Ask Slashdot: Best Way To Destroy Hard Drives?

First time accepted submitter THE_WELL_HUNG_OYSTER writes "I have 10-15 old hard drives I want to trash, some IDE and some SATA. Even if I still had IDE hardware, I don't want to wait several weeks to run DBAN on all of them. I could use a degausser, but they are prohibitively expensive. I could send them to a data destruction firm, but can they be trusted? What's the fastest, cheapest DIY solution?"

oven

high temperature destroys the magnetic field.

Re:oven

[SCPRedMage]

In the Air Force, we had EOD take care of the problem.

With C4.

And I'm not making this up. The drives weren't working, so we couldn't just wipe them, and EOD was bored and had explosives...

Re:oven

[JWSmythe]

    Well, for those of us living in the civilian world, C4 is hard to get our hands on.

    Thermite, on the other hand, can be made rather easily from things around the house. A file or grinder, a bit of the appropriate metals, and an ignition source. Be sure that your "Member of the Overkill Club" card is up to date, and you're all set. 5 pounds of thermite vs 1 hard drive sounds just about right. Well, right through the drive, and the table, and the concrete below. :)

    Actually, thermite may be the better choice anyways, unless you want to notify everyone for miles that you're using C4. :) It has lots of hot, and not much bang. Well, especially compared to C4.

    And remember kids, don't try this at home. It's a really really (really) good way to burn down your house, get the police called by a neighbor, and/or be charged with arson and building explosives. Some law enforcement folks don't look upon such things as lightly as they used to.

Re:oven

[kheldan]

Place HDD on concrete, apply sledgehammer vigorously. Ta-da, unrecoverable HDD.

Personally, I dismantle them for the magnets, and pull the platters out. If they're ceramic you can shatter them, if they're aluminum you can deface them, bend them, use the magnets to corrupt them, cut them in half with a hacksaw/bandsaw/whatever, be creative.

Re:oven

[Mister+Transistor]

I don't know if they have reduced the MRI magnet strength over the years but when I got one about 10 years ago they told me the strength was 3 Webers. Looking up a quick translate table, 1 Weber = 1 Tesla, so either the old ones were 10x more powerful than the ones today, or you're an order of magnitude off.

But yeah, letting one go within 20 feet of an MRI would suck it in so quick it might shoot out the other side, or maybe the field would be strong enough to just hold it once it sucked it in.

For more cool scenes of devastation check out the image where an MRI sucked in a FORKLIFT! No shit, one of those large pallet jacks you use to drive pallets around factories, must weigh 100-150 lbs and it had NO PROBLEM sucking that into the maw of it's magnet, destroying it thoroughly, of course. Image is here: http://www.howstuffworks.com/question698.htm - check it out, if you ever had ANY doubt about the power and strength of an MRI magnet.

Re:oven

[MrAngryForNoReason]

so you could just walk in (hold drives very tightly), and keep them in the machine for a while.

Not the best idea as the drives would be ripped out of your hand and fly towards the machine at a high enough velocity to kill anyone in the way. Oh and you would probably destroy the MRI in the process.

There is a very good reason why you don't take metal anywhere near an MRI machine.

Re:oven

[LoRdTAW]

I do the same thing at work. We have a wet saw for cutting welding samples and it cleanly slices through all kinds of metals without much of a problem. I put the drive on the table and run the blade into the platters about half way. It slices through the drive like a hot knife through butter. That disk will never be read again.

Another way is to run them over with a forklift as they weigh twice as heavy as their lifting capacity. So a 6000 pound capacity forklift weighs in at around 12000 pounds meaning each tire has a crushing force of about 3000 pounds. Just don't do that on asphalt as your going to leave an imprint of the drive in it or possibly mush the drive into the pavement. I know not everyone has a fork lift but its one way to do it. I got that tip from a UPS driver who informed me that is how he destroys his old disks at work. I tried it and it seems to work very well. You just need a very heavy fork lift.

Burning a drive doesn't guarantee it will destroy it unless you bring its temperature well over 1000F. And I believe the case of the drive is made from zinc which melts at 787F making it a liquid metal mess. Also, its circuit board will burn causing quite a stink so its one of the least clean methods of destroying a drive.

And lastly the good ol' hammer works great. Just wear eye protection and your all set for some destructive fun. Just make sure you smash the platters and not just the circuit board. Use a cold chisel or punch to better focus the blow to the platters. Its simple, fast and just about everyone has a hammer lying around. Just do it on a hard surface like pavement or concrete. A kitchen table or counter top will deaden the blow and your almost guaranteed to damage them in the process.

