Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Hard Drive Deletion Appliance?

Posted by timothy on from the write-a-lot-of-xs-and-os dept.

An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?

38 of 573 comments (clear)

  1. Still Risky by fembots · · Score: 5, Insightful

    If you have something so important, it might be best to destroy/keep the dead drives and pay for new ones, which aren't that expensive compared to the risk of someone finding out a way to recover your data even after it's been processed by the state-of-the-art secure deletion processor.

    I believe the information is secured only if it's still in your hand.

    --
    Rock that crushes, Paper & Scissors that don't matter.
    1. Re:Still Risky by homer_ca · · Score: 3, Informative

      It may be easier to pay extra for a warranty that lets you keep the failed hard drive. Dell has one. Others probably do too. Or considering how cheap hard drives are, just buy a few spare drives for the whole office and don't RMA the failed drives. The risk there is if you get a batch of bum drives. It happened at my office. Every single Maxtor drive from one order of Dells failed in less than a year. It was just bad sectors so we could still wipe them.

    2. Re:Still Risky by forkazoo · · Score: 5, Informative

      Uhhh... I disagree. I work at an organisation which falls under HIPAA. All the money we would spend on new hard drives for no apparent reason would mean that developmentally delayed persons in the community would be unable to get access to the resources we exist to provide.

      Whenever somebody moves from one department to another, they need either a new PC, new HD, or a fresh setup on their old PC after a secure wipe. Every time somebody leaves the organisation, or a new person arrives. Every time a drive dies and the PC needs to get a new one under warranty.

      Right now, I am probably doing a minimum of ten secure wipes every month. A new hard drive would cost roughly a hundred bucks. That's 12,000 dollars annually, minimum, just on hard drives, which would be wasted. That's a certain number of hours we would need to cut back the day program, leaving mentally retarded people roaming the streets without any help. Including the mentally retarded people who aren't allowed near children because they have sexually assaulted them in the past. That's a certain number of winter coats that can't be bought for people who can't work a steady job.

      So, we use a utility called DBAN, Darik's Boot And Nuke. It's part of a free x86 rescue CD I downloaded. It comes with a bootable linux live CD, which includes an ntfs resizer, and memtest86. I usually just run it in teh machine where the HD is, rather than pulling the HDD out. In particular, this is much handier for laptops than a special device would be. OTOH, it would be easy enough to get an external hot swap caddy, and use it as your appliance, just plug it into any machine.

      Also, you can always just dd /dev/random onto your disk a few times. Anybody know any good reason why that would be insuffiecient?

    3. Re:Still Risky by fireloins · · Score: 4, Interesting

      I always figured that the safest way to wipe a hard drive would be to heat it up above the Curie temperature. Once all of those domains are randomized, there ain't no information left. Anyone have any idea what T_C is for a hard drive platter? I would guess its in the 700K range, which unfortunately is too hot for your standard oven. But if you have a friend who works at a brick oven pizza parlor, that would probably do the trick.

    4. Re:Still Risky by Marty200 · · Score: 5, Insightful

      Whenever somebody moves from one department to another, they need either a new PC, new HD, or a fresh setup on their old PC after a secure wipe. Every time somebody leaves the organisation, or a new person arrives. Every time a drive dies and the PC needs to get a new one under warranty.

      Right now, I am probably doing a minimum of ten secure wipes every month. A new hard drive would cost roughly a hundred bucks. That's 12,000 dollars annually, minimum, just on hard drives, which would be wasted.

      You are missing the point. You can wipe a fully function drive that is staying inside your organisation and be fairly sure no one will get to the deleted info. But if the drive is broken, you can't besure the drive has been fully erased. And then you are sending it off to someone outside your organisation who may decided to see what you left on it.

      Also, you can always just dd /dev/random onto your disk a few times. Anybody know any good reason why that would be insuffiecient?

      Because the drive is broken. Chances are you can't write to it.

      Best bet is to keep the drives and destroy them yourselves. If you buy enough stuff you can probably get something worked out with your vendor so you get a deal on warranty replacements.

