Convenient Timing: Politician's Computer 'Crashed' And Deleted Everything Just As Investigators Asked To See It
from the how-convenient dept
Don’t you just love convenient timing? The Raw Feed points us to a corruption case involving a commissioner in Hollywood, Florida. He apparently helped a company win an $18 million “sludge-handling” contract. However, just as investigators went to search his computer it was conveniently “wiped clean”. He claims it just crashed, even though that crash (conveniently, again) was so thorough that no data was recoverable from the drive even after being sent to various data recovery shops. Not surprisingly, this is raising a few eyebrows, though his lawyer insists that if the guy was really trying to hide info, he would have just “thrown out” the computer.
Comments on “Convenient Timing: Politician's Computer 'Crashed' And Deleted Everything Just As Investigators Asked To See It”
get his logs
Well, it shouldn’t matter because the commissioners ISP will have a full record of all his emails and traffic, right?
Oh. What’s that you say? When it’s a suspected “terrorist” the ISP will jump and shout “how high?!”, but when it’s a well fed Hollywood socialite with influence suddenly the rules are quite different.
Also, I doubt he had the knowledge to wipe it himself, so somebody did the wipe for him. That’s where I’d be directing my investigations.
And no, I’m not advocating for the fascists, you probably don’t understand what I’m saying here… if we are to embrace a transparrent “surveillance society” then the sooner it applies to everyone and the sooner people with power get burned by it the sooner the tide will turn against. I expect the investigators can find numerous other pieces of tangible evidence against this person if he is indeed guilty.
Re: get his logs
um….. well i totally agree with your comment except for the small fact that dood isn’t exactly a “Hollywood Socialite” he happens to be a commissioner in Hollywood FLORIDA, wrong state… I love lawyers, especially when they play dumb. If he had thrown out the computer the investigators would have probably got their hands on it. A computer doesn’t just “crash” leaving the hard drive unreadable by said recovery firms. To have an occurrence like that with a hard drive the owner or someone close to the owner would have deliberately placed the proper mechanisms (software/scripts) to render the hard drive unreadable.
Re: Clinton's Carnivore
Well, it shouldn’t matter because the commissioners ISP will have a full record of all his emails and traffic, right?
Clinton’s carnivore program should have those records. From memory, they should trace who he e-mailed and who e-mailed him.
Re: get his logs
It’s Hollywood Florida not LA, but the point is taken
Re: get his logs
@misanthropic humanist:
If you have to tell your readers, in the middle of the post, that they don’t understand what you are saying, then you probably:
a) don’t think very much of your readers, and if so, why bother writing to them.
OR
b) haven’t done a very good job of explaining what you are talking about.
In case you don’t understand what I am saying here, I am leaning towards “b”.
Re: get his logs
Theres quite a few program out their that with little effort completely wipe your HDD beyond all recovery… they work and not too difficult to find!
Re: get his logs
Hollywood FLORIDA not Hollywood California! Reading comprehension FTW!
Re: get his logs
Hollywood Florida… I doubt he was high powered.
That's a helluva crash...
I don’t care how bad of a crash it is, as far as I know most private data recovery companies can recover upto 32x zero-wiping and the NSA can do 70ish. It would have to crash into a bloody electro-magnet the size of a small child to make everything non-recoveable.
Re: That's a helluva crash...
a small virus that can load a program into a ramdrive and do a guttman wipe while emulating standby? Just speculating…
Re: That's a helluva crash...
“It would have to crash into a bloody electro-magnet the size of a small child to make everything non-recoverable.”
Just to make this clear. A hard drive’s metallic case creates a Faraday cage that makes it impossible to erase the platters inside no matter how large the magnet on the outside. One has to remove the cover to nullify this effect.
Re: That's a helluva crash...
