Slashdot Mirror
Secure Hard Drive Deletion Appliance?
An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?
If you have something so important, it might be best to destroy/keep the dead drives and pay for new ones, which aren't that expensive compared to the risk of someone finding out a way to recover your data even after it's been processed by the state-of-the-art secure deletion processor.
I believe the information is secured only if it's still in your hand.
Rock that crushes, Paper & Scissors that don't matter.
Re:Oh, man. Hear it comes. (Score:5, Informative)
by QuaZar666 (164830) Alter Relationship on Thu 16 Jan 04:03AM (#5091822)
Now days the dod drills a hole through the platter on drives that are bad that have to be RMA'd and have contracts so all they have to return is the top of the drive with the label. as for drives they no longer need i do not know. im guessing they write 0 and 1 patterns on the drive 7+ times. (even then data recovery services could recover it)
Silly, but I have this association:
Ground control to major tom
Your circuit's dead, there's something wrong
Can you hear me, major tom?
CC.
TaijiQuan (Huang, 5 loosenings)
It really depends upon what level of security you are talking about. Degaussing certainly does not do the job adequately enough for some purposes, but the issue of maintaining a box that has all the hardware to be backwards compatible can be cumbersome and expensive. I suspect you are not in a sensitive/classifed government position as they have protocols for this sort of thing, but if you truly have seriously data sensitive needs for hard drives you are going to retire, I would suggest first formatting the drive with multiple writes and reads of serial 1's and 0's which should prevent 99.9% of data recovery attempts. An older G4 tower running OS X, should allow you to recognize and mount drives formatted with a variety of operating systems. Stick a couple of SCSI cards in it and an ATA and SATA card (Sonnet makes a combined card) which should give you multiple SCSI formats, ATA, Firewire and USB depending upon your needs. If you are really paranoid, actually disassembling the drives, degaussing and physically destroying the platters will finish the job. Believe it or not, data can even be reconstructed at the microscopic level through the use of electron microscopy, so the more damage done to the physical media, the harder it is to extract information.
Visit Jonesblog and say hello.
The best you can do is use a degausser, since you can't open the drive without voiding your warranty.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
...44 Oz. Framing Hammer.
Just explain to the RMA operator how you work for a "major construction contracting firm"...
https://www.accountkiller.com/removal-requested
dban.sourceforge.net
http://dban.sourceforge.net/
Good hardware detection, GPL.
Use good old Norton Diskreet (DOS version) and automate it with a batch file running on a tired old PC set out to pasture. All supplies are available on Ebay.
I am becoming gerund, destroyer of verbs.
The second method is to set up a *nix box with some hot swap drive bays and use that (I actually prefer this method). You can find removable bays all over the place and use *nix to format the drive writing all 0s to it.
I don't think anyone makes a machine exactly like you describe, but both of these methods will do the trick. Good luck!
US Democracy:The best person for the job (among These pre-selected choices...)
I have used BCWipe to declassify Secret hard drives. They have a DOS version you can throw on a MS-DOS boot disk and a linux version you can put on a livecd. Either works equally well.
Hard drives are so cheap that you can just destroy the hard drive with a drill press. Afterall, they say construction workers that demolish buildings have the highest job satisfaction, you can get your own taste of that.
These guys will have a solution for you. They know how to recover the data. They know how to erase it past any hope of recovery.
Disclaimer: Affiliations from past work experience.
Smash the thing to bits! What's wrong with that?
See http://www.g4tv.com/unscrewed/features/45707/Dark_ Tip_Destroy_All_Data.html
have a few pieces of s/w and h/w mentioned there. use the floppy method on a standalone machine to plug your disk into and wipe it. try Darik's Boot and Nuke method: http://dban.sourceforge.net/
It basically means that everyone who works in the medical industry has to jump through hoops to make sure that anything that could compromise your privacy doesn't get out without your permission. This goes to the extent that when working with MRI images for cross-site study, we have to use custom face-removing software so that someone can't reconstruct what your face looks like from the 3d data. And even then, there are debates about how much skull needs to be removed...
sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
http://www.driveduplicators.com/124.html
:)
Its primarily a hard drive duplicator but it also has DoD 5220.22-M level wipe. Sorry to plug a specific product
I have such a machine. I call it "Sledge Hammer"
also a great stress relief tool, ala "Office Space"
Don't Tread on Me
what the heck is HIPAA?
