Paul Falcone, Author at SEM Shred

A History of Data Reconstruction and Why Proper Data Destruction Matters

January 20, 2020 at 8:00 am by Paul Falcone

Throughout history, data has been recorded and documented in many different ways. From painting on walls to writing scribes to printing books to digitizing information, the world will continue to find increasingly unique and complicated ways to store and share all of this information. But with each of these developments comes a new challenge, because no matter how many new ways are created to store and share data, there will be an equal number of ways to destroy and lose that data.

And once that data is destroyed, is it really gone forever?

Today, when media is not destroyed with high security end-of-life equipment, there is almost always a chance that some, if not most, data can be recovered. But in the past, it was much harder to recover records that were seemingly destroyed beyond repair. This didn’t stop talented groups of people, enemies in war, and researchers from attempting to try, and this post will examine a few of the notable times in the last century that data recovery was used when all was thought to be destroyed or lost.

The US Embassy in Tehran, Iran

In November 1979, after years of tension across various issues, the Iranian Revolution erupted as a push back against the Shah leadership to replace the government with an Islamic republic. At the time, the US backed the Shah leadership that was being revolted against, and, during the revolution the embassy located in the Iranian capital, Tehran, was overrun by students in the city who were part of the revolution. This takeover began what is now known as the 444 Day Crisis, a hostage situation that would define Jimmy Carter’s presidency and last over a year to see its eventual conclusion.

Acting as fast as they could, CIA personnel within the embassy tried to destroy and shred all of the classified materials that resided within the complex until the last moment of capture, but unfortunately they couldn’t destroy everything. It turns out that even the classified materials that were shredded were not completely safe from the Iranian forces that moved in, holding the now 52 hostages prisoner within the embassy. During the next 444 days, and the years that followed, the Iranian government dedicated a team to focus on manually reconstructing the shredded data, eventually publishing the classified materials for the world to see.

The documents contained a variety of classified materials and top secret information. Some of the information contained details on US plans to recruit high ranking Iranian officials, journalists, and more. They also included information on how to open safes within the embassy, photos of Russian air bases, and detailed biographies of persons of interest in Iran and the surrounding nations. This loss of classified data was considered to be the single largest loss of materials at the time, and the effects of the hostage situation and revolution are still felt around the world today.

The National Personnel Records Center Fire

On 12 July, 1973 fire alarms sounded as the Military Personnel Records Center had a fire break out on the sixth floor, the top floor of the building. This branch of the National Personnel Records Center was home to over twenty million records of past United States service members from the 20th century. All with no duplicates, back up, or photocopy. The fire would continue to burn out of control in the building that was over 1.2 million square feet, nearly three football fields long by one football field wide, and ultimately took two days until the fire was completely extinguished.

At the time of the fire, over 52 million records were housed in the Military Personnel Records Center. By the time the fire was put out on July 14, the entire sixth floor was destroyed and an estimated 16-18 million records were damaged or lost, including roughly 80 percent for Army personnel discharged between 1912 and 1960 and 75 percent for Air Force personnel discharged between 1947 and 1964. Since no backups of any of the records existed, damaged and partial records were saved and documented in the hopes that some form of recovery could be possible.

Almost immediately, a team was assembled to work on a data reconstruction initiative. Records that were only partially damaged were manually reconstructed, while the majority were stored to be accessed at a later date. These records were vacuum dried and then frozen to store away so that the paper wouldn’t degrade any more than the deterioration that had already occurred. A team of 30 full time employees work specifically with responding to families requesting information related to files lost or damaged in the fire. An additional 25 employees work on preservation, attempting to store and reconstruct the damaged files. In the beginning, any reconstruction effort was done manually by these 25 employees, using nothing but their eyesight to try and reassemble the burnt pieces.

Advancements in technology in recent years have allowed for faster and easier reconstruction. While still difficult, infrared sensors and cameras can now pick up additional data that the naked eye cannot see. These exposed patterns from the infrared sensors allow data reconstruction specialists to take pictures showing this data. It is then further manipulated in software like Photoshop, ultimately allowing specialists to identify and place pieces together to complete the puzzle that would have been impossible years prior.

The team continues to receive over 5,000 requests a day and are constantly observing new technologies that can aid in reconstructing the lost information.

The Columbia Space Shuttle

On 1 February 2003, the space shuttle Columbia was making its re-entry into the earth’s atmosphere after 17 days in space. Unknown to the team members, a piece of the shuttle’s insulation foam had become detached from the space shuttle, causing it to catch on fire and combust upon its re-entry. The disaster resulted in the loss of life of everyone on board and the shuttle completely disintegrating as it fell to earth. Six months later, in a muddy riverbed, a rotational hard drive was found that was believed to be from the shuttle, and Kroll Ontrack was hired to try to recover the data off of it.

The drive was present on the Columbia during the explosion upon re-entry into the Earth’s atmosphere. Then, after the explosion, the drive fell over 40 miles at terminal velocity while on fire into a riverbed, where it stayed for six months prior to being found. Ultimately, once the team finished their work, over 99% of the data that resided on the drive had been recovered.

To begin the data reconstruction process, the exterior of the drive was carefully cleaned and deconstructed, allowing the team to extract the rotating metal plates. After carefully reassembling the plates to working condition, they were placed in new hardware that allowed them to spin again and see the information that had been gathered from outer space. Ontrack today continues to use their expertise to extract data off of media that is deemed impossible to recover.

