Data Still Left on Storage Devices for Sale

cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."

Not only good drive but also bad drives

[slashnutt]

I always hate having to send in my hard drive for warranty repair. Years ago, I watched a friend recover information from a newly arrived warranty repaired drive. If the drive is dead and has to be sent into for warranty service, make sure one of those super powerful magnets from another drives is put around all over the hard drive case. Don't, know if that will wipe anything but I don't expect the manufacturer to ensure my data is secure.

That said I used eraser every night.

Re:Not only good drive but also bad drives

[MoralHazard]

I seriously doubt that any magnet you can get your hands on would erase anything from a hard drive platter. Even bulk tape deguassers from five years ago won't do shit on a modern drive. It takes some seriously strong fields to erase a platter.

However, sticking a decently strong household or lab magnet against the drive housing may tense parts of the delicate mechanism inside, causing the bearing to go south or the actuator arm to cease working. It's still probably possible to pull the platters and remount them in a new housing (if the platters weren't too damaged by whatever mechanical failure you induce), and there are a few outfits that can do it for ~$3000 per drive.

Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:

    dd if=/dev/zero of=/dev/hda

That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.

Re:Not only good drive but also bad drives

[Stripe7]

The only hard drives that I have got rid of have had a nail driven thru all the platters after a full reformat.

Re:Not only good drive but also bad drives

[Jason1729]

Once place I worked had enough buying clout that driving nails through the drives would not void the warranty. It was actually in the contract.

Re:Not only good drive but also bad drives

[pegr]

Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:

        dd if=/dev/zero of=/dev/hda
 
/dev/urandom is a better source... With zero, analog analysis can be used to determine the drive's prior contents. Of course, if somebody is willing to do that to recover data, they already have your house bugged...

Re:Not only good drive but also bad drives

[Fulcrum+of+Evil]

That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.

May as well do a second pass with /dev/random, though it's not like the cops are going to send your drive in for forensic recovery unless you're a big fish.

Re:Not only good drive but also bad drives

[TripMaster+Monkey]

That's right, just a single-pass overwrite with zeros will do.

Um...no. Not to be argumentative here, but I have personally been able to recover data from a hard drive after being zeroed. This is why the DoD standard is a bit more stringent than simply zeroing.

Re:Not only good drive but also bad drives

[Otter]

That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.

Have they made some change to zero in the last 8 years that makes it less constant?

Re:Not only good drive but also bad drives

[fshalor]

What if the drive wont spin up?

But you're right if they do.

I've had to pull 4 GB of rm -rf *'d data off a drive before using some tools and vi. Worked well, took hours, and I got 90% of his files back.

I also got several versions of each file, some of them dating back over a year. Scarry...

But if you dd a drive... it's gone from all the tools I had at my fingers. And I had a *lot* of tools.

I've also done the "platter swap" thing once successfully (in a shower clean room) (twice failed) and several controller swaps. There's ways. But if the platters be stuck, and data important, take em out and bake em hard.

Re:Not only good drive but also bad drives

[gweihir]

I was wondering the other day what kind of shielding a drive has to keep its own magnets from wiping itself...

From what I saw in defect drives I opened, none at all, just some centimeters distance. The "strong magnet" meme is an urban m"yth. You need far stronger static magnetic fields to damage a drive without opening it than you can buy.

In addition, if you succeeded, it would likely void the warranty anyway, so why not be sure and just decline the warranty or use an encrypted filesystem in the first place?

Re:Not only good drive but also bad drives

[Grym]

May as well do a second pass with /dev/random, though it's not like the cops are going to send your drive in for forensic recovery unless you're a big fish.

Exactly. If it's not undeleted, in the recycle bin or your internet history/cache, I find it highly unlikely that anyone will ever see it. CNET just recently ran an article that alternative browsers "impede" investigations, because detectives can't figure out where to find the files. LOL

Granted, I'm sure the NSA, DoD, and CIA have much better methods, but for most people, one pass is more than enough.

-Grym

Re:Not only good drive but also bad drives

[Brain_Recall]

Two reasons why:

The magnets are at a far enough distance (a cm is huge, in magnetic terms) that they offer little problems.

