No 36, May 2008 DIGITAL SECURITY FOR ACTIVISTS Deleted, but not gone... Wojtek Bogusz, digital security consultant, Front Line & Dimitri Vitaliev, co-author, Security Edition of NGO in a Box That sensitive information once on your computer (which you believe is deleted), could land you in a difficult situation. Files that have simply been deleted, although they appear gone, are actually lurking undetected inside your computer. To prevent sensitive information from ending up in the wrong hands - confidential photos on a laptop that is confiscated at the airport, or traces of web pages viewed on a computer that is “stolen” from your office – it is important to ensure it is thoroughly removed. This is the fifth article in a CSW Monthly Bulletin series [1] highlighting practical ways you can increase your digital security and privacy. The first four articles have discussed protecting your computer and your private information from malware, viruses, intruders and physical damage; and guarding against information loss from your computer, disks or mobile phone. The articles are based on the updated second version of the Security Edition of NGO in a Box [2], currently under development. Wiping the information There is no computer function that can complete delete your information. Strictly speaking, computers can only write new information to the hard drive. When you choose to delete a file in Windows, you are simply telling the computer that this space is now available to be overwritten with new data (we will call it unallocated space). Windows removes the file icon and the name reference from your screen, thereby making you believe the file is no longer there. It does not remove the actual data from the hard drive. You can compare this to removing the label from a filing cabinet, but leaving the files still in the drawer. Until you have overwritten the exact physical space on the hard drive with new data, the information is still there and is easily visible with the help of simple software. Let's imagine that you are writing a large report. It takes you a week of work, several hours each day. Every time you press 'save', Windows creates a different copy of this document and stores it on the hard drive. After a few days of editing, you will have several versions at different stages of completion on your hard drive. Windows does not look for the exact physical location of the original file and overwrite it every time. It simply puts the latest version in unallocated space on your hard drive. This can, of course, lead to problems when you need to erase all traces of the document from your computer. It is not only hard drives that store our digital information. CDs/DVDs, USB memory drive and floppy disks are used frequently for file storage and movement between different computers. These are also susceptible to holding onto information that we have previously deleted. CDs/DVDs have been known to contain recoverable information even after they were cut into pieces. The solution to destroying old data on our hard drives is overwriting it with other random data. This method is known as “wiping.” The more times you write random data over the same space on the disk, the better you wipe out the information which was stored there. But, of course, the more times you want to write over the data, the longer it takes. Experts agree that at least three passes are necessary to prevent recovery of your information. However, some standards recommend seven passes or more. You can wipe a single file or you can wipe the 'empty' space on your hard drive. The latter action will find all presently unallocated space (space not used by current files) and overwrite it with random data. This will wipe out any and all previous instances of the created files. You should be aware that it is not only your documents that should be wiped, but also other files used by Windows and collected whilst you use the computer and browse the Internet: ● Temporary files collected by your computer when browsing the Internet, including: text of the pages and images from websites you browse, cookies, history of visited websites, passwords and data used to fill in Internet forms ● Temporary files collected by your computer when you are working on documents: past versions of the document, text, images, recent documents Guidelines The Eraser programme [3] can wipe a selected file, the entire contents of the Recycle Bin and even all past traces of files you had previously 'deleted'. After every wipe, Eraser can automatically wipe the content of the Windows Swap file as well. If you wish to wipe all temporary files from your computer then you should use the CCleaner programme [4]. It is designed specifically to look for temporary files on your Internet browser and Office software, as well as many other hidden places within Windows where temporary files are stored. Tip: Wiping files should never put other documents in danger. It is supposed to get rid of files that you do not need. However, to be on the safe side, make sure you have a backup of all important data before commencing the “wipe” (see the article from last month “. Guarding Against Information Loss [1]). Best Practice Now that you are aware of the fact that your files are not deleted simply by pressing Delete, you may wish to get rid of all past and present traces of files you do not want to have on your computer. You can follow the steps below to wipe all unnecessary content and make sure that your computer does not have unrecoverable files in the future: 1. Close down all programs and disconnect from the Internet 2. Delete all unnecessary or unwanted files and empty the 'Recycle Bin' 3. Wipe all temporary files using CCleaner 4. Wipe all the free space on your computer (could be done overnight) using Eraser 5. Get into the habit of wiping all temporary files before shutting down your computer 6. Get into the habit of wiping all unwanted documents using Eraser, instead of the normal Windows function 7. Periodically (once a week or after bigger work) perform a free space wipe with Eraser on your hard drive, USB memory card, camera card and floppy disks Wiping software such as Eraser and CCleaner can integrate