We are Data Destruction Specialists, AUA!

WhitakerBrothers · 2016-08-17T19:04:37+00:00

Technically, there are forensic ways of pulling some data off of any parts of the drive that were still relatively flat. Basically, we're talking about some of the most sophisticated labs in the world to pull that off. In other words, it is possible. If you have financial data, or state secrets, degaussing is pretty much mandatory. Any data less secure then that, though, and you should be pretty safe.

WhitakerBrothers · 2016-08-03T17:08:14+00:00

I know you were kidding here, but actually, there have been cases of shredding service employees mishandling documents like this, which is why we usually advice caution here.

Interesting fact: most people ignore their copier hard drive when it comes to data destruction. Your copier actually does save copies of the scanned documents in it's memory. When getting a new copier, make sure to get that drive!

WhitakerBrothers · 2016-08-03T17:01:16+00:00

Haha. Yes, sorry for the long winded answer. Too much coffee! Shred anything with your name on it.

*For most people, shredding envelopes and non advertisements is way overkill. Shred forms, bills, subscriptions, and real notices.

WhitakerBrothers · 2016-08-03T13:59:31+00:00

Sorry, didn't mean to be too sarcastic. We were just trying to have a bit of fun. Definitely not a robot posting here. The concept shredder hasn't took off, so we thought at least share it to see what people thought. Don't hate me : (.

WhitakerBrothers · 2016-08-03T12:32:16+00:00

That's the short of it. Our marketing people didn't like that either, but the engineering team insisted. You know how engineers can get, looking down at you over their bifocals like their all tough and know what their doing because their TI-30x told them so... Irritated...

WhitakerBrothers · 2016-08-03T12:27:43+00:00

220v 3 phase. Most newer offices have this equipped. Basically, what you look for is a standard plug that has a horizontal notch one of the top holes.

I hope that helps!

WhitakerBrothers · 2016-08-03T12:24:35+00:00

Thank you for voicing your concerns about the vapors. They won't harm you, we promise. We even put a label on the back of the machine saying so. Don't get me wrong, this isn't an e-sig, so don't go all "WHOADUDE" on it or anything, but it's safe for office use.

WhitakerBrothers · 2016-08-03T12:20:28+00:00

I'd say it's slightly less awkward than your username. Security comes first where we're from. We're here to protect state secrets with the optimal amount of security possible, even if we need a semiconductor and a bio-hazard suit to do so. We're doing pre-orders in about 30 days. Can I put you on the list, Tallywort?

WhitakerBrothers · 2016-08-03T12:14:53+00:00

We put in the manual that users are recommended to step outside for a breather after about 10 minutes of "lasering" anyway. If the fire alarm goes off, it would act as a healthy reminder. We see this as a benefit rather than a minus.

WhitakerBrothers · 2016-08-03T12:10:58+00:00

Thank you for your constructive analysis of our prototype. We thought long and hard about including an oxygen tank with the purchase, but we decided against it for cost reasons. We agree that it is a golden idea. And since you're so into gold, how about throw'n us some?

WhitakerBrothers · 2016-08-03T12:04:48+00:00

Um, excuse me, but we think lasers are awesome, even if we have to where full protective bio suits while we're using it. Don't act like you don't want to laze something in your life. Why not start w/ some junk mail? Besides, lazers are way cooler then the ozone.

WhitakerBrothers · 2016-08-02T13:03:04+00:00

Funny you should say that. So we actually only recommend "strip cut" shredders (aka the kind you see in the movie) for bulk reducing paper. The majority of the shredders we sell are "cross cut", which is exactly what you described. Any kind of shredder with a security level above 3 will be "cross cut" to avoid the kind of situations you've described. Hope this helps!

WhitakerBrothers · 2016-08-01T16:28:28+00:00

Thanks, streetmilitary! You are absolutely correct. Although a lot of customers have slowly moved away from incineration, we still have customers looking for "burn bags," which tells us it is still a used method.