Take it apart of break it

[Psychofreak]

nail gun
hammer, bigger may be better
screwdriver, there are cool, powerful magnets inside and the aluminum chassis is recyclable for cash
steel wool on the platter once taken apart (not really important by that time)
Firearms, play safe

Phil

Hamer and punch

[plover]

If you're looking for fast production-line destruction, take a three pound hammer and punch. A punch driven through the aluminum plate covering the platter section, midway between the center spindle and the edge of the drive, down to the bottom of the case through the platters, will effectively destroy the disks. It will cheaply render the data unreadable to anyone who doesn't want to invest ten thousand dollars investigating the remains of the disks. You can crank through many disks per hour. A 3/8" bit in an electric drill would be similarly effective, and less labor intensive than a hammer, but slower.

Leaving the aluminum plate covering on the drive has the added advantage of containing the shards if the disk platters are made of glass. Even so, I'd wear leather gloves and use eye protection if I were physically destroying them this way.

But with 15 drives, it's just not that big of a job. Why make a big mess? Disassemble them. It takes about 10 minutes per drive, and it's both educational and fun. You can probably do it watching TV on the couch.

A miniature Torx driver set (T6-T9, available from Sears), a flat bladed screwdriver, a #2 Philips screwdriver, and a pocket knife is all I need to take most drives apart down to their components. Recover the voice coil driver magnets, they're always useful. Remove the circuit boards and recycle them as they were probably soldered with lead. Remove the platters from the spindles. To truly be rid of the data, you'll have to basically destroy the platters in a very hot fire. Heating them past their Curie point will completely destroy the data, leaving them totally unrecoverable; but that may require heat as high as 1500 degrees F. You won't get that on a stovetop.

dban

why would dban take several weeks? I think you're doing it wrong. DBAN can wipe multiple drives in parallel, and should only need 12 hours at absolute most for full paranoia mode.

Just zero it

[Reason58]

It is my understanding that there has never been a single proven recovery of a drive that was simply zeroed out. No silly "military grade" wipe software necessary.

Re:Just zero it

Yes, their has been. I used to work for a group that did this. Our clients were BIG corperations and guys in cheep black suits. It really comes down to how much time and money you are willing to put into it, but 60% recovery was possible 3 years ago. Your not going to get that using the hardware on the drive (yes, the platters have to come off), but it is possible to get with the right tools and equipment.

Re:Just zero it

[mea_culpa]

With specialized equipment drives can be easily recovered when wiped by zeros. With even more sophisticated methods drives that have been written over several times can be recovered layer by layer. These recovery methods are likely very expensive and you don't need to worry about it now but who knows what will be available 10 years from now.
Physical destruction is really the only way to be sure.

Re:Just zero it

It's entirely possible to image something that has been zeroed out and see what looks like data. That means you're putting the drive under an electron microscope and doing image analysis of the surface. The reason it isn't done in practice is because it doesn't scale.

The notion is that the drive head is missing a small percentage of the track. So if my drive head is missing a sizable 1/8 of the track, I need my electron microscope to represent each bit as being *at least* 8 x 8, probably 32 x 32 to be sure. (When you look this closely at circular tracks, you can treat them as parallel lines.) And the image is going to be 256 levels of intensity, so to represent one byte on my drive, I'm using 2^5 x 2^5 x 2^3 x 2^3 bytes, a factor of 65536.

That's just the space cost of managing the images, there's also the CPU time engaged in image analysis, etc. But lets say you're the Hollywood NSA that has an incredible budget and the wherewithal to employ it efficiently. They've got a huge cluster of system to manage all this so that they can churn through 64 petabytes of data for a typical 1 TB drive.

The real bottleneck is that they've got one or two platters to image. Our one terabyte drive requires 2^56 pixels, so that's a square 268 million pixels on either end. (For reference, Google Maps's entire image of the Earth is about 150 TB.) And scanning tunneling microscopes, the types that people claim will be used to image drives, are dog slow; papers on high-speed STM claim that they are getting images at "near video" rates. (Don't take my tone as denigrating what these guys have accomplished: that we can look at atoms and stuff at near video rates is awesome.) If our frame is a generous 1024 x 1024 and we're doing 60 frames per second, that's 31 years to scan our 1 TB drive.

But, wait, it gets better! The geometry of every drive is slightly different as vendors only have to provide a common API, and the specifics are largely undocumented. And have you ever seen how sometimes with Google maps the streets don't quite line up or there are seams? So if you do that with your platter imagery, if you're off (in our example) by 8 pixels, your bits don't line up correctly. And, after all this, you're really only getting a *probability* that each bit was one or zero, even if the person overwriting the drive consistently zeroed it out.

