The Homemade Hard Disk Destroyer

Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."

Overkill?

[Miros]

Why not just use a degausser? or DBAN?

Re:Overkill?

[cdrudge]

The paranoid crowd will argue that either method might still be able to be recovered. I thought I saw an article once here that in the real world basically debunked this myth. Physical destruction just takes the process one step further. Plus it's quicker then running some type of a disk wiping program.

Re:Overkill?

[Hyppy]

Some places still require both. When it comes to extremely sensitive (classified, etc) data, "absolutely unreadable" must be absolute. Even if only one technician in the entire world, with a billion-dollar lab, is capable of recovering the data from a zero'd drive, it's too much of a risk. What if that one technician is Chinese?

Re:Overkill?

[Miros]

Someone should suggest that the Mythbusters "put this to the test," assuming their production company has the financial resources to pay for even modest data recovery services.

Even that might be effective. If you have like, a dozen drives, all of them similar, all of them wiped, one of which contains good data (or worse, a group of which once comprised like, a RAID 5 array so you need at least a few of them) you would be looking at a hypergeometric distribution, and the actual probable cost of recovering the data could grow extremely rapidly to something quite impractical. If instead, you had a big box full of used drives, five of which had been bent in half, it might actually be cheaper

Re:Overkill?

[emocomputerjock]

Then you'll be called paranoid and accused of FUD.

Re:Overkill?

[emocomputerjock]

I was agreeing with you.

Re:Overkill?

[damburger]

TBH they might not have to pay at all. I'm sure data recovery companies wouldn't mind showing on national TV what they are capable of getting from an apparently bricked hard drive. It would be an advertising opportunity.

Re:Overkill?

[Iphtashu+Fitz]

Of course it's a security risk. If the disk fell into the wrong hands they my not be able to read everything from your system but they certainly could read bits of useful information. If it's from a RAID 5 or RAID 6 volume they may only get bits and pieces of data but something like a RAID 0 or RAID 1 volume could glean lots of useful data. Think of it sort of like a shredded classified document. RAID 5 or 6 means they may have a handful of the shreds of the document, and any of those could contain snippets of useful information like usernames, passwords, bank account numbers, etc. RAID 0 would mean you might have half or all of the shredded document. RAID 1 would pretty much guarantee that you have the full document.

Re:Overkill?

[mlts]

There is one simple thing about physical destruction. It is obvious to an observer that the drive is unusable. If someone has a pile of drives, one before DBAN, one after, it wouldn't be hard for someone to move some drives into the after pile either as a prank, or perhaps to get the information once it leaves the location. Physical destruction prevents this from happening, because almost anyone can tell the difference between a pile of scrap metal and a hard disk that looks like it might function.

Re:Overkill?

[TheRaven64]

Who are you trying to keep the data safe from? If it's a foreign government willing to do a molecular scale image of the entire disk with a scanning tunnelling electron microscope and then have a large team of people painstakingly apply heuristics and get back some small fraction of the stored data in a few years time and after spending several tens of millions of dollars on the project, then this is indeed good advice. If, on the other hand, you're worried about commercial data theft, then a single dd pass is enough.

Re:Overkill?

[snemarch]

With normal FS format options, that would only take care of a very small portion of the drive (FS metadata doesn't consume that much space) - it would be pretty easy extracting useful data using plain old software. A single-pass disk wipe would be a lot more useful :)

Re:Overkill?

[CharlieG]

Last time I needed to really kill a drive, I put it in the lathe, and turned the platters - nice snall swarf chips

Underkill?

[O('_')O_Bush]

Sounds like you could fix it with... Pops-a-dent!

Jokes aside, from the FA: "The Bustadrive, then, looks like itâ€(TM)ll thwart all but the wealthiest and most determined of hard disk hackers"

So what they're saying is, this doesn't do the job as well as something like one of those DOD disc scraper/shredder things, but it is more fun, which I guess makes it news worthy?

lots of options out there!

[farnham]

My drill press makes for a very effective drive killer.

Use what you got!

Not 100%, but otherwise cost-effective given risk?

[operator_error]

As the RTF states, data can be re recovered, given a financial budget & time.

But I wonder. I posed the same question to a buddy awhile back, and he suggested baking the disks in an oven at 250 degrees C for an hour. The idea being that well, yeah, sure the magnetic platters can theoretically be recovered given time, budget, and determination. But still, the printed circuit board, etc. would be melted and thus ruined. Seems just as sensible, and more cost effective given readily available tools, (and sufficient ventilation!!!)

Re:The Columbia test

[Miros]

I think it would be easy to melt the disk into a nice puddle of slag, what might be harder is not burning the building down in the process.

Waste of Time, Money and Good Equipment

[littlewink]

Wipe the drive with software. Do it several times with different programs if you're paranoid. Set up an assembly line to do it if you have many, with each individual responsible for a separate step. Test drives prior to re-release.

People are so badly mistaken about how recoverable disk data is: they believe the same way they believe in Bigfoot or the Loch Ness monster. What a waste of good work.

Gross Overkill

[kingsack]

A ball pean hammer applied vigorously to the drive spindle will render all but the most wealthy and determined effort to recover data fruitless and even then it is highly unlikely that all or even most of the data would be recoverable.

Re:Stand drill

I'd guess the foundry people would object to contaminating their carefully selected alloy...

Re:Stand drill

[mellon]

Dude, haven't you read the Trilogy? It takes half a book just to cross Mordor, plus there's Orcs and shit. That's way more trouble than it's worth. And have you ever tried to find Middle Earth on a map? Sure, lots of people have theories, but what with continental drift and such, it's all pretty obscure. How can you be sure the volcano you use is *really* Mount Doom in this late, degenerate age?