Well, yes, it is extremely easy to determine if it were a crash or a special method of cleaning the drive. If they can’t recover anything… well, then it is easy to prove that the person intentionally hid the data. Most cleaning methods typically will erase and rewrite bits to the data 5 times or more to ensure that it is not left, and add a little extra fragmentation to that mix, and you’ve then made it extremely difficult to recover anything. Unfortunately, doing things like this in such a systematic manner is also very detectable as well. Otherwise a real crash will have sectors and with some sort of ascii and unicode data fragmented… I believe in chunks such as 32k or more as I recall although its been awhile since I have looked at recent file tables.
Re: That's a helluva crash...
You’re talking about 70x wipes, others talk about how the guy had no skill… what if he went to his local comp store and bought a new blank drive and put THAT in the PC.
Ain’t nothing to unwipe. I bet that’s what he did.
Also, you can make a drive impossible to read by taking it apart and destroying the disc platters.
Hollywood socialite with influence?
Hollywood is a town in Florida, not a very big one I may add. And the Hollywood socialite is the commissioner of said town. Florida is a breeding ground for dirty city officials, just reference our last few uses of voting machines….
Re: Hollywood socialite with influence?
Hollywood FL. Isn’t Hollywood predominantly democrat? I seem to remember union members dragging the homeless into the polls with promises of cartons of tobacco products. And I seem to remember a few politicians combing the cemetaries, looking for “voters”… and I seem to remember the majority of these cemetary votes were for liberal democrats! Isn’t that amazing? Liberals are well-known in south Florida for stuffing the ballot boxes. It goes back to the ’70s. What I find amazing is that CNN and the newspapers don’t want to report on this… they want to report ONLY about Diebold and voting machines, or about a lost key to a ballot box in a primarily Republican district.
hmmm....
Let us assume that if this guy is smart enough to know he needs to get rid of his data then he knows someone who can arrange that.
If I had been approached to do this job, I would have put in a new hard drive and started fresh, and then taken a grinder to the old hard drive. NSA or not, once I take an abravive grinder and then a torch to the platter in that hard drive, nobody is getting anything back.
Re: hmmm....
Just to be extra cautious, Special Operations Delta Force’s IT department at Ft. Bragg, physically blow up their Hard Drives into little sheriff meatballs as the only way to guarantee that all the data is destroyed, plus it’s a blast! (sorry about pun, couldn’t resist)
covering your tracks
back in the days of dinosaurs when Nixon was in the process of falling from power it was discovered that there was an 18.5 minute gap on one of the tapes which Nixon had been ordered to hand over.
His secretary, Rosemary Wood fell on her sword and said she “accidentally’ erased the section while transcribing the tape.
experts said yeah, she sure did. it had been erased nine times. they didn’t have the technology to recover it then. but Nixon, you may have read, did not skate free.
damn...
wtf did he do to the thing? from what i understand, short of a hard drive having an unfortunate run-in with a blow torch for a few hours or so you can always recover some data…
Re: damn...
Harddrives are actually pretty fragile. just touch a strong magnet to it, and you’ll lose a lot of data; the stronger the magnet, the more thorough the wipe
Re: Re: damn...
just touch a strong magnet to it, and you’ll lose a lot of data; the stronger the magnet, the more thorough the wipe
It’s actually pretty hard to get a magnet strong enough to completely degauss a hard drive. The strongest one at Home Depot will probably give you problems reading your data, but recovery services should still be able to retrieve information.
Remember too, in order for the hard drive to still be useful to you, 98% or more of the data needs to be retrievable. For a recovery service prosecuting a legal case, only 10% or so would be needed.
Re: Re: Re: damn...
Maybe he sneaked into the hospital late at night and stuck the uncased harddrive in the CT machine and turned it on. (that would be a blast to see)
Re: Re: damn...
RHSC, what you are saying is actually incorrect. All current HDDs actually have a powerful rare-earth magnet in their read / write mechanism to allow accurate positioning of their heads. If you placed a magnet directly onto the bare naked platters then you would do damage, however, it is actually possible to mount a powerful magnet right next to a running HDD (even touching) and not lose any data.