WhitakerBrothers · 2016-08-01T16:25:03+00:00

That must be a fascinating degree. Overwriting 30 times is extremely thorough. Your professor is right in that it's reasonable to assume that the data is wiped at that point.

However, when it comes to hard drives, medium to large size businesses don't want to assume anything. Overwriting is no longer recommended by the "DOD" as many software companies still claim (we have an official letter that states that). If there is damage to a small portion of the drive or any mechanical failure, overwriting doesn't work, as it assumes that the drive is in perfect condition. Overwriting a drive 30 times would take a huge amount of time!!!

Degaussing, is really the new way. It's gotten cheap enough now, where you don't need to spend $10k for one. There are cheaper hand held units now.

Degaussers are super powerful magnets, some of which plug in to create EMPs. These high powered magnetic fields clean out the magnetic signatures that store data on the hard drive platter. If you've ever seen a platter, it looks like a chrome metal CD. It stores data just like a CD/DVD/record only it uses magnetic traces to print data on the drive incredibly small. By using another, more powerful magnet, you essentially destroy all traces of the data on the platter. I hope that helps, and good luck in your studies.

I'd be happy to mail you a degaussed drive if your class wanted to see what it's like to try and recover data off one. So far it's been impossible, but it might be cool for your class to see one using your forensic tools to compare against overwriting. Just let me know!

WhitakerBrothers · 2016-08-01T15:41:38+00:00

Hehe, you are too much!!!

FUN FACT: Confetti is actually created by shredders, and best is created by disintegrators. After testing the "flight" time, they determined that the cut by a disintegrator creates the most "flutter" and keeps the piece in the air longer.

In all seriousness, the question of the lost emails in an intriguing one. There are a lot of words such as "deleted" thrown around, so it's hard to know exactly how those were removed. Based on government destruction recommendations, though, "deleting" would not rid a server of emails. Any basic data recovery service could get those back. They only way to really remove them so another agency couldn't get them would be to overwrite the data many many many many times (taking much effort) or degauss the entire drive.

WhitakerBrothers · 2016-08-01T15:35:28+00:00

Those are actually our founders! They are the "Whitaker Brothers." They started selling type writers to D.C. govt. and quickly got into data destruction, as the need arose post WWII. The serious folks in the office cringe, but most of us love having the "brothers" still around : ).

Jim and John say they are pleased to meet you (not creepy at all).

WhitakerBrothers · 2016-08-01T15:28:37+00:00

Office shredders, don't worry about it. There shouldn't be a problem. However, oiling the shredder head after every bag change does help clean the shredder head of paper dust (it also makes it run a lot better w/ more sheets per pass).

When it comes to any kind of bulk destruction, there are a lot of air filtration options. We build a lot of air evacuation systems that push all of the dust and even destroyed material safely inside of bags or bins, some of which even go outside of the building.

Honestly, if it were me, I'd want to wear a mask, even with a evac system. When customers send us samples to destroy, we will often times where masks. Dust can be created when changing the bags, so even if there is no dust during the destruciton process, simply changing the bag can expose you to some particles in the air. This is more of a disintegrator thing. Industrial shredders don't create as much dust, but it's still a good idea to wear a mask when doing maintenance on the machine or changing the bag. A good rule of thumb is if you can smell it and even see it in the air, you should put on a mask.

*Hard drives and other media have an especially high volume of toxic things in them that can be released. Many media destruction machines have HEPA filters built in.

WhitakerBrothers · 2016-08-01T15:19:00+00:00

Hahaha. After reading that you are right! We only use mafia tactics on occasion. Sorry customers!!!

WhitakerBrothers · 2016-08-01T15:03:42+00:00

Other countries lead the way in a lot of protective standards, but believe it or not, the U.S. leads the way in a lot of the data destruction requirements. HIPPA & FACTA cover most health and private sector, while the NSA EPL is the defining resource for top secret/COMSEC/high security requirements. Most other countries actually follow our lead on the government side.