Why Proper Data Destruction Matters

Why do all of these data reconstruction stories matter? Apart from them being incredible feats of (both good and bad) data reconstruction, it drives home the important message that disposing of data properly is imperative. A drive falling from outer space on fire is not secure. Shredding documents through embassy shredders is not enough. A fire burning for over a day that destroys 18 million documents wasn’t enough to destroy everything completely.

So, if data is present that is classified, top secret, or even contains personally identifiable information (PII), precautions need to be taken to ensure that data is disposed of securely. Having the correct equipment, and finding the right data decommissioning plan, is the first important step. That way data that is supposed to be gone forever, stays gone forever.

Also, if you think you lost data, chances are there’s a way to get it back. Even if you fell from space.

Data Destruction and the Environment

January 7, 2020 at 9:00 am by Paul Falcone

With today’s intense focus on protecting and preserving the environment, the data destruction industry will play an important role. As the need to create, store, and transfer ever-larger amounts of data grows exponentially, the capability to practice destruction techniques that are not only effective but environmentally friendly will set industry leaders apart.

Since mandated particle destruction sizes for sensitive, personal, and classified information continue to decrease due to the increasing sophistication of cyber criminals at harvesting data from inadequately destroyed devices and content, these incredibly minute materials become extremely difficult to recycle. At the same time, data end-of-life destruction equipment often uses oil and other forms of nonrenewable energy to function, thereby creating additional environmental issues.

This blog discusses the various challenges the data destruction industry faces across all destroyed media types—from paper to optical media and electronic storage media—as well as the continual advances being made to steer the industry in a greener direction.

Paper

Although paper is universally considered recyclable material, there are restrictions the data destruction industry must keep in mind. First and foremost, the recycling process is such that paper must first be severely compacted in volume, since it is spread on a screen to dry. Given that tiny bits of loose paper typically get stuck in, or fall through, the screen and ruin the process, shredded paper is often rejected by recyclers.

Several U.S. municipalities do have designated drop-off points for shredded paper, but the rules vary by jurisdiction. Some larger shredding companies have existing deals with recycling centers to address this growing issue, while other recyclers charge supplemental fees for picking up shredded paper.

Fortunately, companies like SEM produce equipment that automatically compresses shredded paper into briquettes, which are generally accepted at recycling centers. In conjunction with briquettor systems, SEM also offers the industry’s only high-security, oil-free paper shredder to minimize environmental impact. With paper compacted into readily recyclable briquettes, companies can save costs by not having to pay supplemental recycling fees.

Optical Media

Optical media (e.g., CDs, DVDs, Blu-ray Discs) represent one of the greatest recycling challenges in today’s data destruction industry. Since optical discs are made of plastic resins and do not usually contain specific resin identification codes, they are commonly rejected by traditional recycling companies.

Although the Internet is riddled with “DIY solutions” for repurposing used optical discs, these options are unacceptable for companies that handle highly sensitive data, since those companies must comply with extremely rigid data destruction regulations (e.g., particle size restrictions) that prevent media storage and data reconstruction. For example, the National Security Agency (NSA) mandates that classified data on optical media must be destroyed to a particle size of no greater than 5mm² for CDs and 2mm² for Blu-ray Discs and DVDs. This essentially reduces the discs to dust, rendering them impervious to data harvesting.

Currently, CD Recycling Center of America does offer optical media disc recycling. The organization will take previously shredded discs as well as discs to be shredded. As of this writing, the Center offers the most complete solution for recycling shredded discs that previously stored classified, sensitive, or personal information.

Hard Disk Drives (HDDs)

HDDs are electro-mechanical data storage devices created with various metal and plastic alloys, most of which are recyclable and reusable. Although there are numerous HDD recycling options, companies dealing with classified, sensitive, or personally identifiable information (PII) must first shred or otherwise destroy physical drives to guarantee the impossibility of data recovery.

Completely shredding storage media onsite and then recycling HDDs is the best option for ensuring data destruction and practicing environmental sustainability. However, be advised: While there are many services that offer to destroy HDDs and send certificates of destruction, this does not release the company where the data originated from liability in the event of data theft or data compromise. This is particularly relevant to all companies housing sensitive data, since the internet is rife with stories about old HDDs scheduled for data destruction and recycling that are found on sites like eBay with the data still intact.

In short, the most secure (and least costly) way to ensure that HDDs are “recycle-ready” is to destroy them in-house, using equipment from companies like SEM. The destroyed materials can then be sent to certified recyclers to avoid contributing to the massive amount of nonbiodegradable e-waste that finds its way into landfills. For perspective, approximately 44.7 million metric tons of e-waste was relegated to landfills worldwide in 2016 alone.

Flash Media (USB Drives, Solid State Drives [SSDs])

Flash media take many different forms, with the most common being SSDs, USB flash drives, and cellular devices that use SIM cards. To ensure total data eradication, flash devices must be completely destroyed prior to recycling.

Publications like Wired imply that you can wipe the data clean yourself and then sell or give the device away for reuse. Again, a word of caution for companies handling sensitive, classified, or personal data: There are countless instances of old flash drives and cell phones being purchased with their data still readily accessible. According to the Department of Homeland Security Cyber+Infrastructure division, physical destruction is the “ultimate way to prevent others from retrieving your information.”

