TECH Hard drive destruction 'crucial' : Smash them

D

Double_A

TB Fanatic
Hard drive destruction 'crucial'

The only way to stop fraudsters stealing information from old computer hard drives is by destroying them completely, a study has found.

Computing magazine Which? recovered 22,000 "deleted" files from eight computers purchased on eBay.

Criminals source old computers from internet auction sites or in rubbish tips, to find users' valuable details.

Freely available software can be used to recover files that users think they have permanently deleted.

The only solution, according to Which?, is complete destruction - and it recommends using a hammer.

A number of recent cases have shown the dangers in disposing of second-hand equipment, from which details as well as other personal files can be retrieved.

"PCs contain more valuable personal information than ever as people increasingly shop online, use social networking sites and take digital photos," said Sarah Kidner, editor of Which?.

"Such information could bring identity thieves a hefty payday."

"It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens."

Reposted for discussion only. Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7816446.stm

Published: 2009/01/08 00:55:31 GMT
 
P

Publius

On TB every waking moment
One way is to format the hard drive and Norton use to make a program that would wipe a hard drive and there was two programs on it one was called government wipe, I have a copy of it here in the house it use to work with DOS .60 and Win 95 don't know if it will work on newer windows/DOS programs.
 
R

ready2go

Veteran Member
I'd have to destroy them the low tech way: throw it in the burn barrel and make sure it melts down to slag.
 
Fleataxi

Fleataxi

Inactive
JF: Thermate is even better - Add powdered Magnesium to thermite. I made a small quantity to use as a firestarter - worked TOO well. Flares much safer. Too bad Olin stopped making those Hot Shot firestarters.

Fleataxi
 
T

TJA

Veteran Member
I'm actually collecting hard drive platters. I've been stripping them from the old windows 3.1/upgraded to W98 pentium 75 machines that we're finally obsoleting at work. I'm going to epoxy them to the inside surface of a 4' diameter steel dish I picked up and attempt to build a parabolic solar oven using the hard drive platters as the mirrors.
 
T

Truth Star

Inactive
I have a program that over-writes everything with zeros, but it takes forever. I don't know if all programs that wipe a disk take as long, but I decided the .45 solution was better.

Recently, and perhaps with too much time on my hands, I found that above and below the pivot point of the arm for the moving heads are two very strong magnets. When pried carefully off the fixtures they are glued to, they are less than one square inch and about 1/8 inch thick. I put a couple on my refrigerator, and they cannot be pried off by hand. There have to be more than a few uses for magnets this strong.

The "platters" appear to be good mirrors, and I assume better if cut into a few pieces.

The screws that hold the drives together are smaller than a #10 Torx, but a #10, driven into the head of the screw with a light hammer blow, works.
 
R

Rich30N90W

Contributing Member
Simpler method would be any utility out there that utilizes a 7-layer DoD wiping system - but that takes hours and what's more fun, letting a dull program run on your computer, or smashing it with a hammer? We know the answer
 
F

FREEBIRD

Has No Life - Lives on TB
Think of the therapeutic effects on your psyche: hammers, explosives, small thermonuclear devices. What's not to like?
 
O

OddOne

< Yes, I do look like that.
Full disclosure: I run a small company that makes and sells data destruction tools. Due to TB2K's rules regarding advertisisng I won't name the product.


I have to throw a FUD alert flag for that article...


For stopping casual data recovery, a single pass of overwrite data across a file or drive is sufficient. That'll stop most commercial software-based recovery products such as Ontrack's EasyRecovery.

For stopping more in-depth recovery using forensic tools, the DoD standard (DoD 5220.22-M - one pas of a specific pattern, one of that pattern's complement, and one of random garbage) is sufficient. That'll stop most forensic recovery products such as EnCase, as well as forensic recovery devices that work directly with the physical hard drive's electronics.

There are a few data destruction products out there that can stop most of the world's data recovery specialists, usually by using dozens to hundreds of overwrite passes. (I know of only one that can do a thousand passes.) That much work will actually push the residual data signatures down below the noise threshold of the drive's pickup heads. Recovery in that case will be only realistic from maybe six or seven recovery operations in the world, and will involve magnetic signature anaysis and tunneling electron microscopy to manually extract bits one by one. Costs for that will go up into the tens of thousands of dollars per kilobyte range and is only done in the most extreme circumstances imaginable since at that point it's actually easier to go extract info from a person (e.g., "rubber hose cryptanalysis").

