Slashdot Mirror
When Your Data Absolutely, Positively has to be Destroyed (Video)
Here's a corporate motto for you: "Destroying data since 1959." Timothy ran into a company called Garner Products (which doesn't use that motto as far as we know), at a security conference. While most exhibitors were busily preserving or encrypting data one way or another, Garner was not only destroying data but delighting in it. And yes, they've really been doing this since 1959; they started out degaussing broadcast cartridges so broadcasters could re-use them without worrying about old cue tones creeping into new recordings. Now, you might ask, "Instead of spending $9,000 or more to render hard drives useless, couldn't you just use a $24 sledge hammer? And have the fun of destroying something physical as a free bonus?" Yes, you could. You'd get healthy exercise as well, and if you only wanted to destroy the data on the hard drives, so what? New drives are cheap these days. But some government agencies and financial institutions require degaussing before the physical destruction (and Garner has machines that do physical destruction, too -- which is how they deal with SSDs). Garner Products President Ron Stofan says in the interview that their destruction process is more certain than shooting a hard drive with a .45. But neither he nor Tim demonstrated a shooting vs. degaussing test for us, so we remain skeptical.
Exactly. A single pass of /dev/zero will wipe all the data on the drive beyond any hope of recovery, and sure as hell doesn't cost nine grand.
This is a company that leeches off government contractors (Lockheed et al.) that have virtually infinite budgets paid by our tax dollars.
Thus, $9000 for a low-level wipe.
What are you going to do with several hundred 40GB IDE drives?
How about some SCSI320 drives?
No one has enough room to store all this crap.
Our former sysadmin purchased a drill press for the purpose of rendering old hard drives unrecoverable. Seemed both fun and practical.
dd if=/dev/zero of=/dev/sda bs=1024 &
Won't work on an SSD. You have no idea what the controller is doing behind the scenes. There is capacity on the SSD that is completely and utterly inaccessible to the host. When you write 256 GB of zeros to your 256 GB SSD, you've probably got 16 or 32 GB the controller hasn't told you about, with data you know nothing about. You have to issue the ATA SECURE ERASE command, and even then you'll have no idea if the controller actually respected it and wiped everything.
For SSDs there are two reliable options.
1: Encrypt everything in software so the key nor a hash of it could never possibly be stored on the drive in unencrypted form.
2: Physical destruction.
If it's old, then it's out of warranty. Yeah, I get the whole e-waste thing, and I'm sure it pains people to see a pallet of otherwise good 1TB drives headed off to be shredded into chips .. but remember they are 3-4 years old and having one go bad while is a far bigger PITA in terms of lost productivity, lost data, etc. than it is to just buy a new one for $100 and pay $1 for the old one to get securely scrapped.
I worked in a legal firm which specialized in e-discovery and forensics, they weren't data-recovery specialists, but they were able to pull data from slack space and previously rewritten areas. But that is besides the point. For client-privacy reasons, legal reasons, and corporate policy, they ended up with hundreds of hard drives per month that needed to be destroyed with no possible way to recover the data. A $24 sledgehammer is certainly a cheap and fun sounding answer. But after smashing five hard drives, this stops being fun, you're making a lot of noise, and someone would need to clean up the mess. I'm sure OSHA wouldn't approve of that either. We were in a corporate office in the middle of New York City, so smart-ass solutions like thermite; sodium hydroxide; shooting them with a .45, a shotgun, or a bazooka aren't going to fly. Because of chain of custody, you couldn't even take the hard disks into an empty field to do this.
The guy responsible for destruction started unscrewing everything, taking out the platters, then punching a hole in the platters with a screw-press. But like the sledgehammer solution, this was slow labor-intensive. I believe they ended up using a qualified HD destruction service, who would come to your office once a month, and give you metal confetti back. This of course isn't cheap. Eventually, purchasing one of these Garner devices would make economic sense.
My point is, sure, given our own devices, we can think of quick and fun ways to destroy a hard disk. But when you are limited by government and corporate rules, companies like Garner aren't just greedy, but filling a real need.
The IT dept at my firm actually tried to do this, and we had to stop engineering work on a number of projects until we figured out what they'd done and forced them to roll it back. A detailed ANSYS run (say, buckling modes of a large mast crane) will easily eat up hundreds of gigabytes of disk space in temporary solver files, even if the final results file on the network share is only a few megabytes. I'd assume that other calculation-heavy professions (CGI techs, maybe? Don't know) would have similar requirements. Just because the disk has a lot of space when you're looking at it doesn't mean that space doesn't get used.
Now take that puddle out and show the serial number to the auditor to prove that the drive was destroyed. Oh, you can't?