Second, magnetic fields of the driver magnets is orreinted almost exclusively in one axis. A normal refridgerator magnet will stick to the fridge with (almost) equal force no mater which way it was stuck (assuming, of course, it's semetric). The voice-coil driver magents are orriented heavily on a north-south pole. If you manage to pull one of these out, you'll see what I mean. If you let it stuck to the fridge on the flat side, you would not be able to pull it off. If you tried it on it's edge, it couldn't hold itself there.

Re:Not only good drive but also bad drives

[gweihir]

... but I have personally been able to recover data from a hard drive after being zeroed.

And what drive generation/size was that? If it was an older, lower capacity drive, I have no trouble beliving you. If it was a current >= 200GB drive, I think you need to elaborate a lot.

Re:Not only good drive but also bad drives

[shotfeel]

There was an article about a year ago (can't find it now) saying essentially the same thing about Macs. Most places just have the tools to hack a Windows PC for files. First, the Mac won't run their tools, and then, even if they yank the drive and put it in another housing, its not formatted in a way their software can access.

Now, as said above, if you were a really big fish, they have ways, but its not a typical forensics op.

Re:Not only good drive but also bad drives

[shotfeel]

It used to be different, but HDD technology is now right at the edge of what physics allows.

Not saying you're wrong, but I think an important qualifier might be "the edge of what physics allows" at any significant rotational speed. I have to wonder if you're willing to spend 100s of hours scanning a single platter with specialized equipment if you couldn't still make out a bit more. I really don't know, just wondering.

Re:Not only good drive but also bad drives

[dougmc]

You need far stronger static magnetic fields to damage a drive without opening it than you can buy.

Mod parent up. He's spot-on here.

Strong magnets (as strong as you're likely to have at home anyways) will erase (ruin) floppy media just fine. And cassette tape media. And probably 8 tracks. I don't know what they'll do to QIC-150, 4 mm or 8 mm media. But they won't erase DLT media, and won't erase modern hard drives, probably not even if you put it right next to the platter itself.

(Now, opening the drive up and scraping the magnet over the drum, physically damaging it, that may be effective. But a non-magnetic wire brush would work as well.)

Personally, I erase my media with some variation of this --

dd if=/dev/urandom of=/dev/hdc bs=102400

and let that go until it's done. Repeat if you're extra paranoid. Sure, there may be some data left in sectors that have been re-allocated by the firmware. Sure, the NSA might be able to recontruct my data bit by bit with microscopes. But if I'm really worried about that, I'm not going to sell my disk -- I'm going to physically destroy it.

As for warranty repair, that's a tough call. If the dd can't be done, the odds are good that the company can recover almost everything on the disk. You'll have to consider the pros (you get a new disk! free!) vs. the cons (they might be able to recover all of your data.)

Re:Not only good drive but also bad drives

[dougmc]

Have they made some change to zero in the last 8 years that makes it less constant?

No, but at the lowest level, your hard drive is analog, not digital. It's not just 0s and 1s anymore.

To give an example, suppose a part of your drive had this pattern written on it --

1 0 1 0 1

and you overwrote that with 0s. So you'd expect to see

0 0 0 0 0

and you would, if you read the drive in the normal way. However, underneath the covers, the data on the drive would really look more like this --

0.11 0.02 0.11 0.02 0.09

the exact values are just guesses, but there is a pattern here -- if a bit used to be 0, it's very close to 0 now. If the bit used to be 1, it's still close to 0 now, but a good deal further than if it was a 0.

With some different firmware, one could read most of the data that was on a drive that had been erased like this.

This is why people 1) write random or semi-random patterns to the disk to erase it, and 2) do it more than once.

Still, writing 0's just once to the entire disk will stop 99% of people who might read your disk. Writing random patterns several times will probably stop even the NSA, but if they want you bad enough, they'll stick probes into your brain and extract it that way :)

Re:Not only good drive but also bad drives

[MoralHazard]

Um, no. No, they can't. I used to have to explain this repeatedly to clients:

UNLESS YOU ARE DEALING WITH A VERY OLD HARD DRIVE (pre 1997, at least), YOU CANNOT RECOVER DATA THAT HAS BEEN OVERWRITTEN.

Go read the Gutmann paper from Usenix '96, and note that he never actually performs any recovery tests, nor does he cite anything other than reports of data recovery in lab situations under ideal conditions.

Also, note that he REVISED that paper in 2000 or 2001 (not quite sure) to take into account the fact that platter encoding techniques post-1997 were vastly different form the platter encoding techniques of the previous era, making the attacks he discusses irrelevant and useless.