Re:Just zero it

[daha]

With specialized equipment drives can be easily recovered when wiped by zeros. With even more sophisticated methods drives that have been written over several times can be recovered layer by layer.

Easily?!?! Layer by layer? Do you have personal experience recovering overwritten data in this fashion? If so, please let me know, my company would hire you in a heartbeat and you could name your price. This concept has been trashed over and over again on slashdot, and nothing has changed since the last time.

Think of the signal for a single bit on a platter like a digital Jackson Pollock painting using only two colors. One color represents a 1, the other color is a 0. Each write is a new splatter that gives the picture a new dominant color, but there are still some pixels left over from the previous splatters around the edges. Once the color of a pixel is set, it is set until you change it and you have no idea if the same color pixel next to it was written at the same time or not. You can just see that the overall color of the entire image is one or the other.

Now let's say, just for the sake of this discussion, that you were actually able to read these mythical "layers", or more appropriately, all the drops of the various splatters. Because this is a magnetic signal and not a physical layer of paint, you have no idea when any given pixel was written compared to the one next to it. There is no concept of a layer because the signals aren't stacked on top of each other, they are all next to each other. Now let's say that you have somehow managed to design and build the most sensitive magnetic read head ever conceived so that it is able to read the signal of every single molecule in the space that this bit occupies. That's great. Now you've determined that there were a bunch of 1's and 0's. Which order were they written in? Did that 1 from over to the left come before or after that 0 that you read from the lower right?

Assuming you got that figured out, now you need to get the next 7 bits just to make a byte. Did you get all 8 bits from the same write put together? Or did you screw one up because you got the ordering of your "layers" a little mixed up?

Now that you've got an entire byte reconstructed, you need to do the same with the other 511 bytes for the sector. Did you get all 4,096 bits for the sector correct for your "layer" of data? I'm a little skeptical...

Now go get the rest of your file, because it probably isn't all contained within a single 512 byte sector, and it may very well be written to different regions of the drive if it wasn't all written as a contiguous allocation. Depending on the file system and the size of the file, it's could be guaranteed that it is not contiguous - ext3 will be non-contiguous if it is larger than 6K.

Now that you have every bit recovered for a single file, did you get every bit correct? You're most likely in trouble if you screw up even a single bit and try to open it with the native application. LZ-based compression used for the file? It's almost sure to be busted as soon as you hit that bad bit and you won't be able to decompress anything beyond it. Different files have different tolerances, but unless you plan to look at everything with a hex editor, you're probably going to have a lot of trouble. Even something like a Word document (*.doc, not the *.docx) isn't going to be as easy as you think because the file does its own allocations of 64 bytes at a time within the file. If you did any edits, or have anything other than just plain text that is all the same font style, your text is no longer contiguous. If that Word document is using the new format (*.docx), then you out of luck because it is using a variant of LZ compression.

Oh, the file was a picture? No, still not always going to help you. Certain graphics file formats, like JPEG, do tolerate some corruption of the data (depending on where the corruption shows up), but some are just as fragile as a compressed data file.

Now repeat this for every file until you find files that are actually valuable to you. The amount of effort needed to reconstruct anything that has been overwritten far exceeds the value of whatever data it was.

Re:How I've done it in the past...

[danbuter]

You can buy muriatic acid in just about any hardware store. It's basically hydrochloric acid.

Data Backup / Data Destruction

[QuasiSteve]

What - we just had the "omg how do I save my pictures/videos for my great-great-great-grandchildren!?!?" 3-monthly Slashdot story, so now the "aaaargh! I can't let some schmuck discover all the home made porn and paste it all over the interwebs!!!" was overdue?

Seriously, people... HDD tech hasn't changed enough to make the same answers from 5 years ago any different now.

http://www.google.com/search?q=site%3Aslashdot.org+how+to+dispose+of+hdd

Re:Screwdriver

I always take them apart for the free magnets inside.

Open them up and salvage the magnets

[SensitiveMale]

Very powerful magnets in the drives. Open them up, take out the magnets, and throw away the drives. If you are really paranoid, pop the discs out. But definitely salvage the magnets. They come in handy.

DBAN is unnecessary.

[rollingcalf]

One pass with zeroes or random data over the whole drive is sufficient, unless you expect that a large government agency is going to open up the hard drives and spend millions of dollars to attempt to recover the data (and even they might be unable to get at the overwritten data. See http://www.nber.org/sys-admin/overwritten-data-guttman.html).

With dd if=/dev/zero of=/dev/sdb you can wipe all the hard drives in a weekend.

Install Windows on Them

[Doc+Ruby]

After installing Windows on a hard drive, it becomes worthless. And after a while the actual bits will become corrupted into random values.

