New York Times Syndicate

If the crew of the US Navy spy plane held by China managed to destroy any on-board secrets, it may have been with the help of a Westborough, Mass. shredding company.

The company is Security Engineered Machinery, or SEM, which makes high-powered paper choppers and computer disk mashers for US military and intelligence agencies. The Navy won’t specify what equipment was on board the EP-3E surveillance plane, but company executives have reason to believe it was theirs.

SEM says the naval air station that was home base for the plane’s squadron, on Whidbey Island in Washington state, has been a major customer for its products. These include a “degausser” wand that uses a strong magnetic field to wipe clean any disk brought within several inches of it, and a shredder that chops paper into bits no bigger than 1/3 of an inch. That would be too small for any outsider to reconstruct.

“More than likely they’re on that aircraft,” said Leonard Rosen, chairman and founder of closely held SEM. “We know for sure they’re using our equipment somewhere,” he said, of the plane’s squadron.

Rosen and other SEM officials have no direct knowledge of what actions the EP-3E crew may have taken to destroy sensitive data after their aircraft collided with a Chinese F-8 jet fighter and was forced to make an emergency landing at a Chinese air base on Hainan Island. The accident mushroomed into an international crisis over the past week, with the Bush administration demanding the return of the 24 crew members and the plane, and the Chinese government demanding an apology.

In the shadowy world of data-destruction, SEM has assembled quite a following. Founded in 1967 to make high-powered paper shredders, it has evolved with the technology revolution and lately has begun selling various equipment for rendering useless computerized data as well. The company now has about 35 employees and expects revenue of around $10 million this year.

For most if its history, it has supplied devices to dispose of sensitive military and diplomatic documents and other material. Some models use stainless-steel blades attached to high-speed rotors; one version needs just an hour to chew through 450 pounds of books or videotapes.

That capability – and various military approvals – also drew SEM into contact with civilian agencies, and several years ago Rosen and president Peter Dempsey began making plans for a major expansion into the commercial markets as well. Software-makers, for instance, often destroy old inventories of computer disks, to prevent their entering the black market. SEM’s equipment has also been used by the Federal Reserve system to destroy old banknotes.

But Dempsey said military sales have remained the company’s primary line of business. In the mid-1990s, it developed a “declassifier” that sanded off the surface material from CD-ROMs and left only a powder.

The technique met a military security standard, but customers wanted a more versatile machine that could be used to render all sorts of optical disks useless as well.

Now SEM is about to start shipping its answer: the Model 1250/B. Internally it resembles a waffle iron and uses metal dies to indent marks onto the disk’s surface. SEM says the new pits will throw off any laser trying to read information.

Another advantage over the previous method, Dempsey said, is that labels don’t need to be peeled off. The new machines will sell for about $3,500, or $1,700 less than the previous models. Dempsey figures to sell 500 of the new version this year, or roughly as many as SEM has sold of the previous model to date.

Dempsey said his company’s equipment has also become popular with defense contractors who use it to destroy drafts of sensitive proposals.

“You can’t get contracts without shredders these days,” he said.

Westborough firm expands records shredding facility
By Andrew J. Manuse/Daily News staff
Thursday, February 01, 2007 – Updated: 12:05 AM EST

WESTBOROUGH – With data breaches and identity theft growing concerns, a local company is betting many companies will want to have their old electronic equipment turned into unrecognizable shreds.
Security Engineered Machinery Co. Inc., which has been building advanced shredding machinery for the federal government for 40 years, has opened a 5,000-square-foot facility where it will destroy electronic records from businesses and government agencies throughout the country, according to Peter Dempsey, president of the privately held company.
The company hired seven people to operate the new facility, an addition to its 20,000-square-foot headquarters at 5 Walkup Drive in Westborough. The facility meets U.S. Department of Defense requirements for document disposal. Security Engineered Machinery, or SEM, now employs 43 people, Dempsey said.
“Information security is still in its infancy in the private sector,” he said yesterday. “But with the recent buzz of information theft and data breaches with large name companies in the last 24 months especially … the private sector is coming along to understand that it needs to spend money to protect itself.”
The machines in SEM’s facility can destroy anything from CDs, DVDs, microfilm, credit cards and mobile phones to computer hard drives, flash media devices and other data storage equipment. They use special degaussing technology to completely erase magnetic media. The facility can also destroy prototypes of toys, clothing and drugs to keep proprietary information out of the hands of “Dumpster divers.”
SEM’s electronic record shredding business started about two years ago, Dempsey said. The business’ sales grew from about $20,000 to about $500,000 by 2006, he said.
The facility will accept walk-in customers who can kill their computer hard drive for a minimum of $25, all the way up to Fortune 500 health care and banking companies and the government, Dempsey said.
Customers nationwide can send their equipment to the facility using SEM’s secure, GPS-tracked transport service. They can watch the destruction on site or on a Web site the company provides.
Dempsey expected SEM to get an environmental certification from the state Department of Environmental Protection by March that shows the facility recycles 90 percent of its shredded materials.