Fortunately for the green-minded organization, many materials used in the construction of flash media are recyclable after shredding. Some technology manufacturers such as Apple offer recycling options for SSDs, as do some municipal and private recycling companies. In addition, organizations like Sipi Corporation specialize in refining and recycling valuable assets. Sipi uses recyclable materials from drives and phones to create new usable compounds, as well as to harvest existing compounds such as the minimal amounts of gold and silver present in most cell phones.

At a time when organizations are more environmentally conscious than ever, it’s important to discard end-of-life physical material as responsibly as possible. The first step is ensuring complete destruction of sensitive data in-house to mitigate the risks associated with data theft and harvesting. Companies like SEM offer a variety of destruction equipment that is in compliance with the strictest protocols from organizations like the National Security Agency and the European Union’s General Data Protection Regulation (GDPR). The second step is identifying internal processes or external parties capable of recycling used physical materials so they don’t end up in landfills.

Happy Holidays From SEM!

December 16, 2019 at 6:52 pm by Paul Falcone

As the end of the year approached, SEM employees from across the country came to headquarters in Westboro, MA for a look back at 2019 and to enjoy some festivities. The last week was filled with sneak peaks at new products, axe throwing, good food, and good company!

First up, SEM’s best in class service team went to Half Axe for some axe throwing followed by dinner to celebrate the end of the year together as a team.

The entire company then gathered at Civic Kitchen in Westboro for some great food, drinks, and entertainment! The night ended with a vicious game of trivia that split the company into five teams, with the winners getting some awesome prizes.

Todd Busic and Jeff Lanoue caught up on sales discussions

During the evening, President Andrew Kelleher handed out service awards to team members

Tricia and Josh Burton enjoyed some amazing food

Heidi White talked Lee Bingham into a selfie

Aaron Lebo and Chuck O’Laughlin goofed for the camera on the last day

That’s a wrap on 2019. Special thanks to our team from all departments who work so hard to produce quality products that are delivered throughout the world. From everyone here at SEM, happy holidays and we will see you in the new year! Here’s to 2020.

Why Data Centers Need Formal Data End-Of-Life Processes

at 4:02 pm by Paul Falcone

Concerns about data security and privacy are no longer restricted to just IT and security professionals. Due to more mainstream security breaches—as well as documentaries like Netflix’s The Great Hack—people everywhere are now concerned about the disturbing implications of today’s data-saturated, data-driven cultural environments.

Data centers are at the heart of both the problem and solution regarding sensitive data storage, security, and decommissioning. Many people falsely believe data centers are becoming obsolete because of the omnipresent cloud; in reality, cloud data is reliant on reimagined data centers being able to handle the ever-increasing capacity of data that is transferred. A 2016 study estimates that global IP traffic will reach 3.3 zettabytes by 2021. (If that doesn’t sound too impressive, consider that one zettabyte is equal to one sextillion bytes or one trillion gigabytes.)

The costs of setting up and maintaining a data center can be astronomical. Even if situated on existing property, data centers cost an estimated $200 per square foot to build. This figure does not include the tens of thousands of dollars that could be spent to have fiber installed to reach the location, nor the daily operating expenses the facility incurs in and of itself.

To maximize ROI, data center operators often skimp on hardware and software upgrades/installations when their current system has reached end-of-life. Some operators also waste physical space storing old equipment that contains sensitive or classified data because they lack the means to destroy it. Many data centers rely on third-party on-site or off-site solutions that may be ineffective; in fact, these “solutions” can often end up costing exorbitant amounts in instances like breaches of equipment that unjustifiably “escaped” destruction. Ultimately, the failure to create and act on a thorough in-house end-of-life process can cost data centers in several respects, including lost business to better-equipped, more-secure facilities and financial penalties for noncompliance with regulations like HIPAA, PIPEDA, or the GDPR.

The Importance of Having an In-house Data Security and Destruction Process

The first rule of data security is to maintain control of the data throughout its entire lifecycle—something that’s simply not possible when using a third-party destruction vendor. A 2017 study from Kroll Ontrack demonstrates how assurances from third parties often prove meaningless. The company purchased 64 used drives on eBay and discovered that many of them still contained sensitive information despite the sellers’ assertions that the devices had been effectively wiped. In 2009, BT’s Security Research Centre headed a study examining the purchase of 300 secondhand hard disks. Alarmingly, one disk contained classified details regarding the Terminal High Altitude Area Defense (THAAD) ground-to-air missile defense system used to shoot down Scud missiles in Iraq.

It’s an eye-opening reminder: To guarantee complete, error-free data end-of-life destruction, data centers must assume firsthand control and oversight of the underlying processes.

Managing End-Of-Life Hardware and Software

A crucial component of a through end-of-life process will address the technology used to store and encrypt data. As technology marches forward, manufacturers are constantly releasing new hardware and software versions to ensure systems can be kept current with regard to efficiency and security functionality and capabilities. Over time, manufacturers stop offering tech support, updates, and critical patches to products that are discontinued, giving cybercriminals ample opportunities to exploit security vulnerabilities and breach outdated security firewalls. Specifically, widespread damage—including corruption and theft of data—can occur if end-of-life technologies (e.g., operating systems) are still used by facilities like data centers. For example, Microsoft stopped offering mainstream support in 2011 and extended support in 2014 for Windows XP. Despite this, VICE’s Motherboard found that London’s Metropolitan Police had over 35,000 computers still running the aging operating system well into 2015. Since a police department houses a great deal of sensitive data, such a situation is highly disconcerting.

