Slashdot Mirror
"Smash Your Hard Drive" To Fight Identity Theft
Will Do This For Free writes "BBC News has a story about the only fireproof way of safeguarding your personal information when dumping your old computer: 'It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens. [...] The more thoroughly the better.'
This sounds like so much fun that I almost feel like doing it right now. Let me press Submit Story first."
So...I don't want my data to somehow magically be restored when I throw an old hard disk into a fire? Where can I read more about this amazing data-recovery technology?
This sig is certified free of self-referential humour!
...It's the only way to be sure.
Hey, look! It's Bono's brother.
I have a heavy duty magnet that when placed on the top of the drive makes the drive completely useless.
I doubt anyone could recover data from it, as it is surely scrambled.
and just use dBan, Derrick's Boot and Nuke.
Nothing beats an afternoon of watching dBan and a comfy chair. Beer or whisky optional.
import system.cool.Sig;
You'll have to excuse me. I'm need to go protect my ex-wife from identity theft.
This recommendation from Which? magazine has incensed me today. They're reported as saying "It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens.". There's no need to do this if you use disk wiping software, which is probably even better than a hammer; as the BBC article points out. Darik's Boot And Nuke is perfect for this. It's environmentally criminal to be suggesting the best way to wipe a disk is to smash it.
Pete Boyd
"It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens."
And I know of a great way to do that.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Smash An Identity Thief.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
I fill mine with concrete and drop them in the ocean. Stuffed inside an informant, of course.
Nobody will be getting more information from either one.
I am intrigued by the clever use of a hammer in the video, I may have to modify my method slightly.
Oh I dunno. I've found Windows vista renders most hardware inoperable. At least this state of the art piece of pc I've had under my desk runs slower than ever, now that it's got the latest/greatest os on it. You could bore identity thieves to death with transparent windows and shiny icons.
http://www.beanleafpress.com
It would certainly make smashing a hard drive to smithereens more interesting.
I wouldn't recommend it though. The paranoia you'd need to decide smashing a hard drive was the best way of preserving your identity would likely make it a pretty harsh trip.
Try crystal meth instead. The aggression and hyperactivity'd make be damn sure that HDD was properly smashed.
"I've got more toys than Teruhisa Kitahara."
His PC died due to dust accumulation (fried mobo, dead power supply, fused RAM) and he asked me what to do with his system. I told him the only thing he needed to worry about was his HD. Told him to drill a few holes in the drive, use a blowtorch in those holes if he still had one (he used to work in home remodeling), smash the drive with a hammer and put it in a bag with his used cat litter (they have two cats).
If someone is desperate enough to want the information on his drive, they're going to have to work for it.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I periodically contract with a company to dispose of old hardware for my company. The first time i talked to them, they mentioned they shredded old media. I assumed he meant floppies and tapes and the like. Given the nature of the material, it didn't seem that impressive, but certainly nice. When I got the estimate, I was a bit shocked--why was it so high? Then they explained--by "media," they meant hard drives. They sent me a PDF on the equipment. Hard drives are removed from machines, and placed on a conveyor belt. This fed the hard drive into the shredder. On the other end, bits of metal came out. I begged them to let me operate it--just for one or two drives. Damn lawyers!
Throwing into fire is not enough, the magnetic domain on the platter is still there for highly technical team to retrieve. You have to melt the hard disk into liquid and stir thoroughly.
There was nothing of substance in the video. The guy smashed his drive, Ontrack said it was smashed and couldn't be recovered...but then went on to say, "But we are really good at restoring water damaged drives!"
The whole discussion is made pointless when Ontrack says, "Oh, we can't restore a zero'd drives either."
RBFH - is that "Really Big F**king Hammer?"
I am not stubborn. I am right!
And is the term "pissing contest" recognized in both?
SJW: Someone who has run out of real oppression, and has to fake it.
I like my hard disk shaken, not stirred...