      MG

      --

      Randomly distributing Karma whenever possible.

    5. Re:Still Risky by bersl2 · · Score: 4, Informative
      Read the DBAN FAQ page:
      Q: Is the Gutmann method the best method?

      A: No.

      Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.

      In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.

      In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".

      Read these papers by Peter Gutmann:
  2. Data destruction. by BWJones · · Score: 4, Insightful

    It really depends upon what level of security you are talking about. Degaussing certainly does not do the job adequately enough for some purposes, but the issue of maintaining a box that has all the hardware to be backwards compatible can be cumbersome and expensive. I suspect you are not in a sensitive/classifed government position as they have protocols for this sort of thing, but if you truly have seriously data sensitive needs for hard drives you are going to retire, I would suggest first formatting the drive with multiple writes and reads of serial 1's and 0's which should prevent 99.9% of data recovery attempts. An older G4 tower running OS X, should allow you to recognize and mount drives formatted with a variety of operating systems. Stick a couple of SCSI cards in it and an ATA and SATA card (Sonnet makes a combined card) which should give you multiple SCSI formats, ATA, Firewire and USB depending upon your needs. If you are really paranoid, actually disassembling the drives, degaussing and physically destroying the platters will finish the job. Believe it or not, data can even be reconstructed at the microscopic level through the use of electron microscopy, so the more damage done to the physical media, the harder it is to extract information.

    --
    Visit Jonesblog and say hello.
    1. Re:Data destruction. by claudius0425 · · Score: 5, Informative

      While this may seem at first to be just a one off joke, there is really alot to be said for torching a drive. In addition to the massive physical damage, you will heat the magnetic layers past their Curie point, so their magnetic orientation won't matter: they won't be magnetic anymore.

      Happy torching!

      --
      Phus. Sysiphus.
  3. Uh, if the hard drive is dead by drinkypoo · · Score: 4, Insightful
    Then you're not going to be writing anything to it anyway.

    The best you can do is use a degausser, since you can't open the drive without voiding your warranty.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Uh, if the hard drive is dead by drinkypoo · · Score: 4, Funny

      Dead is boolean. You are either dead, or you are not dead. There is no "mostly dead" like in The Princess Bride. The closest you get is "almost dead", which we call dying. Attempts to call a hard drive which still works "dead" will be met with contempt by more reasonable people.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Home Depot by Sebastopol · · Score: 3, Funny

    ...44 Oz. Framing Hammer.

    Just explain to the RMA operator how you work for a "major construction contracting firm"...

    --
    https://www.accountkiller.com/removal-requested
  5. dban.sourceforge.net by Anonymous Coward · · Score: 5, Informative

    dban.sourceforge.net

  6. DBAN - Darik's Boot and Nuke by slashjames · · Score: 4, Informative

    http://dban.sourceforge.net/
    Good hardware detection, GPL.

    1. Re:DBAN - Darik's Boot and Nuke by ErnieD · · Score: 5, Informative

      I'll second that, I've used DBAN a few times just in the last few days on old drives we're preparing to toss (finally retiring very old hardware).

      I run it from the Ultimate Boot CD, http://www.ultimatebootcd.com, which has a ton of other diagnostic utilities on it, including the drive diag tools from all the major manufacturers. Extremely handy little CD to have around.

  7. BCWipe by jascat · · Score: 5, Interesting

    I have used BCWipe to declassify Secret hard drives. They have a DOS version you can throw on a MS-DOS boot disk and a linux version you can put on a livecd. Either works equally well.

    1. Re:BCWipe by jascat · · Score: 4, Interesting

      From everyone I talked to at various levels, it is actually recommended. The important part is that it supports the DoD prescribed method.

    2. Re:BCWipe by TFloore · · Score: 4, Informative

      Is BCWipe legally authorized for that use though?

      That's easy...

      NO.

      BCWipe and other such applications will allow you to use a classified (up to SECRET only, nothing more sensitive) harddrive in an unclassified computer/network, but you must STILL track that harddrive, and physically destroy it when you excess the computer. The utility is approved for re-purposing the drive, but it must still be disposed of as any other classified storage, i.e., physically destroyed.