All data centers should employ a Chief Security Officer (CSO) or a Chief Information Security Officer (CISO) to manage their end-of-life plans for all data and equipment. As manufacturers release new software and hardware, it is imperative to ensure that current systems are still supported and that a plan exists to replace or destroy outdated equipment before it becomes vulnerable.

Wiping or Storing Old Equipment is not Sufficient

Don’t be swayed by claims alleging that saving the environment requires that old hard drives or machines still be functional in order to be recycled. The reality is that thoroughly destroyed hard drives can just as easily have their materials harvested for recycling. By not destroying hard drives and relying on data wipes instead, data centers greatly increase the chances that the data survives and that it can fall into the hands of whomever purchases or finds the devices.

Many organizations retain outdated devices simply because they are unsure how to dispose of them. Moreover, these companies often falsely assume that literally “closeting” these devices (and their embedded data) somehow eliminates all possible risks of data theft.

Given the realities of life, however, that’s a dangerous assumption. Remember that data is always subject to theft or corruption as long as it remains intact (in fact, as long as humans are subject to making mistakes or being anything less than one-hundred-percent vigilant!). Case in point: In 2015, Fortune 500 health insurance provider Centene Corporation realized that six unencrypted hard drives containing protected health information for 950,000 people went missing. And in August of 2019, the New York City Fire Department lost a hard drive containing over 10,000 medical records.

The most effective solution involves in-house destruction of data storage devices, including highly durable enterprise-class hard drives, to NSA standards. By owning in-house destruction equipment, you will save costs over the long term—not just by avoiding third-party service fees, but also by mitigating the risks and avoiding the catastrophic consequences of a major data breach and the associated regulatory fines. Companies like SEM offer a wide variety of NSA-rated equipment to handle all your in-house data destruction needs; in fact, SEM is the only manufacturer offering equipment that’s capable of destroying enterprise-class drives like those used in data centers.

Data Storage Technology: Then and Now

December 5, 2019 at 2:29 pm by Paul Falcone

Data is stored in a wide variety of ways to perform a seemingly limitless number of applications. In essence, whether you’re filing paper in a cabinet, burning files to a disk, or writing information on a hard drive, you are manipulating data. And in today’s digital age, we are witnessing continually expanding capabilities for the creation, dissemination, and destruction of data.

As these capabilities grow, so too does the need to store more data in more electronic formats. Consider, for example, that in 2018, it was estimated that over the previous two years alone, 90% of all the world’s data was generated. Of necessity, manufacturers have responded by producing new technology that stores unprecedented amounts of data.

With data storage technology rapidly evolving and being adopted by businesses across all industries, organizations are being forced to likewise adopt and implement data management and data end-of-life destruction plans that are aligned with these new data storage processes. As such, it’s important to have an understanding of today’s state-of-the-art storage media technology.

Hard Disk Drives (HDDs)

Hard disk drives are typically found in most laptop and desktop computers. They can be internally mounted within the computer chassis or externally connected through appropriate ports, such as USB. Within the HDD casing are spinnable metal disks (platters) with a mirror finish optimized for storing magnetic charges. These platters are divided into sectors that contain subdivisions measured in bits or bytes. Above the platters, the read and write head waits for instructions from the CPU and motherboard. After you click Save, the read and write head is directed to the appropriate sector on the platter to apply an electrical charge. Each bit within the sector will then carry a magnetic charge that translates to a binary 1 or 0, strung together to form a code capable of instructing your computer to complete a specific task, e.g. opening a saved document or utilizing saved software code to complete an update.The limitations with HDDs relate to their instability around magnetic fields, as well as the possibility for data to become scrambled if materials within the platter fail and become malleable when not intended to do so.

Western Digital and Seagate are championing new technologies: microwave-assisted magnetic recording, or MAMR, and heat-assisted magnetic recording, or HAMR, to further expand hard disk memory capacity. These new technologies utilize more stable materials when constructing the platters, resulting in smaller sector size that enables more data to be written on the platters. These materials are made malleable for data processing by using new HAMR and MAMR read and write arms. These innovations will bring consumer-level HDDs to the market that are as durable as current enterprise-level drives.

Solid State Drives (SSDs)

Unlike HDDs, SSDs use semiconductor chips built of transistors and cells (similar to the RAM chips attached to your motherboard) that utilize flash memory instead of magnetism for storage. Whereas RAM is referred to as a form of volatile memory (i.e., nothing is retained once the machine loses power), SSDs (like HDDs) are nonvolatile and retain data after a machine is powered down.

While HDDs utilize a spinning platter and mechanical parts that activate with the machine’s power, SSDs contain no mechanical parts. Instead, SSDs operate using NAND flash memory, the same technology utilized in thumb drives/small USB storage devices. There are two types of flash memory: NOR and NAND. NOR flash reads faster but is more expensive and takes longer to erase and write new data. NOR flash is ideal for high-speed, read-only usage such as code storage for devices like mobile phones and medical equipment. In contrast, NAND has a higher storage capacity than NOR.