Go ahead--I dare you to contradict me.

Re:Not only good drive but also bad drives

[MoralHazard]

You're either:

1) Talking about recovery from an old drive, pre-1997, OR;

2) You're full of shit. Yes, a liar.

So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.

I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.

I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.

So prove me wrong.

Re:Not only good drive but also bad drives

[MoralHazard]

It's been said before, but I'll repeat the point here: there are enough surprising scientific discoveries that most people cannot distinguish between wacky-sounding-but-true statements and wacky-sounding-but-false statements.

This is why people keep propagating the myth that you can recover overwritten data from current generations of hard drives. It USED to be true, with older drives, and it's just spooky-sounding enough to be intriguing, so people want to believe it.

But it's still bullshit. Seriously, I would encourage anybody who thinks I grandstanding to do their own research and let me know. My email username is rlynch, domain is bway.net.

Re:Not only good drive but also bad drives

[MoralHazard]

The big paper that started all this is here:

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_ del.html

(sorry if the link gets tangled). The author is Peter Gutmann. The paper you see on that link is actually an updated version of the original, which was published at USENIX '96, minus the "epilogue" section at the end. That's the critical part, where Gutmann basically backs off all the important conclusions about hard drive data recovery. He's still pretty optimistic in the epilogue (he talks about recovering one or two previous write passes of data), but you have to notice that he doesn't support himself, there, and the original citations don't support him, either.

Not to speak ill of Gutmann--he's done a lot of great work in UNIX security over the years, and he's a stand-out researcher. But he doesn't prove what he's saying.

Hopefully, the Gutmann terminology will be enough to get you started if you want to research the issue further. I used to have a couple dozen pages of cites and summaries on the issue, but I lost most of it when I left my last job. It's still out there, but it took me a couple of months to do it originally.

Re:Not only good drive but also bad drives

[nherm]

I tried using 2000+ passes using /dev/urandom, but somehow I ended up with a full installation of Windows 95.

Then a friend of mine told me something about monkeys hitting typewriters and Shakespeare's complete works...

Re:Not only good drive but also bad drives

[Carnildo]

You're right -- you aren't a physicist. An impulse of 75G is about what you get by dropping the hard drive on a concrete floor.

Re:Not only good drive but also bad drives

[ikkonoishi]

And I here they fixed that problem with dividing by it.

Re:Not only good drive but also bad drives

[MoralHazard]

Have they made some change to zero in the last 8 years that makes it less constant?

No, nothing so drastic. Hard drive technology has fundamentally changed in the last few years, and there was a huge industry-wide turnaround in methods that happened around 1997. The bulk of the changes had to do with the encoding mechanisms used to write and read data from the platter.

Even back then, these attacks were just theories, at least in public. It's possible that some spook-lab made them work, but there was never any real evidence that it was a practical technique, as opposed to a "space elevator dream". That's my opinion, at least, based on a review of the available literature.

But the changes in drive technology made it all a moot point. There aren't even any plausible theoretical methods to recover overwritten data on modern drives, let alone any evidence that it's ever been done. So if you believe that it can work, you have to also believe that the method has been kepy entirely secret from public academia and the business community, both of which would be very interested in the topic.

Re:Not only good drive but also bad drives

[tzanger]

>You need far stronger static magnetic fields to
>damage a drive without opening it than you can buy.

Mod parent up. He's spot-on here.

Actually just misguided. Static magnetic fields won't do shit to most magnetic media. It's the magnetic flux (change in magnetic polarity) that puts the bits there in the first place, and it's the magnetic flux that will scramble them faster than a tornado through a chicken farm.

I haven't tried it myself but I am willing to bet that a standard tape bulk eraser will render most hard drives inoperable, as it will not only zap the data but also the zone markers that are magnetically placed on the media by the drive's low-level format. That aluminum cover ain't magnetic so there's no magnetic "short circuit" around the platters and the flux lines that the bulk eraser's generating will penetrate deep and the rapid flux change it imposes on the media will make gone any order in the magnetic patterns that were there.

Consequently that's why the rare-earth magnets in hard drives don't do much to the platters -- it's a magnetically closed circuit, and there are no stray flux lines to cross and cause a flux change on the platter. The only stray flux lines are the ones very specifically put there by the GMR heads.