January 1, 2007 – SECURITY Magazine

By now, most chief security officers have gotten the message about the need to shred important papers. The issue of identity/data theft is so widely discussed, and paper shredders are now so widely available and affordably priced, that it’s hard to imagine any enterprise just throwing important documents into the trash.

So, kudos to all of you responsible people who do the right things to protect your business from information theft. You have figured out paper; but what about other threats you might not be aware of? What about all those electronic records floating around your security office or the CEO’s office? If you are not dealing with them, paper is the least of your worries.

As computers and other electronic devices become obsolete sooner due to new technology, disposal of sensitive information is of serious concern. Just one hard drive or CD can contain thousands of files, and when a digital file is “deleted,” the information actually remains on the computer’s hard drive, CD or diskette, as do deleted e-mail messages and records of all online activity.

These days it all can be recovered with sophisticated tools.

This is worth remembering before donating old computers to a school, for example. In some cases, old computers are removed and resold by the vendor who installs the replacement computers.

PROPER DISPOSAL

The accompanying chart lists some obvious and not-so-obvious items that could cause significant problems if not disposed of properly. All of these items can be made harmless by one of three methods:

• Shredding – Reducing to small strips via a paper shredder or similar device.
• Degaussing – Using powerful magnets to permanently eliminate data from magnetic media.
• Disintegration – “Mechanical incineration” that continually cuts items into smaller and smaller pieces until they are unrecognizable and unreconstructible.

What about cost? Ideally, the decision to purchase destruction equipment should not be based on cost, but on potential risk.

For some businesses, the peace of mind that comes from knowing sensitive records will never leave their facilities intact makes the investment worthwhile. Even so, many companies simply cannot afford to purchase this equipment for the relatively few items they need to destroy. These businesses may choose to outsource such destruction. Outsourcing can be affordable and safe when done properly. If you choose this option, be sure to do your homework. Ask what methods will be used, where your items will be kept prior to destruction, what happens to destroyed waste, and what proof you will get that items were actually destroyed. If you do not like the answer to any of these questions, look for
another source.

Data security is an ongoing process, but by being aware of threats and understanding destruction options, you will be in a much better position to protect your business and yourself.

SIDEBAR: Consider Outsourcing Destruction Needs

At first, enterprises such as financial institutions and healthcare facilities, often beholding to regulations and privacy compliance requirements, brought in outside services to destroy paper-based records. The outsourced firms use specially equipped trucks and certify compliance.
But with the advent of computer media, a new way of outsourced destruction has emerged. One example: Security Engineered Machinery now destroys sensitive electronic records for businesses and government agencies throughout the United States. The company’s new high-security destruction services facility is next door to its main office in Westboro, Mass.

“This is a major step for us, but we are just responding to a growing demand,” SEM President Peter Dempsey told Security Magazine. “You see it on the news every night — losing confidential digital information can mean identity theft, corporate espionage or even a risk to homeland security.”

All of the facility’s equipment has been approved by the U.S. National Security Agency. The cost and size of SEM’s powerful disintegrators would exceed the budgets and space limitations of the companies that send a multitude of items to the new facility for secure destruction. The rotary-knife mills in these machines make short work of computer hard drives (or even whole central processing units), CDs, DVDs, diskettes, microfilm, credit cards, ID badges, audio and video cassettes, circuit boards, PDAs (“Palm Pilots” and the like), cell phones, x-rays, flash media (digital camera “thumb drives,” etc.) and key tape. Everything ends up as “E-scrap” — unrecognizable shreds that can be as small as 1/8” in diameter.