Try the Health & Human Services - Office for Civil Right - HIPAA for some information. HIPAA is relevant to the article because it strengthened medical privacy laws.
You must have seen Shred mentioned in the previous discussion. It's GNU coreutils so comes as standard with most Linux (ahem: GNU/Linux) distributions, and deals with file references in your filesystem.
/dev/blah" to the device. The man pages say that this will write random data 25 times across the device before zeroing it, making a mess of the filesystem and the files too, whether or not they're stored with journaling data.
Shred is not complicated enough to waste files that has been stored on a journaled filesystem, which includes NTFS, ext3, ReiserFS and friends. This doesn't stand in the way of you plugging in a device, for example by USB/Firewire enoclosure), having it automount, according to your distribution's setup, before running "shred -z
These guys have even done the demonstration for you:
http://driveslag.eecue.com
I think HIPPA requirements are met by the electronic equivalent of a cross-cut shredder, destruction beyond all possible recovery is not required. A multi-pass overwrite is probably enough. Almost all bootable Linux CDs have the basic tools to do this, but you may find it handy to write a shell script to automate the process. Some may even have e-z shredders right there in the KDE or Gnome menus. Get a distro that reads USB drives and an external USB/IDE box and you are in business.
Another possiblity is to use Bart's PE Builder and one of many MS-Windows-based shredders to make a bootable MS-Windows XP CD that does the same thing.
If overwriting the data one or more times does NOT meet legal requirements, then you should overwrite the data once as a precaution in case someone steals the drive before you can permanently erase it, disassemble the drive, drill holes in the platters, then heat the platters, including the drilled-out parts, long enough to completely degauss them. A fireplace should do the trick, but an autoclave or better yet a pottery or cement kiln would do a better job. A kiln might actually melt the platters, which is pretty much the ultimate in data destruction.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...is my recommended approach. I actually built one of these myself, powered by an embedded Linux PC that boots from CD-ROM. It uses modular exponentation to generate a cryptographically random sector distribution list, to which it writes entropy data generated from an onboard Random Event Generator. It repeats this process 10 times consecutively, then cuts power to the drive and degausses the entire disk. This process is extensive enough to ensure that even the world's most sophisticated data recovery experts will recovery nary a bit from such a drive, and I've automated it to a plug and play process. Simply insert the drive into the degaussing chamber and attach data and power cables, then throw the switch. Wait about an hour or so, and the drive comes out irrevocably blank.
Slashdot already covered the best method of data destruction.
Drive Slagging!
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
Drop a nice little mixture of aluminum and iron oxide on the drive, ignite it. Nothing will retrieve that data, not even electron microscopy.
There is no substitute for heat.
Cook the drive past the Curie Point with a
blowtorch. You'd be amazed what folks can recover
from drives even if they've been "destroyed."
load it into a skeet shoot device, launch it, and shoot it with a shotgun. repeat until its blown up good.
...I am fairly certain that the only way to get this done is by causing the IDE hard drive to fall from a metal catwalk into liquid metal. I tried using liquid nitrogen and a hammer once but when I woke up in the morning the hard drive was reconstituted back inside my box and all the data was intact.
I am pretty sure that SATA drives need a priest, holy water, a crucifix, and a copy of the Roman rituals.
And I just use a shotgun (or chainsaw) on my CD-RW's because the only way to stop them is by "removing the head, or destroying the brain."
If you prize so much the confidentiality of the date to go to very extreme measures like high level gear just for that, as cheap as the HDs are now, I would just throw them inside a furnace.
Scientia est Potentia
The general rule of thumb for data security sensitive industries is to never return the platters.
Most governments have arrangements to either get a discount up front, or to get the manufacturer to accept the top cover as proof the drive is destroyed, and then provide a warranty replacement.
For everyone else it is the cost of doing business. Depending on your business the risk is measured in years in court, 7+ digit claims and real impacts on stock price. Replacing failed harddrives out of pocket is cheap.
Best thing to do is remove the platters and store them as they take up less space, and once you have enough pay a degauss service to blast the entire box. Even then, get an artist to turn them into a piece of art for your front lobby.
If the drive is faulty, you just might not be able to overwrite the info (not reliably anyways).