Re:Not only good drive but also bad drives

[Savantissimo]

Magnets just don't work for erasing data. One or two passes with good pseudo-random data are all that is needed, and even the NSA would be reliably stumped with 5 or more on modern disks. Writing constant patterns is somwhat less effective because the encoding to analog on the disc prevents long strings of highs or lows being written and because any residual field from previous writes can potentially be seperated from the constant overwrite pattern.

You don't need to worry about this level of security if your threat model is phishers and the like. The people selling hard drives would like you to be so paranoid you won't let others make use of your old hardware, but there is no real need for that. If someone with the resources to go over your HDD nanometer by nanometer with SQuIDs wants your data, they'll first try a sneakier, more effective way than buying your old disks.

For quick destruction of encrypted data, assuming the encryption-block size is several times the disk-block size, overwriting just one of the disk blocks for each encryption block will effectively make the data unrecoverable. Similarly, if you use an encrypted file of long, secure keys to access your other encrypted data, once that file is destroyed, everything else is effectively gone until the encryption can be brute-forced a few decades down the line.

But for sensitive data that may need to be quickly destroyed, you're better off using CD or DVD media. Five seconds in the microwave followed by a quick couple of rubs with a piece of sandpaper to remove the flakes will do more than just about anything you could do to an HDD in a similar amount of time. This also gives you an excuse to get a really fat UPS and to have your microwave on your desk. Of course you still need to find a way to get the time needed to destroy the data when your door is being broken down or if your machine is tampered with when you are away - left as an exercise for the reader. ;|

Re:Not only good drive but also bad drives

[dougmc]

I haven't tried it myself but I am willing to bet that a standard tape bulk eraser will render most hard drives inoperable, as it will not only zap the data but also the zone markers that are magnetically placed on the media by the drive's low-level format.

I have. It didn't work. Not on DLT tapes, and not on a 500 MB hard drive I was playing with.

I had to send the DLT tapes off to a professional service to have them erased (they had to be erased for the new tape drive to make them work in the new high density mode.) The hard drive was just me seeing if I could do it :)

The tigher your cram data in there, the higher the magnetic fields needed to make changes. And modern media has it cramed VERY tightly ...

Re:Not only good drive but also bad drives

[kcbrown]

It USED to be true, with older drives, and it's just spooky-sounding enough to be intriguing, so people want to believe it.

Which goes to illustrate that technology, and thus what can and can't be done, changes over time.

And just because recover of modern drives that have been overwritten in a simple fashion cannot be done now doesn't imply that the same will be true in the future. That could easily change again, either because of changes to hard drive technology or because of improvements in recovery techniques.

So while it might be true *now* that a simple erase of the drive is sufficient, that only holds if you're concerned about a relatively small time window. Otherwise, you're safest in assuming that you have to take stronger measures.

And then there's always the possibility that the recovery techniques that are capable of working on today's hard drives are, if they exist at all, classified.

Re:Not only good drive but also bad drives

[Mycroft_VIII]

Unfortunately a few passes with random data is not as effective against a sophisticated recovery effort as is often assumed.
    Now if it's just some random joe with an undelete program he got for $19.99 at the local shop then a single pass is often enough, more sophisticated software only tools might get past a few, but with hardware equipment (probably not used often below the fbi/ pro foresnics places) you might want to do something a bit more secure.
    With good knowledge of how the data is actually stored on the disk you can figure out patterns that tend to degausse the bits being wiped and help eleminate the residual images left by the micro imperfection in head positioning (which are shrinking to almost nothing these days) and simular effects a trully sophisticated data recovery effort might use.
      Peter Gutman put out a paper about this that can be read at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_ del.html
that explains it better.
    Though with remapping and newer recording techniques things change and software only erasure becomes more and more problematic. At the highest levels of secrecy I believe most governments require over-kill levels of outright hardware destruction.

Mycroft

Re:Not only good drive but also bad drives

[dougmc]

It'd be interesting to see a program that creates a pipe and forwards /dev/urandom, deleting some 'random' 5% of the data pushed through.

I don't understand. Why would this be interesting? Would it be useful somehow?

I mean, on most standard linux kernels (not using GRSec or such), the PRNG isn't 100% random, so there'll be some fixed patterns.