If it had been a drive from ten years ago then you would, in fact, be correct.
Damn
Shredder software can more than just delete files it’s like putting paper in a shredder. Delete the files then run the shredder. Many corporations use it to be sure that customer or other sensitive data cannot be recovered even by “accident”. You can buy a good cheap shredder program for about $50.00
Re: Damn
You can get very good shredder software for free. There are plenty of open source programs that can rewrite your hard drive several hundred times with options of 7 or 8 different rewrite methods.
Now hold on...
Wasn’t it just a few months ago when a suspected file sharer “erased” all the stuff on his PC before it could be inspected and he was declared guilty by default? If this were some average Joe he’d be in federal ass pounding prison by the time I typed this comment.
Re: Now hold on...
Wasn’t it just a few months ago when a suspected file sharer “erased” all the stuff on his PC before it could be inspected and he was declared guilty by default?
IANAL, but …
In the file swapping case, there was other evidence. Legally, there is a big difference between shredding the files (as it were) before they are subpoenaed and after. When hiring one time, the lawyer advised us to take whatever notes during the interview process, make the decision, make a short summary justifying why we hired A over B or C and then shred all the notes except the summary.
This is also why you don’t want to save every e-mail you’ve ever received for the last 10 years. If it gets subpoenaed, you’ll have to hire a lawyer to read through all that stuff to ensure there’s nothing incriminating. If you delete on a regular basis then you don’t need to worry if you’re subpoenaed.
DBAN
Never mind buying a good program, you can download an excellent drive shredder (perhaps the best available) for free.
For what most people do a single wipe is more than adequate. I guarantee if I gave you one of my old drives, single-wiped, it would cost you more than the data is worth to recover any of it. Tthree passes with cryptographically strong random data is more than enough for almost everybody.
Back in the old 30MB drive days, yes, it was possible to pick up residual magnetic patterns under or between tracks. But modern drives pack in almost four orders of magnitude more data and are limited by the physics of the media rather than the physical size of the read heads. The same characteristics of the media that made those old drives recoverable are now being used to store more data.
The real threat is bad sectors that get reallocated and never written again. So if you really want to be sure don’t even bother trying to wipe the drive, just physically shred and melt the drive platters.
wiping
” it would cost you more than the data is worth to recover any of it.”
To catch a dirty politician and impeach him, do you think cost is an issue? If this guy’s enemies could get him out of office, they’d spend whatever it takes.
Just my .02,
The Justice department has my blessings to spend as much of my tax money as necessary to prosecute ANY politician found engaging in breaking any law.
If we can watch everyone, lets START with the Politicians, that will change their tune immediately.
Damn / DBAN
actually, i’m well aware of “shredding” programs, however from my understanding there still exists a magnetic “fingerprint” regardless of how many times you write over the data. write over it with 1s, 0s, alternating pattern and then its inverse, whatever… you can still determine the past quantum state of the electrons in the transistor.. (from my understanding, i could be wrong, but this is how i thought the military recovered data from “enemy” hard drives [essentially you can forget the DoD standard for securely erasing files from a drive]) if anyone knows anything else about this please let me know…
also, i’m pretty sure the size doesn’t limit the ability to recover data by the means in which i’m talking about… i could be wrong though, any links would be greatly appreciated…
Common Myths
You may not believe it but that 250g drive is not perfect and it has a problem writing over the same area every time. Getting lucky enough to hit the very same spot 70x is a crap shoot and you leave bits of your previous write all over the tracks.
So secure wipes are not that, and in practice will show evidence of that type of action. It’s just funny in this case they can’t prove he secure wiped it, which can be done.
Common Myths
I’ll have to side with Xanius’s analysis:
“It would have to crash into a bloody electro-magnet the size of a small child to make everything non-recoverable.”
however, removing evidence of a secure wipe would be easily done if you were to then copy multiple large files and fill up the hard drive with actual information repeatedly. again, however, there was nothing on the drive… maybe that electro-magnet was the size of a fat kid…
Do the math, paranoids.
