Tag: storage

Why so much data?

December 4, 2021 /

New Year is coming, and usually, during this period, people assess what they did during the previous year. As a person with skills and experience in the defensive part of cybersecurity, I am always quite sensitive about sharing information, contracts, and legal documents with anyone, including institutions. During the last year on multiple times, I had to present official documents and explanations of why and how I did something. On one of the occurrences, I had to deliver around 20, again 20 papers to prove my right. Some of the documents did not relate to the right I wanted to execute, but the institution tried to enforce on me their policy. The representatives in the office even told me that I should trust the institution and that this was the first time someone asked for their data retention period, how they will assure that they will destroy the documents after that period and why they need the data at all.

During the last year, all of these experiences triggered the following questions in my mind – Is my data safe in any institution? Will it be in a safer place if I take care of my data, but not an institution? Can an ordinary person achieve a better level of security than an institution? 

The diagram shows a standard SSD storage system architecture used in almost all database systems. Because of its unique way of storing information, the standard secure delete procedures do not erase the data securely. Special tools are needed for this action, and we could only hope that the institution SysOps department is qualified enough to erase the information properly

For all of these questions, the answers are usually – it depends on the level of expertise of the defending side. So it largely depends on the professionals the institution hired. To strengthen my statement, I can list several case studies that showed how attackers could penetrate even institutions and leak data:

  • Bank Hack: During a regular penetration testing exercise, a team of white hats managed to penetrate multiple office branches of a substantial French bank. Only in one of the offices did the employees ask the penetration expert to identify himself and ask the headquarters whether they sent anyone.
  • Government Taxes Authorities Hack: A couple of years ago, a hacker managed to leak multiple gigabytes of data from the Bulgarian Taxes Agency. The security hole had been opened for an extended period, reported numerous times, and no one took action to close it.
  • Universities Hack: At the beginning of 2021, multiple US universities, including members of the Ivy League, were hacked, and the personal information and documents of their students, lecturers, and professors were leaked to the public.

In conclusion, I think we could safely assume that taking care of our data is our right and responsibility. I am happy to delegate this responsibility only to legal professionals (lawyers, notaries, and judges). They work with confidential documents every day and know how a data leak can affect people. In any other case, sharing data with 3rd parties must come with at least a declaration for their data retention practices and how they destroy the data (there are security practices for doing that correctly). 

Cybersecurity tactics for small teams – Physical Security – part 2

June 1, 2021 /

Please check the previous part – here.

The same concerns as to real estate apply to all vehicle-related threats. Hackers can use your vehicle to track your activities and to decide when to execute an attack towards you. As a final list of perils, I would like to mention the dangers related to garbage. Most people do not consider their garbage as a cybersecurity threat. However, the truth is – this is usually the best source of intel for a given hacker organization. Let me list the different threats your garbage generates, and after that, we can create a simple budget of how to keep your and your devices secure:

  • Paper: Every paper document with personal data, addresses, or buying preferences leads to information leaks, which any hacker group can use to penetrate your defenses. A paper retention policy is a must for every organization these days.
  • Hard Drives: Techniques for data forensics become more and more advanced. Hackers can use these techniques to retrieve data from hard drives and SSD drives found in the garbage. It is better to treat your Hard and SSD drives as paper documents and not resell or throw them away.
  • Mobile Phones: Modern mobile phones are computers. Deleting data from them is pretty tricky. To keep your organization safe, you must treat them similarly to paper documents and hard drives. 
  • Electronic Devices: Every smart device in your home and office is a low-level mini-computer that stores and records data. Hackers can read the storage chips of these devices with proper machinery. They can use the data stored there for malicious activities.
You can see a diagram showing how a small organization or even a freelancer handles their priorities in terms of cybersecurity. Everything starts with the digital garbage and its retention policy.

