ALTOM: Should you trade your shredder in for a bonfire?

August 17, 2009

One thing I love about my line of work is that the simplest things get fascinatingly complicated.

About two years ago, I read “Catch Me if You Can” by Frank Abagnale, his account of making millions and flying all over the globe in style, accomplished entirely by fraud and check-kiting. His tales of fooling everyone from girlfriends and airlines to some of the world’s biggest banks were both entertaining and disconcerting. Granted, some of his tricks wouldn’t work anymore, at least partly due to Abagnale’s own work in later years advising business how to protect itself, but the principles of making money on other people’s vulnerabilities are still as valid as ever.

The Internet created history’s most fertile hunting grounds for miscreants, and eventually they got around to writing books, too.

Kevin Mitnick, one of the most famous hackers of all time, wrote, “The Art of Deception,” laying out the tricks of his trade. In 1995, the FBI ended a 2-1/2 -year hunt for Mitnick, aided by security expert Tsutomu Shimomura, who wrote his own book later, too, “Takedown.” As with almost all hacking, the secret wasn’t in Mitnick’s technical arcana, but in his ability to schmooze and Dumpster-dive. It’s called “social engineering.”

Secrets aren’t lost through unseen technological holes in the wall, but from lack of vigilance and discipline, letting things pass the windows that shouldn’t. Abagnale warns that it’s the simple stuff that identity thieves use, like bill stubs with your personal information on them, thrown out casually. He recommends shredding everything before it’s bagged. The smallest bits of knowledge can turn a determined social engineer into the most powerful person in your life.

So, taking Abagnale’s advice, I bought a document shredder. I started shredding everything. I still do. And I was proud of myself until I found out I might be utterly wasting my time.

An article in Slate (www.slate.com) from July 31 showed how easy it is to reconstruct shredded documents. The article reported that federal investigators had reassembled reams of documents around R. Allen Stanford’s $7 billion Ponzi scheme. The feds use sophisticated software that scans the bits and then electronically reconstructs them. But it’s not all that formidable a task to do it manually. In 2002, former FBI agent William Daly put a shredded page from the dictionary back together by hand on national television.

When the Iranians stormed the U.S. embassy in Tehran in 1979, they found mounds of shredded documents. The Iranians countered with local carpet weavers who patiently reassembled a significant number of the papers and revealed the embassy’s secrets.

According to ShredNations (www.shrednations.com), there are companies in Asia that have picked up where the carpet weavers left off, reassembling shredded documents by hand for a pittance. Even in the United States, according to the site, companies will charge around $150 an hour to do the same thing. And ShredNations points out a downside of shredding I never considered; shredded material is a clear indicator to a determined Dumpster diver that the document is something worth stealing, because somebody took pains to keep it secret.

Not everyone has top-secret material in the trash, but you can buy a shredder that cross-cuts into little pieces of confetti. That’s what mine does, and I was proud of myself for buying something so secure, until I found out documents shredded with those can be reassembled, too. I doubt anyone would do that to reconstruct my old electric bill, but it’s still a little disquieting.

Few of us have a need for truly high-security shredding, and that’s a good thing, because high-end shredders have high-end prices. Shredders come with levels of security, ranging from the el cheapo level 1 strip cuts, through level 4 for secret, level 5 for extremely confidential, and level 6 for top secret. The level 6 shredders almost reduce paper to powder, making them supposedly impervious to reconstruction. Shredders that pulverize that small are often called “microcuts.” HSM (www.hsm-shredder.com) lists its least expensive level 6 unit for around $4,000, and they can go up to $11,500. For even greater security, you can burn the litter, and some shredding companies offer this service.

You can find reviews of shredders at PaperShredders.com (www.paper-shredder-reviews.com/). Here you can look up each shredder’s vitals, such as the number of sheets it will take per pass, the speed of shred, and whether it will also chop CDs, staples and credit cards.

See? There’s nothing in the world so simple that we can’t make it more complicated. Gee, I love this job.•


Altom is an independent local technology consultant. His column appears every other week. He can be reached at taltom@ibj.com.


Recent Articles by Tim Altom

Comments powered by Disqus