Well, /dev/random is supposed to be truly random, but will block if it runs out of entropy. Which means it's really slow. /dev/urandom does not block, and just keeps re-using the entropy pool (which should keep changing as interrupts come in from the disk access) so the data isn't truly random. But it should look random as long as you aren't doing some sort of statistical analysys on it.

But you want your drive to be erased in less than a month, right? Use /dev/urandom. It's more than random enough. (Use /dev/random when you need small amounts of `true' randomness.)

/dev/zero is good enough to stop 99+% of the people out there who might want to read your data. To get data out of a drive that's been zeroed like that is not a simple matter anymore. But beyond that, any random-ish pattern is good enough. And if your data is so sensitive that you're still nervous, just physically destroy the disk already.

Found data

[BWJones]

I've found some interesting stuff on hard drives purchased second hand including tax forms from apparently a CPA, medical records, patent applications, and most interestingly, a fair bit of data that I will not talk about on a NeXT cube off eBay that was originally purchased from a government auction. I was surprised as it was the only cube I had seen with it's hard drive intact. (All hard drives were erased or physically destroyed, because I am a nice guy).

The interesting thing is that protocols for the destruction of data have existed for magnetic media since before the hard drive. With the advent of the hard drive and higher density media, other protocols have come into place, but the solution is not a technical one. It is the hardest of all solutions...... Behavioral change.

Re:Found data

[Stanistani]

>a fair bit of data that I will not talk about on a NeXT cube...

Hmmm. The biggest customer of NEXT was the CIA IIRC...

All aboard for Gitmo!

Re:Found data

[saha]

Finding old hardware in my department to go to property disposition is a pain when getting rid of data on old hardware. First I don't even know if some of the hardware that is ten years older will even start. Then I have to find a floppy or CD that will run on the specific hardware. The easy solution is to open up that computer and rip out that harddrive, then hammer it so the platters are broken. Problem solved.

I do like the fact the on Mac OS X on any System Restore CD or OSX CD comes with Disk Utility.app, that does either seven or thirty-five random wipes of the disk. Plus the user could use Secure Empty Trash from the very beginning. Waiting for a 20GB to randomly write bits in every sector seven to thirty-five times is general too much of my time. The hammer is a lot quicker.

Signed: The impatient and destructive systems administrator

Re:Found data

[BWJones]

I agree completely with your solution. Physical destruction of the media is best and a ballpeen hammer is usually pretty effective. Although when I was younger and had more time, we would take hard drives destined for destruction out to the range. That NeXT Cube hard drive suffered a fatal wound by a 7.62mm round at approximately 1000 meters.

Re:Found data

[bani]

I bought some used DLT tapes off ebay. Most of them were empty, but a few which were not empty had:

o) accounting data
o) sourcecode for web commerce backend for multibillion dollar corporation
o) server backups, including email

Re:Found data

[pilgrim23]

My hobby is retro computing. This means I have spent a bit of time at yard sales, Salvation Army and Goodwill. I have purchased cheap boxes of every description form Next Cubes to old Apple IIGS with a Vulcan drive inside the power supply, to early PCs. I have seen countless files, personal and public on machines for many many years. Being a good net citizen I reformat the drives and use them (unless I find a really hot app I wanted. :) -I would use apps I found (especially on old System 7 or earlier Macs, old Ataris, Amigas, and ProDOS based Apple II apps. Sometimes these boses were the ONLY sources of lost and needed applications (try finding a copy of raster Blaster these days ;). I would though: delete all files that were none of my business.

  In the course of this scrounging I learned something SlashDotters may not consider: There is an entire subculture in America of people who use second hand machines. These are poor folks who cannot afford the latest Alien ware or G5 iMac. People who just don't have the money for even cheap Celeron box. I am talkin' poor folks here. They get by on Windows 98 and Office 97, or even Mac OS 7.1 and MS Word 5.0 for their computer needs.
They use a old Performa Mac or a Mac Classic II, or a 486 or Pentium 166mhz PC to do what they need to do.
  Tech support is supplied by a whole bunch of self taught techs who tinker. I know many of this sort.

The size of this population of users might surprise folks. There are a lot of them.
The problem with all the current talk of: "OH! I left Aunt Tillie's phone number in Outlook Express and all 26 of my credit card numbers in Quicken!" is the effect it has had on this catagory of user. They are not able to "upgrade" to a newer junker because everyone is afraid to dump their box for fear of the data being stolen. This means the bottom of the food chain looses. It also means there will ALWAYS be compromised Win 3.1/95/98 boxes on the net.

