Hidden Computer Data: The Overlooked Cybersecurity Threat
By Devin Richardson
Student, Homeland Security at American Military University
In light of major cyberattacks and cyberespionage occurring in the past few years, including incidents involving Sony, Target, the U.S. government and hundreds of other victims in the United States, cyber professionals have focused on a deterrence by denial method of defense. According to cybersecurity commentator Madison O’Day, “It has been U.S. policy to confine our defense almost exclusively to deterrence by denial.”
But not all threats can be deterred or neutralized. A key characteristic of a cyber-related deterrence by denial approach is the comparative lack of mitigation for those occasions when an attacker does break through security measures.
Encryption is a common end-all solution, following the logic of “if the information cannot be read, having access is meaningless.” While this method of cyber defense depends on the skills and knowledge of attackers, there is a systems security vulnerability that is commonly overlooked by cybersecurity professionals: ‘deleted’ information that is present on a computer’s drive.
‘Deleted’ Documents Valuable to Attackers
How does hidden data pose a security risk? Deleted information ranges from useless to invaluable. It includes local files such as emails, memos, drafted documents and outdated documents.
Other information comes from web usage, such as browser cookies, temporary files, chatroom communications and usernames. Files that seem useless to users are invaluable to attackers, who mine those files for useful information.
Deleting Computer Files No Guarantee That Data Vanishes Forever
When a user deletes a file on a computer, the file is often not actually removed or erased. The file’s ‘blocks’ (the units by which files are stored and divided) have their designation changed from allocated to free. Until those blocks are allocated to a new file and are overwritten, a hacker is able to retrieve those ‘deleted’ files.
The same block designation scheme applies to Windows’ Quick Format. Using this formatting tool only deletes drive organization functions such as the file allocation table and the root directory. Computer files remain present until they’re overwritten.
By analyzing information recovery methods, cyber professionals can better account for and deal with hidden data in security systems. The technical knowledge used by digital forensic investigators is identical to that which attackers utilize but with a different end goal.
Attackers should not be underestimated. They are extremely well versed in computer functionality and science, and go head-to-head with cybersecurity experts in a cyber-game of cat and mouse.
SSDs and Security Software Effective Methods of Deleting ‘Hidden’ Data
Fortunately, there are ways to nullify the risks posed by hidden information, whether security breaches occur via physical or remote access to computer systems. There are two notable solutions: the use of a Solid State Drive (SSD) and a wide selection of software suites.
An SSD uses flash technology that requires blocks to be wiped before a write operation can be used, leading the drive to utilize unoccupied blocks. Due to the inevitable amount of unnecessary occupied blocks, the drive runs a background ‘garbage collection,’ physically erasing blocks designated for deletion. This action severely limits recovery operations, and is called ‘self-corrosion’.
Unfortunately, SSDs tend to be cost-prohibitive. Software toolkits are an alternative method of defense. Ranging from freeware ‘file-shredder’ applications to multi-thousand-dollar forensic toolkits, software is more common than hardware in cybersecurity, meeting the security requirements of many users.
For individuals, a file shredder and a security-oriented web browser should suffice to deal with any data to be erased. For organizations and companies, though, it is worthwhile to invest in SSDs for their systems in addition to applications deemed necessary by the systems security administrator and the organization. Software and hardware both hold their place in a comprehensive security framework and effectively nullify the dormant risk of hidden data when they’re applied properly.
About the Author
Devin Richardson is an undergraduate Homeland Security major at American Military University and a member of the University Ambassador program. He is concurrently studying cybersecurity through the Texas A&M University System and is qualified by FEMA as a Professional Continuity Practitioner.