NAND flash is ideal for typical SSD storage drives because their construction enables them to read and write new data much faster and also to house more data. NOR cells are wired parallel, while NAND cells are wired in a series. With fewer wires and cheaper construction costs, NAND cells are better suited for consumer SSD storage.

NAND cells form transistors arranged in a grid that receive precise charges to create 1s or 0s; if the current is blocked to a specific transistor, it has a value of 0, and if the transistor conducts the current, it has a value of 1. At the intersection of each column and row on the grid are two transistors called the control gate and the floating gate. The control gate accepts the charge and the electrons move to the floating gate and apply charges to the transistors, resulting in a unique pattern of 1s and 0s.

Given the way data is created, stored, and accessed, SSDs are able to access all pieces of data at an equal speed and read and write significantly faster than HDDs, which rely on a spinning disk and mechanical parts to locate the right data within the right region. A computer user employing powerful applications (e.g., video and image editors, animation software, large video games) would notice their computers operating significantly faster with an SSD than an HDD.

HDDs are still relevant, however, because of their potential longevity. SSDs can write data quickly to an empty space, but overwriting stresses the circuits and creates more transistor resistance. As information gets manipulated and rewritten on an SSD, the old data will be completely erased before the new data is saved. This could eventually render an SSD as a read-only device without the ability to manipulate or write new data to the drive.

Optical Storage Devices

Since the introduction of compact discs (CDs) in 1982, optical media has become ubiquitous. Even with the recent trend toward cloud-based, digital storage options, optical media is commonplace. Because of its potential for speed, stability, and the ease of reproduction, optical storage is here to stay for the forseeable future.

Optical devices use optical technology (i.e., the use of light to transfer data from one point to another) to write information to a surface that can then be interpreted by a laser. Optical media has three necessary layers: plastic, reflective aluminum, and polycarbonate. The laser forges nano bumps on the plastic layer of the disc in a spiral-shaped pattern that correspond to the 1s and 0s of binary code. When a computer uses a laser to read the data, the reflective aluminum layer bounces the laser back to a detector on the device that transcribes the 1s and 0s to conduct a specific action without having to access every file within the disc. The outer polycarbonate layer serves as a protective coat to preserve the integrity of the data on the disc.

As optical technology became more advanced, utilizing improved laser ability to create smaller bumps and compile more data within the plastic layer, digital versatile/video discs (DVDs) emerged in the late 1990s with the ability to store a significantly larger amount of data than CDs. Blu-ray technology advanced this innovation even further by utilizing a shorter-wavelength blue laser to create smaller bits of data on up to two plastic storage layers capable of storing 25GB of data each.

Implications for Data End-of-Life Destruction Solutions

As innovation continues to fuel the technological space and allows data to be stored in ever-smaller formats, the destruction of data at end-of-life becomes more challenging. Drives and disks must be broken down into even smaller pieces to ensure those tiny bits and bumps of data cannot be recovered by the increasingly sophisticated tools and expertise that characterize data criminals.

This is particularly important for companies and organizations that work with classified information, personally identifiable information (PII), or any other form of confidential/sensitive information. Creating an in-house plan utilizing sophisticated data end-of-life technology from companies like SEM—which currently boasts the only devices rated for the successful destruction of enterprise drives—is the best way to ensure total data annihilation. .

Security Engineered Machinery Donates Paper Shredder to Retired Marine Major

November 25, 2019 at 7:46 pm by Paul Falcone

Industry-leading data destruction device manufacturer provides Model 2125P paper shredder to retired US Marine Major James Manel as a thank you for his military service

WESTBOROUGH, MA, November 25, 2019 — Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, donated a new Model 2125P cross-cut paper shredder to retired US Marine Major James Manel. Major Manel, a longstanding user of SEM equipment, served 27 years of active duty including numerous senior intelligence roles as well as two deployments to Iraq.

*Major James Manel, retired US Marine Corps, with his new SEM 2125P paper shredder*

“I have used SEM shredding equipment across the spectrum of use cases, from Division G-2 staff to service level headquarters in the Pentagon as well as at intelligence components,” commented Major Manel. “SEM shredders have provided a class-leading level of durability and performance, both at home and deployed, that ensure the complete destruction of documents and provide peace of mind. Now, using the SEM 2125P in the home office brings professional quality and reliability as well as that same peace of mind to residential data security for my family. It also makes economic sense when you consider the monetary and time cost of home use shredders and how often they have to be replaced and the frustration of using them. SEM shredders truly have been a lifetime partner for data destruction in my professional life, and now at home as well.”

SEM learned of Major Manel after he had purchased a SEM paper shredder from a third-party surplus site. Upon receiving the shredder, Major Manel noted that it had a damaged cutting head and was missing both a power cord and automatic oiler, at which time he contacted SEM to procure replacement parts.

Command photo of Major James Manel during his time as Commanding Officer of the Marine Detachment at Defense Language Institute, Foreign Language Center, Monterey, CA

“When we learned that Major Manel had received a non-working SEM shredder, even though it was from a third-party, we knew we wanted to provide a replacement,” said Heidi White, SEM Director of Marketing. “Like countless other Veterans, Major Manel has made extensive personal sacrifices in support of our country for which we can never adequately thank him, and providing him with a new shredder was our small way of showing our endless gratitude.”