BTW....if anyone out there has any older Conner or Western Digital (pre-Caviar) 20-40-120-240mb hard drives I am looking for a few to reformat as Vulcan Gold Drives....

Re:Found data

[shokk]

Back at an old job 10 years ago, we were decommissioning some very very old hard drives in some Sun servers that took up an entire rack for just four drives, one shelf each. We decided to have some fun and break out the hammers, drills and chisels. It took us days to break through those with the measley tools we had on hand, but in the end we rendered all platters useless. Giant platters with multiple drill holes, awful scratches, fingerprint marks, bent and twisted. For a while we adorned our cubicles with these to show what real data loss looks like.

Re:Found data

[hurfy]

During the days of the 386 i bought a pallet of used xt/286 equipment and built several working systems from parts. Virually nothing was even deleted. Systems , programs, data, you name it was still intact... including the copy of Michelangelo floating around in there !

Luckily Norton on my 386 found it while transfering data. Had to redo a couple days worth of setup on blank machines was all.

Please kill your viruses before selling and careful with your snooping ;)

DBAN. Learn it, Live it, Love it.

[Orrin+Bloquy]

Darik's Boot and Nuke. Cheap, efficient, portable. Worst thing that happened using it was cleaning a PC so old its CD-ROM drivers weren't in firmware, so I had to download a boot disk off the net to reinstall them.

Re:DBAN. Learn it, Live it, Love it.

[chill]

DBAN doesn't -- last I checked -- have SCSI or RAID drivers, so it is only viable if you're on a plain vanilla IDE system. I dont' know about SATA.

dd if=/dev/random of=/dev/sda bs=512 count= (get this from fdisk) will do the trick in a pinch.

On the other hand, has anyone here actually tried to "secure wipe" at 200+ Gb hard drive? It can take DAYS.

Just drill a hole in the case; pour in some caustic drain cleaner or CLR (bathroom cleaner); plug the hole; shake vigorously then let sit for a couple days before throwing it out.

  -Charles

Re:DBAN. Learn it, Live it, Love it.

[AKAImBatman]

Drop the "count=". dd will continue on until the entire file (which happens to be from an unlimited source to the entire disk) is written. Also, the default block size is 512, so you don't need to worry about that either. Though you may actually get better performance by using "bs=4096".

Re:DBAN. Learn it, Live it, Love it.

[Vellmont]

DBAN doesn't -- last I checked -- have SCSI or RAID drivers, so it is only viable if you're on a plain vanilla IDE system. I dont' know about SATA.

According to the website, "DBAN has all available SCSI disk drivers". As of Dec 2004 DBAN has SATA drivers. I'd think RAID wiping should be done on each individual drive rather than across the entire RAID array.

Your data = bonus

[dusik]

On the other hand, I always thought it was a good bonus for the custom when I sell a hard drive on eBay with my mp3 and pr0n collection still intact.

Then again... they probaby would see the reiserfs partition as "Unknown" in the Windows installer.

Re:Your data = bonus

[uucp2]

What is your eBay user ID? I'm interested in buying some... storage.

Re:Your data = bonus

[dusik]

Aw... wish I had a hard drive to sell right now. The bids would probably go pretty high, with the slashdotting.

Re:Your data = bonus

[Jason1729]

Well that shot right over your head.

Re:Your data = bonus

[Profane+MuthaFucka]

Good arc on that one, Peter North

Or just nuke it..

[squison]

...with something like Darik's Boot & Nuke

The Government is the Biggest Culprit...

[Blue-Footed+Boobie]

I have my business card out there with many people for the purpose of snagging equipment that would otherwise get thrown out.

I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.

By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.

Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.

Both of these cases were 1 year+ after 9/11 too. People don't change.

Here's your "professional forensics firm" for free

[xTK-421x]

http://dban.sourceforge.net/

Set that up for 27 wipes and you're set.

Use the military procedure for destroying the data

[AltGrendel]

1) Write all 1s then 0s to the drive, repeat 5x.
2) Use acetylene torch and reduce drive to slag.
3) Encase slag in concrete.
4)Drop concrete in Marianas trench.