Prototypes and off-spec batches of toys, clothing and pharmaceuticals go into the same disintegrators, to keep proprietary product specifications out of the hands of “dumpster divers.”

Fully bonded and insured, SEM monitors the entire operation with 17 video cameras around the clock, seven days a week. Customers who drop off their items in person are invited to stay and watch the destruction. Those who ship their items to SEM can watch on a designated Web site. Some customers even track their shipping crates with GPS systems.

Until recently, most people did not question what became of a hard disk drive (HDD) when a computer was scrapped. But with millions of hard disk drives retired every year, there are many documented incidents of sensitive private data becoming public when the HDDs resurfaced in the secondary market. Now, due to rising concerns of identity theft and with stricter regulatory compliance guidelines, it is more crucial than ever for data on HDDs as well as other forms of media containing sensitive data to be properly sanitized.

Fujitsu created the Mag EraSURE™ line of degaussers to help companies and organizations quickly and securely erase data on hard disk drives and other types of magnetic media. To demonstrate the product’s effectiveness, Fujitsu engaged the services of DriveSavers, the worldwide leader in data recovery services, to see if they could recover any data from a set of leading-edge, high capacity Fujitsu hard disk drives that had been degaussed by the Mag EraSURE product.  After extensive testing, the company certified that the Mag EraSURE P2V device had rendered the data on the HDDs unrecoverable by commercial means.

Your Risk in Today’s Business Environment
According to a leading market research firm, the hard disk drive industry shipped nearly 220 million hard disk drives in 2002.  It is also estimated that the typical HDDs life span is five years. With an average of seven hard disk drives expect to be retired for every ten shipped, this means that by 2007, almost 154 million hard disk drives will have been retired.  A large number of these hard disk drives will not be destroyed, but will instead end up in the secondary market.

There are several documented cases of organizations entrusted with confidential information that neglect to properly sanitize an HDD before disposing of the computer. For example, in August 2002, the U.S. Veterans Administration Medical Center in Indianapolis eliminated 139 computers. While most were donated to schools, others ended up in the open market. It was later discovered that many of these computers contained the names of veterans who had AIDS or who were suffering from mental health problems. In addition, 44 credit card numbers used by the Veterans Administration were also found on these systems.
Because of incidents like this, Fujitsu created the Mag EraSURE line of degaussers* to help companies and organizations erase data on hard disk drives and other types of magnetic media before disposing of them.

Technology
Erasing magnetically recorded data via degaussing may be accomplished in two ways: AC erasure and DC erasure. With AC erasure, the media is degaussed by applying an alternating field that is reduced in amplitude over time from an initial high value (i.e., AC powered). For DC erasure, the media is saturated by applying a unidirectional field (i.e., DC powered or by employing permanent magnet technology).

The Mag EraSURE P2V product, which has been designed for commercial as well as industrial use, is a DC erasure product and uses an array of permanent magnets. Composed of the rare earth elements NdFeB and arranged in a patented structure, the permanent magnets within the Mag EraSURE device creates an intense magnetic field without requiring any type of electrical charge.

A degausser is a device that can generate a magnetic field for degaussing magnetic storage media. Degaussing is the process of reducing or removing an unwanted magnetic field. It is named after Carl Friedrich Gauss, an early researcher in the field of magnetism.

Additionally, the back yoke structure realigns the stray field and further concentrates these fields by what is known as the “Mirror Effect”. With this technology, the Mag EraSURE P2V model is able to focus the degaussing field to the cavity area where the HDD is passed. After the magnetic media has been degaussed, data becomes unrecoverable by commercial recovery services.

Figure 1: Graphs of a hard disk drive with 5000 Oe before and after a single pass through the Mag EraSURE P2V device. After degaussing, a significant amount of recorded signal has fallen below the read/write head readable level.

How Mag EraSURE works
The degausser field effect on magnetic media can be further illustrated through Applied Physics:

As magnetic media passes through the high-energy magnetic field H, the number of flux lines inside the material is increased by its relative permeability (µr), defined as:

The retention of flux density B, after a field has been removed, is called “Remanence Br” (measured in Wb/m2 or Gauss).

The field strength of the opposite polarity required to reduce this remanence to zero is termed the coercive force of coercivity Hc (A/m or Oersted).

Ferroelectric materials are characterized by magnetization curves and hysteresis curves (see Figure 2).