Revision3's Systm show had an episode that suggested some ways for destroying a hard drive yourself. They took the position that using a program like Boot'nNuke, which overwrites data 1-N times at your choosing, is sufficient to sanitize data without destroying the drive.
If you want to go the nuclear option, they demonstrated some favorites: mangling the platters in a vice, dremel or hand grinder, propane or cutting torch, melting it in thermite, etc.
A hospital I worked for once, when decommissioning old computers, would take the hard drive over to a drill press and put a couple holes through it. Nowadays I think they've bought a drive shredder.
Put it this way ... if it could then your drive would have double the capacity.
Drive makers aren't stupid.
http://en.wikipedia.org/wiki/Data_recovery#Recovering_overwritten_data
No sig today...
The platters don't have to be melted, they only need to be heated to the Curie point to loose all their information. Of course, that would still take a pretty hot fire.
RBFH - is that "Really Big F**king Hammer?"
Damn, I just bought a BFH to smash some walls. I wonder if I can upgrade with a serial number?
Really, there's no need to wipe it more than once unless you honestly think it will matter. At least these guys think so:
http://16systems.com/zero
It is possible to reread some data from a zeroed (or oned (sp?)) disk. Pretty obscure, but I think it is to do with the threshold values of zero and one. For example, writing a location in sequence with 1,1,0 will result in a measurable [ though below threshold ] difference than if it had been 1,0,0. Seagate and the like do their best to squeeze this to the absolute minimum, thus maximizing utilization of the magnetic disc. I suspect it is much harder to recover anything meaningful from a 1TB platter than from a 5MB platter.
The other leak is with remapped sectors. Remapped sectors may contain live data, but have been switched out of use because they were unreliable. Flash has the same problem.
dd if=/dev/random of=/dev/sda takes care of the first problem - if you more paranoid than that, you should probably stop whatever it is you are doing.
You need a custom tool to access the remapped sectors.
What about having it fully encripted at all times?
If your computer is stolen it's quite hard to convince the thief to store it in an acid bath till it stops bubbling.
. . . and tell her to put it in a safe place, and that you might need it later.
It's gone forever.
There is no chance that anyone will ever have access to that disk again.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
In other news: people still stupid. Has anyone here actually TRIED to get stuff back off a Guttmann wiped drive? Or even a DoD 7 wiped drive?
My class in computer security had some time to kill and someone brought that up so the teacher said "Well, we've got a bunch of PCs from last upgrade waiting to be re-imaged and given away to students...let me see what I can score us!". He ended up getting us a half a dozen PCs set up in the back of the class with 2 HDDs set up in each so we could run plenty of different tests. We did everything from MSFT format to one pass to three pass to DoD 7 to Guttman. We researched and then used every piece of freeware and trialware that we could get our little hands on. Here is our findings:
MSFT format is of course pointless, as everyone knows. 1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC. 3 pass was lower(0,1,random), somewhere in the 10-20% range, depending on the software used, but most of the "recovered" data was garbled beyond use, DoD-7 made it pretty much impossible, I think we got 2 .txt files and they were so garbled we couldn't decide if it had actually recovered ANYTHING, certainly nothing you could use, and finally Guttmann we got squat.
So if someone were to spend the $$$$ to have the drive taken apart in a clean room and analyzed and you only used one or two pass of predictable patterns then yeah, I might see wanting to destroy. But I haven't seen anyone bragging about beating D0D-7 with what the average hacker would have access to, much less Guttmann. So frankly unless someone here has a citation I have to call bullshit. Frankly it makes me wonder if this kind of stuff isn't cooked up by the HDD manufacturers. I can just imagine them spinning this- "Before giving away that machine destroy the hard drive first!(so they'll have to buy a new one from us! Yay!)"
ACs don't waste your time replying, your posts are never seen by me.
Come on people! Zeroing a disk drive only removes half of your data. The other half is unchanged and still perfectly readable!
- Take old drive.
- Screw drive apart. (Might require Torx screwdriver or bit)
- Take percision manufactured aluminum seperation washers and use them as keyrings, strap-loops or simular stuff.
- Take drive platters and work over them with fine grained sandpaper.
- Move head magnets over them a few times.
- Work over them with even finer grain afterwards.
- Dishwash platters and polish afterwards.
- Dry and clean platters.
- Precisely glue thick undied felt to one side of platter using cut-to-fit carpet tape.
- Cut out platter shape and hole with a sharp knife.
- Use and/or sell as avantgarde design coasters (10$ - 12$ a piece).
- Bring the rest of the dives to recycling, seperating electronics from scrap metal first.
No way anybody will recover any usefull data of a platter after this treatment. And the platter will look like in mint condition. And they make way cool coasters.
We suffer more in our imagination than in reality. - Seneca
I read years ago (and I'm sure it was made up) of a memo sent out to IT managers in the DOD (United States Department Of Defense). It went.
To properly dispose of hard drives which may contain Top secret information is a 5 step process to be performed in the order specified and by competent engineers.
1. Perform a triple overwrite security erase on the entire disk.
2. Use a bulk degausser (AKA a powerful electro magnet).
3. Crush the drive under a roller or tank tracks, whichever is more convenient.
4. Melt the scrap into slag.
5. Bury that Slag in a toxic waste dump to deter any attempts at data recovery.
That's not exactly how it went but I think this is pretty close. Can anyone find the original?
--= Isn't it surprising how badly I spell ?
Hard drives are cheap. If you have any data that you absolutely don't want to get out...EVER...physical destruction is the 100% solution.
And, in terms of practicality, running DoD-7 takes about 1000 times longer than whipping out the old Sledge-O-Matic. If you're retiring a few dozen computers, even that gets old, and you start looking for the thermite.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Exactly! You have to XOR every bit! :)
You are spot on and I would mod you up if I had points. I don't think the HDD manufacturers are behind this though. The simpler (and I think correct) reason is that older media used to be easier to recover data from. Newer hardware is different and the old methods do not apply. http://shsc.info/DataRecovery#titelanker5
Do really dense people warp space more than others?
I believe it's called a "micturition tournament" in the UK.
...but the only way to be 100% safe is to smash your hard drive into smithereens. [...]
This message brought to you by the Hard Drive Manufacturers Association.
The problem is that modern hard drives do automatic defect mapping. The end result is that sometimes important data can be written to a sector, and then the drive will decide that sector is unreliable and map it out. That sector can no longer be accessed in any way. As a result you have a sector which contains data but cannot be wiped because the drive won't let you write there.
Flash memory is even worse since it does write balancing between all cells to PREVENT a failure of a sector, rather than deciding a sector is on its way out and mapping around it then.
retrorocket.o not found, launch anyway?
1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC.
OK, I'm impressed. Would you care to explain in more detail how you did that? From your description, you used "every piece of freeware and trialware that we could get our little hands on". I haven't heard of any software solution that can recover overwritten data.
Heating a destroys the magnetic domain's long before it melts. As density increases the ability to do data recovery when things go bad keeps decreasing.
Well if you can't access it in any way, then why would it matter? Remember, what folks are afraid of is some hacker will get their CC numbers or some business will end up with a lawsuit because the hackers got everyone's social off their old machine. But I have yet to see anyone actually pull anything useful off without going clean room, which frankly is so crazy expensive that no hacker in his right mind would bother. And for the poster that said it would take too long? You do know there are free programs like this that can boot off CD and do the job for you, right? Hell I bet the FLOSS guys have a nice CD that you can stick in that is simple to script. Simply write a script, burn the disc, and then set the headless machine in the corner.
And finally let us not forget that in this economic downturn that many machines being tossed by enterprise and SMBs as "junk" could be given a new lease on life and help those that have not been as fortunate as us. I repair and give away machines from businesses and you would be surprised what even a 400MHz P2 can do for those that have none. I have turned a 233MHz into a bookkeeping appliance for a little church who helps out families, the homeless, and migrant workers by installing Puppy Linux with OO.o and some simple Dbases set up. Once shown how the wife of the pastor makes her own databases using the wizard and uses them to track donations, make mailing lists, help with inventory, etc. I have given a 400MHz to a single mom who cried because she now had a way to help her kids with homework and thanks to that donation would have something nice to give her kids for Xmas, and I have set up a group of old 350-600MHz along with an old 700MHz donated server I was able to talk the school out of for a class project on networking for a shelter for battered women. They use them to teach office skills to the women to help them become self sustaining and the server reimages them and does backups on the ones we gave the office workers.
So while the cost of a new HDD might not be a big deal for most of us, for them it could have hurt. I tell all of those that are nice enough to donate that I will DoD-7 wipe the HDD, which for the smaller drives in older machines really doesn't take long. And of course now that IDE drives are no longer being made they will probably end up more expensive which will make it even harder for somebody who doesn't have much to begin with to afford one. I figure it is better for the environment as well as my heart to take a little time and sit a PC in the corner and run DoD-7 than it is to just see it end up as more e-waste polluting our landfills. Don't you?
ACs don't waste your time replying, your posts are never seen by me.
I haven't heard of any software solution that can recover overwritten data.
Likewise. Barring actually disassembling the drive, I think GP's post is bullshit.
How can software get past the fact that the hard disk controller will be handing the OS all 0's?
Put your hard drive in a sock, and toss it in the dryer with a matching sock. You have a 50% chance of it disappearing into an alternate universe, never to be seen again.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
Disassemble the drive and remove the platters. Take sandpaper and sand off the oxide. There's no way in hell any data will be recovered after that.
Not everyone has access to a furnace hot anough to melt the whole thing.
Free Martian Whores!
Closet redneck that I am, I usually just make a big pile of wood, drives, old backup tapes, and add gasoline. You can pass the melting point of lead in a wood fire, easy.
The waste is an issue though. I wouldn't want to eat out of the oven either, and I'm not too keen on breathing/cleaning up drive slag either.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Whoosh!
The point was that they said this is a "fireproof" way of restoring your data - which is basically saying that throwing the hard drive into a fire would somehow recover the data.
Foolproof would have been a better word to use; as in "even a fool could protect their data using this method".
which is totally what she said
Disclaimer: I work in an industry where we DO worry about people taking drives to the clean room...
retrorocket.o not found, launch anyway?
You must cast it into the fires of Mount Doom! Only then will your data be safe!
Depends on the value of the information. Are you willing to spend $500-$10000 on a professional recovery service, or is your information not worth that much? Can it be reconstructed through different means?
The DoD has to worry about enemies getting ahold of the disk and sending it to a multi-million dollar clean-lab with stuff like electron microscopes and post-doc engineers to recover the information.
Something properly classified 'Top Secret' is done so on the basis of it being possible for it to cause 'exceptionally grave damage'. IE lives lost, cities nuked, embarrasing the POTUS, etc...
The reason you destroy the information in so many different ways is in case one of the ways fail. For example, degaussing is often possible in-house, but what if the degausser doesn't work well enough? On the other hand, sending it to a facility capable of smelting it down requires transporting it - an opportunity for it to be lost. So you degauss it first to make it harder to retrieve data in the facility, then send it to the smelter 'to make sure'.
I don't read AC A human right
microwave for a couple of minutes would do the trick?
Unlikely. Your HDD has a metal case that would keep the microwaves from penetrating to the platters. If you were to put it in the microwave, you would likely get some sparking/smoking from the controller board, but the acutal platters likely wouldn't even get warm.
But dont take my word for it, try it! Your work has a microwave, no? Or just watch this crappy video on YouTube: http://www.youtube.com/watch?v=hRU7yEEgRaw
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
If you want to do it really right, then use whatever handy utility you know of that claims to write over the whole drive. Just once. With zeroes.
