Feeds

back to article Rove investigator erases his PCs - to kill computer virus

A US official overseeing a probe of former Bush aide Karl Rove has been called on the carpet after it was discovered he hired a private computer-help company to erase all the hard drives belonging to him and two deputies. Special Counsel Scott J. Bloch bypassed his own agency's computer technicians and instead hired an outside …

COMMENTS

This topic is closed for new posts.

Page:

Black Helicopters

I call Bullshit!

I've held a Top Secret - Special Compartmented Information clearance. The level of wipe performed here was enough to be considered adequate for information classified Top Secret. There's simply no way a government official would bypass the in-house IT people for cleaning up a simple virus, *and* require that level of data destruction.

This is simply another cover-up by the Bush administration.

Worst. President. Ever. And I'm none too pleased with his staff, either.

Remember, it's only paranoia if they *aren't* out to get you.

0
0
Thumb Down

virus????!!

If he seriously expects anybody to swallows that crap, he needs to be locked up, as he is clearly deranged.

0
0
Black Helicopters

no one ever owns up

I always find it amusing that no one ever owns up (except in movies) – they always come up with (in their mind) explanations that are somewhat plausible. Except, everyone knows that this is complete and utter bovine excrement. Problem is, investigators (who are no doubt doing the investigation just to show that they are doing something, not with the aim of actually finding things out) will have to consider this to be a plausible explanation. It is a great shame, that not nearly enough people are convicted, and appropriately penalised for perjury and obstructing the course of justice.

Deleting documents pertaining to the inquiry is akin to throwing a gun in the river or providing a false alibi. It is plainly evident that vital evidence was destroyed, but it is impossible to prove...

0
0
Joke

Who knows?

"the data, which included medical information, messages to his personal attorney and pictures from his son's tours of duty in Iraq, don't involve his official work.

Bloch also says no documents relevant to any investigation have been purged"

He *might* be telling the truth. Maybe he just wanted to make sure nobody would discover his kiddie pr0n.

0
0
Thumb Down

Bloch-head

Probably using the RNC email service for official business, too ...

0
0
Alien

Wow!

I wonder what he is hiding. It can not be a virus - that is just stupid. I would expect that he found something and now is being blackmailed. Of course now people will look - and probably find out what it was that he found.

0
0

Coverup.

Quacks like a duck. Waddles like a duck. Shits like a duck. Must be a duck.

And the duck is called "Coverup".

Coverup, pure and simple. And, yet again, the Republicans are going to get away with it, because they ARE the investigators. The US government seems to currently be one of the most corrupt organizations on the planet. They're just better at hiding their traces, and they've got much better propaganda. I guess it took them a while to learn the lessons from Nixon, and hide their dirty tricks better.

0
0
Flame

@Morely Dotes

I call shenanigans on the entire BushCo "administration." I'm with you: Worst. President. Ever. They're lying, thieving, cheating, traitorous scum - and I'm being polite!

0
0
Stop

Stop Knee Jerking

7 comments and TWO idiots yap about a Bush/Republican cover up! Yeah, he's covering up something; but, at least get as far as the item's 3rd paragraph. Bloch is a DEMOCRAT investigating the Bush White House! The wipe happened maybe because HE is being investigated?

Oh yeah, and Canada has a lot more polar bears than it had 7 years ago!

0
0
Coat

I wish that they would

I wish they would cover their traces... it would show a bit of respect for America. Instead, they just don't care and they seem to be getting away with it. Our politics have been reduced to platitudes and bumper-sticker sized rhetoric. The Republican party of Nixon's era is long gone. They are now on a religious jihad to purge government of infidels and nothing is unjustifed in their view.

They just don't give a damn who finds out what they do (unless it has to do with gay sex) because if push comes to shove, Ol' daddy Bush will just pardon them or they will retire to take care of their family and go to work for Fox News.

Make me want to cry actually.

0
0

I smell porn...

Investigation data my arse! The dirty buggers had been downloading illegal images if you ask me.

Even with that seven-pass RNG overwrite (which, presumably, was to DoD specs), high-end physical forensic analysis *might* just be able to recover enough data to nail the bastard (though software recovery would probably be impossible). A 35-pass Guttman wipe followed by degaussing followed by destruction of the platters and PCB in a furnace would've been more certain.

0
0

What is a 7 level wipe?

Could someone please explain it? Thanks!