Consider a piece of ferromagnetic material (e.g. media from an HDD) that is originally unmagnetized (a). As the external magnetic field (H) is increased, the induced magnetization (M) also increases. The induced magnetization eventually saturates (b). The curve between points (a) and (b) is called the magnetization curve. If the external field is reduced, the induced magnetization is also reduced, but it does not follow the original curve. Instead, the material retains a certain permanent magnetization, known as the remanent magnetization Mr (c). The remanent magnetization is the permanent magnetization that remains after the external field is removed. This is how the hard disk drive creates its data bits.

If the external field is further reduced, the remanent magnetization will eventually be removed (d). The external field for which the remanent magnetization goes to zero is called the coercivity Hc. The product Mr (infinity) x Hc is termed the strength of the magnet.

Figure 2: As the external field continues to reverse, permanent magnetization of the opposite polarity is created in the magnet. A similar curve is traced for the negative direction with saturation (e), remanent magnetization (f) and coercivity (g). The hysteresis curve then retraces points (b) to (e) as the field cycles.
In magnetic recording, the media is often not completely saturated. The external magnetic fields (H) are held below the maximum fields for saturation, and the induced magnetization (M) is correspondingly less. Thus, the induced remanent magnetization is less that the maximum Mr.

The hysteresis loop can also be applied to explain how the Mag EraSURE device erases data on magnetic media. As the media travels through the magnetic field of the device, the magnetic field of the media (H) will be fully saturated, causing all data bits to flip in the direction of the external magnetic field of the Mag EraSURE degausser. This flipping of data bits occurs in both the data and servo area of the media. Once the data and servo data has been permanently flipped in a uni-direction*, then this information can no longer be detected, or read, by the hard disk drives’ read back head.

Before Degaussing

After Degaussing

Figure 3: Photos of HDDs with the recorded data track before and after being degaussed by the Fujitsu Mag EraSURE device.

Because Fujitsu was so confident that its Mag EraSURE P2V model would effectively destroy hard disk drives, the company extended a challenge to a leading commercial data recovery service to see if they could rescue any information on a set of HDDs once they had been degaussed by the Mag EraSURE product.

The recording polarities on the media are written in a North or South direction to identify a logical ‘0’ and ‘1’.

Commercial Recovery Services
DriveSavers, the global leader in the data recovery industry since 1985, is one of the most progressive and experienced specialists in the industry. Physically damaged HDDs, from broken actuators to failed controllers, are regularly handled by their cleanroom technicians.
DriveSavers’ cleanroom engineers inspect, analyze and assemble hard disk drives in the same type of specialized environment as the products were manufactured. When the mechanics of a hard disk drive fail, the damaged unit is only opened in a dust-free lab, known as a cleanroom, to avoid media corruption and contamination and to maximize recovery results.

At DriveSavers, an ASA 100 cleanroom is used to perform data recovery. The ultra-clean work areas are certified, with fewer than 100 air contaminant particles per 0.5 micrometers per foot allowed to circulate through the air, 50,000 times purer than our everyday environment. As added protection, cleanroom technicians wear a special suit, hair cap, mask, boots and latex gloves at all times.

Fujitsu sent DriveSavers three of its 300GB Enterprise hard disk drives, which feature four platters, 4200 Oe media filled with 279GB of data. Before delivery to the data recovery company, the HDDs were first degaussed by the P2V product in the following manner: one unit was erased in a single pass with the PBA up; another unit was degaussed in a single pass with the PBA down; and the final HDD received two passes, one on each side. Initial testing in the clean room revealed that each HDD had malfunctioned and made a clicking sound as it spun.

Full testing and data recovery attempts were performed on all three hard disk drives, including an examination of the media and head stack with a high-powered microscope, plus disassembly and testing of the internal components. After the disassembly and the replacement of the head stack and actuator assembly, DriveSavers engineers verified that the media of all units was intact and that there was no physical damage (i.e. head crash). In addition, no debris was found on the heads or media surface.

Whitepaper

During power-on, the hard disk drives exhibited a repetitive clicking as they attempted to calibrate and read maintenance tracks and servo data. However, because the HDDs were degaussed, no servo data (head positioning data) could be located, causing the units to continuously recalibrate and fail to boot up.