Re:This is just a controlled hammer

[Guysmiley777]

Until they go to town on drives you didn't want destroyed. "Look daddy, I fixed this one all by myself!"

Re:Gutmann was wrong

Physically overwritten sectors are (almost) certainly unrecoverable. But what about remapped 'bad' sectors? AFAIK these cannot be accessed in any way by software wiping tools, but could be accessed and potentially read by tweaked drive firmware. They might be overwritten if you use the drive's own firmare erase command if it supports this.

In the real world, fire is a bad solution

[name_already_taken]

Which would be the better solution.

A small terracotta pot without a hole in the bottom of it + a small amount of thermite is the cheapest way, thermite is cheap and reasonably easy to make.

Ok, do that in your office and see how many minutes your job lasts once the fire's out.

Even if we did it outside at my place of work, we'd get complaints from the neighbors. A mechanical/hydraulic crusher/bender thing could be made into something that looks like an office appliance.

Nothing says "no data recovery" like a drive reduced to its elemental components.

Except it's not. Burning is generally a process of rapidly combining reactants, not dividing them up. Plus, it's rather environmentally unfriendly - having a cloud of smoke go up is frowned upon in most places these days.

Re:Not eco friendly

[Tuoqui]

I agree...

There was an article on 2600 recently about ATA Security Specification. You can apparently use it to perform a secure wipe which is what the DoD uses these days. Two passes at different offsets (-10% and +10%) to prevent recovery of magnetic data from the 'edges' of the sectors with a scanning electron microscope or something crazy like that. Rather than the crazy 36-pass wipe or something they used back in the day.

If it's good enough for the government spooks, its a good place to start for us.

There was an interesting bugtraq thread in 2005.

[arcade]

Let me pull a bugtraq posting from 2005 out for perusal. There are other interesting tidbits in that thread too.

http://seclists.org/bugtraq/2005/Jul/0464.html

===
From: dave kleiman
Date: Sun, 24 Jul 2005 15:30:30 -0400

Here is a quote directly from Peter I received Saturday, he asked to have it
passed on to the list.
-Snip-
>I'd love to hear some thoughts on this from security and data experts
>out there.
People should note the epilogue to the paper:
    Epilogue
    In the time since this paper was published, some people have treated the
35-
    pass overwrite technique described in it more as a kind of voodoo
    incantation to banish evil spirits than the result of a technical analysis
    of drive encoding techniques. As a result, they advocate applying the
    voodoo to PRML and EPRML drives even though it will have no more effect
than
    a simple scrubbing with random data. In fact performing the full 35-pass
    overwrite is pointless for any drive since it targets a blend of scenarios
    involving all types of (normally-used) encoding technology, which covers
    everything back to 30+-year-old MFM methods (if you don't understand that
    statement, re-read the paper). If you're using a drive which uses
encoding
    technology X, you only need to perform the passes specific to X, and you
    never need to perform all 35 passes. For any modern PRML/EPRML drive, a
few
    passes of random scrubbing is the best you can do. As the paper says, "A
    good scrubbing with random data will do about as well as can be expected".
    This was true in 1996, and is still true now.
    Looking at this from the other point of view, with the ever-increasing
data
    density on disk platters and a corresponding reduction in feature size and
    use of exotic techniques to record data on the medium, it's unlikely that
    anything can be recovered from any recent drive except perhaps one or two
    levels via basic error-cancelling techniques. In particular the the
drives
    in use at the time that this paper was originally written have mostly
fallen
    out of use, so the methods that applied specifically to the older, lower-
    density technology don't apply any more. Conversely, with modern high-
    density drives, even if you've got 10KB of sensitive data on a drive and
    can't erase it with 100% certainty, the chances of an adversary being able
    to find the erased traces of that 10KB in 80GB of other erased traces are
    close to zero.

Peter.
===

Re:Gutmann was wrong

[TheRaven64]

And how many of these are there? SMART can tell you how many sectors have been remapped, and I've only seen this over 50 on a hard drive that completely failed a few hours later. 50 512-byte sectors works out to be 25KB of data, taken at random from the data ever written to the disk. What is the probability of this being something useful? If you use encryption or compression on the disk - or the files - then these sectors will contain data that is completely meaningless without the relevant headers.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Gutmann was wrong

Every ATA/SATA drive made since around 2001 supports the "secure erase" feature. This will overwrite everything, including remapped sectors and the host protected area (HPA). NIST considers this to be as effective as degaussing. It has the added advantage that you can re-use or sell the erased drive. On Linux, you can activate this feature with hdparm's --security-erase switch.

It's actually more effective than crushing or similar physical destruction techniques, as it will protect against "laboratory" attacks (magnetoscopy etc). The only physical technique which is completely effective against a determined attacker is incineration (even grinding can leave recoverable fragments if you don't know what you're doing; it's quite easy to end up with flakes of the magnetic medium which are large enough to extract data from).

Physical destruction is primarily masturbation; it's done because it feels good rather than because it's particularly effective.

Reduce, Reuse, Recycle

[drinkypoo]

Reduce - Buy the biggest disks you can afford, they're worth repurposing and you won't have to spend as much on successors or the attendant labor.

Reuse - Repurpose disks for other purposes. Use last years' disks as part of your backup solution. Secure-format them on a low-power machine and put them on eBay.

Recycle - There must be SOMEONE willing to break the drives down and give you back the platters for destruction. There's significant aluminum in some of those drives.

All this crushing, drilling, and shooting of drives is fun. But it's also extremely wasteful. I understand destroying the drives if lives are at stake, but otherwise, stop.