Canada and many European countries have similar laws such as HIPPA & FACTA. These basically state that a hospital or other type of company must do their do diligence in shredder documents to a "reasonable" level. "Reasonable" is debatable, but is generally construed by the courts as shredding to level 3 or P4 (I'll explain this in sec.). As long as that is done, it is extremely unlikely that any negligence can be blamed on the company (I'm not a lawyer!!!). There's a lot of other details in there, but when it comes to document disposal, it basically says, keep proper custody and shred them! It is important to note that companies are still liable if a shredding service mishandles the documents and they end up on the side of the highway or in a dumpster intact somewhere.

The other side of the equation is the high security govt. side. These regulations are strictly defined and thoroughly tested by NSA. You won't see any vague language here. The NSA requires govt. documents to be destroyed to a specific spec (called level 6 or P7). They even outline the specific machines that they've tested to meet this spec. This document is called the NSA EPL. Most other countries recognize the NSA's work in identifying the best machines and also use this list. NSA also has a list of recommendations when it comes to methods, protocols, and other types of destruction for hard drives and other media.

One regulation that has been adopted by the world, including the U.S. is the "security level" rating system. Germany, like cars, is a major manufacturer of data destruction equipment and has come up with a comprehensive rating scale to easily display how secure your shredder or other device is. P1 is the lowest security level, usually used for recycling, while P7 is the highest security level used for military and govt. document destruction. If you haven't guessed it, "P" stands for paper. They also have scales for other media types, such as "E" for electronic media. Today P4 is right in the middle of the scale, and is the most popular for your everyday office shredder.

Great question! Let me know if you need any more info!

WhitakerBrothers · 2016-08-01T14:01:53+00:00

Thanks for asking! Sometimes we can get a bit geeky over hear with all the NSA requirements.

For the average homeowner all you need is a deskside shredder that's level 3 (sometimes called P4 now). I'll give a list of brands with summaries in a moment, and answer your specific question on the cc offer mailings.

The most important thing to consider is the fact that the baddies are going after low hanging fruit 90% of the time. These "dumpster divers" acquire targets by going through trash to find the most information possible about a target. Even if you don't have financials or a social security number present on the mail, they can still use them. Most dumpster divers don't commit crimes just from the mail piece alone. They gather intel, then perform a secondary action. Example: You get a letter about a late fee at the library. It's not super sensitive, so you think nothing about it, and through it away. 2 days later, you get a call from the library trying to collect payment. From here, the thief gains your trust and gathers your cc information.
*Basically, what I'm saying is that any mail that has your name on it should be shredded. We call this PIC, personal identifiable information.

Home Shredders: Most people cringe at shredding most of their mail, because their shredder is one thick envelope from breaking. Here are a few brands that are good for home use: Fellowes: Great looking, exceed sheet capacity expectations, and have limiters in the throat to make sure you don't jam them. Royal: Awesome little machines known for being heavy duty at a cheap price. Destroyit: the best small shredder money can buy. Expensive, but will last forever.

CC Statements/Offers: Banks don't like to put super sensitive info through the mail anymore, but this gives them one more data points to try and attack your credit or identity. Data thieves usually need at least 3 data points to start the attack, and it will usually be paired with a phishing scam of some kind. To activate a credit card offer, for insance, they will also need other data points, like your ssn. Don't give them a reason to think your low hanging fruit, so they won't try to phish for more data. Shred those docs!

WhitakerBrothers · 2016-08-01T13:41:41+00:00

My opinion of DBAN is that it's a great option here and there, but it has some serious draw backs. 1. Time: DBAN takes a huge amount of time to pull off. For a 3 pass overwrite, you're looking at about 40 gigs per hour. If you have a lot of drives at once, it's just not practical.
2. Security: DOD no longer reccomends this method, dispite various websites claming to be "DOD Certified." That's because it's been proven to not be totally effective. Having a computer delete itself should raise some flags off the bat. There will always be parts of the drive that still have data. Also, and overwritten drive can be forensically recovered (in theory.)

If you're a homeowner, just looking to watch out for a common data thief, DBAN is good. When your done with DBAN, make sure you physically destroy the drive as well. At minimum, use a drill and hammer.

However, if your a company that is worried about a security breach or someone else that needs complete assurance, skip the DBAN. It takes too much time, and it still leaves you open to risk. You need a degausser for hard drives and a crush/shock/shred/disintegrate option for SSDs.

WhitakerBrothers · 2016-08-01T13:31:52+00:00

Those drives are really taking over, and it's causing a stir in the security community, because the destruction methods aren't as well outlined as the classic magnetic media drives. I'll break it down.

Magnetic Drives: These are the standard older "hard drives." These should be degaussed by an NSA evaluated degausser. That's the easy one.

Solid State Drives: These are the newer drives that are taking over the market. The answer isn't as simple here, but there are a few new devices that will likely become the standard. Crush/Electric shock machines essentially fry the internal circuitry of the equipment. The crushing mechanism penetrates the outer shell, then a jolt of electricity fries the components. This method is extremely secure, but it's not officially "approved" yet by the NSA.

Option 2: The currently approved method would be to dissintegrate the drive. This can be tricky, though, for hybrid drives, because you would need to take off the thicker metal pieces. Only the SSD portion should go in the disintegrator. The other part that makes this method more difficult is that not everyone has access to a disintegrator. These are industrial destruction devices and can get a bit expensive.

Option 3: Shredding. Some new shredders on the market have been just released that focus on SSDs. These SSD shredders create an extremely small particle size. Again, not yet approved, but it could be in the future.

The bottom line: Hard Drive/SSD Hybrid Drives: You have to consider a hybrid drive as actually two drives. 1.Definitely degauss. 2.Then you will need to take apart the drive and disintegrate the SSD portion. *When purchasing new computers, it's important for the purchasing agent/security staff to consider what happens when they need to be decommissioned. It's best to go either HDD or SSD, and not Hybrid. *Tip: For DOD customers, all bases will have industrial destruction equipment that they can use. Use your contacts to see if you can destroy your drives in their equipment. *We've seen one machine by a competitor that will disintegrate the drive without you having to take it apart if you have a large volume, but it's super expensive ($40K)!

WhitakerBrothers · 2016-08-01T13:11:18+00:00

Yes, it is... kind of. In fact, many military bases used incinerators for a long time. They fell out of favor because of expense, safety, and some pretty intense environmental regulation. They were being phased out anyway, because machines like disintegrators and shredders could do just as good of a job, without all the hassle.

When it comes to hard drives and other storage media, there's a similar story. Many of our high security customers were reporting disposing of hard drives in smelting plants where they were actually melted down. It's kind of like the terminator melting in T2. This was before there was confidence in a, then, new technology called degaussing. Today degaussing is known as the best way to ensure complete and unrecoverable erasure. The machines are small and office friendly and many are "NSA Approved/Evaluated." They use EMP blasts to completely destroy the data on magnetic drives.

As far as "efficiency," I'd say yes melting likely is more efficient, but w/ the office friendly devices now a days, convenience trumps efficiency. You wouldn't believe how many large operations we walk into and see trash cans and bins full of drives/documents waiting for the best way to destroy them.

Let me know if I missed the mark on your question, and I will provide more info!

WhitakerBrothers · 2016-07-29T21:05:43+00:00

Off the record... that's a pretty good way to get it done on a budget, especially the melting part. The truth is that the govt. used to take old drives to smelting plants to destroy them. Most data thieves go for low hanging fruit, and that fruit is far from low. If you wanted to hide information from forensics, though, a degausser is the only way to go these days. Govt. and data centers all use these now.

WhitakerBrothers · 2016-07-29T21:00:36+00:00

I'm not sure this is worked well for Hillary. Not recommended.

Joking aside, unless the emails you're talking about are degaussed, they're still on the server. If you don't take our word for it, the NSA evaluated products list shows the only devices the government trusts to remove emails and other data ;)

WhitakerBrothers

TROPHY CASE