SEM cautions never to buy SEM data destruction devices from third-party surplus sites, noting that these devices are typically used, in non-working condition, and do not include any type of warranty. In contrast, every device sold by SEM or an authorized SEM reseller includes a warranty and access to SEM’s award-winning customer support team.

“Unfortunately, we do see this quite a bit, and we consistently caution people against buying SEM products from non-authorized sites,” noted Bryan Cunic, SEM Director of Customer Care. “Since we cannot replace every non-working shredder, we do encourage people to contact SEM prior to purchasing from a third-party to ensure the vendor is an authorized reseller. This quick phone call or email can save a lot of headaches in the long run.”

A Veteran-owned company, SEM has been the leading supplier of high security data destruction devices to the federal government and its entities for over 50 years. In 1968, SEM founder Leonard Rosen invented the world’s first high security paper disintegrator, and today SEM continues to innovate new products to destroy classified and sensitive data stored on a variety of media, both traditional and digital.

“There really is no other manufacturer that matches what SEM makes,” added Major Manel. SEM makes hardcopy destruction convenient and reliable in my experience. I am a huge fan of SEM products!”

Thank you, Major Manel, for your service.

The Effects of Compromised Personally Identifiable Information

November 12, 2019 at 2:42 pm by Paul Falcone

Today more than ever, data security is a hot-button topic, with serious data theft and data breaches seemingly occurring on a daily basis. Since storing sensitive personally identifiable information (PII) is now the norm for virtually all businesses, it is incumbent on those businesses to consistently ensure the integrity of that information.

Around the world, consumers are justifiably growing more concerned about data privacy. The European Union and countries such as Canada and the United States work to protect their individual and corporate citizens by enacting and enforcing regulations that restrict the use and flow of PII, as well as mandate how PII is stored, disseminated, and destroyed.

Although organizations subject to PII regulations incur steep fines for noncompliance, the consequences can be significantly more severe for the individuals whose PII is breached. For example, compromised data can be exposed to manipulation and illegal transactions that ultimately lead to wholesale identity theft. In 2017 alone, identity thieves pilfered $16.8 billion from 6.64% of U.S. consumers, or approximately one of every fifteen people.

Within an organization, it is critical that your data storage and data end-of-life destruction processes are invariably sound and thorough and executed error-free. As the following real-life examples demonstrate, any instances of irresponsibility or lapses in oversight—such as discarding paper without proper shredding or disposing of still-readable hard drives—can have dire consequences, particularly to individuals’ livelihoods and reputations.

2017: Medical Records in Public Trash Bins in Hawaii

An anonymous resident of Palolo, Honolulu, found a stack of approximately 50 residents’ personal and medical information while using a public-access trash bin. Evidently, a local therapy center discarded the paperwork without taking the necessary security measures. The documents contained a “fraudster’s treasure trove,” including complete social security numbers, pictures of driver’s licenses and extensive medical information. Thankfully, the documents fell into the right hands; otherwise, lives could well have been ruined.

2019: Used Electronic Storage Devices Contained PII

Companies relying on a data removal plan rather than a data end-of-life destruction plan should reconsider their strategy. A recent study conducted by Blannco analyzed 159 used storage drives purchased from eBay. The data removal company discovered that an astounding 42% of the drives (66) still contained data. More disturbingly, more than fifteen percent of the drives (25) still contained PII. Furthermore, one of those drives came from a software developer that had been granted government security clearance.

In another recent study, a Rapid7 researcher procured 85 discarded hardware components from businesses, including old computers, flash drives, phones, and hard drives. Of the 85 devices, only two had been properly wiped and only three were encrypted. In total, the researcher collected 611 email addresses, 50 birth dates, 41 social security numbers, 19 credit card numbers, six driver’s license numbers, and two passport numbers.

2010: Australians Have Identities Stolen by Hit Squad

Imagine being six-months pregnant, living in Israel, and yet somehow being wanted for murder in Australia. In fact, it’s a real-life nightmare for a former Melbourne resident. In 2010, she was one of three Australian citizens living in Israel who had their identities stolen and used by members of the Mossad hit squad while carrying out an assassination. In each case, the three individuals’ PII was swiped and used to forge passports in their names with the perpetrators’ photos. It has never been definitively determined how their PII was compromised.

2016: Albuquerque Man Arrested for Fraud—When He Himself Was the Victim

In 2016, a dispatcher for the Kirtland Air Force Base Fire Department and military veteran with a security clearance and no prior arrests was pulled over, detained, and booked in Las Vegas, New Mexico, on an outstanding fraud and forgery warrant. Subsequently, it was determined that a younger man had obtained the individual’s personal information in the fall of 2015. This younger man used the stolen ID to cash a check and was seen on camera. Despite marked differences in the two men’s physical appearances, the Albuquerque Police still issued a warrant for the dispatcher, resulting in a highly traumatic experience (which, by the way, led him to file a suit against local law enforcement).

2019: Woman Arrested After Identity Thief Steals Car Using Her Name

A 25-year-old Indiana woman was recently arrested and booked on charges of auto theft when an impersonator used her driver’s license to test drive and steal multiple vehicles. The woman did not know she was being investigated until she was detained two weeks after an incident. While she believes the identity theft was likely the result of a stolen purse, the exact circumstances are unknown since no arrests have been made.