For stopping national-security level recovery, you'll want to physically destroy the media. It's generally close to never that an individual will need to choose physical destruction.


Now, that said, it is a necessity to properly wipe any drive that will be released from your possession. You don't need to destroy it unless you're dealing with info that could get people killed, etc. but a strong wipe is definitely in order. I'd recommend the DoD standard for most users, increasing the wipe count if you do a lot of financial management and/or have trade secrets on your drive. That's more than enough for the kind of data-recovery sophistication most folks will have that aren't data-recovery specialists, and will thwart the vast majority of professional recovery efforts.


Side note: There's a lot of snake oil in the filewiper market. The DoD standard is three passes, not seven. The Gutmann method (which is 35 passes) is, according to Peter Gutmann himself, obsolete and near-worthless on modern hard drives. A solid half to two-thirds of the filewiper products on the market are ineffective or only partially effective but can leave fragments behind. Avoid Evidence Eliminator like the plague - it's stupidly overpriced, spam and scare tactics are used to sell it, and if it thinks you've bootlegged it it'll pretend to work but won't actually destroy anything.
 
P

Publius

On TB every waking moment
Truth Star said:
I have a program that over-writes everything with zeros, but it takes forever. I don't know if all programs that wipe a disk take as long, but I decided the .45 solution was better.

That old norton program did the same thing, but I don't remember it taking that long to do! Maybe because at the time I last use it all there where was 20 & 50 Megabyte hard drives.
Click to expand...
 
D

don24mac

Veteran Member
First I overwrite them a few times with the disk utility software that comes with our Macs. Then, I just open them up, take the platters out and bend them in half with a vise. I also save the magnets. Really strong magnets.
 
D

Double_A

TB Fanatic
I've heard that some HD manufacturers use glass/ceramic platters anybody know who that is?

I smash them with a 12lb sledge wearing safety glasses.
 
onetimer

onetimer

Has No Life - Lives on TB
don24mac said:
First I overwrite them a few times with the disk utility software that comes with our Macs. Then, I just open them up, take the platters out and bend them in half with a vise. I also save the magnets. Really strong magnets.
Click to expand...


I too save the magnets, they've helped me out on several cell phone warranties ;)
 
onetimer

onetimer

Has No Life - Lives on TB
Double_A said:
I've heard that some HD manufacturers use glass/ceramic platters anybody know who that is?

I smash them with a 12lb sledge wearing safety glasses.
Click to expand...

I just pried up on a platter in a laptop hard drive and it shattered. It was a Toshiba.



The newest and largest drives make use of a new technology of glass/ceramic platters. Basically, this is glass with enough ceramic within to resist cracking. This glass technology is taking over aluminum in the hard drive industry. Many popular manufacturers already use it, including Maxtor, Toshiba, and Seagate. Glass platters can be made much thinner than aluminum ones, they can better resist the heat produced during operation and they are also better able to withstand the extreme centrifugal forces during spinning on the spindle.
http://www.drivesolutions.com/info/aboutwork.shtml
 
O

Oldotaku

Veteran Member
There are some pretty clueless sellers on Ebay too. I purchased a 100GB laptop drive from a seller, then had to ship it back because it was a dud drive repackaged in a new box. The second try sent me the real drive that I paid for. And more.

The drive had been removed from some college student's laptop, and among the 75GB of files were several revisions of his resume, his "little black book", his MP3 collection, dozens of class papers, and various other files of a personal nature <ahem>. Had I been of a malicious nature, I could have made this kid's life a living hell for years. I nuked the whole thing, and it now carries about 90GB of Xvid files.

I'm partial to disassembly, but I tend to hang onto drives until they physically fail, recycling them into other machines.
 
D

Double_A

TB Fanatic
Thanks!



onetimer said:
I just pried up on a platter in a laptop hard drive and it shattered. It was a Toshiba.