0
0
Anonymous Coward

Rove muck spreading

So this guy has a job to do and Rove´s response is to try to discredit him. I bet this story comes from a Rove man. It's a smear, to preemptively discredit the prosecution against Rove.

The Special Investigator did the right thing in getting an outside company to wipe his PC, his department is under Bush control, he cannot ensure that his PC is protected from tampering if he hands it to the IT department who ultimately answer to the people he is investigating.

It ensures he has a independent third party asserting is PC is clean, free from any special 'extra' software that might appear on his PC otherwise.

It is not beyond Rove to order the planting of fake evidence on the guys PC to save his own neck.

Rove is a really nasty piece of work. He's probably working for one of the Republican candidates now, you'll see his usual brand of lies, schemes and deceptions.

0
0

TAMPERING OF EVIDENCE

Get the charges ready, and hire a special prosecutor for the special prosecutor...

time to nail this Block to the wall.

We need a good scandal around this prior to the elections.

0
0

Not so sure

As Hein Kruger suggests, it might not be a gov cover up. It's hard to imagine that they'd really be so overtly idiotic (well, fairly hard!) as this is attracting lots of attention. Perhaps it is just his own dodgy practices he's seeking to hide.

0
0
Coat

Re: What is a 7 Level wipe?

>What is a 7 level wipe?

>By joe K

>

>Could someone please explain it? Thanks!

It's when you had too many Weetabix the previous day.

0
0
Silver badge
Black Helicopters

No body

So they are smarting up about electronic evidence ... had to happen eventually.

No body to be found here, move on please.

P.S. Anybody else think the helicopter looks a bit insectoid? A tadpole with some extra legs maybe...

0
0

PC Disinfection 101

The question is: even if Bloch did not trust his in-house IT dept to wipe this "virus", why didn't the outside IT contractor back up any files before wiping the disk?

0
0
(Written by Reg staff)

Bloch is a Republican

"Bloch is a DEMOCRAT investigating the Bush White House! The wipe happened maybe because HE is being investigated?"

Actually, Bloch is a Bush-appointed Republican.

0
0
Bronze badge

re:What is a 7 level wipe?

Its destroying data so it can't easily be recovered. Normally deleting something just removes it from the file system, this writes random stuff over the top of where the files are saved on the drive. Seven times.

Thats usually only done by very paranoid people and government departments that want something completely erased beyond the point of recovery.

0
0
Ash

He PAID for that?

Did nobody tell him about Darrick's Boot and Nuke live cd?

Better than that, we've found that taking the old drives down to the D&T department and plugging them a few times with the nail gun works just as well.

Failing that, we've always got the oxy-acetylene, or a good old Thermite reaction in one of the chemistry labs.

0
0
J

Lindsay x Reg hack

...and the hack wins! Lying is so ugly, Lindsay, tsc tsc. If you were just misinformed, that it's shame on you anyway.

http://www.osc.gov/specialcounsel.htm

http://www.dailykos.com/story/2007/4/24/112227/576

(OK, that is Daily Kos, so the tone will definitely be against him, but the quotes and facts are not fake...)

http://www.sourcewatch.org/index.php?title=Scott_J._Bloch

0
0
Anonymous Coward

Normal procedure....

is physical destruction for DoD and high poser magnetic field for agencies at FBI level.

This would have been even more visible. This is a clever trick for plausible denial

0
0
Silver badge
Paris Hilton

All gone?

Don't they do scheduled backup - off the machine somewhere else?

Most corporates (and this is one big corporate entity) run backups.

Have they gone and pulled the drives from the servers, too?

At least in the old days all you had to do was set light to the building.

0
0
Flame

Should lead to a default judgement

Didn't a regular citizen just receive "default judgement" after wiping her hdd when accused by RIAA? Why should this goofjob be treated any differently?

0
0
Silver badge
Paris Hilton

Paris Hilton angle?

Oh, must have been wiped...

0
0

7 pass wipe

Yup, this is certainly stupid of him. As a US'ian, I wish we had some true political choices. Too many people here will actually claim there are only two political partys (democrat or republican); they honestly both have nearly the same political views, when you throw out stuff like the neocons throwing off the republicans more recently. They're both corrupt as hell. Give me some good libertarians any day... I intend to vote for Ron Paul (running Republican but really he's a constitutionalist.. ensuring he will put recent unconstitutional stuff the feds are doing right to a stop), but most likely given the media not even mentioning he's running, the Reps will just vote some piece of crap to run for the Republican's bid for president; the Dems certainly will.