      TS and higher drives may NOT be re-purposed like this, they must be physically destroyed.

      Generally, "physically destroyed" means the drive must be disassembled, and the individual platters wiped with a magnet of a gauranteed minimum field strength. (Sorry, I'd tell you the required field strength, but I don't remember off hand.) After this, the platters can be disposed of just like shredded classified documents would be.

      10 years ago using BCWipe-style software was approved in DOD for declassifying harddrives. This is not the case any more. Pay attention to how harddrives work. They've gotten too smart for this to be guaranteed to wipe data now. They ship with "excess" sectors, and can internally remap any bad sectors to these excess sectors, reading data from them and copying it when the sector is internally detected as "going bad but still accessible". Data in these "bad" remapped sectors can be accessed when the drive is connected in diagnostic mode. If you have a classified storage device, within certain boundaries, you won't know if the drive has performed such a remapping and hidden classified data that could be recovered by an intelligent operator. Therefor, BCWipe-style software is only approved for re-purposing where you maintain physical control of the harddrive. To dispose of the harddrive, you must physically destroy it, basically because the drives have gotten too smart.

      --
      This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
    3. Re:BCWipe by Shanep · · Score: 3, Interesting

      To dispose of the harddrive, you must physically destroy it, basically because the drives have gotten too smart.

      Drives have been doing this for at least the past 10 years that I know of. My old WD Caviar and Maxtor 340MB drives did that around '94-'95.

      This is the reason that hard drives suddenly started appearing on the market with seemingly no bad sectors to be marked by the file system to avoid. The days of seeing "B" blocks in Norton Disk Doctor and trying to "recover" them were mostly over. The truth was that there were bad sectors, but they were remapped to spares to make drives look good and help to guarantee minimum storage. Due to this, if you had a drive that did exhibit bad sectors, because the spares were all used up, then you had a really bad drive. I always took such drives back.

      This is not new though.

      --
      War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
  8. Unscrewed segment covered topic by wherley · · Score: 4, Informative

    See http://www.g4tv.com/unscrewed/features/45707/Dark_ Tip_Destroy_All_Data.html
    have a few pieces of s/w and h/w mentioned there. use the floppy method on a standalone machine to plug your disk into and wipe it. try Darik's Boot and Nuke method: http://dban.sourceforge.net/

  9. Re:You could have... by Rei · · Score: 4, Informative

    It basically means that everyone who works in the medical industry has to jump through hoops to make sure that anything that could compromise your privacy doesn't get out without your permission. This goes to the extent that when working with MRI images for cross-site study, we have to use custom face-removing software so that someone can't reconstruct what your face looks like from the 3d data. And even then, there are debates about how much skull needs to be removed...

    --
    sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
  10. Drive Duplicator... by hated · · Score: 5, Informative

    http://www.driveduplicators.com/124.html

    Its primarily a hard drive duplicator but it also has DoD 5220.22-M level wipe. Sorry to plug a specific product :)

  11. Re:You could have... by Ingolfke · · Score: 4, Informative

    what the heck is HIPAA?

    Try the Health & Human Services - Office for Civil Right - HIPAA for some information. HIPAA is relevant to the article because it strengthened medical privacy laws.

  12. The ONLY current method proven to be secure by hellomynameisclinton · · Score: 4, Interesting

    These guys have even done the demonstration for you:
    http://driveslag.eecue.com

  13. An embedded PC-driven entropy rewriter/degausser by ikewillis · · Score: 3, Interesting

    ...is my recommended approach. I actually built one of these myself, powered by an embedded Linux PC that boots from CD-ROM. It uses modular exponentation to generate a cryptographically random sector distribution list, to which it writes entropy data generated from an onboard Random Event Generator. It repeats this process 10 times consecutively, then cuts power to the drive and degausses the entire disk. This process is extensive enough to ensure that even the world's most sophisticated data recovery experts will recovery nary a bit from such a drive, and I've automated it to a plug and play process. Simply insert the drive into the degaussing chamber and attach data and power cables, then throw the switch. Wait about an hour or so, and the drive comes out irrevocably blank.

