Convenient Timing: Politician's Computer 'Crashed' And Deleted Everything Just As Investigators Asked To See It
from the how-convenient dept
Don't you just love convenient timing? The Raw Feed points us to a corruption case involving a commissioner in Hollywood, Florida. He apparently helped a company win an $18 million "sludge-handling" contract. However, just as investigators went to search his computer it was conveniently "wiped clean". He claims it just crashed, even though that crash (conveniently, again) was so thorough that no data was recoverable from the drive even after being sent to various data recovery shops. Not surprisingly, this is raising a few eyebrows, though his lawyer insists that if the guy was really trying to hide info, he would have just "thrown out" the computer.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
get his logs
Oh. What's that you say? When it's a suspected "terrorist" the ISP will jump and shout "how high?!", but when it's a well fed Hollywood socialite with influence suddenly the rules are quite different.
Also, I doubt he had the knowledge to wipe it himself, so somebody did the wipe for him. That's where I'd be directing my investigations.
And no, I'm not advocating for the fascists, you probably don't understand what I'm saying here... if we are to embrace a transparrent "surveillance society" then the sooner it applies to everyone and the sooner people with power get burned by it the sooner the tide will turn against. I expect the investigators can find numerous other pieces of tangible evidence against this person if he is indeed guilty.
[ link to this | view in chronology ]
Re: get his logs
[ link to this | view in chronology ]
Clinton's Carnivore
Clinton's carnivore program should have those records. From memory, they should trace who he e-mailed and who e-mailed him.
[ link to this | view in chronology ]
Re: get his logs
[ link to this | view in chronology ]
Re: get his logs
If you have to tell your readers, in the middle of the post, that they don't understand what you are saying, then you probably:
a) don't think very much of your readers, and if so, why bother writing to them.
OR
b) haven't done a very good job of explaining what you are talking about.
In case you don't understand what I am saying here, I am leaning towards "b".
[ link to this | view in chronology ]
Re: get his logs
[ link to this | view in chronology ]
Re: get his logs
[ link to this | view in chronology ]
Re: get his logs
[ link to this | view in chronology ]
That's a helluva crash...
[ link to this | view in chronology ]
Re: That's a helluva crash...
[ link to this | view in chronology ]
Re: That's a helluva crash...
Just to make this clear. A hard drive's metallic case creates a Faraday cage that makes it impossible to erase the platters inside no matter how large the magnet on the outside. One has to remove the cover to nullify this effect.
[ link to this | view in chronology ]
Re: That's a helluva crash...
[ link to this | view in chronology ]
Re: That's a helluva crash...
Ain't nothing to unwipe. I bet that's what he did.
Also, you can make a drive impossible to read by taking it apart and destroying the disc platters.
[ link to this | view in chronology ]
Hollywood socialite with influence?
[ link to this | view in chronology ]
Re: Hollywood socialite with influence?
[ link to this | view in chronology ]
hmmm....
If I had been approached to do this job, I would have put in a new hard drive and started fresh, and then taken a grinder to the old hard drive. NSA or not, once I take an abravive grinder and then a torch to the platter in that hard drive, nobody is getting anything back.
[ link to this | view in chronology ]
Re: hmmm....
[ link to this | view in chronology ]
covering your tracks
His secretary, Rosemary Wood fell on her sword and said she "accidentally' erased the section while transcribing the tape.
experts said yeah, she sure did. it had been erased nine times. they didn't have the technology to recover it then. but Nixon, you may have read, did not skate free.
[ link to this | view in chronology ]
damn...
[ link to this | view in chronology ]
Re: damn...
[ link to this | view in chronology ]
Re: Re: damn...
It's actually pretty hard to get a magnet strong enough to completely degauss a hard drive. The strongest one at Home Depot will probably give you problems reading your data, but recovery services should still be able to retrieve information.
Remember too, in order for the hard drive to still be useful to you, 98% or more of the data needs to be retrievable. For a recovery service prosecuting a legal case, only 10% or so would be needed.
[ link to this | view in chronology ]
Re: Re: Re: damn...
[ link to this | view in chronology ]
Re: Re: damn...
If it had been a drive from ten years ago then you would, in fact, be correct.
[ link to this | view in chronology ]
Re: Damn
[ link to this | view in chronology ]
Re: Re: Damn
[ link to this | view in chronology ]
Now hold on...
[ link to this | view in chronology ]
Re: Now hold on...
IANAL, but ...
In the file swapping case, there was other evidence. Legally, there is a big difference between shredding the files (as it were) before they are subpoenaed and after. When hiring one time, the lawyer advised us to take whatever notes during the interview process, make the decision, make a short summary justifying why we hired A over B or C and then shred all the notes except the summary.
This is also why you don’t want to save every e-mail you’ve ever received for the last 10 years. If it gets subpoenaed, you’ll have to hire a lawyer to read through all that stuff to ensure there’s nothing incriminating. If you delete on a regular basis then you don’t need to worry if you’re subpoenaed.