I'm surprised he's even looking for this. I work in a place where for similar regulations we have to wipe HDs securely before disposal, but that's only for working ones. Damaged HDs cannot be sent back because of the info on them, they have to be destroyed locally. We take the platters out, but I'm not 100% sure how they get destroyed (probably degaussed then physically damaged). The companies we buy PCs from are aware of this too. If a drive dies in one of the PCs that's still under warranty, they replace it and we keep the old drive for proper disposal.
Such a device would only be useful for disposing of old PCs with functionnal HDs in them. I can't see the regulations let them do this.
///<sig
Might I suggest the Wilton 20003 12 lb. Unbreakable Double Faced Sledge Hammer? At 12 pounds and with a shock absorbing handle, you'll find this fully OSHA-compliant device will serve your needs admirably.
And yes, this most certainly IS an Amazon affiliate link. I believe that if the submitter or other government officials purchase this mission-critical security appliance, I am entitled to my consulting fee. As for the parent poster, well... Uh, I'll buy him a beer when the windfall from this new sledge hammer gig comes rolling in.
"...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
I deal with this all the time. There are a few methods that have been approved. You can format with a writting a complete random 0's, 1's across the entire disk 3 times (this includes the protected area where the MBR sits and is hidden from normal usage). Or you can destroy the disk completely. Typically destruction of the disk entails dismantaling the enclosure, removing the platters and then emmersion in a acid or burning in furnace to melt the platters. Hammers are not recommended as the broken pieces can still contain data which given enough resources can be extracted.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Too late, man. They already did it.
You know what?
The drive housing may, in fact, shunt the field around the drive if it is ferromagnetic. (See if a magnet sticks to it)
If it were me, I'd make a nonmagnetic aluminum housing to screw the drive onto, pad the hell out of it (just incase I slipped), and head on over to Radiology, and use a 10 Tesla (or stronger) MRI to erase that bad boy. I'd rotate it in all 3 dimensions, more than once, just to make sure.
If the field you use demagnetizes to the servo and drive magnets, it'll probably be safe to return for replacement.
I agree that it's probably better to eat the cost of the drives than to risk the getting made the poster child for HIPAA. (You just know they'll looking for someone pull a Martha Stewart on.)
--Mike--
We have done a few of these setups. Essentially we set up a rack at your location that has several slots for ide or scsi drives, you plug the disk in and it wipes it and reports the serial number of the disk as wiped. You can also have a barcode sticker on the hard drives and scan it with a barcode reader(optional) during erasure. Check out our site. And tell em Mike sent ya ;)
http://www.blancco.us
You can't RMA the bits.
Why not? Just say it fell down some stairs.
"...entropy data generated from an onboard Random Event Generator. "
Like a cup of really hot tea?
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...
Watch it here
SafeGuard Easy
Plenty of businesses use it to encrypt a hard drive (boot time password) prior to production. This way, if the drive fails mechanically and the data can't be destroyed (without physically destroying the drive), the data is still encrypted. As a plus, there is no need to wipe a drive since you only need erase the SafeGuard Kernel which renders it just about as useless. There was a case a while back where one of the European countries tried to brute force this software for a criminal trial and could not do so.
For HIPAA, you'll need to physically destroy a drive if it has failed mechanically and you can't otherwise wipe it.
Don't get me wrong - this software is a pain in the ass since you have to decrypt a drive using the admin software if the underlying OS becomes unbootable. But it is a relatively simple solution, otherwise.
More
When you say "secure" I have to ask "how secure?"
For example, in any situation that deals with classified data, once classified the disks can never, ever be unclassified without physical destruction. Part of the reason is that data recovery technology is VERY good, a few years ago, state of the art was the ability to recover data that had been overwritten up to 20 times.
In a nutshell, it worked by looking at the "edges" of the data tracks, because of the minute variations in head positioning, each time the drive wrote out data, the write head was not perfectly centered so there would be enough "splash" on the sides of the track to be able to recover the information. And that was a few years ago, who knows how good the tools are today.
Another thing to watch out for with all of these software solutions - you can only over-write what you can access. If the disk has acquired new bad sectors during its use, the controller automagically copies the data to a spare sector and then puts the bad sector on the "grown defect list." Generally, through software, you can't get to the sectors on the grown defect list - the controller has them remapped to the new sectors But, someone with the right tools can usually read those sectors well enough to extract the data from them.