As for 7-pass wipe. Well, a DOD 3-pass wipe writes some "special" pattern in pass 1, then random data in pass 2, then zeros. The pattern is designed to help scramble things up on an MFM or RLL formatted hard drive. So, a 7-pass would be that 3-pass but with more pattern, zero, and random passes. Note, I have read that Gutmann (who developed the DOD wiping specs in the 1980s) now has the opinion with modern drives that 1 pass is fine, with the next step up being to physically destroy the platters. (The reasoning being, new drives aren't RLL so the special pass(es) don't do anything special.. and new drives won't mis-track and only partially overwrite data like they could in the past.. the tracks are simply too dense.. so the single pass will overwrite everthing a multi-pass erase would.) That said, where I work, they want 3-pass DOD on surplussed drives.. so we have all these drives boxed up waiting for quality time with the erasing computers.

0
0

Re: He PAID for that?

That was my first thought, also. By hiring someone in to do this job, he's left a paper trail and made himself look incredibly suspicious.

There is plenty of software available freely on the Internet that can perform this 7-pass DoD wipe (and even the also-mentioned 35-pass Gutmann wipe) without cost and without arousing suspicion.

0
0

What about backup records?

So what's the rub? Most everyone has things backed up to a server or there are backups of the data. Of course if there are none, that leaves the door open to the question about what was REALLY going on.

0
0
Black Helicopters

@Ash

Ah good old Thermite... I wonder if any of this wonderful airport security which confiscated my pot of Marmite, would react to someone walking through with a bag of rust, a bag of aluminium powder, a clay flower pot and a lighter?

I think I'll tick the anon button just in case I'm found guilty of paying attention in a chemistry class and bundled off to Cuba.

0
0
Stop

the typical american mess

From Mr. Bloch's bio http://www.osc.gov/specialcounsel.htm

"Mr. Bloch served as chair of his county Bar Ethics and Grievance Committee, investigating cases of alleged breaches by attorneys of ethics rules, and making recommendations to the state Supreme Court on disciplinary action. He also served on the state board of discipline, hearing testimony and legal arguments, and making findings on appropriate discipline of attorneys. "

So, does he spank himself or does Karl help him out? A 7 pass wipe is covering up. But this will NEVER EVER make the news channels in the US although it is definitive proof something is being covered up. This is the absolute equivalent of paper shredding!

0
0
Coat

Of course,

he could have just mailed the hard disk to HMRC.

0
0

What is a 7 pass wipe? - Answer

Usually, when you delete a file from a disc, you don't actually delete it, you just tell the computer to forget the file and that the disc space it occupied is nove available for use.

If you actually overwrite that area of disc, then you might assume that the old data is gone, since it has been replaced by new data. However, when data is written to a disc as a tiny area of magnetism, overwriting that data might leave minute traces of the original pattern around the edges of the new pattern. The drive head can't see these traces but a man (or even a woman these days) in a white coat, armed with a special type of magnetic microscope could take the drive apart and might be able to determine what was on the disc previously. The more times you write to a disc, the less chance there is of historic data being recovered. Seven times is generally excepted to be enough.

So wiping a disc like this to remove a virus would be rather silly and pointless.

0
0
Anonymous Coward

Backup?

@ mixbsd

What makes you think they didn't?

0
0
Flame

@Morely Dotes

In the UK, it isn't possible to wipe highly classified data off a disk drive. Once a disk has been tainted by something at, or above Secret, the drive itself acquires that classification, and should not be de-classified, ever. In practice, however, this rule is not commonly enforced/adhered to.

0
0
Happy

The standard destruction would be...

to remove the platters and the chips, grind them into dust in a mortar and then burn the whole thing in an oil drum. However, most sysadmins working for certain government agencies just keep stumbling over old scsi disks on the streets and putting them into their own computers. (i hope, that storing movies and music on a disk at least 7 times within a few days is equal with a proper wipe)

0
0
Silver badge
Black Helicopters

Well...

"Didn't a regular citizen just receive "default judgement" after wiping her hdd when accused by RIAA?"

Right on. If the RIAA 0wned a common citizen, why should this mofo get scott-free? Fry him! bwahahahaha!!!

0
0

Either porn or he though the IT staff planted a keylogger

I always thought a 7 level wipe had something to do with too much 7 layer mexican bean dip.

---

Anyway his story makes sense to me. Just the other day I got drunk accidentally started a 12 hours scan of my hard drive with forensic recovery software, then accidentally disabled my antivirus, accidentally restored the virus then accidentally clicked on it.

However I never get so drunk that I accidentally disassemble the drive in a clean room environment then accidentally attach it to some NSA magentic scanner capable of recovering data thats already been over written.

But I suppose it could happen.

---

Seriously my first guess it its either 1) porn, most likely legal, but still embarrassing 2) gay porn 3) sexually explicit communications (email, IM) ....

My second guess is that he discovered a stealth keylogger on his system and he suspected the in house IT people were involved, so he had to go with an outside source.

Still my money is on porn or embarrasing emails

0
0
W
Stop

Crony Cover Up

So for those speculating what could be on those hard drives, then Armed Madhouse by Greg Palast is worth a read.

gregpalast.com

0
0
Boffin

7 pass wipe to get rid of a virus?

Wow, while I usually wipe my entire PC even at the slightest sign of virus infection, One low-level wipe (using the DataLifeguard or MaxBlast floppy) is usually enough. no need to go all ballistic.

Unless it's that pesky AntiCMOS virus (yes, they shouldn't exist now, but for some stupid reason suddenly I missed Wordstar and decided to copy it over from a old 286 which was salvaged from a dumpster that I didn't know was infected, because a McAfee scan showed the hard disk to not be infected). God, I can't get rid of that zucker even after wiping the hard disk.

0
0

shenanigans

Such a great word....

As for this story, he's obviously hiding something, whether it be on a personal level or a government one I guess we'll never know. I do suspect that he was "ordered" to wipe that data though, in the "wipe it or we'll kill you, your family and everyone who's ever known you" sense.

0
0
Alien

Go to his ISP my friends

Do US ISPs not retain data, whilst any stuff created locally or moved to the PC using disks or memory sticks may be lost. I put a pound to a penny that most of the stuff on the PC transcended the network somewhere. As is always the case with forensics ...Look to the network my friends!!

0
0
Black Helicopters

MRA

Magnetic Remnance Analysis is a technique for looking deeper into the magnetic domains that comprise the data areas of a hard disk substrate. One can peer into a veritable "time machine" of the disks' contents. Usually only performed by organisations with a TLA (Three Letter Acronym) Of course, maybe the outside "firm" that did the 7-layer pass was THE "firm"?.

Remnance works by trying to recreate the data by looking at the data transitions in magnetic substrate information outside of the HDD tracks, there is often some leakage - a wider area than the r/w head is magnetised - during normal HDD use (as explained by Richard above) that allows slow data recovery

I suppose this isn't much use in normal investigations, or before such, as the amount of forensic work that is needed precludes working on an imaged drive, you need the real HDD. Thinking laterally, most of my HDD's break within 5 years. So backups are the order of the day for long term data storage, surely if the PC was wiped because of the virus, cough, then did the backup storage also get nuked??

As we get close to Christmas and I wish for my annual USB flash drive upgrade, (to 16GB this year please), I also dream of the small lifetime personal storage cube, petabytes of optical something-or-other. FIFO write once appendable multisession. If it was also made out of Soviet Diamond technology, then we'd (or Mr. Rove Investigator) would have problems using any traditional cache deletion technology.

0
0
Alien

Destruction

When hard drives (especially small ones) are cheap enough, why don't they nuke them more often? If there's nothing left to be very magnetic (or several magnetic blobs), that should do the trick ;).

If he then bought a new hard drive, and looked up how to install the thing (and possibly Windows if he couldn't make the local IT guys believe his computer randomly stopped booting...), would anyone honestly notice?

Or is that assuming too much intelligence?

0
0
Silver badge
Black Helicopters

7-level wipe

A seven-level wipe is overkill, by about five or six levels. Once magnetic data has been overwritten, even once, it is gone forever.

An ancient paper by Peter Gutmann mentioned a theoretical possibility of recovering badly-overwritten data -- but this depended entirely on sloppy tolerances, low data densities and imperfect magnetic properties prevalent at the time. Data storage density has increased by several orders of magnitude since then. Heads don't wander to the sides of tracks anymore, and a "one" that used to be a "zero" no longer looks any different from a "one" that always has been a "one". Even if you do manage somehow to identify correctly a few thousand bits, out of the hundreds of billions on the disk, you won't have a clue what they represent, nor what belonged in the gaps between them.

Once data has been overwritten, even once, it is physically impossible to determine what was there before. Certainly not using software -- that's the whole point of how a hard disk drive works, for crying out loud -- and not even using hardware. Digital media are driven right into saturation, right onto the bit of the (already very narrow in the oxide grades preferred for HDDs) Hysteresis Loop where the two paths merge -- the bit where there is no way to determine which way you took to get there. (If you are really paranoid, then two overwrites in a row -- one with all ones and another with all zeros -- will set every bit on the drive to be a "1" that used to be a "0". If a drive full of ones looks suspicious, then use a pseudo-random bit sequence: use the same seed for both passes, but invert everything on the second pass. Now every bit on the drive will be either a "1" that used to be a "0", or a "0" that used to be a "1".)

Think about it: Magnetic storage has been used, in one form or another, throughout almost the whole of the history of computing, all while the prices of various components have risen, fallen and crossed over. If it was ever possible to recover past data, there would have been a stage when it was economically viable to exploit the technique to increase storage density. In fact, no computer has ever been built which uses this effect. The closest any machine has ever come was a reel-to-reel tape recorder from the 1960s which had a "trick record" button which, when pressed, disconnected the erase head; allowing you to superimpose two recordings. For instance, you could record yourself playing an instrument, then rewind and add a recording of yourself singing. Except it was crap; because, even if the double recording didn't sound as though it had been made in a long tunnel stuffed with cotton wool, the lack of monitoring meant it was impossible to line up voice and music accurately. This is why you don't see "trick record" buttons on modern tape recorders.

No data recovery firm can recover overwritten data. Not even agencies of the US government are above the laws of physics. On the other hand, you do usually have to try very hard to overwrite data. Windows in particular uses virgin disk space in preference to deleted files, precisely so that deleted files can be recovered for as long as possible (earlier DOS versions overwrote deleted files in preference to using virgin space, precisely so that deleted files would become *un*recoverable as soon as possible -- this behaviour was changed when customers complained); and when you save a new, longer version of a file with the same name as before, chances are the new version will be saved elsewhere on the disk just to keep the file in contiguous sectors for speedy access. The old version will be left intact, but marked as "free for use". (If you fill your disk with a load of junk files, so there is no more room to save anything, *then* delete some files, now the only place anything else can possibly go is where those deleted files used to have been.)

The official advice calling for physical destruction of used HDDs is mainly psychological: it convinces enemies that the USA has methods for recovering data, and it convinces citizens of the USA that the US government's best overwritten-file recovery methods actually involve doing something to the HDD rather than its owner. Drive manufacturers aren't falling over themselves to correct this misrepresentation, either; since if people are unnecessarily destroying serviceable drives, it means they sell more new ones.

0
0
Silver badge
Black Helicopters

Why bother with a wipe?

I think I'd have arranged for a balcony accident for the hard drive - laptop drives tend to use glass platters that shatter, thus making the contents very hard to read. Then I could have installed a brand new drive and caused a lot less fuss. It would probably have been cheaper as well.

0
0
Black Helicopters

"but he refused .."

I might be missing something, but I have a feeling that if federal or here in the UK, police, investigators ask for something i don't think i can refuse without getting in lots of trouble!!!

0
0

re: What is a 7 level wipe?

Thats when you use two sheets of andrex three ply and a sheet of Izal to really cover you ass!

Seriously, if you overight a one with a zero on a hard disk it only has about 80% of the magntic field strength of a one written to a balnk disk.

So you have an "after-image" of the previous contents, useing a special disk driver you can extract this after image.

By filling the disk with ones , then zeroes seven times this afterimage is obliterated.

0
0
Thumb Up

In the UK

Here in the UK if you want to get rid of data, all you need to do is stick it in the post. Forget magnetic trails - posting it royal mail is tantamount to chucking into a black hole!

0
0
Black Helicopters

@ Dale Richards

"There is plenty of software available freely on the Internet that can perform this 7-pass DoD wipe (and even the also-mentioned 35-pass Gutmann wipe) without cost and without arousing suspicion."

Perhaps thats how he got the "virus" in the first place, so he didnt want to look stupid and got outside help to eradicate the evidence.. er.. I mean virus...

0
0

Page:

This topic is closed for new posts.