Where Old Hard Disks (with Digital Secrets) Go To Die

Hugh Pickens DOT Com writes "Justin George writes at McClatchy that in a 20,000-square-foot warehouse, where visitors are required to trade in a driver's license for a visitor's badge, some of the nation's secrets are torn apart, reduced to sand or demagnetized until they are forever silent. Need to destroy a rugged Toughbook laptop that might have been used in war? E-End will use a high-powered magnetic process known as degaussing to erase its hard drive of any memory. A computer monitor that might have some top-secret images left on it? Crushed and ground into recyclable glass. Laser sights for weapons? Torn into tiny shards of metal. "We make things go away," says Arleen Chafitz, owner and CEO of e-End Secure Data Sanitization and Electronics Recycling, a company with sixteen employees that destroys hard drives, computers, monitors, phones and other sensitive equipment that governments and corporations don't want in the wrong hands. Chafitz say the information technology departments at typical companies might not have the proper tools or training to adequately dispose of data. IT departments focus on fixing and restoring data, they say, while data-wiping companies focus on just the opposite."

Using encryption is the better option

[ffkom]

Using encryption not only saves you effort when the harddisk dies after years, it also provides security benefits during the drives lifetime and makes warranty-exchanges of young defect drives painless.

Re:Using encryption is the better option

Yes, but make sure it's not one of them NSA (suspected) weakened/backroored ciphers.

Rot 26 all the way for me, baby!

Re:Using encryption is the better option

None of the symmetric block ciphers commonly used for disk encryption are backdoored.

However, if you're looking at a closed-source implementation, especially in hardware or firmware, you may well be looking at a backdoored or simply flawed implementation. Examples abound of storage devices with 'hardware AES encryption' which use a key of all zeroes, or ECB mode, or CBC mode with predictable (or zero) IVs, or some other basic fuckup.

Re:Using encryption is the better option

[rubycodez]

wrong point of view. you have no way of knowing what algorithms will fall to simpler solutions or more powerful solvers in the future. and your favorite method might have a back door. or perhaps the key was make known

Re:Using encryption is the better option

[maxwell+demon]

Of course having a key of all zeroes is a bad mistake. That's why I always go away from that mistake as far as possible, by using a key which has no zero altogether. That is, a key of all ones. Clearly as opposite of the most insecure key, that's the most secure one. ;-)

Re:Using encryption is the better option

[C3ntaur]

This is why I have little use for cloud storage. Encryption is best thought of as a delay mechanism.

Re:Using encryption is the better option

[hairyfeet]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

Nobody has yet to show they managed to get back even a single file from a modern drive after it has had a simple zero wipe yet all these "security sites" still hold onto old wive's tales that haven't been true since the days of the MFM drives! Protip: The reason you could recover files from those old drives? The motors were VERY inaccurate and could slip the tracks, thus leaving tracks after an erase cycle. A modern drive have tracks sooo small there is no way in hell its gonna be missing tracks, you'd know there were issues because the drive would fail before it would miss a track.

So I wonder how long voodoo from the age of DOS is gonna be taken as fact? An encrypted drive with a single wipe would insure there was zero data to recover and wouldn't be based on 30+ year old info, it would also deal with the real issue, the fact that there is no way to securely wipe an SSD that I know of, because SSDs don't "erase", just mark sectors as available to minimize writes.

Re: Using encryption is the better option

Writing zeros assumes the drive still works,
Degaussing requires no such thought

Re:Using encryption is the better option

[Poingggg]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.\

So I wonder how long voodoo from the age of DOS is gonna be taken as fact? An encrypted drive with a single wipe would insure there was zero data to recover and wouldn't be based on 30+ year old info, it would also deal with the real issue, the fact that there is no way to securely wipe an SSD that I know of, because SSDs don't "erase", just mark sectors as available to minimize writes.

Maybe because degaussing takes seconds (i think) and wiping takes hours? Not unimportant for a business I would think. (You are right about the SSD's though).

Re:Using encryption is the better option

Only you would call basic physics "voodoo" while at the same time dreaming about warp drives. Or making up stuff about "very inaccurate" "motors". You mean the STEPPER motors they used back then for the heads? They weren't "VERY" inaccurate and didn't "slip the tracks". That's a made-up term btw you liar.

Re: Using encryption is the better option

[DigiShaman]

Drive shredding.

http://m.youtube.com/watch?v=s...

Re:Using encryption is the better option

[couchslug]

While encryption is desirable, hard disks, all of them, are trivially cheap compared to loss of classified into.

When in doubt, shred.

Re:Using encryption is the better option

[ArcadeMan]

We're in 2014, ROT26 has been a weak encryption scheme since the 1970's. You really should upgrade to ROT436207616.