If you could determine what data existed on the drive an arbitrary number of rewrites ago, wouldn’t that mean you can store infinite data in a finite volume?
There’s a limit to how far back you can go. For those of us with finite money, that’s probably one pass. For the NSA, the number of passes isn’t as important as the thermal conditions when the interesting data was written versus when the wiping was done. (Temperature is a big factor in thermal susceptibility of magnetic materials, and thermal expansion affects how the drive’s servo mechanism calibrates itself.)
Anyway, as Phreaki points out, there’s no need to show what the data actually was, just that the wiping was intentional. That’s enough to get “destruction of evidence”, which is usually seen as an admission of guilt.
Im a fan of the “buy a new blank HDD and replace it and hide the old one, and hide it good” theory.
Re: Re:
“Im a fan of the “buy a new blank HDD and replace it and hide the old one, and hide it good” theory.”
If by “hide it good” you mean grind it up and burn it in a very hot fire, then I agree.
Ohhhh noez 🙁
All his kiddie porn collection’s gone
New Drive
All you have to do is pull the old drive, and install a new one. Throw the old drive away, and POOF! No evidence. Nevermind all that damn wiping, just replace it…JEEZ!!
Why can’t he PHYSICALLY destroy the friggin hard drive?
By physically destroying, I mean, use a hammer, and slam it to pieces and have a bon fire.
duh he just swapped the drive with a brand new one.
Electro-Magnet the size of a small child
Got a 21″ monitor the size of a small child, I supose you could hold it up to the screen and slam the degauss button a few times to do the trick. Makes the hair on my arms bristle when I degauss,??
Scr3w3d
Drives do crash and crash hard. I am a infosec guy and I can tell you from first hand experience that clean rooms cannot always recover data. That being said this guy is a total loser and likely with or without his hard drive there is enough forensic evidence. As earlier stated it is likely his ISP would have some logs of his IP traffic and so on. If this guy doesn’t go down…it will be because of shoddy investigation work.
That's a helluva crash...
I have my doubts about the casing on the hard drive to act as a true faraday cage… in fact, if i build the magnetic, can we use your hard drive to test it on?
Sounds like Florida has some crappy IT infrastructure policies. As far as most (if not all) Washington government stablishments, each has to have some kind of backup/archival policy which is specifically intended for auditing.
Infosec
My first reaction is that they haven’t talked to the right data retriveval company as OnTrack has a fantastic record and if they can’t get it back, THEN the drive isn’t the same drive so I’d start looking around for the old drive. As for the rest of the comments, well it is quite possible to recover data no matter what short of ablating the platters into fine sand and incinerating the metal sand, if you know what you are doing even in the face of virtual shredding programs. That’s why I don’t rely on shredding programs but rather extreme-grade, multi-layer encryption but hey, the work I do requires it. TEMPEST++
I am also puzzled about the Sun-Sentinal report mentioning e-mails. E-mails do not exist in a vacuum. They have a source, one or more hops along the way, and a destination. Who the frag is their computer forensic analyst here? Combine these two lapses, not using OnTrack and not utilizing both ends, and perhaps intermediaries, to retrieve e-mails tells me that we’d kick him off our Forensics e-mail list! Sheesh. Something is out to lunch here.
This will scare the pants off ya
http://www.cs.auckland.ac.nz/~pgut001/
Peter Gutmann regularly writes papers and lectures on computer security, and shows that it is nearly impossible to delete data beyond recovery from hard disk drives (short of physically destroying the platters.
Gave me the shivers when I read some of his papers, and I have very little to hide (only passwords etc.).