[ link to this | view in chronology ]
DBAN
For what most people do a single wipe is more than adequate. I guarantee if I gave you one of my old drives, single-wiped, it would cost you more than the data is worth to recover any of it. Tthree passes with cryptographically strong random data is more than enough for almost everybody.
Back in the old 30MB drive days, yes, it was possible to pick up residual magnetic patterns under or between tracks. But modern drives pack in almost four orders of magnitude more data and are limited by the physics of the media rather than the physical size of the read heads. The same characteristics of the media that made those old drives recoverable are now being used to store more data.
The real threat is bad sectors that get reallocated and never written again. So if you really want to be sure don't even bother trying to wipe the drive, just physically shred and melt the drive platters.
[ link to this | view in chronology ]
wiping
To catch a dirty politician and impeach him, do you think cost is an issue? If this guy's enemies could get him out of office, they'd spend whatever it takes.
[ link to this | view in chronology ]
The Justice department has my blessings to spend as much of my tax money as necessary to prosecute ANY politician found engaging in breaking any law.
If we can watch everyone, lets START with the Politicians, that will change their tune immediately.
[ link to this | view in chronology ]
Re: Re: Damn / DBAN
also, i'm pretty sure the size doesn't limit the ability to recover data by the means in which i'm talking about... i could be wrong though, any links would be greatly appreciated...
[ link to this | view in chronology ]
Common Myths
So secure wipes are not that, and in practice will show evidence of that type of action. It's just funny in this case they can't prove he secure wiped it, which can be done.
[ link to this | view in chronology ]
Re: Common Myths
"It would have to crash into a bloody electro-magnet the size of a small child to make everything non-recoverable."
however, removing evidence of a secure wipe would be easily done if you were to then copy multiple large files and fill up the hard drive with actual information repeatedly. again, however, there was nothing on the drive... maybe that electro-magnet was the size of a fat kid...
[ link to this | view in chronology ]
Do the math, paranoids.
There's a limit to how far back you can go. For those of us with finite money, that's probably one pass. For the NSA, the number of passes isn't as important as the thermal conditions when the interesting data was written versus when the wiping was done. (Temperature is a big factor in thermal susceptibility of magnetic materials, and thermal expansion affects how the drive's servo mechanism calibrates itself.)
Anyway, as Phreaki points out, there's no need to show what the data actually was, just that the wiping was intentional. That's enough to get "destruction of evidence", which is usually seen as an admission of guilt.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If by "hide it good" you mean grind it up and burn it in a very hot fire, then I agree.
[ link to this | view in chronology ]
All his kiddie porn collection's gone
[ link to this | view in chronology ]
New Drive
[ link to this | view in chronology ]
By physically destroying, I mean, use a hammer, and slam it to pieces and have a bon fire.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Electro-Magnet the size of a small child
[ link to this | view in chronology ]
Scr3w3d
[ link to this | view in chronology ]
Re: Re: That's a helluva crash...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Infosec
I am also puzzled about the Sun-Sentinal report mentioning e-mails. E-mails do not exist in a vacuum. They have a source, one or more hops along the way, and a destination. Who the frag is their computer forensic analyst here? Combine these two lapses, not using OnTrack and not utilizing both ends, and perhaps intermediaries, to retrieve e-mails tells me that we'd kick him off our Forensics e-mail list! Sheesh. Something is out to lunch here.
[ link to this | view in chronology ]
This will scare the pants off ya
Peter Gutmann regularly writes papers and lectures on computer security, and shows that it is nearly impossible to delete data beyond recovery from hard disk drives (short of physically destroying the platters.
Gave me the shivers when I read some of his papers, and I have very little to hide (only passwords etc.).
[ link to this | view in chronology ]
Electro-magnet
[ link to this | view in chronology ]
Data Loss?
[ link to this | view in chronology ]
Re: This will scare the pants off ya / Do the math
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
explains why they'd fall short by today's standards. The link also gives a good explanation as to why you can constantly rewrite to an area and still recover from it if you're not using the correct bits to write over that area... so much for the "infinite storage in a finite space"... one pass would work? hardly...
[ link to this | view in chronology ]
Absence of evidence is evidence of absence
Let me get this straight:
1. there is no incriminating evidence to be found on the guys drive;
2. the guy probably lacked the sophistication to do a complete wipe.
Conclusion: there was never any incriminating evidence on his hard drive in the first place. The only sort of evidence that would be likely to be there would be emails.
Now they need to go check his cell phone records.
[ link to this | view in chronology ]
Destroying Data
[ link to this | view in chronology ]
Faraday Cage...
If you were to coil and charge wire around it and make the hard disk itself into an electromagnet what would happen to the data?
Not that I plan to try this on my own disk, but it could be effective. :)
[ link to this | view in chronology ]
erase a harddrive
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
so
[ link to this | view in chronology ]
DOD
[ link to this | view in chronology ]
Re: DOD / Mac Guy
MacGuy:
It rewrites the drive 35x over with what kind of data... if you read the link i gave above Gutmann explains why, depending on what kind of drive you have, it makes a difference what kind of data patterns you write it over with. He also explains how they recover data from hard drives and why it works...
[ link to this | view in chronology ]