Re:Using encryption is the better option

[icebike]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

That's not half of it. There is also this bit:

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Re:Using encryption is the better option

The heads were moved by a linear actuator, not a motor.

Re:Using encryption is the better option

[drkim]

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Monitor burn-in.

http://stevenandy.files.wordpr...

Re:Using encryption is the better option

[DarkVader]

No, they were moved by stepper motors on quite a few hard drives. I'm sure some may have used linear actuators, but certainly not any hard drive I ever worked with back then.

Re:Using encryption is the better option

[DarwinSurvivor]

They could be referring to screen-burn on old CRTs.

Re:Using encryption is the better option

[DarwinSurvivor]

These are not your everyday run of the mill business hard drives. These are drives that other countries would invest significant resources to read. This could include malicious firmwares that detect wipes and "pretend" to be empty. Firmware infection is starting to rise and governments are realizing that "nuke it from orbit" is in fact the only way to be sure.

Re:Using encryption is the better option

[ihtoit]

I've never come across a hard drive with a stepper motor actuated arm. Care to cite a model number for me?

(I have a Quantum Fireball 5.25" 40MB drive that uses a voice coil actuator and two very strong rare-earth magnets to move the heads, the exact same technology used in my Hitachi Deskstars and in my 1TB Seagate 7200.12 SATA).

Of course, I stand to be corrected on this, but: model numbers, please, none of this "You're a fuckin' idiot!" bullshit.

Re:Using encryption is the better option

[ihtoit]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

Degaussing is only useful if you don't intend to use the drive again, considering the vulnerability of controller chips and servo tracks to strong EMP renders drives useless.

That's not half of it. There is also this bit:

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Burn-in. A common problem on CRTs and on early OLED screens (I just ditched a CRT with an image coldburned into the screen (you could actually make out what it was with the monitor turned off), and I have an mp3/media player that plays video on a 1.1" OLED - which has the player screen permanently burned in. Actually, somewhere around I have an old TFT panel from a Dell laptop that also seems to have burned...)

Re:Using encryption is the better option

Why can't you just google it? Seriously. There's even video of an old hard drive with a stepper motor for the heads. Jesus Christ, if you still don't believe me, because you're under 25 and can't possibly imagine that the world was different before you popped into it, you can buy some on eBay.

What do you think RAMAC used? Here's a part number for you, you obtuse Asperger's ignoramus:

IBM 305

Oh wait, that was COMPRESSED AIR.

Oh geez, what's with all this history stuff? If only there could be some way to store and retrieve historical information from the comfort of one's home!

Furthermore, while meditating on exactly how hard drives worked before there was more computing power in the PRML decoder than in the first PC, how did floppy drives move their head back and forth? Why would you think the first hard drives would have been so dramatically different?

And just for you, cupcake:

http://www.youtube.com/watch?v...

I've read your posts before, and a more unpleasant, stubborn, right-fighter I've yet to meet.

Re:Using encryption is the better option

[__aajfby9338]

My first hard drive was a 20M 3.5" full height SCSI drive made by Miniscribe. It not only had a stepper motor to position the heads; it also simply jammed the heads against a hard stop to find track zero to save the expense of an optical sensor. I don't recall the model number. That piece of junk didn't last too long.

Re:Using encryption is the better option

[__aajfby9338]

A quick search for "miniscribe" on Youtube turned up the Miniscribe 3212 and Miniscribe 3650 as a couple of examples. Unlike my first Miniscribe hard drive (whose model number I don't remember), these ones appear to have optical sensors for track zero mounted on the outside of the stepper motor. Mine simply had a mechanical stop that the drive noisily buzzed against at power-up. But at least it wasn't a brick for the year or two that it lasted before failing.

Re:Using encryption is the better option

Seagate ST-506. For one. You know, we're not your personal librarian, unless you are a quadriplegic and are using a straw to blow in your search string one character at a time, there's no reason why you couldn't just google that yourself.

Except to be ornery.

Re:Using encryption is the better option

[ncc74656]

I've never come across a hard drive with a stepper motor actuated arm. Care to cite a model number for me?

I'm pretty sure the Seagate ST225 I once had in an IBM PC/XT used a stepper motor to move the heads. Voice-coil actuators only came on the scene sometime in the late '80s or so.

Re:Using encryption is the better option

I was with you until the SSD thing. You're completely wrong, overwriting an SSD one time will completely erase anything that was previously on the drive. There is absolutely precisely no room for any data to be left over after a full write.

A lot of new SSD's support hardware-level AES with a key generated and held in the drive itself. It takes one command to change that key permanently, forever rendering the drive "random" for all intents and purposes. On the other hand, it only takes one command to permanently render the drive "random" for all intents and purposes.

Re: Using encryption is the better option

[TheLink]

But will it blend?