  14. Destroy them by agoliveira · · Score: 3, Informative

    If you prize so much the confidentiality of the date to go to very extreme measures like high level gear just for that, as cheap as the HDs are now, I would just throw them inside a furnace.

    --
    Scientia est Potentia
  15. No RMAs are the cost of doing business by metoc · · Score: 4, Informative

    The general rule of thumb for data security sensitive industries is to never return the platters.

    Most governments have arrangements to either get a discount up front, or to get the manufacturer to accept the top cover as proof the drive is destroyed, and then provide a warranty replacement.

    For everyone else it is the cost of doing business. Depending on your business the risk is measured in years in court, 7+ digit claims and real impacts on stock price. Replacing failed harddrives out of pocket is cheap.

    Best thing to do is remove the platters and store them as they take up less space, and once you have enough pay a degauss service to blast the entire box. Even then, get an artist to turn them into a piece of art for your front lobby.

    1. Re:No RMAs are the cost of doing business by djtack · · Score: 4, Informative

      I work for a university, and I have been able to get warranty replacements from Western Digital by faxing them a letter on company letterhead, explaining the reasons why we can't return the drive, and attaching a picture of the drive's top plate.

      We then let the geeks have fun destroying the disks. ;) But the parent is absolutely right. If you can't get replacements this way, you'll just have to deal with the cost of replacing them yourself.

  16. Still Risky Indeed by Nik13 · · Score: 4, Interesting

    If the drive is faulty, you just might not be able to overwrite the info (not reliably anyways).

    I'm surprised he's even looking for this. I work in a place where for similar regulations we have to wipe HDs securely before disposal, but that's only for working ones. Damaged HDs cannot be sent back because of the info on them, they have to be destroyed locally. We take the platters out, but I'm not 100% sure how they get destroyed (probably degaussed then physically damaged). The companies we buy PCs from are aware of this too. If a drive dies in one of the PCs that's still under warranty, they replace it and we keep the old drive for proper disposal.

    Such a device would only be useful for disposing of old PCs with functionnal HDs in them. I can't see the regulations let them do this.

    --
    ///<sig />
    1. Re:Still Risky Indeed by da007 · · Score: 3, Informative


      Army spec is 5 holes equadistant holes drilled through the platters.

    2. Re:Still Risky Indeed by AHumbleOpinion · · Score: 3, Funny

      Drilled? Couldn't we just paint them black and use them as targets on the 100yd range until enough data is removed?

  17. Re:A smashed drive tells no tales by SYFer · · Score: 5, Funny

    Might I suggest the Wilton 20003 12 lb. Unbreakable Double Faced Sledge Hammer? At 12 pounds and with a shock absorbing handle, you'll find this fully OSHA-compliant device will serve your needs admirably.

    And yes, this most certainly IS an Amazon affiliate link. I believe that if the submitter or other government officials purchase this mission-critical security appliance, I am entitled to my consulting fee. As for the parent poster, well... Uh, I'll buy him a beer when the windfall from this new sledge hammer gig comes rolling in.

    --
    "...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
  18. Degausser by ka9dgx · · Score: 4, Interesting
    If you want the data gone, but can't physically destroy the patters, you'll need more than the tape demagnetizer from Radio Shack to degauss it. You need a DC magnetic field, a damned strong one. The field at the surface of the disk platters must be at least 3000 Oersted (0.3 Tesla).

    The drive housing may, in fact, shunt the field around the drive if it is ferromagnetic. (See if a magnet sticks to it)

    If it were me, I'd make a nonmagnetic aluminum housing to screw the drive onto, pad the hell out of it (just incase I slipped), and head on over to Radiology, and use a 10 Tesla (or stronger) MRI to erase that bad boy. I'd rotate it in all 3 dimensions, more than once, just to make sure.

    If the field you use demagnetizes to the servo and drive magnets, it'll probably be safe to return for replacement.