with Windows and allow you to wipe files or the 'Recycle Bin' with two simple mouse clicks. Guidelines for destroying information from a CD or DVD It is easy to make CDs and DVDs unreadable to the standard drive or player. But it is surprisingly difficult to effectively destroy the information so even a dedicated, technically capable person with unlimited funds could not restore the information from CD/DVD. The best method would be to grind the CD/DVDs up until only a fine powder is left. But a reasonable alternative would be to cut them into pieces - the smaller pieces the better - and then mix the pieces and dispose of them in a few different places far away from your home/office. Note: DON'T microwave CD/DVD's it may destroy the microwave and cause a serious fire. DON'T burn CD/DVD's. It produces toxic fumes and lots of pollution. Data Recovery When we delete a file in Windows, it disappears from our view. But it remains on the computer.. There are programmes that can restore access to recently deleted files. However, restoration may not always work, because the space taken up by the deleted file is marked as available by Windows. When you add new data to your computer, such as documents, pictures, videos and programmes, it can overwrite the space taken up by the deleted file. Please see Undelete Plus [5] and Recuva [6] programmes to see how to restore previously deleted files. Hiding and recovering your data While your computer’s tendency to retain data, even after you “delete” it, can be harmful, you can also use it to your advantage. Deleting and then restoring files can actually be used as a tactic for hiding the existence of information from a third party. As we mentioned above, data that is deleted from your computer and has not yet been overwritten can still be restored. In this sense, you can create data such as photos and documents, delete them and then when it is necessary recover them. This tactic can also be applied to USB and digital camera memory cards, and certain types of CDs as well PDAs (Personal Digital Assistants). Make sure, however, that you delete the data using your computer while the digital device or memory card is attached to it. Do not delete the information from the PDA using the functions on the device itself. Also do not write any new data to the storage media. And test this process before applying to read data. 4.3 Further Reading [1] See other articles published in “Digital Security and Privacy for Activists” series: 1. “Introduction", CIVICUS Bulletin No 32, January 2008: www.civicus.org/csw/SECURITY_INTRO1.htm (Russian language version: www.civicus.org/new/media/No32-Digital-Article-Russian.doc) 2. “Roots of (in)security: Protecting your computer”, CIVICUS Bulletin No 33, February 2008: www.civicus.org/csw/DIGITAL_SECURITY-No33.htm (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY-No33-Russian.htm) 3. “Away from prying eyes: Protecting your information from unauthorised access”, CIVICUS Bulletin No 34, March 2008: www.civicus.org/csw/DIGITAL_SECURITY-No34.htm (Russian language version: www.civicus.org/csw/DIGITAL_SECURITY-No34_Russian.htm)
[2] "Security Edition of NGO in a Box" (see: security.ngoinabox.org) is a project of Front Line (www.frontlinedefenders) and Tactical Tech (www.tacticaltech.org) It is a toolkit of peer-reviewed free and open-source software, materials and guides to provide digital security and privacy. Its aim is to simplify this complicated area and reduce the overwhelming choices often faced by people when trying to find solutions to their problems. Recommended software is reviewed, explained and accompanied by installation and user guides in multiple languages. Each tool is accompanied with clear explanations and tips written for the non-technical user. The whole toolkit is available online on the Front Line website. The toolkit is also available on a CD. The toolkit is currently available in French, Spanish, Arabic, Russian and English. [3] Eraser is a free software programme it is used to permanently delete (wipe) sensitive data from your computer. Files and folders can be selected for wiping. This can be done on demand or scheduled to run at certain times. Note that your computer must be switched on at the specified time, otherwise the wipe will not happen. Eraser can also be used to create a 'nuke boot disk'. This can be used in emergencies when you want to delete everything from your hard drive quickly. see: www.heidi.ie/eraser [4] CCleaner is a freeware system optimisation and privacy tool. It removes unused and temporary files from your system - allowing Windows to run faster and freeing up hard disk space. It also cleans traces of your online activities such as your Internet history. See: www.ccleaner.com [5] Undelete Plus is a freeware programme for restoring accidentally deleted files. It can also recover files that have been emptied from the Recycle Bin. See: www.undelete-plus.com [6] Recuva is a freeware programme to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. It will even bring back files that have been deleted by bugs, crashes and viruses! See: www.recuva.com [7] See also “Digital Security and Privacy for Human Rights Defenders”book, Chapter 2.3 “Information Backup, Destruction and Recovery” www.frontlinedefenders.org/manual/en/esecman/chapter2_3.html [8] Read an excellent article on data recovery in Wikipedia: en.wikipedia.org/wiki/Data_recovery About the authors Dimitri Vitaliev is a consultant on issues of electronic security and privacy for human rights activists around the world. He is the author of the 'Digital Security and Privacy for Human Rights Defenders' manual, co-editor of the NGO in a Box - Security edition project and is often on the road, providing training and advice on security policies and strategy. Wojtek Bogusz is a digital security and information systems consultant and trainer working with Front Line – Dublin based International Foundation for the Protection of Human Rights Defenders. He is also co-editor and manager of the Secure Edition of NGO in a Box project. You can contact both of the authors through the group email of Security Edition of NGO in a Box project: security (AT) ngoinabox (DOT) org
|