You can notice that the number of attack vectors to your persona is quite significant. And we are only in the physical security realm, without mentioning any digital space. As promised at the beginning of the article, I shall present a simple list of tools and activities, together with a budget. Using them, you can set up your cyber defenses on a limited budget:

  • Hardware toolkit (100$): This toolkit will give you the availability to disassemble all of your electronic devices and destroy them. If you have better knowledge of electronics, you can cut the power of your laptop microphone and camera. 
  • Paper Shredder (50$): A shredding machine can destroy paper documents, credit cards, and everything which looks like a paper-sized card. Still, cutting through the papers is just a first step, but not enough.
  • Camping Gear (50$): There is no better way of document destruction than burning them. With camping gear, you can go to the woods, have a barbecue, and meanwhile destroy all of your not-needed documents.
  • Safe (500$): Paper is the ultimate data storage. With proper care, it can survive over 100 years or more. Still, you must keep the paper somewhere, and there is no better place than a safe. For this money, you can get a safe the size of a standard desktop drawer unit. It is more than enough to store all of your documents.
  • Home And Vehicle Security Systems (4000$): Still using security systems without a network system can be pretty advantageous for you. An isolated security system can send you SMS messages when an event happens. Sure it is a little bit more expensive, but the only way of disabling such systems is by bringing a Faraday cage.

With a total budget of around 4700$, we achieved a pretty good level of security. Still, a determined attacker can penetrate this setup, but it will take him more time and resources. To break a safe, you should cut through it. And this generates sound. Sound is terrible for attackers, and it can alert neighbors.

In conclusion, just one more piece of advice. When you choose electronic devices (including a car) for your home, please research how smart the device is. The more intelligent it is, the more prone it is to hacking. Devices without Internet access are the best because the chance of hacking is relatively low or nearly zero.

Next part – here.

Photo of my last garbage destruction event. You can see the old paper documents burned.

Security dangers of DNA based storages

May 27, 2021 /

Data storage was never such a big issue in the past. However, nowadays, every day, we produce a massive amount of data. The newest form of storing data is DNA sequencing. The current leader in long-term storage is magnetic tape. Unfortunately, magnetic tapes can store data only for thirty years. One device has the capacity of only a terabyte of data. In comparison, DNA Fountain-based storage could store data at a density of 215 petabytes per gram of DNA.

But to store a massive amount of data in such a tiny medium has its unique list of dangers. Let us look at those potential risks one by one.

  • Risk for Computers: At the moment, there is no threat to your computer by storing data into a DNA sequence. However, similar to every data medium, hackers can use DNA storage to keep and spread malware.
  • Intentional insertion of malware:  Unfortunately, one of the main disadvantages of using DNA-based storage is that the physical world can modify your DNA. A skillful attacker can create an entirely different set of threats such as biological viruses or bacterias, transmitting and injecting malware programs into your DNA storage.
  • No way to erase the storage: Once written, DNA is usually quite tricky to modify. We should treat the DNA-based storages such as highly capable compact discs with slow rewriting capabilities. The most trustful way to erase such storage is to eradicate it.
  • Easier to physically steal: How do you assure the physical security of under one gram of data? Do we store it in a safe? Sure, but hackers can make a hole in your safe and steal your data. The size of DNA-based storage devices introduces an entirely different set of challenges for your physical security.
A sample diagram of how DNA-based storage works. To record your data into DNA, you can create an entirely new footprint with your data encoded as Nucleo code. After that, you have to synthesis it into a DNA sequence.

Benefits of using DNA based storages:

Despite the threats, we could still prefer DNA-based storage in the future because it can store data for thousands of years, unlike hard drives. The information stored in DNA will not go extinct until human beings exist. These characteristics make DNA-based storage a perfect replacement for the currently used cold backup systems such as magnetic tapes.

How to control the security threats associated with DNA-based storages?

Fortunately, at this current moment, there is no significant adoption of DNA-based storage devices. The current leader is magnetic tape and will stay the same for foresee future. At the same time, the ordinary person does no use magnetic tape to store data. Usually, we use a collection of hard drives with multiple copies of our data. With this in mind, we can deduce that DNA-based storage will find its use mainly in data centers and big corporations’ data storage departments. Still, it is essential to understand that we must implement an entirely different set of techniques when we speak about DNA. With our current speed of technological development, it is quite possible to have DNA-based storage in our homes or bodies in the next decade or two.

Way Out of these Threats:

In conclusion, DNA-based storage is just another data medium. To secure the data stored there, we can use the same set of principles for storing data in hard drives. We could use strong encryption, excellent authentication, and a sound policy to store your data on a digital device or in paper documents.