The newest and largest drives make use of a new technology of glass/ceramic platters. Basically, this is glass with enough ceramic within to resist cracking. This glass technology is taking over aluminum in the hard drive industry. Many popular manufacturers already use it, including Maxtor, Toshiba, and Seagate. Glass platters can be made much thinner than aluminum ones, they can better resist the heat produced during operation and they are also better able to withstand the extreme centrifugal forces during spinning on the spindle.
http://www.drivesolutions.com/info/aboutwork.shtml
Click to expand...
 
C

Cimbri

Contributing Member
BLOW TORCH

Some one I know said that

the only thing that really works

is to use a BLOW TORCH.

cimbri
 
R

Ramius

Senior Member
TJA said:
I'm actually collecting hard drive platters. I've been stripping them from the old windows 3.1/upgraded to W98 pentium 75 machines that we're finally obsoleting at work. I'm going to epoxy them to the inside surface of a 4' diameter steel dish I picked up and attempt to build a parabolic solar oven using the hard drive platters as the mirrors.
Click to expand...

You have a lot of spare time, don't you? :lkick:

If you get it working, I'd love to hear what results you get.

Have you seen the home-made 'clocks' some geek made using HD disks and timed LEDs' spaced around the perimeter?

Ramius
 
T

TJA

Veteran Member
Ramius said:
You have a lot of spare time, don't you? :lkick:

If you get it working, I'd love to hear what results you get.

Have you seen the home-made 'clocks' some geek made using HD disks and timed LEDs' spaced around the perimeter?

Ramius
Click to expand...

If I had all that much spare time that dish wouldn't have been sitting in my backyard for the past year or so. :lkick:

I made the realization about the had platters being potential mirrors sometime last spring. Since then I've accumulated 26 platters, some drives only have one but some have two. I think I've got about another dozen or so drives to scavenge in various places along with one older lab of 18 to 20 of those W98 Pentium 75 machines that are still being used. :screw: At least that lab is definitely being scrapped in another six months or so. I get slow times at work every once in a while so I pull apart a drive or two during the down time. The real trick is going to be rigging up some sort of mount for the dish.
 
Milk-maid

Milk-maid

Girls with Guns Member
Rich30N90W said:
Simpler method would be any utility out there that utilizes a 7-layer DoD wiping system - but that takes hours and what's more fun, letting a dull program run on your computer, or smashing it with a hammer? We know the answer
Click to expand...

In law enforcement we have a way to get past the 7 layers. That DoD program is old technology from 10 years ago. Best to destroy the hard drive with a hammer and burn the remaining parts.
 
Sysman

Sysman

Old Geek <:)=
Wow, sounds like a bunch of drives are being thrown out. What's up with that?

I still have my first 10 meg drive, that came with the original IBM PC. It still works, at least it did last time I fired it up a couple years ago...

I look on my shelf and I've got 7 old drives stacked up. Another half dozen in old machines, a couple more in a box upstairs I think, AFAIK they all work...

What are you guys doing to all those poor old disk drives?

:lol:
 
Christian for Israel

Christian for Israel

Knight of Jerusalem
OddOne said:
Full disclosure: I run a small company that makes and sells data destruction tools. Due to TB2K's rules regarding advertisisng I won't name the product.


I have to throw a FUD alert flag for that article...


For stopping casual data recovery, a single pass of overwrite data across a file or drive is sufficient. That'll stop most commercial software-based recovery products such as Ontrack's EasyRecovery.

For stopping more in-depth recovery using forensic tools, the DoD standard (DoD 5220.22-M - one pas of a specific pattern, one of that pattern's complement, and one of random garbage) is sufficient. That'll stop most forensic recovery products such as EnCase, as well as forensic recovery devices that work directly with the physical hard drive's electronics.

There are a few data destruction products out there that can stop most of the world's data recovery specialists, usually by using dozens to hundreds of overwrite passes. (I know of only one that can do a thousand passes.) That much work will actually push the residual data signatures down below the noise threshold of the drive's pickup heads. Recovery in that case will be only realistic from maybe six or seven recovery operations in the world, and will involve magnetic signature anaysis and tunneling electron microscopy to manually extract bits one by one. Costs for that will go up into the tens of thousands of dollars per kilobyte range and is only done in the most extreme circumstances imaginable since at that point it's actually easier to go extract info from a person (e.g., "rubber hose cryptanalysis").