Most people don't know they can wipe the data

[WillAffleckUW]

And many don't have the tools - or if they have them, are unaware that the tools are capable of doing this.

I find a large sledgehammer used repeatedly does a fairly good job of handling data getting into the wrong hands, mind you ...

Dban

[Pushnell]

For any who wish to avoid such "Data Dangers", I've been using Boot & Nuke (http://dban.sourceforge.net/) for some time now. It's pretty easy to use and supposedly reaches DoD levels of secure delete. All used hard drives my shop sells get a dban scrubbing before they leave.

Old machines from pr0n sites.

[Karma_fucker_sucker]

I wonder if they auction them off too?

I don't get it

[FlameTroll]

I wipe all my drives with both Windex and Formula 409 before disposing of them yet my identity still gets stolen. Good thing I only I have a Visa Lead card.

how do I get in on that scam?

[Lumpy]

professional forensics firm to erase your hard drives? really?

how do I market myself as this and sell that service to people? sounds like a great article to whip up some Fear frenzy that we geeks can make good money on.

"Yup, I can safely eradicate your data and wipe that drive, no it's not easy, but that is why it costs $100.00.

thank you, no we dont accept personal checks."

adding that to my spyware cleaning racket and I can quit my job as a web programmer/IS manager.

This rocks, any way to get CNN to stir it up as well to help the fear factor in the general public?

Re:how do I get in on that scam?

[pete6677]

I'm afraid someone already beat you to this scam.

format c:

[beforewisdom]

format c:

how hard is that?

Re:format c:

[deviantphil]

My distribution of Linux as well as Knoppix-STD has a command called "wipe". It over writes a file (or a special block file 34 times with several different randomn patterns.

I make sure to do this with all drives I send back for warrenty.

Re:Why Bother?

[ahaning]

Actually, check if local schools or other non-profit organisations take old hardware donations.

My mother is the computer teacher at a local gradeschool. She HATES when people say they have a computer to give her. Invariably, it's some 7-year-old PC that runs Win95 or some old Mac that just doesn't fit in with her network.

Students and teachers in schools want crappy computers as much as you do. (This being Slashdot, probably less than you do.)

If you can find someone that genuinely wants the machine because they collect them or because they're a budding nerd, fine. But don't dump these pieces of junk on some organization that will then have a huge collection of PCs that are all unalike. If you're lucky, you live near a place like SWACO that has periodic computer recycling drives. Drop the machines off and they go someplace to be disposed of properly (we hope).

Re:Use the military procedure for destroying the d

[MightyMartian]

5) Ship via US Postal Service

Smash it to bits?

[MobyDisk]

...they should use a professional forensics firm to erase it. "Alternatively," he said "they could smash it to bits."

Unfortunately, the author doesn't understand that the data is already in bits, so this won't help. I would recommend a multiple-pass approach: First split it into big sectors, then into large mega bytes, then again into smaller bytes, then finally tiny nibbles.

My Experience with a Used PC

[mykepredko]

A couple of years ago, we had to buy a PC with Windows/95 on it because a speech therapist had a program for my daughter that only ran on Win/95.

We were able to find a PC that had just turned in to a local "Cash Converters" and the OS had not yet been wiped/updated and got it for $50. We did try the PC before leaving the store but did not hook up a set of speakers.

When we got home, we discovered that the previous owner of the PC was an affectionado of Jamacian S&M. The first time I turned it on, the PC started up with somebody screaming "Hurt me Mon!" and every mouse click produced a woman's scream.

I was able to reset the default sounds on the PC and delete the thousands of jpegs of bondage pictures, but my daughter (who was 8 at the time) was pretty much traumatized and refused to work on the PC until I could demonstrate it wouldn't make the "scary screams" any more.

We were able to run the speech therapy program, but my daughter never did trust that PC and made me sell it when the therapy was finished.

myke

Re:My Experience with a Used PC

[Ratbert42]

I had a similar experience. Now my daughter shrieks whenever she sees a bathtub or even chocolate.

Re:State standards

[lgw]

For drives that have held secret information, the government requires that the drive be shredded to the point where it fits through a 1mm seive. Both approaches are probably overkill for personal boxes.

For average people

[L.+VeGas]

A lot of people, when disposing of a computer, want to keep the OS and the applications installed because they're giving it to a relative or friend or something like that If that's the case, something like Derek's Boot and Nuke obviously isn't appropriate. There are, however many tools out there that help you clean up a windows machine such as Eraserto wipe data and CCleaner to clear out temp junk.

