Slashdot Mirror
"Smash Your Hard Drive" To Fight Identity Theft
Will Do This For Free writes "BBC News has a story about the only fireproof way of safeguarding your personal information when dumping your old computer: 'It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens. [...] The more thoroughly the better.'
This sounds like so much fun that I almost feel like doing it right now. Let me press Submit Story first."
Or you could, you know, overwrite the bits with new garbage data.
At work, we've had dealings with data recovery labs and they've never, ever been able to retrieve anything useful.
Mod me down, my New Earth Global Warmingist friends!
There was nothing of substance in the video. The guy smashed his drive, Ontrack said it was smashed and couldn't be recovered...but then went on to say, "But we are really good at restoring water damaged drives!"
The whole discussion is made pointless when Ontrack says, "Oh, we can't restore a zero'd drives either."
And is the term "pissing contest" recognized in both?
SJW: Someone who has run out of real oppression, and has to fake it.
NO! It does NOT make it completely useless. Someone with a scanning-tunneling microscope could still retrieve portions of your data! The thing that makes this article retarded isn't the difficulty of permanently destroying data, which is best done with intense heat (as in, burn the disk to the point it melts) but the fact that no one cares about your identity OR your porn collection. Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something. Zero the disk or if you must, run a secure formatter, and put it on freecycle if it's too old to sell.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Put it this way ... if it could then your drive would have double the capacity.
Drive makers aren't stupid.
http://en.wikipedia.org/wiki/Data_recovery#Recovering_overwritten_data
No sig today...
What about having it fully encripted at all times?
If your computer is stolen it's quite hard to convince the thief to store it in an acid bath till it stops bubbling.
TFA makes the point that for most of us, a wipe or a hammer job is adequate to deter the schmoogs. The web is full of various tests of redox reactions to destroy the platters, if your data is in a glowing puddle of molten aluminium, it's probably secure.
The cost of that cleanup, of course, will be borne by taxpayers, not industry.
...but the only way to be 100% safe is to smash your hard drive into smithereens. [...]
This message brought to you by the Hard Drive Manufacturers Association.
It's environmentally criminal to be suggesting the best way to wipe a disk is to smash it.
It's also *extremely dangerous* for someone who's not used to tools and their safety precautions to be smashing a metal/glass object like this. Lots of people might have (say) a hammer and screwdriver around the house but no goggles. What do the 'Which' people think is preferable? - having your identity stolen or losing an eye?
They'd be much better off giving a simple sequence of instructions for running a boot-and-nuke CD. Or telling people just to take the HD out and put it in a safe place. Or just stick the old PC in the damn attic! Anything but this.
When's the first lawsuit coming? "I followed Which's advice and now I'm blind!"
1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC.
OK, I'm impressed. Would you care to explain in more detail how you did that? From your description, you used "every piece of freeware and trialware that we could get our little hands on". I haven't heard of any software solution that can recover overwritten data.
Well if you can't access it in any way, then why would it matter? Remember, what folks are afraid of is some hacker will get their CC numbers or some business will end up with a lawsuit because the hackers got everyone's social off their old machine. But I have yet to see anyone actually pull anything useful off without going clean room, which frankly is so crazy expensive that no hacker in his right mind would bother. And for the poster that said it would take too long? You do know there are free programs like this that can boot off CD and do the job for you, right? Hell I bet the FLOSS guys have a nice CD that you can stick in that is simple to script. Simply write a script, burn the disc, and then set the headless machine in the corner.
And finally let us not forget that in this economic downturn that many machines being tossed by enterprise and SMBs as "junk" could be given a new lease on life and help those that have not been as fortunate as us. I repair and give away machines from businesses and you would be surprised what even a 400MHz P2 can do for those that have none. I have turned a 233MHz into a bookkeeping appliance for a little church who helps out families, the homeless, and migrant workers by installing Puppy Linux with OO.o and some simple Dbases set up. Once shown how the wife of the pastor makes her own databases using the wizard and uses them to track donations, make mailing lists, help with inventory, etc. I have given a 400MHz to a single mom who cried because she now had a way to help her kids with homework and thanks to that donation would have something nice to give her kids for Xmas, and I have set up a group of old 350-600MHz along with an old 700MHz donated server I was able to talk the school out of for a class project on networking for a shelter for battered women. They use them to teach office skills to the women to help them become self sustaining and the server reimages them and does backups on the ones we gave the office workers.
So while the cost of a new HDD might not be a big deal for most of us, for them it could have hurt. I tell all of those that are nice enough to donate that I will DoD-7 wipe the HDD, which for the smaller drives in older machines really doesn't take long. And of course now that IDE drives are no longer being made they will probably end up more expensive which will make it even harder for somebody who doesn't have much to begin with to afford one. I figure it is better for the environment as well as my heart to take a little time and sit a PC in the corner and run DoD-7 than it is to just see it end up as more e-waste polluting our landfills. Don't you?
ACs don't waste your time replying, your posts are never seen by me.
You should probably tell that to hard drive manufacturers. They could use that knowledge to store twice as much data on the disk.
I haven't heard of any software solution that can recover overwritten data.
Likewise. Barring actually disassembling the drive, I think GP's post is bullshit.
How can software get past the fact that the hard disk controller will be handing the OS all 0's?
In other news: people still stupid. Has anyone here actually TRIED to get stuff back off a Guttmann wiped drive? Or even a DoD 7 wiped drive?
Or simply zeroed out drive. I'm relatively certain you can read just about as little out of that as from one that's been properly wiped 473 times over and over with maximally uncorrelated patterns of various kinds.
