Paranoïd assertion in the manual of wipe or serious warning?

I recently found old IDE disks in my IT cupboard. I used them through an USB connexion to backup data. Now I want to get rid of all those disks, because cloud and other modern stuffs like USB 3.0 sticks offer more convenient solutions. As they contains private data like tax forms, I decide to securely delete all data. So wipe is my friend. It's a simple Unix commandline tool that achieve secure deletion by writing different patterns on the original data. The idea behind is prevent from Magnetic Force Microscopy data recovery.

The first issue I get is that it is really slow. Using a USB 2.0 interface to IDE, with more than 500 Go to wipe, it will take days at least. Or maybe more than one week...

The second issue and the more astonishing is what I found reading man wipe on Ubuntu 18, section 'ABOUT JOURNALING FILESYSTEMS AND SOME RECOMMENDATIONS (JUNE 2004)'.

Be aware that harddisks are quite intelligent beasts those days. They transparently remap defective blocks. This means that the disk can keep an albeit corrupted (maybe slightly) but inaccessible and unerasable copy of some of your data. Modern disks are said to have about 100% transparent remapping capacity.

Hum ok, I have heard about this, especially for SSD drives.

I hereby speculate that harddisks can use the spare remapping area to secretly make copies of your data. Rising totalitarianism makes this almost a certitude. It is quite straight‐ forward to implement some simple filtering schemes that would copy potentially interesting data. Better, a harddisk can probably detect that a given file is being wiped, and silently make a copy of it, while wiping the original as instructed. Recovering such data is probably easily done with secret IDE/SCSI commands. My guess is that there are agreements between harddisk manufacturers and government agencies. Well- funded mafia hackers should then be able to find those secret commands too.

I think this is a little bit paranoïd. I understand that it is technically possible. But there is no evidence that this mechanism has been in implemend in the IDE controller. I have checked the wipe github and the warning is not longer present. Even if we go back in the git history. Did debian maintainers add it? With this kind of warning, I understand company who prefer destroying over wiping for disk with classified documents.

By @Romain JACQUET in [ sysadmin ] dim. 06 octobre 2019
Tags :