Re:Can't help but wonder

[pe1chl]

Last year a public prosecutor discarded his virus-infected PC at the curbside, and it was picked up by a cabdriver who sold it to someone running a tv show.

Lots of interesting data was extraced from the drive. Documents about legal cases, account information of his personal e-mail account, kiddieporn, the works.

Of course he had to step down.

USB keys

[Gruneun]

I raised this issue with the manufacturer of my USB key, after it ceased to communicate. I was offered a brand-new one upon receipt of the old one, but had no way to clear the data (a CVS tree of our product). The tech said any obvious, physical damage (i.e smashing with a hammer) would void the replacement guarantee.

Apparently, a few seconds in the microwave does not qualify as obvious, physical damage.

Re:USB keys

[pe1chl]

But does that destroy the data? Did you check that on anohter key?

Re:USB keys

[ipfwadm]

Ummm, for the price of a new USB key, why didn't you just smash the old one and buy a new one?

Is the potential loss (even if it is a very slight potential) of your company's trade secrets really worth $50?

With Threads Like These...

[Shadow+Wrought]

Invariably in discussions regarding data found on used hard drives there are a litany of stories about what people have found on drives they have bought. In almost every single instance of this there's a disclaimer at the end lines of, "but I deleted it of course." I wonder how many of them actually did. And, of those, if they deleted only the data, or the data and the programs?

I should also point out that I don't doubt any individual's account- I just don't know that I trust the whole population. Just a thought...

data destruction = open source growth opportunity

[christian.einfeldt]

Tell your friends that you will take care of their old boxes. Bring a Mepis or Damn Small Linux CD with you and blow away their hard drive. Show them how easy it is to give a new virus-free life to that old box. If they don't want that old box after it is Mepisized, put it up for give-away on Craigslist or DIYparts.org. People have a much easier time understanding how good open source software is when they see it in action.

Taking a sledgehammer to the box might be more fun, but then that box is headed for the landfill, where the metals in it will leach into the water table. Ick.

DIYparts.org is working to help the Katrina victims, so rather than have the box go into landfill, it can go to somewhone who needs it if you list it on DIYparts.org. DIYparts.org is free as in beer.

DO NOT DESTROY STORAGE THEN "DONATE"

[magarity]

or just destroy the item in question
 
Nooo!!!
 
I worked as the technology re-use manager at a nonprofit organization whose mission was to get donated goodies, including computers (my responsibility), to small local charitable organizations. Our warehouse had pallet upon pallet of donated computers whose hard drives were removed as part of corporate donors' policies regarding data safety. Did we get those computers to community centers, adult education programs, inner city kids, etc? Heck no, we had to send them to the metal recycler for 2 cents per pound. Sure, per-storage unit hard drives are cheap but to get enough for a couple of hundred computers is a major expense. And yes, we applied to Maxtor, Seagate, IBM, HP and a couple of others to try to get them to donate hard drives but no dice.
 
The late-middle aged lady who wants to type and print the church newsletter has ABSOLUTELY no use for a computer without a hard drive and even less of an idea how to install one even if she did have budget to get one. Get a commercially available eraser program; there are plenty of titles and methods. Said church lady has NO IDEA how to extract prior data from a drive that was just plain formatted and a fresh Windows installation put on.

Mac OS X has a decent answer to this

[Bobartig]

If you go into security options from Disk Utility, there's a click box for "zero out all data", "7 times zero", and "35 times zero", depending on how sensitive your data is. It even warns you "this will take 35 times as long as a single erase.

apt-get wipe

[joeflies]

eom

I also found data

[spoco2]

I also bought a second hand computer, from an auction from a company that had gone into receivership, I got it home, turned it on, it wouldn't boot... I fiddled with the internals a bit and low and behold it booted and came up into Windows XP... well, I don't know the passwords, so I then just boot of a Knoppix Live CD and have free reign to look over the entire hard drive, of what turned out to be a PA's computer, complete with photos of the vehicle parts machine plants they were building right up until they went under...

The saddest part was looking through the 'Recent Documents' list.

Letter x, letter y for boss, travel iteneries etc... then... typing tests... job guides, and finally the resume...

So sad... I wiped it good and proper before I gave it to who it was intended.