Data Recovery (was: [rescue] nuking from orbit)

Wed Aug 29 09:38:42 CDT 2001

> -----Original Message-----
> From: Al Potter [mailto:apotter at icsa.net]
>[[SNIP]]
> jnielson at ihccorp.com said:
> > If I can find the article, I'll post the link. 
> 
> Post the link, otherwise this is unadulterated Bullshit, and 
> may still be.
> 
> The NSA drives the train for establishing standards like this 
> for use within the US government.

David Cantrell already posted the link to research
in New Zealand.  (Side note:  David is a truly
wonderful human being regardless of the fact that
when I met up with him in the Tube station he looked
to have walked straight out of Mad Max.  He knows
good--strike that, EXCELLENT whisky and where to
find it, along with good Indian food.  He even put
up with me afterward when I started quoting Monty
Python in a truly poor fake accent.  David, please
send a mailing address so I can figure out how best
to ship Mountain Dew and Jolt.)

I have a little too much insight into this, but
I'll comment anyway to try to clear the air.  Read
on if you so desire (yeah, another $%^&* dissertation
from Rip):
1.  The "feature" which gets used to allow recovery
	of data is referred to as remanence.  It's
	a big problem with magnetic media (tapes/disks/
	iron core memory) but it can also show up
	in silicon-based media (e.g., flash cards even
	when over-written).
2.  There are differences between "keyboard" attacks
	to recover data and "laboratory" attacks to
	recover data.  For example, within NSA in
	recent times, systems that were used on highly
	classified NSA internal networks had their
	hard disks over-written multiple times and
	were then attached to unclassified networks
	used to access the Internet.  This was acceptable
	because the systems were also labeled and
	identified as not being suitable for "excessing"
	(sending to surplus/DRMO) without removal of
	the hard disk as a minimum.  There was no
	"keyboard" attack, even if the systems were
	compromised, that was going to be able to
	recover classified data--and the Government
	was able to save taxpayer money by re-using
	older systems to provide basic functions.
3.  NSA does "drive the train" for such standards
	but only has _direct_ control over the handling
	of COMSEC material (crypto keying material and
	related info). NSA does have significant influence
	over the handling of media that contain[s,ed] Top
	Secret material (especially Sensitive Compartmented
	Intelligence) but the rules have historically
	not always perfectly followed NSA's
	recommendations for disks that had SECRET or lower
	material.  The problem is a common one in
	the security field--"risk avoidance" costs
	too much in some (many) cases, so what is
	practiced instead is "risk mitigation" or
	"risk reduction".  Note the differences between
	the old TCSEC methods and the Common Criteria,
	for example--and look at the number of B2
	or better TCSEC-certified systems that were
	ever operationally fielded.
4.  Out of those of us on the list, Dave's probably
	the only one with enough toys to make recovery
	of data from a properly-overwritten disk
	even vaguely possible...and even then he would
	likely need certain other facilities.  Dave's
	right, by the way, about the fact that
	folks have been doing this for much longer
	than a year--if one actually looks at some
	of the guidance that's been around for awhile,
	it's been at least a concern for 25+ years.
	I will not speculate as to how long it's been
	a functional and usable capability.

To the best of my knowledge, none of the information
I have stated is classified or requires special
handling in any way, and I definitely do not speak
for SAIC in this much less NSA--but I have direct
knowledge that the above statements are factually based
and truthful.  I'm volunteering this information
to cut down on random speculation.  Yes, I live in
Maryland very near Ft. Meade.  Yes, in a previous
lifetime I was involved in destroying sensitive-but-
obsolete equipment by "pulverizing" (with a
sledgehammer in the parking lot, since we were in
a location that didn't have a hammer mill).  No, that
doesn't mean that I am going to be a font of knowledge
about any TLAs (*).  I bit my virtual tongue three times
before jumping into this thread.