For stopping national-security level recovery, you'll want to physically destroy the media. It's generally close to never that an individual will need to choose physical destruction.


Now, that said, it is a necessity to properly wipe any drive that will be released from your possession. You don't need to destroy it unless you're dealing with info that could get people killed, etc. but a strong wipe is definitely in order. I'd recommend the DoD standard for most users, increasing the wipe count if you do a lot of financial management and/or have trade secrets on your drive. That's more than enough for the kind of data-recovery sophistication most folks will have that aren't data-recovery specialists, and will thwart the vast majority of professional recovery efforts.


Side note: There's a lot of snake oil in the filewiper market. The DoD standard is three passes, not seven. The Gutmann method (which is 35 passes) is, according to Peter Gutmann himself, obsolete and near-worthless on modern hard drives. A solid half to two-thirds of the filewiper products on the market are ineffective or only partially effective but can leave fragments behind. Avoid Evidence Eliminator like the plague - it's stupidly overpriced, spam and scare tactics are used to sell it, and if it thinks you've bootlegged it it'll pretend to work but won't actually destroy anything.
Click to expand...

i think terminus 6 works pretty well...thats what i use for ALL deleted files...

(thanks OddOne :))
 
O

OddOne

< Yes, I do look like that.
Milk-maid said:
In law enforcement we have a way to get past the 7 layers. That DoD program is old technology from 10 years ago. Best to destroy the hard drive with a hammer and burn the remaining parts.
Click to expand...

I have ways of making sure you won't even get a usable timestamp back, let alone useful data, without having to destroy the drive. ;) :D


And the actual DoD spec is three passes, not seven. :)
 
O

OddOne

< Yes, I do look like that.
Mr. Gravy said:
What are everyones opinion on Darik's Boot and Nuke program?
Click to expand...

If you need to erase whole hard drives, DBAN is arguably the best product out there for that purpose.

DBAN is not designed for live-system use, though, as you have to boot into it and it destroys entire drives instead of individual files.
 
O

OddOne

< Yes, I do look like that.
Christian for Israel said:
i think terminus 6 works pretty well...thats what i use for ALL deleted files...

(thanks OddOne :))
Click to expand...

And wait until you see what I'm doing for T7... :D

(Side note: T6 works perfectly in Vista and Windows 7, which kinda surprised me since Vista was the Longhorn beta at the time. Strangely, the Win7 beta reports its version as 6.1.7000, so T6 thinks it's Longhorn/Vista.)
 
S

SpiritBear

Inactive
Anyone know of a utility that can "wipe" certain Directories, like My Documents and leave the rest (eg: Operating System) intact?

I have to send my PC back to my (former) employer, and want to delete everything except the O/S and the standard apps that IT loads (I want it to boot, but want NONE of my files left on it).

Thanks -

- S
 
O

OddOne

< Yes, I do look like that.
SpiritBear said:
Anyone know of a utility that can "wipe" certain Directories, like My Documents and leave the rest (eg: Operating System) intact?

I have to send my PC back to my (former) employer, and want to delete everything except the O/S and the standard apps that IT loads (I want it to boot, but want NONE of my files left on it).
Click to expand...

Check your PMs... ;)
 
Kris Gandillon

Kris Gandillon

The Other Curmudgeon
_______________
I have to send my PC back to my (former) employer, and want to delete everything except the O/S and the standard apps that IT loads (I want it to boot, but want NONE of my files left on it).
Click to expand...

You might want to check your "former" employer's policy about such things.

You would be charged with "destruction of company information" around here if you wiped that computer in such a fashion before sending it back to us.

Most of what we are interested in when an employee departs is the My Documents, their email and any other "company data" that might be of use on that computer.

We take such destruction of company information VERY seriously around here.

Technically, there should ne NOTHING on that computer the company doesn't have a right to see and you should probably not have anything on there that you would not allow them to see.

Kris
 
You must log in or register to reply here.
Top