of course no longer true what with much tighter tolerances, smaller and vertical magnetic domains, and so on. I think that is the point of this challenge.

Re:An urban legend (1)

Jeffrey Baker (6191) | more than 5 years ago | (#24903579)

At the end of a disk's life, it is usually 3-5 years old, during which time the sensitivity of the pickup and the magic of the DSP have doubled more than once. So your attacker takes your discarded disk and installs the platters in a modern mechanism, enabling him to read, with his much more sensitive equipment, magnetic fields that the original mechanism was unable to detect.

But what about the .jpg? (0)

Anonymous Coward | more than 5 years ago | (#24903309)

Uh-oh. I think they forgot to overwrite the region of the .jpg containing the filenames multiple times with random colours!

Re:But what about the .jpg? (1)

CableModemSniper (556285) | more than 5 years ago | (#24903487)

Well you can see approximately how long the name of the first item in the dir listing is, as the top border of the selection indicator is still visible.

Its possible..... (1)

3seas (184403) | more than 5 years ago | (#24903319)

.... to recover all the zero's

LOL (0)

Anonymous Coward | more than 5 years ago | (#24903323)

The fact that you only allow 3 days upon receipt of the drive plainly shows your ignorance of how hard drives work.

It takes a long time to take magnetic force microscope (MFM) images of the drive. Researchers at Georgia Tech could do your challenge, but not in 3 days and not for your lame 'prize.'

Bullshit "contest" (0)

Anonymous Coward | more than 5 years ago | (#24903349)

So, you can't disassemble the drive, and you have to get data off a tiny fraction of the drive.

Data recovery companies are in the business of repairing physical damage and a few "oh shit" cases. They're not going to use an STM to look at a drive. However, the Mossad or CIA is quite willing to spend any amount of money to spy on you if you're a target. If you're got HIPPA stuff on it, destroy the drive. If you've got old logs on it, /dev/zero is fine.

No takers (1)

deblau (68023) | more than 5 years ago | (#24903353)

Their offer if you win: a whopping $40 (plus you get to keep the drive!). No way in hell you can recover data after dd for $40. My time alone is worth more than that. Offer me $40,000 and I'll consider it.

It's about time. (1)

Jane Q. Public (1010737) | more than 5 years ago | (#24903361)

"Forensic data recovery" may have worked on overwritten drive space before, back when mechanical tolerances and drive heads were sloppy. Modern drives are a much different story. There is little to no room for "magnetic slop" surrounding a written bit. If there were, the drives would simply not work well!

damn straight! (5, Funny)

larry bagina (561269) | more than 5 years ago | (#24903377)

Last month, I challenged every female olympic gymnast to prove she was over 16 by having sex with me. (The age of consent is 16 in my state). To date, every gymnast has ignored me, with the exception of 1 whose boyfriend threatened to kill me. Therefore, we now have proof that all the female olympic gymnasts are under 16 and should be disqualified.

Re:damn straight! (5, Funny)

Anonymous Coward | more than 5 years ago | (#24903645)

You have the same problem the Great 0 Challenge has, your prize is too small!

What if...(conspiracy) (1)

PottedMeat (1158195) | more than 5 years ago | (#24903419)

They're all in bed with each other! :O

Maybe they *can* actually recover the data BUT they DON'T so that all the criminals believe the hype and go merrily on with their criminal ways believing dd will keep them safe. :O!
PM

Not so crazy (1)

poptones (653660) | more than 5 years ago | (#24903755)

Duh. And data recovery companies probably get a good bit of business from law enforcement - who would be very upstet at such a security breach. So, duh, they win 40 dollars and some lame title and lose millions in business.

But it doesn't matter anyway. My friend's house got broken into while his mother was in bed. They were right in her bedroom and stole her purse which had 3000.00 in it. They got prints off a GLASS tabletop and sent them off, apparently to the cornfield. It's been nine months and no one has replied.

It seems very unlikely the police are going ot be interested in you unless they strongly suspect you have been very, very bad. Perhaps if its a very high profile case or you have enough money they actually stand to recover their investment in the investigation they might actually do some of this high end stuff. Most people simply aren't worth more than "high end" script kiddie efforts at data recovery, so it's all moot anyway.

So soon they've proved (0)

Anonymous Coward | more than 5 years ago | (#24903453)

nobody will restore your once written over hdd for 100 bucks.

Whereas technically it's an interesting thing, it obviously isn't economically.

Why Can't They? (1)

Ian Alexander (997430) | more than 5 years ago | (#24903501)

From the link, what one data recovery company said after being told that the drive had been zero'd out with dd:

According to our Unix team, there is less than a zero percent chance of data recovery after that dd command. The drive itself has been overwritten in a very fundamental manner.

Can anyone tell me what's so fundamental about the "dd" command that there's not even no chance the data could be recovered?

Is it a myth? (1)

Pedrito (94783) | more than 5 years ago | (#24903571)

From the site: Legitimate data recovery firms know this. They will not take the challenge. Neither will a national government agency.

Okay, well first of all, it wouldn't be in the interest of any government law enforcement to accept this challenge. Why would they? To show us what they can and can't do? I think it's in their best interest to keep that to themselves and keep us wondering.