Do you care about that level of security? I don't know, but you should at least be aware of fragility of most solutions proposed here so far.
When information is power, privacy is freedom.
Well then, my good man, may I interest you in the U.S. Forge G9123 Leather Welding Apron w/ 42" Bib?
SYFer Data Security Associates
Proudly Serving the Public Sector Since 2005
"...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
Sounds like a good job could be done automatically by changing the application code for the Linksys NSLU2 which as we know has complete Linux source available and also has a substantial following.
http://www.nslu2-linux.org/
1) Format to EXT3 deleting all partions.
2) DOD wipe. Format to Desired End state.
Mail if you are interested. Cheers!
Vista, the single biggest argument for Desktop Linux! It doesn't "Just Work"(TM).
Why it's Ribomucleic Acid of course.
The sledge hammer is the linux style solution. More work than is needed, what you need is user convience. Sledgehammers will tire you out, you don't want to do that all day long. What you need is the Remington 870 pump action shotgun. Available in assorted sizes and gauges, the 870 can erase as many as 5 hard drives in a single loading. The 870 comes in 12 gauge, 28 inch barrel for those SCSI drives, down to a .410 shotgun for those hard to wipe flash drives.
For maximum assurance of data erasure, the 870 cannot be beaten. Be sure to use number 3 shot or larger. Also available in left handed.
The Remington Gauge system follows the approved national standard, to avoid vendor lock-in. Shells from all competitors will function, though Remington shells are recommended for best preformance. Never doubt if your data was securely erased or not ever again! Come to Remington Country.
SAILING MISHAP
To wipe the drive insert a knoppix disk, once booted mount your partitions. Cd to a partition and type
# shred [options] *
man shred for specifics but shred does NSA style wipes of HDD with as many overwrites as you want (25 is stock) then follow it up with rm -Rf * (since shred destroys the data not the "name") then once all files on all partitions are "wiped" fdisk it, one big partition and put a new file system on it.
This can be done to NSA standards with a little bit of effort.
shred is beyond any doubt the most overlooked utility in Linux/Unix.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
Click Here
// TODO: Insert Cool Sig
My point is not that there are people out to "get" other people...my point is that, if there is a security hole, it was not in what they were expending most of their effort in combating. Did they shred, burn, atomize, and scatter every last recepit from the operation? Probably not. Did they make sure nobody was secretly recording Ms. Smith while she read off her personal information to the pharmacist? Probably not, too. It seems so much "security" these days is devoted to expending vast resources on things that make very little difference. As an example, a small airport near me recently built a $500,000 "security fence" to keep out "terrorists." Complete with flashy card readers for the gate and computer accounting. Of course, if you walk 50 feet to the south, you can walk right through a corn field onto the main runway, but hey, it looks good! If people were more intelligent in apportioning their security resources, rather than worrying about ABSOLUTELY atomizing somebody's hard drive, then we'd be money ahead. There's always going to be that .03% on either end of a 6-sigma bell curve...don't worry about it.
Sorry folks, I'd rather rely on my community there than a bunch of fellow /.'s (grin). Elitist? Yar!
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
I have no doubt that you could use an AVR or PIC microcontroller to do this, and it wouldn't even be hard to design. IDE interface, microcontroller, maybe some kind of random number generator, and you'd be set.
This is kinda interesting, I think I'll look into it. Add a few buttons on the front of the dongle to chose your paranoia level..
Nice OS analogy: allow me to embrace and extend.
The sledgehammer is a simple, solid and effective tool, yet requires a modest degree of effort. It is available everywhere there is human settlement, is cheap, and has no running costs. A sledgehammer never requires any form of licence or permit to use. It also just works.
A pump-action shotgun may be easier for the lazy or weak to use; it may even be more fun. It certainly makes it easier to harm your neighbours, or shoot yourself in the foot. Remind you of anything?
Step 1: Put drive on anvil and pound on it w/8-pound sledgehammer until no piece of the media is bigger than a quarter.
Step 2: Collect pieces, and slag in gas-fired incinerator.
Regards;
Do what governments do. Grind the HDs to dust (metalic and otherwise). Then store the dust. My recomendation is to melt the grindings down and turn them into paperweights for the office. No chance of a lawsuit if, for some reason, an HD doesn't get wiped.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars