Throughout history, data has been recorded and documented in many different ways. From painting on walls to writing scribes to printing books to digitizing information, the world will continue to find increasingly unique and complicated ways to store and share all of this information. But with each of these developments comes a new challenge, because no matter how many new ways are created to store and share data, there will be an equal number of ways to destroy and lose that data.
And once that data is destroyed, is it really gone forever?
Today, when media is not destroyed with high security end-of-life equipment, there is almost always a chance that some, if not most, data can be recovered. But in the past, it was much harder to recover records that were seemingly destroyed beyond repair. This didn’t stop talented groups of people, enemies in war, and researchers from attempting to try, and this post will examine a few of the notable times in the last century that data recovery was used when all was thought to be destroyed or lost.
The US Embassy in Tehran, Iran
In November 1979, after years of tension across various issues, the Iranian Revolution erupted as a push back against the Shah leadership to replace the government with an Islamic republic. At the time, the US backed the Shah leadership that was being revolted against, and, during the revolution the embassy located in the Iranian capital, Tehran, was overrun by students in the city who were part of the revolution. This takeover began what is now known as the 444 Day Crisis, a hostage situation that would define Jimmy Carter’s presidency and last over a year to see its eventual conclusion.
Acting as fast as they could, CIA personnel within the embassy tried to destroy and shred all of the classified materials that resided within the complex until the last moment of capture, but unfortunately they couldn’t destroy everything. It turns out that even the classified materials that were shredded were not completely safe from the Iranian forces that moved in, holding the now 52 hostages prisoner within the embassy. During the next 444 days, and the years that followed, the Iranian government dedicated a team to focus on manually reconstructing the shredded data, eventually publishing the classified materials for the world to see.
The documents contained a variety of classified materials and top secret information. Some of the information contained details on US plans to recruit high ranking Iranian officials, journalists, and more. They also included information on how to open safes within the embassy, photos of Russian air bases, and detailed biographies of persons of interest in Iran and the surrounding nations. This loss of classified data was considered to be the single largest loss of materials at the time, and the effects of the hostage situation and revolution are still felt around the world today.
The National Personnel Records Center Fire
On 12 July, 1973 fire alarms sounded as the Military Personnel Records Center had a fire break out on the sixth floor, the top floor of the building. This branch of the National Personnel Records Center was home to over twenty million records of past United States service members from the 20th century. All with no duplicates, back up, or photocopy. The fire would continue to burn out of control in the building that was over 1.2 million square feet, nearly three football fields long by one football field wide, and ultimately took two days until the fire was completely extinguished.
At the time of the fire, over 52 million records were housed in the Military Personnel Records Center. By the time the fire was put out on July 14, the entire sixth floor was destroyed and an estimated 16-18 million records were damaged or lost, including roughly 80 percent for Army personnel discharged between 1912 and 1960 and 75 percent for Air Force personnel discharged between 1947 and 1964. Since no backups of any of the records existed, damaged and partial records were saved and documented in the hopes that some form of recovery could be possible.
Almost immediately, a team was assembled to work on a data reconstruction initiative. Records that were only partially damaged were manually reconstructed, while the majority were stored to be accessed at a later date. These records were vacuum dried and then frozen to store away so that the paper wouldn’t degrade any more than the deterioration that had already occurred. A team of 30 full time employees work specifically with responding to families requesting information related to files lost or damaged in the fire. An additional 25 employees work on preservation, attempting to store and reconstruct the damaged files. In the beginning, any reconstruction effort was done manually by these 25 employees, using nothing but their eyesight to try and reassemble the burnt pieces.
Advancements in technology in recent years have allowed for faster and easier reconstruction. While still difficult, infrared sensors and cameras can now pick up additional data that the naked eye cannot see. These exposed patterns from the infrared sensors allow data reconstruction specialists to take pictures showing this data. It is then further manipulated in software like Photoshop, ultimately allowing specialists to identify and place pieces together to complete the puzzle that would have been impossible years prior.
The team continues to receive over 5,000 requests a day and are constantly observing new technologies that can aid in reconstructing the lost information.
The Columbia Space Shuttle
On 1 February 2003, the space shuttle Columbia was making its re-entry into the earth’s atmosphere after 17 days in space. Unknown to the team members, a piece of the shuttle’s insulation foam had become detached from the space shuttle, causing it to catch on fire and combust upon its re-entry. The disaster resulted in the loss of life of everyone on board and the shuttle completely disintegrating as it fell to earth. Six months later, in a muddy riverbed, a rotational hard drive was found that was believed to be from the shuttle, and Kroll Ontrack was hired to try to recover the data off of it.
The drive was present on the Columbia during the explosion upon re-entry into the Earth’s atmosphere. Then, after the explosion, the drive fell over 40 miles at terminal velocity while on fire into a riverbed, where it stayed for six months prior to being found. Ultimately, once the team finished their work, over 99% of the data that resided on the drive had been recovered.
To begin the data reconstruction process, the exterior of the drive was carefully cleaned and deconstructed, allowing the team to extract the rotating metal plates. After carefully reassembling the plates to working condition, they were placed in new hardware that allowed them to spin again and see the information that had been gathered from outer space. Ontrack today continues to use their expertise to extract data off of media that is deemed impossible to recover.
Why Proper Data Destruction Matters
Why do all of these data reconstruction stories matter? Apart from them being incredible feats of (both good and bad) data reconstruction, it drives home the important message that disposing of data properly is imperative. A drive falling from outer space on fire is not secure. Shredding documents through embassy shredders is not enough. A fire burning for over a day that destroys 18 million documents wasn’t enough to destroy everything completely.
So, if data is present that is classified, top secret, or even contains personally identifiable information (PII), precautions need to be taken to ensure that data is disposed of securely. Having the correct equipment, and finding the right data decommissioning plan, is the first important step. That way data that is supposed to be gone forever, stays gone forever.
Also, if you think you lost data, chances are there’s a way to get it back. Even if you fell from space.