The Guardian has reported that on July 20th 2013, “shadowy” government officials destroyed several hard drives in their offices, under threat of legal action that would make it impossible to continue publishing stories about the NSA surveillance scandal. These devices contained copies of the files from Edward Snowden, obtained by Glenn Greenwald and Laura Poitras in Hong Kong. Their destruction helps to explain why David Miranda was detained and his electronic equipment seized. The theory is that US intelligence services tipped-off UK services that Miranda might be bringing stuff to Greenwald so that he could continue publishing allegations.
This seemed highly plausible to me, but I’ve been surprised to find considerable doubts throughout social media with regards to the veracity of the allegations. The doubt seems to come from the above picture, which was initially described as portraying the destroyed hard drives, although the latest caption describes it as “the remains of a computer that held files leaked by Edward Snowden to the Guardian”. The doubt comes from the fact that the picture does not show any hard drives. Some people seem to indicate that the fact there there is no HDD in sight is indication that the Guardian’s story cannot be trusted.
I’m not a computer expert, but have built gaming computers on my own, I also worked in technical support eons ago, and I’m also comfortable opening my own MacBook Pro to change hardware, including changing a damaged HDD, but I’ll happily defer to anything an expert says. So let’s try to ID the hardware, shall we?
A and D are clearly MacBook Pro motherboards with the chips destroyed, probably to ensure that no data can be retrieved from cache or RAM (far-fetched, but in theory can be done).
B is clearly a PCI video card, probably a budget ATI Radeon like this:
C is a PC motherboard, very difficult to identify the exact or approximate make. From the shape and comparative size I would guess that it belongs to a desktop computer, as opposed to a tower, and the unusual indentations (most MBs are square) leads me to believe that it was custom-built to fit a box. I would guess that it belongs to an HP or Dell desktop computer, the likes you find in offices all over the world. If I were pressed for an opinion, I’d say that it is something similar to this Dell MB.
F is the exterior of a MacBook Pro (before anyone asks, yes, E is missing, I like to skip things for no reason whatsoever).
The only problem I have with the picture is that there may be components missing. The motherboard seems too small for the video card, so it might belong to another computer. Furthermore, desktop motherboards usually have the video card built-in. However, it is perfectly possible that I might be mistaken and the motherboard and PCI card belong together, but given the level of destruction of chips and peripheral connectors it is very difficult to say for sure.
If the computers were destroyed as described by the Guardian, my guess is that the HDDs were taken by the government agents, or were completely disposed of in another manner. Why? Because it is possible to retrieve data even from heavily damaged hard drives, there are companies that specialise in such a thing. This is pure speculation, but if I were part of the government team that raided the Guardian’s offices, I would have destroyed the chips and removed the HDDs. If removal was not possible, then I would have asked the drives to be destroyed and then disposed of as to avoid recovery.
The last part is pure speculation, hopefully some techies at the Guardian can tell us exactly what equipment was destroyed, and how.
Come on! Geeks want details!
ETA: speculation is now moot, the government has confirmed that Sir Jeremy Heywood asked for the files to be destroyed on the grounds of national security. It’s highly likely that is that the hard drives were thoroughly destroyed to avoid data retrieval, so we only see the surviving pieces of several computers.