If it can spin, it can be read.

[Jimbob+The+Mighty]

Thermite, or any other method to melt the platters.

Wrong!

The truth is that it comes down to COST. It is a bit like encryption, in that it is all about TIME and COST to brute force it. So how important your data might be to somebody is the real factor here. For 99.9% of threats you simply break the circuit board or remove it. 1 bad chip, cap, or resistor would stop these people from using the drive completely. Have you ever tried to get a drive working with a defective circuit board??? I have and it is not easy because most times revisions break compatibility so you'd have to find the exact same board; possibly even the same exact revision. The older the drive the trickier (but cheaper) finding a board gets.

Old drives leave trace data that a zero wipe will not stop and with the right gear it can be recovered. Private corps don't disclose all their tricks, researchers publish most the techniques they think of, the FBI won't get past the techniques you can find out about or they can hire out; while military or other gov have access to more cutting edge techniques. Ever hear of a low level format?? well, that places plenty of gaps on the drive-- you know the drive heads just don't calculate their position on the platter, the platters are encoded with position information. Anyhow, the older the drive the more gap space there is for one to process the noise and extract past recordings-- the newer drives are so advanced they are approaching magnetic "atomic" microscopes (note: I said "approaching,")

An FBI or private firm may have a drive head scanning microscope (using drive tech to cheaply make fast and effective drive scanners) but this will not be cheap to use; also, if you do an IDE zero wipe (if supported) the firmware level wipe will be low level and cover just about the whole surface making it safe. The other gov with more resources and time can probably go a little further... but not all that much for huge cost increases. In theory, a higher resolution reading device can pick up noise 'echos' in the material just as they can recover audio from tape a few times back- somebody dealing in this realm is not you and the cost and expertese must be crazy and on newer drives (possibly everything in the last decade) those techniques may not be feasible at all (but govs worry because unless it is proven somebody might have found a way.)

Poking holes in the platters will stop people willing to drop $1000+ to recover it. For more they can get partial data from segments of it but its not likely going to be all that useful (could be, this is where file fragmentation can cause big troubles.) Holes or shattered platters will make pretty much every reading device really labor intensive and expensive to use.

It is true that gov level wipe algs are pointless because that technique was devised for older drives with different kinds of encoding and also include techniques for floppies -- so doing the 35? pass is actually stupid because it covers a whole range of situations, no device needing them all. Canada for example, their gov lowered it down to 3 pass I think last time I looked.... like 10 years ago I think. a 1 pass is likely enough except for gov. high level gov mandates incineration as a blanket policy.

I say bust a chip; or remove the boards. that is plenty. if paranoid; then damage the platters (or the actuator arm... or a clever person would run a car battery into a few key points to kill the heads or motor in a few seconds.)

FYI: I have an expert level knowledge in this area.

Doesn't work as well as you think

[artor3]

It doesn't work as well as you'd think - believe me, I've tried. What tends to happen is the thermite melts a small hole through the drive, and all drains to the bottom, where it burns a hole in the container and continues further down away from the drive. Even if you use a suitable container (for example, a bucket full of sand), it's difficult to get the whole drive to melt, and there's no way to know if the surviving platters got anywhere near their Curie point. Plus it's a pain in the ass to get the thermite to ignite, and the resulting thick black smoke may very well have your neighbors calling the fire department.

In the end, it's much simpler and less frustrating to simply smash the thing to pieces with a sledge hammer. Thermite for its own sake is fun and (kinda) educational - it's just not a good tool for this job. If you're really paranoid, do a single pass of zeros (or ones, if you prefer) before breaking out the hammer, but it probably isn't necessary. Unless the FBI's hunting you, no one's gonna put in the effort to recover data off a smashed platter.

Angle grinder

[AliasMarlowe]

An angle grinder with any metal-cutting bit will slice clean through the platters and circuit boards, making a pretty shower of sparks. It's much more satisfying than just using a drill, and at least as effective as swinging a big hammer on them.
BTW, remember that destroying hard drives could easily be construed as "willful destruction of evidence" if you're later accused of anything (terrorism, copyright violation, or other heinous crimes). So, whatever method you choose, it might be advisable to destroy them out of the public eye...

Don't destroy them!

[GameboyRMH]

Unless these disks are inoperative (and you say using DBAN is an option so I guess they aren't), don't physically destroy them! One overwrite with any data - ones, zeroes or random - is enough to make the data unrecoverable on a hard drive made in roughly the last 20 years, according to US NIST (just be sure to use a tool that overwrites bad sectors as well). You can do two if you're super-paranoid. If you want to do more than that, seek professional help - psychiatric help, not IT help.

Then give the wiped disks to someone who could use them.