I think you heard about the war logs at Wikileaks, which are from the whistle blower Bradley Manning. He told this in a chat, but there was no proof that he really was it. Now they have this proof, because a forensic analysis of his MacBook recovered the deleted war logs data on his hard disk.
While the chat logs were encrypted, Johnson said that he was able to retrieve the MacBook’s login password from the hard drive and found that same password “TWink1492!!” was also used as the encryption key.
He made four mistakes:
1) Use a high encryption for important secret data.
2) Delete data without any tracks.
3) Don’t use the same password for everything.
4) Don’t chat with others about your abilities or intentions, if they know your real identity.
So I want to tell you some basics, how to handle secret data.
First of all don’t trust the encryption of Apple or Microsoft. It is very weak with back doors. Microsoft works together with the NSA. The NSA has a key to decrypt all your data without knowing your password. This encryption is only save against your neighbors but not against your government or hackers.
-> Use TrueCrypt or cryptsetup instead.
If you delete a file on your hard disk, only the handle to the file will be deleted. The file can be recovered. This could be easy depending on your file system. There are many freeware recovery programs in the internet.
-> If you want to be sure a file is completely deleted you have to overwrite the file with other data.
This shell command will overwrite the hole free disk space with random numbers:
cat /dev/urandom > delete
The command will stop, when the disk is full, then you have to delete the file “delete”.
It’s a good idea to do this with a new hard disk or when you are finished with your work. This makes a forensic analysis nearly impossible.
If you don’t encrypt your files but you delete everything then tracks can be left. The data is stored in blocks on the hard disk. If there are to many errors in one block the hard disk will mark this block and take another one. You can’t read or delete this marked block anymore. A forensic analysis can recover these marked blocks and maybe they find the secret data in it.
-> Always use passwords with capital and lower letters, numbers and special characters. Don’t use the same password for everything.