Electro-magnet
As far as erasing the harddrive, DOD standards require a degausing (Very large EMP multiple times) in order to render a hd unusable. If you want a blank harddrive, you use a degauser. No physical damage is done to the HD, but all data is truly gone. (Some special hard drives DO have a higher EM retention rate, but those just need to be put through a few more times)
Assuming he knew someone who had access to one, it would easy to pop out the drive, degaus it, return the drive to the pc, and claim a crash. (even a head crash, btw, always leaves something behind)
my .02
Data Loss?
Well, if you want to get rid of data, you don’t just throw it away. It seems to me that when this data was erased, or corrupted it was obviously done intentionally. When a computer crashes, yes it might mess up the hard drive but in most cases all or most of the data can be found through a data recovery service. They definately used a program to wipe the drive clean. And i mean real clean so any data recovery service would not be able to recover it. This was intentional.
This will scare the pants off ya / Do the math
Thanks for the link, that’s exactly what i was looking for. It looks as though most of the “shredder” programs fall far below the required level of needed rewrites and erasure… I’ve seen one that uses the “Gutmann” model for erasing… the rest, wel
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
explains why they’d fall short by today’s standards. The link also gives a good explanation as to why you can constantly rewrite to an area and still recover from it if you’re not using the correct bits to write over that area… so much for the “infinite storage in a finite space”… one pass would work? hardly…
Absence of evidence is evidence of absence
once you have looked.
Let me get this straight:
1. there is no incriminating evidence to be found on the guys drive;
2. the guy probably lacked the sophistication to do a complete wipe.
Conclusion: there was never any incriminating evidence on his hard drive in the first place. The only sort of evidence that would be likely to be there would be emails.
Now they need to go check his cell phone records.
Destroying Data
I had a friend who did work experience at DSTO in Australia, and they eridacate secure data on old HDDs by formating the drive, then taking an angle grinder to each of the platters, then cutting the whole thing into a pizza, then welding aa whole lot of pieces into a random stack/blob. good luck reading anuy data off of that. If they need stress reflioef, they also hit the platters a few time with a big hammer. If they really whant fun, they can take the drives to the EOP and blow th platters up. after they have done the angle grinder/ blowtorch routine.
Faraday Cage...
Just a thought, but if the drive casing was lucky enough to be a Faraday cage…
If you were to coil and charge wire around it and make the hard disk itself into an electromagnet what would happen to the data?
Not that I plan to try this on my own disk, but it could be effective. 🙂
erase a harddrive
Maybe he knew some one at a scrap yard, wouldn’t an electromagnet that picks up cars and such be strong enough to wipe a drive? I worked at a scrap yard a few years and they could pick up a 2 ton truck, I’m sure it would work for a hardrive thats only a lbs or so, right? would that work? then it would look like a crash, wouldn’t take much technical skill either, just loosen a few screws and unplugh the HDD and take it out to the scrap yard
Various data shops have varying skills. I’d be curious to know if they took the plates out and rebuild them in another drive.
If he were running Mac OS X there is an option to rewrite the drive 35 X over with data. Good luck recoverin’ dat’ sh**
so
so it crashed and deleted everything. As long as it wasn’t written over it should be recoverable.
DOD
i use the same program that the DOD uses when it wipes its drives. drives may be recoverable after that is done, but it is DAMN hard and, generally, costs to much.
DOD / Mac Guy
The DoD doesn’t use a program… they magnetically degauss the hard drives, essentially switching all the switches back and forth repeatedly so as to eliminate data. The DoD does make recommendations though for software whipping of hard drives and if you read their scheme and then read the link i gave above about Gutmann’s overview of magnetic disc whipping you’ll see that DoD’s software standard is not secure, Gutmann’s is very sound though, it’s the software rewrite equivalent (as close as you can get) to degaussing the drive… and trust me, Gutmann is smarter than any of us posting on here…
MacGuy:
It rewrites the drive 35x over with what kind of data… if you read the link i gave above Gutmann explains why, depending on what kind of drive you have, it makes a difference what kind of data patterns you write it over with. He also explains how they recover data from hard drives and why it works…