Although it’s often impossible to know whether compromised data is the result of inadequate end-of-life procedures, faulty storage protocols, illicit cyber activity, or everyday petty theft, an overriding theme emerges from the above examples: given the extreme sensitivity of PII—and the dire consequences for individuals when PII is compromised—it is the legal and ethical responsibility of all businesses possessing PII to protect it. The onus is on them to ensure all reasonable measures and precautions are taken to ensure its absolute security and integrity, and, ultimately, its utter, irreversible destruction at end-of-life.

Companies like SEM provide state-of-the-art data end-of-life solutions that ensure PII is destroyed to the point of non-recovery, thereby mitigating the attendant risks of data theft and compromises for both individual and corporate citizens alike.

The History and Science of Degaussers

November 6, 2019 at 7:15 pm by Paul Falcone

Degaussing is a familiar word to those who work in the data destruction industry, military, or who work with magnetic media, but the science and history behind these machines may be lost to many. The truth is the concept of degaussing has been toyed with since the late 1800’s, and its implementation and uses have stretched around the world, across numerous world wars, and is currently used across a variety of industries and fields.

With the introduction of iron ships in the late 1800s, scientists and crew members began to take notice of the effects that new metal ships were having on compasses. Over the years, this was experimented with and explored until the first “degausser” system was installed on a warship by a Canadian chemist, Commander Charles F. Goodeve, for the British in World War II.

The discovery came after a counter measure was required to stop German mines from detonating in the water. In 1939, a poorly targeted German mine hit a beach in Britain that specialists were able to disarm and research. It was discovered that the mines had a device that would trigger detonation based on the surrounding gauss level, which is a unit of measuring magnetic density and named after Carl Fredrick Gauss. This meant that once a magnetically dense and charged metal ship entered the radius of the mine, it would automatically detonate and cause catastrophic damage to the ship. It was this discovery that Goodeve and his team used to develop and coin the term “degausser” which was then used on naval ships against the Germans for the rest of the war.

To degauss the ships, a system was implemented that installed electrical cables around the circumference of the ship’s hull all the way from the bow to the stern. Then an electrical current was sent through the cables that neutralized the magnetic field on the ship, rendering the ship degaussed. This discovery allowed the ships to pass by the enemy mines without them sensing a gauss level and detonating. They could also “wipe” a ship, which would remove its magnetic field for a few months, until a magnetic field was built up again.

After the war, the technology was expanded upon and used to “erase” data that was stored on tape and magnetic devices. Once computers and rotational hard drives became prevalent, degaussing became the de-facto way to ensure that sensitive data is erased and cannot be recovered. After this history, it makes sense that degaussing removes a magnetic field, but how does this affect the data that is stored on a device?

The magnetic field that is created by these storage devices is actually what also holds the data and information. The information saved is placed in a certain pattern within the magnetic field, allowing large quantities of information to be stored and accessed at the request of the user. This is why a degausser is such a trusted way to ensure data has been completed erased. When a magnetic hard drive is degaussed, the magnetic field around the drive is completely scrambled. The data that existed on the drive is split, rearranged, and stitched back together multiple time as the field that comes out of the degausser is completely unknown from the one that entered.

To give an idea of how much energy is actually used in some of these degaussers, a SEM Model EMP1000-HS will zap a drive with 2.0 Tesla (20,000 gauss), the mandated amount by the NSA to securely and confidently destroy HDDs with top secret and classified information. After putting a drive in one of these machines, the field can be completely destroyed in just seven seconds, making sure that no information can ever be stored or accessed again.

Today, degaussing equipment is still used on naval warships to evade enemy detection by gauss level. Media degaussers are also equipped on many of these same ships, but it doesn’t stop there. Other military branches, executive branches, data centers, and hospitals around the world will all often house some form of data destruction for these devices, and if it’s being done safely and securely, a degausser is present. Thanks to Charles Goodeve, his team, and a poorly launched German mine, degaussing now exists, and its technology and effectiveness will continue to be used for a long, long time.

The Move to 5G and Increased Data Size will Introduce Both New and Familiar Security Risks

October 31, 2019 at 12:25 pm by Paul Falcone

Destroying storage devices at end-of-life will be critical as data centers utilize new tech.WESTBOROUGH, MA, October 29, 2019 —Security Engineered Machinery Co., Inc. (SEM), global leader in high security information end-of-life solutions, published a whitepaper warning of the security risks that will be introduced as the transition from 4G to 5G rolls out over the next few years. The paper, written by SEM President Andrew Kelleher, stresses the criticality of having proper data decommissioning policies and equipment to securely destroy physical media that holds sensitive information in data centers around the world.

“We have seen the world’s information all move towards the digital format over the last decade with our communication, the internet, and streaming entertainment,” commented Kelleher. “Now, the upcoming transition to the 5G network will allow larger, more dense data to move at faster speeds to more people than ever before. Data centers will have to scale their technology in-house to meet these latest technological advancements and it is imperative that obsolete drives are disposed of properly.”

For consumers of digital media and content creators, this 5G rollout is exciting news. For businesses that store and handle data, however, this transition will present some costly, high security risk challenges. One often overlooked risk in the digital age comes in the form of data disposal and destruction. With the growing threat to cybersecurity, where an attempted attack happens every 39 seconds, physical end-of-life destruction is often treated as a less immediate concern. The fact is that the improper disposal of physical media can lead to devastating effects to government entities, individual companies, organizations, and consumers.