I'd quibble over that "With zeroes" part. The problem is that this overwrites each bit with the same value. On a lot of kinds of disks, this leaves behind a lot of disks that have two distinguishable value, which are easily read and interpreted as zeroes and ones, giving the previous data. The data-recovery people have equipment that can read the value of each "bit" to several decimal places, and overwriting tends to leave a portion of the previous magnetization. So instead of bits reading 1.00 and 0.00, they'll read 0.04 and 0.00, for example.
This is why it's better to use software that overwrites with random values, and does it N times. This way, a string of bits that were all zeroes and ones come out with values like 0.93, 0.02, 0.04, 0.96, 1,.01, 0.08, 0.98, 1.02, 0,91, etc. Each of these is a sum of the last random value and N earlier nearly-erased values, and there's no way to pull out the original bits.
Of course, this is mostly for when you want to reuse the disk or sell it. If you truly want to dispose of it, melting is probably better, and a lot simpler.
Or, as others have suggested, install Vista on it. That has a good record of making the disk useless to everyone.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
When the informatin is "loosed", where does it run off to? Should we have some mechanism in place to catch it before it gets in the wrong hands?
Five shots from a .458 Winchester Magnum firing soft-points really wrecks a drive into smithereens. It's actually hard to find a spot on the platters that isn't either punched through or scratched to near-oblivion by tiny fragments bouncing around inside the thing. Really, they look almost sandblasted where not outright gone.
And it is a lot of fun, too.
There's no original because that's not the spec.
The real spec is DoD 5220.22-M, available at http://www.dtic.mil/whs/directives/corres/html/522022m.htm.
The DoD standard has been superceded by NIST Special Publication 800-88:
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
http://en.wikipedia.org/wiki/Data_remanence
Hard drives are NOT cheap if your goal turn the computer around for use by someone with low income. I rebuild computers and give them away for free to people who need them. Spending even $20 to replace the hard drive would increase the cost of the computer enough to make it unusable for my purposes.
Is it really possible to recover data from a disk that has been wiped with DBAN? I highly doubt it -- I've never heard of data being recovered after wiping with DBAN.
If you want to be friendly to the environment and spread the availability of low-cost computing, don't destroy the disk, use DBAN instead.
Back in the 1980s and early 90s, when I was working as a tool for the military-industrial complex, I ran a VAX lab that processed classified information. I forget which DoD standard we followed (it was equivalent to Army 380-380), but I got to write our declassification processes and my successor at the job had the fun of implementing them. The basic choices were
Our building had a machine shop in the basement, and my successor got to take apart the RM05 removable drives (which were about the size of a Tupperware cake carrier and had a dozen 14" platters), and have the machinists sandblast them for her. The canonical Sysadmin Wall Decoration in those days was to have a disk platter with some tracks scratched off it from a head crash; she had one that was clean down to the bare metal.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The drive's firmware is what keeps track of where the "good" and "bad" sectors are on the drive. Presumably, if you took the platters out, and put them in a different drive, it would have no idea which were the good or bad sectors, and therefore WOULD let you read those sectors. No guarantees that what it reads was what was originally there, but I'd be surprised if it didn't let you read them.
Exactly! But I do it twice for additional protection.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
is it possible to write a utility that tells the drive to map ALL sectors as unreliable ? either as an alternative to thorough wiping or as a final step ? how hard is it to tell a hard drive that a sector that it mapped out is now reliable ?
1 pass of zeroes we got around, but we got around 80% IIRC. 3 pass was lower(0,1,random), somewhere in the 10-20% range, depending on the software used, but most of the "recovered" data was garbled beyond use
I call BS, how exactly were you able to recover OVERWRITTEN data with a software only solution?
Who logs in to gdm? Not I, said the duck.
And thus hopefully an organisation who doesn't take your security procedures from BBC articles and 'Which?' magazine...