Effective security in a nutshell is the art of being suspicious without being overly paranoid. Those who are overly and irrationally secure are often paranoid; those that have no time for security are marketing professionals. The key to staying sane is finding that happy medium of security and usability.
In the past, when it came to physical document destruction, things were pretty simple; shred it and forget it. Companies felt that they were doing their due diligence when they created policies that stated “any paper containing personal information such as, but not limited to: name, social security number, address, phone number
, and/or other personal medical or financial information, prior to disposal, must be shredded to protect the privacy of the persons involved”. They had the policy, they had the shredders, and life was good. But not for long.
Why Shred?
Many companies decide to shred physical documents to ensure that confidential and sensitive information does not fall into the hands of their competitors. Part of this stems from the ease at which dumpster diving is carried out.
For the most part, dumpster diving is legal as the courts have ruled that items found in the trash are in the public domain (as long as the trash cans are on public property). Shredding made it easy to ensure that even if someone were to dive into your corporate dumpster, that the document would be unreadable.
Shredders themselves come in two basic varieties, strip-cut and crosscut. A strip-cut shredder cuts the paper into strips, anywhere from 1/4" to 1/12" wide. Strip-cut machines are most popular because they cost less, are quite durable, and shred faster than crosscut models.
Rather than cutting into strips, cross-cut shredders reduce paper to smaller particles approximately 1/4" x 1- 1/2" and provide a much higher degree of security than a strip-cut unit. In addition, the smaller cuts means that the bags of shreds takes up less space than a strip-cut. With cross-cut, documents are cut in two directions producing very small particles. The size of these particles offers a much greater level of security and since the particles are so small, they are self compacting, which reduces the overall bulk of the output.
For those that want serious document destruction, the NSA has a set of specifications for high security crosscut paper shredders that have evaluated as per the NSA/CSS Specification 02-01, High Security Crosscut Paper Shredders.
New eras in shredding
Outside of the military and intelligence community, most people have not thought about the possibility that the shredded documents could somehow be but back together. The reality is that with enough time and resources, reconstruction can be achieved. This was most noticeably demonstrated when the US Embassy in Iran was seized in 1979. While employees within the embassy shredded huge amounts of documents, the shreds were seized by the Iranian militants, who in many cases reconstructed shredded materials. The reconstructed shredded materials proved to be extremely embarrassing to the CIA and US Government.
While hand-based reconstruction is extremely time-consuming and error-prone, engineers at ChurchStreet Technology saw just an opportunity. Cody Ford, President & CEO of Houston-based ChurchStreet watched as the Enron debacle imploded down the street from him. Ford started the company in early 2002 and created a proprietary technology that makes shredded document reconstruction possible.
In a sense, ChurchStreet simply takes the jigsaw puzzle that a shredder creates and piece all of those pieces back together. But getting that jigsaw puzzle of shredded strips back together is not so easy in practice.
To accomplish that, ChurchStreet developed a proprietary system to perform shredded document reconstruction. With the exception of government agencies, all document reconstruction is done on their premises with their equipment.
One they receive the shreds, technicians determine if the items can be salvaged. At that point, they have a feed system that feeds the individual strips into a scanner. The scanner then reads each strip. Each strip is given a unique ID number so that it can be matched to a page. At that point, the ChurchStreet software takes over and performs the reconstructions.
Before they will accept a job, the company makes sure that they understand whom the client is (corporate, law firm, government agency, etc) and that they have a valid business need. ChurchStreet has turned down business from companies and individuals in whom they were not able to confirm a high enough level of trust. Suspicious cases include an individual who requested that the findings be sent to his home address and not the business address.
The proprietary software is where the bulk of the work is reconstruction work is performed. Off the bat, roughly 30% of strips are not processed, as they are blank. From a matching perspective, many documents have unique headers and footers, which makes it much easier for the software to reconstruct. Other types of documents have similar layouts, be it e-mails, fax cover sheets or memos.
After being in the business a number of years, what struck Cody Ford a bit strange was the fact that well over 90% of his business is in strip-shred based shredding reconstruction, with the most common being 1/4 inch cuts. This was coming from many corporate clients, and he was surprised that they were not using the more secure cross cut shreds. The bottom line is that a lot of companies simply rely on bad shredding practices.
Ultimately, Ford says that the success in reconstruction is based on 3 elements, the condition of the shreds, the type of documents that were shredded and an undisturbed bag. With a cross-cut reconstruction, it is much more important that the bad be as undisturbed as possible, given the amount of shredded data.
Now what?
Even with emerging technology, poor shredding practices are likely to continue. The amazing thing about information security is that even after things are broken, they still continue to be used. Be it weak passwords, 40-bit encryption or unpatched operating systems.
Using weak passwords as an example, SANS cites weak passwords as one of the most critical security threats to networks. Users who leave passwords blank or use easily guessed words make it simple for attackers to log into a network and access information. These attacks are also difficult to detect, since the attacker is using the system under the guise of a legitimate user. Nonetheless, in 2005 more accounts have weak passwords than secure passwords. One would think that a decade of l0phtcrack would change that.
When it comes to shredding, the technology developed by ChurchStreet demonstrates that security policy must change and adapt to new threats. Companies that blindly shredded documents in the past must now take a more formal approach to what they want to shred and how they want to shred it.
As to shredders themselves, the best thing than an organization can do is to is use paper shredders that are in compliance with NSA/CSS Specification 02-01. This regulation requires that the paper shredder meet exacting standards for maximum particle area and dimensions as well as tough new standards for durability. The NSA Standard creates a shred smaller than current reconstruction capabilities. The downside to this is that these shredders costs between $1,300.00 to $7,500.00, as opposed to generic shredders that start at $49.99.
Security is a never-ending battle where the lines between sanity and paranoia often cross. In 2005, nothing is simple in security, especially shredding a piece of paper.