I don't know if the overwriting thing is a myth or not. I don't know enough about the physics of it to even approach an answer. On the other hand, I've had conversations with people who build gadgets for spooks and they have stuff that a lot of people here would probably consider impossible. The government hires some of the brightest minds for this kind of stuff.

I've learned to forgo the word "impossible" when it comes to this kind of stuff. You just never know. On the other hand, I don't really care one way or the other. I don't keep anything on my hard drives that I'd worry about the government finding.

It is recoverable, but at a price. (4, Informative)

viking80 (697716) | more than 5 years ago | (#24903581)

It is likely that there is a hysteresis in the platter causing a "0" written on top of a "1" to be slightly "weaker" than a "0" written on top of a "0".

On old tape, this hysteresis was about 10%, and was actually visible with a magnetic loupe, so depending on s/n ratio, you could recover quite a bit, no pun intended.

The problem with a HDD is that the signal from the heads go through a lot of signal processing including Extended PRML or EPRML. There is also an algorithm like RZ to not have a long series of the same bit written physically. If you take the electrical output from the read head, you will have a big task reconstructing the data, even if there only good data.

The only places today that can analyze well what is read physically is at HDD manufacturers research lab, and probably using custom HW to read the platter that collects all the errors and offsets. For a recovery company to do this, they probably would have to invest millions of $$$, so they will not.

So bottom line is that you could send the drive in to Western Digital, and they could probably recover the raw data with about 90% accuracy. If that is enough for the error recovery to chew on, I am not sure, but here and there, long strings would be recovered. They can for sure give the exact probability for the recovery of a bit.

WD however does not have any incentives to demonstrate that wiping their drives with "0" is not sufficient. aux contrare, they may consider this an undesirable property. Therefore, the only ones that can recover this is unwilling.

So the challenge remains unaccepted.

I've (0)

Anonymous Coward | more than 5 years ago | (#24903663)

I've got an opinion on this issue. And I have a challenge for mister Great Zero Challenge.

If you can determine my opinion, you win.
The prize: A brand new american one dollar bill.

Just send me $20 for shipping and handling.

And you can be king of guessing my opinion.

The reward is shit (1)

thetoadwarrior (1268702) | more than 5 years ago | (#24903673)

It's not a competition run by a large website so there won't be any publicity and the reward is smaller than what you pay out. Even if I was 100% sure I could do it I wouldn't bother.

Microscope for magnetic recovery? (1)

exscape (1302123) | more than 5 years ago | (#24903687)

Hmm. Could someone explain exactly how the electron-tunneling microscope could help recover data? And, could it really be used to recover more than a couple of bits?

Unacceptable terms (0)

Anonymous Coward | more than 5 years ago | (#24903693)

If anyone were able to do this, the terms say they have to disclose their methodology. No company in their right mind would give away their trade secrets for the paltry sum of $40.

Forty dollars?? Why would anybody enter this? (0, Redundant)

Geoffrey.landis (926948) | more than 5 years ago | (#24903697)

Let's see, you pay shipping both ways, you're not allowed to disassemble the drive, you're "allowed" to do three days of work (suppose eight hours per day, a hundred dollars an hour, about twenty-four hundred dollars worth of labor)... and if you win, you get forty dollars. And you get to keep the drive.

Why would anybody enter this "contest"?

I would certainly believe, for what it's worth, that you can't recover the data from an overwritten drive without disassembling it. That's a "well, duh" statement. You have to get at the physical media. And it's certainly going to cost you more than the forty dollars, minus the amount you paid for round-trip shipping, that you could win.

Flaw in the challenge? (1)

Onyma (1018104) | more than 5 years ago | (#24903715)

Is the challenge not fundamentally flawed? The rules require that the drive be returned after 3 days in the same condition it was sent in. This immediately precludes invasive methods of data recovery and requires the firm to use only the drive's on board electronics to access it. The drive's on-boards are not going to pick up any residual magnetism in the platters as they over-wrote the data. They are only sensitive enough to read the residual field they applied in the first place. (obvious by design) If the default heads picked up residual traces of previous data all our hard drives would be pretty useless, wouldn't they?

By adding this requirement you handicap the recovery firms to an extent that obviously they won't try it. The proper way to do this would be to have a series of drives available that can be put through proper invasive data recovery processes.

Ill make a guess. (1)

Creepy Crawler (680178) | more than 5 years ago | (#24903767)

File "8890 KB" name is alpgen_w1jet_pt20_r07_245.tar

Am I right?

This story comes 48 hours too late. (1)

txoof (553270) | more than 5 years ago | (#24903785)

I've just spent the last two days with a POS gateway, Knopix and many, many hard drives dangling out of the case while I write randomized cruft to the 600 some gigs of old drives.

I guess I have to take the author's word for it that the recovery companies refused to work on the drive and disregard the "conventional wisdom". I'm really tempted to format one of the drives, dump some data, dd it and see if I can pull anything worth while off of it. Has anyone tried this themselves with any of the forensics tools out there?

Well, I'm almost done with all the old drives; I might as well finish up the project.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...