    I agree that it's probably better to eat the cost of the drives than to risk the getting made the poster child for HIPAA. (You just know they'll looking for someone pull a Martha Stewart on.)

    --Mike--

  19. VIDEO - Destroying Drives with Acid and Thermite by ghobbsus · · Score: 4, Interesting

    There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...

    Watch it here

  20. Don't Destroy - Encrypt by dsginter · · Score: 4, Interesting

    SafeGuard Easy

    Plenty of businesses use it to encrypt a hard drive (boot time password) prior to production. This way, if the drive fails mechanically and the data can't be destroyed (without physically destroying the drive), the data is still encrypted. As a plus, there is no need to wipe a drive since you only need erase the SafeGuard Kernel which renders it just about as useless. There was a case a while back where one of the European countries tried to brute force this software for a criminal trial and could not do so.

    For HIPAA, you'll need to physically destroy a drive if it has failed mechanically and you can't otherwise wipe it.

    Don't get me wrong - this software is a pain in the ass since you have to decrypt a drive using the admin software if the underlying OS becomes unbootable. But it is a relatively simple solution, otherwise.

    --
    More
  21. Re:A smashed drive tells no tales by focitrixilous+P · · Score: 4, Funny
    Allow me to embrace and extended.

    The sledge hammer is the linux style solution. More work than is needed, what you need is user convience. Sledgehammers will tire you out, you don't want to do that all day long. What you need is the Remington 870 pump action shotgun. Available in assorted sizes and gauges, the 870 can erase as many as 5 hard drives in a single loading. The 870 comes in 12 gauge, 28 inch barrel for those SCSI drives, down to a .410 shotgun for those hard to wipe flash drives.

    For maximum assurance of data erasure, the 870 cannot be beaten. Be sure to use number 3 shot or larger. Also available in left handed.

    The Remington Gauge system follows the approved national standard, to avoid vendor lock-in. Shells from all competitors will function, though Remington shells are recommended for best preformance. Never doubt if your data was securely erased or not ever again! Come to Remington Country.

    --
    SAILING MISHAP
  22. Re:I say... by BJZQ8 · · Score: 3, Insightful

    My point is not that there are people out to "get" other people...my point is that, if there is a security hole, it was not in what they were expending most of their effort in combating. Did they shred, burn, atomize, and scatter every last recepit from the operation? Probably not. Did they make sure nobody was secretly recording Ms. Smith while she read off her personal information to the pharmacist? Probably not, too. It seems so much "security" these days is devoted to expending vast resources on things that make very little difference. As an example, a small airport near me recently built a $500,000 "security fence" to keep out "terrorists." Complete with flashy card readers for the gate and computer accounting. Of course, if you walk 50 feet to the south, you can walk right through a corn field onto the main runway, but hey, it looks good! If people were more intelligent in apportioning their security resources, rather than worrying about ABSOLUTELY atomizing somebody's hard drive, then we'd be money ahead. There's always going to be that .03% on either end of a 6-sigma bell curve...don't worry about it.

  23. Discussed to death by experts by Decker-Mage · · Score: 4, Informative
    We've discussed this issue to death over in the Computer Forensics list (http://www.securityfocus.com). The conclusion is that the only mechanism that is absolutely compliant is physical destruction of the platter(s). There is a deguasser that may meet current compliancy requrements (note: current!), however it runs about $40,000 per unit and as coercivity increases with new designs, will quickly become obsolete.

    Sorry folks, I'd rather rely on my community there than a bunch of fellow /.'s (grin). Elitist? Yar!

    --
    "[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
  24. Re:A smashed drive tells no tales by gormanly · · Score: 4, Funny

    Nice OS analogy: allow me to embrace and extend.

    The sledgehammer is a simple, solid and effective tool, yet requires a modest degree of effort. It is available everywhere there is human settlement, is cheap, and has no running costs. A sledgehammer never requires any form of licence or permit to use. It also just works.

    A pump-action shotgun may be easier for the lazy or weak to use; it may even be more fun. It certainly makes it easier to harm your neighbours, or shoot yourself in the foot. Remind you of anything?