“It is critical for companies to acknowledge and address the security challenges that these changes will present as old media is replaced, and having a proper plan and policy will be crucial to a secure transition,” Kelleher continued. “Planning now can protect the future of consumers, data centers, and individual companies that host their data in data centers as the transition to the future begins.”

To read the whitepaper, click here.

Is In-House Data Destruction Really Necessary? The Answer is a Big YES!

October 29, 2019 at 8:19 am by Paul Falcone

As we get deeper and deeper into the digital age, the ever-growing demand for the creation, storage, dissemination and destruction of Big Data continues to drive the development of increasingly complex technology. Today the average consumer can create and store more data in more ways and at a faster rate than ever before; likewise, the capability of organizations to create, harvest and analyze head-spinning amounts of data—at speeds faster than the human eye can blink—is simply unprecedented.

While innovation has exponentially enhanced our ability to communicate, it also brings new challenges and risks that must be given serious consideration. With commerce, healthcare, education, finance, government, and municipal industries fully embracing digital technology to migrate and manage data flow across their entire scope of operations, the stakes arising from compromised, breached, and/or exposed data couldn’t be higher.

Since such data is of inestimable value, protecting it from unauthorized access through end-of-life is essential. Accordingly, legislation and regulations regarding data collection, storage, and destruction for any organizations handling personally identifiable information (PII), classified information, controlled unclassified information (CUI), sensitive but unclassified information (SBU), or information for official use only (FOUO) continuously get more stringent.

Unfortunately, egregious data breaches are becoming almost commonplace, with regular news coverage highlighting the dangers down to the consumer level. After a slight decrease in data breaches from 2017 to 2018, there has been a massive increase from 2018 to 2019. According to the 2019 MidYear QuickView Data Breach Report as of July 2019, 3,813 breaches have exposed over 4.1 billion records. The average cost of each breach is $3.86 million, which equates to an average cost of $148 per lost or stolen record.

Another alarming trend is the growing frequency of attacks on third-party vendors. Criminals have been targeting organizations that provide data management, control, and destruction services for multiple entities, thereby increasing the amount of data that can be harvested from one source. A recent survey found that 59% of companies experienced a third-party data breach in 2018.

So how does an organization protect itself?

Data encryption, management, transference, and destruction are increasingly robust tasks, which often prompts companies to rely on third-party solutions to help mitigate in-house workload. Doing so, however, represents the single largest cause of data security violations.

Using a third party for your data destruction puts your organization at high risk during multiple touchpoints within the destruction process. The first point of risk is immediate—the transfer of the data from your facility to the third-party destruction facility. To ensure maximum safety, classified data and sensitive data such as PII, CUI, SBU, and FOUO should be destroyed immediately and on site at end-of-life.

Several concrete examples serve to illustrate the severe risks inherent in using third-party, off-site sources for IT asset disposition (ITAD). Particularly concerning are real-life episodes in which third-party providers do not destroy the data as promised (which has been documented as occurring at all levels of commerce). In one such instance, a man went to a Best Buy in Cincinnati, OH, in 2005 to replace a hard drive and was assured that his old one would be destroyed. Six months later, however, he received a phone call from a complete stranger in Chicago who had purchased his hard drive for $25 at a local flea market. The stranger was able to contact the man because all his personal information was still stored on the hard drive.

In 2009, British telecom firm BT and the University of Glamorgan randomly purchased 300 hard disks from various fairs and auctions and discovered that 34% of them still housed personal data. In fact, in addition to banking and medical details, the research team even found Terminal High Altitude Area Defense (THAAD) data pertaining to missile defense systems.

In 2017, technology firm Kroll Ontrack purchased 64 used hard drives on eBay. The company discovered that more than 50% of the hard drives contained sensitive data, sometimes belonging to commercial organizations. It was determined that one of the drives originated at a company that reportedly used a service provider to erase and sell its old drives; the drive still contained sensitive information, including home addresses, phone numbers, user names, credit card details, and a database containing a host of employee-related information.

Just this year, Finnish company Blancco published the results of a study in which it purchased 159 used hard drives on eBay from American and European sellers who stated the data had been wiped clean prior to resale. Nonetheless, 42% of the hard drives housed data from the previous owner, and 15% contained PII, such as passports, birth certificates, financial records, internal FOUO emails, and files from a freight company that included vehicle registrations and records from a school containing student photos, names,, and grades.

Clearly, the solution is to thoroughly destroy personal and sensitive data—well past the point of possible reconstruction—when it reaches end-of-life. Although many companies claim to provide this service, the only way to guarantee the data is completely obliterated is to destroy it in-house with properly rated equipment. The National Security Agency (NSA) and the Central Security Service (CSS) maintain an updated list of evaluated and approved devices for data destruction—from paper and optical media to hard disks and solid state drives.

At SEM, we take data destruction seriously. We have destruction devices that meet and frequently exceed all current requirements for even the highest levels of security. An investment in in-house destruction equipment is more cost-effective than employing a third-party service long term—but, most importantly, such an investment eliminates potentially catastrophic risks associated with data breaches.

SEM Shred

Author: Paul Falcone