DriveSavers final conclusion was that all media surfaces appeared to be in pristine condition, but the hard disk drives were completely unrecoverable due to missing servo data. Without the servo data, the HDDs could not properly read the media and complete a data recovery. Based on this testing, DriveSavers certified that no commercial software utility program or data recovery service company would be capable of recovering data from any of the hard disk drives that had been erased by the Mag EraSURE P2V product, regardless of the resources devoted to the effort.

Summary
The success of the Fujitsu Mag EraSURE degausser in erasing data on the hard disk drives confirms the P2V models’ status as the ultimate tool for secure data disposal. The low maintenance Mag EraSURE product is a cost-effective solution for any industry dealing with large amounts of highly confidential information, including legal, medical and financial markets. Users can be confident that the magnetic media degaussed by the Fujitsu Mag EraSURE device will be securely destroyed.

Whitepaper

References
1. C. Mee and E. Daniel, “Magnetic Recording”, Volume I, McGraw Hill, 1988, pg 3.

2. C. Mee and E. Daniel, “Magnetic Recording”, Volume III, McGraw Hill, 1988, pg. 155.

3. Finn Jorgensen, “The Complete Handbook of Magnetic Recording”, First Edition, Books, 1980, pg 30.

4. Garfinkel, Simson L., and Abhi Shelat. “Remembrance of Data Passed: A Study of Disk Sanitization Practices.” IEEE Computer Society January 2003. 23 Oct. 2006 http://www.computer.org/portal/site/security/menuitem.6f7b2414551cb84651286b10 8bcd45f3/index.jsp?&pName=security_level1_article&TheCat=1015&path=security/v1 n1&file=garfinkel.xml&

5. Hasson, Judi “V.A Toughens Security After PC Disposal Blunders,” Federal Computer Week, August 26, 2002. Oct. 19, 2006 http://www.fcw.com/article77509-08-26-02-Print

About Fujitsu Computer Products of America, Inc.
Fujitsu Computer Products of America, Inc. is a subsidiary of Fujitsu Limited, a leading provider of customer-focused IT and communications solutions for the global marketplace. FCPA provides innovative solutions for the U.S. marketplace. Current product and service offerings include high performance hard disk drives, Magneto-Optical drives, scanners and scanner maintenance, palm vein recognition technology, 10Gb Ethernet switches and degaussers.

Fujitsu Computer Products of America, Inc.
http://us.fujitsu.com/fcpa
1255 East Arques Avenue, Sunnyvale, CA 94085-4701. (800) 626-4686 (408) 746-7000 info@fcpa.fujitsu.com

©2006 Fujitsu Computer Products of America, Inc.  All rights reserved. Fujitsu and the Fujitsu logo are registered trademarks and The Possibilities are Infinite and Mag EraSURE are trademarks of Fujitsu Ltd.  All other trademarks are the property of their respective owners.

All statements herein are valid only in the U.S. for U.S. residents, are based on normal operating conditions, are provided for
their performance specifications, availability, price, and warranty and post-warranty programs.

Security Engineered Machinery Co., Inc. (SEM), has promoted Andrew Kelleher to the position of President. Mr. Kelleher has more than 12 years of experience at SEM. Most recently, he has served as the company’s Executive Vice President.

“Andrew’s blend of experience and vision makes him the perfect person to head SEM,” said Leonard Rosen, the company’s Founder and Chief Executive Officer. “The elevation of Andrew to President, along with our seasoned senior management team, will allow us to continue to bring the highest-quality, best-value destruction products to federal government agencies and the private sector alike.”

In addition to his experience at SEM, Mr. Kelleher served as Vice President of Callaway Golf’s $250 million golf ball business. Mr. Kelleher has a Bachelor of Science degree in finance from Bentley College and a Master of Business Administration degree from Nichols College.

A leader in the secure destruction of electronic media and paper documents, Security Engineered Machinery, ISO 14001 registered, is the largest direct supplier of data-destruction equipment in the United States and operates the largest destruction facility in the Northeast, adjacent to its headquarters in Westboro, Massachusetts. The company’s full-service engineering department designs special products, such as the currency destruction systems in use by the Federal Reserve Bank and other central banks. Every American embassy uses SEM equipment. Areas of expertise include the destruction of hard drives and other mixed media; “off-spec” or returned product for the pharmaceutical, medical device, and food industries; and heavy-duty, high-capacity shredders for recycling applications. More than 100 SEM authorized service centers are positioned to serve customers worldwide.