What you are overlooking however, is that copies of important sectors might not get overwritten AT ALL. Your totally secure 256-bit random AES key to all things confidential might just have been laying around on a "bad" sector that the drive helpfully relocated somewhere else and refuses to overwrite no matter what.
Disassemble the drive and remove the platters. Take sandpaper and sand off the oxide. There's no way in hell any data will be recovered after that.
Not everyone has access to a furnace hot anough to melt the whole thing.
Free Martian Whores!
but the fact that no one cares about your identity OR your porn collection. Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something.
I agree completely. No one is going to bother with a few weeks of work taking apart the drive to get access to you're $371.39 bank account when they can spend 1 hour and simply find that the next disk in line is fully formatted and has all the information they need.
The whole article is a little sensationalist and ridiculous to me. I'm surprised to see such shoddy reporting from the BBC.
Your not doing it correctly:
Hint: Use an O Scope.
Your college free wares tools are probably 2 generations behind the NSA; which is to be expected due to your limited computer power.
Remove platters, breaks mix with magnets.
You can put off pieces from a broken disk..even a shattered disk. it only takes time, and some governments would be more then happy top spend resource reconstructing a different nations disk for a chance it might be valuable.
Security is not a door, it's a fence. You need to determine how high of a fence you want someone to climb in order to get in.
The Kruger Dunning explains most post on
Depends on the value of the information. Are you willing to spend $500-$10000 on a professional recovery service, or is your information not worth that much? Can it be reconstructed through different means?
The DoD has to worry about enemies getting ahold of the disk and sending it to a multi-million dollar clean-lab with stuff like electron microscopes and post-doc engineers to recover the information.
Something properly classified 'Top Secret' is done so on the basis of it being possible for it to cause 'exceptionally grave damage'. IE lives lost, cities nuked, embarrasing the POTUS, etc...
The reason you destroy the information in so many different ways is in case one of the ways fail. For example, degaussing is often possible in-house, but what if the degausser doesn't work well enough? On the other hand, sending it to a facility capable of smelting it down requires transporting it - an opportunity for it to be lost. So you degauss it first to make it harder to retrieve data in the facility, then send it to the smelter 'to make sure'.
I don't read AC A human right
microwave for a couple of minutes would do the trick?
Unlikely. Your HDD has a metal case that would keep the microwaves from penetrating to the platters. If you were to put it in the microwave, you would likely get some sparking/smoking from the controller board, but the acutal platters likely wouldn't even get warm.
But dont take my word for it, try it! Your work has a microwave, no? Or just watch this crappy video on YouTube: http://www.youtube.com/watch?v=hRU7yEEgRaw
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
Hard drives are NOT cheap if your goal turn the computer around for use by someone with low income. I rebuild computers and give them away for free to people who need them. Spending even $20 to replace the hard drive would increase the cost of the computer enough to make it unusable for my purposes.
Is it really possible to recover data from a disk that has been wiped with DBAN? I highly doubt it -- I've never heard of data being recovered after wiping with DBAN.
If you want to be friendly to the environment and spread the availability of low-cost computing, don't destroy the disk, use DBAN instead.
Uh, your knowledge is several decades out of date. Hard drives record a complex analog signal that is just at the limit of being readable and they use complex Viterbi PRML decoders to guess the data. It has to be at the densities we are at now.
I don't think you understand how hard drives work. From the OS's point of view, storage is digital. That means you can not see the magnetism on the disk. The conversion of analog reading of a magnetic field to a digital value is internal to the disk. Then that data is sent out over the bus for the OS to process.
It's really surprising to see a comment like this get moderated informative on slashdot.
Am I crazy when I think that when one gets to the point where one is overwriting with random data 10+ times and degaussing afterwards, the chance of some enemy recovering your data is pretty much zero, and the money such a recovery would require would be enough to buy a hundred spies? No point in destroying your data to the point where only divine intervention could restore it when it is several orders of magnitude easier to steal the data before it is destroyed, right?
1 pass of zeroes we got around, but we got around 80% IIRC. 3 pass was lower(0,1,random), somewhere in the 10-20% range, depending on the software used, but most of the "recovered" data was garbled beyond use
I call BS, how exactly were you able to recover OVERWRITTEN data with a software only solution?
Who logs in to gdm? Not I, said the duck.
Has anyone ever gone to Mars or brought peace to the middle east? Surely if this has been possible for a long time it must be possible for you to point to two or three reliable articles where someone has done this.
'Freely available on Google' isn't anything like an equivalent set to 'possible', and things that are merely theoretical now may well be trivial a decade from now. Data that needs to stay secure for the long term can't depend on it being unrecoverable due to current technical limitations; that died with DES. I doubt it would be hard at all to lift data off a 30 year old drive; sure, credit card numbers from the 1970s aren't too useful now, but some things might be.
> Has anyone ever gone to Mars or brought peace to the middle east? Surely if this has been possible for a long time it must be possible for you to point to two or three reliable articles where someone has done this.
This Gutmann guy tells us how overwritten data could be recovered. Reading his paper makes one suspect this would all be very easy for one with access to scanning probe microscopy, and he suggests a scanning probe microscope could be built for as little as $1400. The paper has been 'in the wild' for over 10 years now. Why can't I find any articles wherein his techniques have been used to recover just a single sector that has been overwritten 5 times? By the looks of it such an experiment could be performed for relatively little money, and any university who would do such an experiment would gain much publicity. Either nobody has ever tried this very cheap and easy thing that would make that person very famous, or it is impossible.
Which makes it, off course, completely different from going to Mars or bringing peace to the middle east. The former is extremely expensive, and nobody knows an acceptable way to solve the latter. Neither of these problems apply to the paper you mentioned, or so the writer suggests.