Seriously though I was wondering why they were using so many different ways to destroy stuff when they could just use the same method to destroy most of them: very high temperatures.

You're not going to recover much from a hard drive that's been in a pool of molten "lava" for a mere 10 seconds.

If you insulate it well it shouldn't take that much power to maintain a pool of lava. Even easier if the site happens to be next to a volcano ;).

Of course you better have many security cameras just in case people try to dispose of people that way.

Re:Using encryption is the better option

[mpe]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

Probably because people are prepared to pay money for it. At least this is a little more plausible than repackaging a novalty golf ball finder as an IED detector.

Re:Using encryption is the better option

[ebvwfbw]

Not me, rot13 still.
Abg zr, ebg13 nyy gur jnl.

Re:Using encryption is the better option

Can confirm: I used a bulk-tape eraser on a set of 4 hard disk drives. (back in about 1997, or so). Drives were completely useless after that. I think I probably fried the controller chipset.

One wouldn't even spin-up. The others would spin up but wouldn't respond to any drive commands. Not even ID on the bus.

Re:Using encryption is the better option

[ihtoit]

ah, cool. I might even have one of those around somewhere...

Re:Using encryption is the better option

[wesk]

If a drive head was no longer functional then you'd have to disassemble the unit, remove the disk, mount in another unit and then wipe it, right?

Re: Using encryption is the better option

[DigiShaman]

That would be the 2nd phase of the cycle if further repurposed for recycling. Shredding is the 1st in which the pieces are sorted as ferrous and non-ferrous metals. Once the material has been sorted as best as possible, it then goes into a crucible to be melted down. As for the platters themselves; they are typically made out of aluminum, glass, or ceramic substrate. Even if you can't recycle ceramic efficiently (I don't know), the coating on them most certainly would have been vaporized from the material when exposed to such temperatures. Being that it's the coating that stores the data, it's a rather moot point to be worrying about data recovery.

Duh

[g0bshiTe]

Silicone Heaven, otherwise where do all the calculators go?

Re:Duh

Silicone Heaven, otherwise where do all the calculators go?

Oh, I'm sorry, that's not the answer we were looking for. We wanted the Guardian's office in Kings Cross. Better luck next time, and thanks for playing.

Re:Duh

the same place all mention of nano-thermite residue at Silverstein Properties go.....
or was it asbestos-removal cost-coefficient.

Re:Duh

[sunderland56]

Silicone Heaven, otherwise where do all the calculators go?

Didn't there used to be a strip bar named Silicone Heaven?

And yeah, there were a lot of accountants there.

Re:Duh

[excelsior_gr]

You mean Silicon Heaven. Silicone Heaven is yo mama's boobs.

Re:Duh

[Darinbob]

That completely changes how I understood that episode.

Re:Duh

[dissy]

No he means Silicone. Calculators obtain that by displaying 58008
You can't spell out "mama" on a 7 segment display

(Kids these days!)

Jump The Shark

[retroworks]

Data destruction industry has finally "jumped the shark" with the posting of the Guardian Newspaper's hard drive destruction just a few hours ago. This sales pitch shows the billion dollar industry behind selling insurance to people afraid of digital losses via old hardware. http://www.theguardian.com/wor...

Identity theft and trade secret losses are real, very real risks. But physically destroying hardware is to data protections as toilet paper on the loo lid is to AIDS prevention. The real threats are phishing (getting employees to log in credentials on fake websites), and loss of active PCs (theft of laptops from the back of cars), and the new credit-card swiping devices used at Target stores are the actual risks.

I have heard the argument that physically destroying the disks eliminates the potential for bad apple employees to skirt the wiping of disks, and that with physical destruction you really control human error. I say bullhockey. When I have a staffer wiping disks, I can inventory the disks and randomly sample them to see if the data has been erased, and replace the staffer if necessary. If the drives are thrown in a mechanical shredder, how do I know a PARTICULAR drive was thrown in the shredder? How will I ever catch the bad apple? Try sifting through the scrap fluff for serial numbers to make sure the right one went through the machine.

The big opportunity is "digital haystacks", putting randomized and false data out, especially metadata. If enough bad data written on to drives, it has the added benefit of wasting the time of Russian hackers who have too much of it on their hands.

Re:Jump The Shark

[SuricouRaven]

Physical destruction is something you do to put on a show for the boss's boss's boss.

Re:Jump The Shark

[dbIII]

Try sifting through the scrap fluff for serial numbers to make sure the right one went through the machine.

That's a very good point. In my case I could keep the part of the casing with the serial number after I've ripped the thing apart to get the magnets, but in industrial quantities that would require too much time. I'd suggest putting pallets of the things in steel heat treatment ovens for a bit but only because I've worked with those things. Maybe soaking them for a bit in vats of citric or phosphoric acid? It doesn't have to be highly concentrated to rip into the iron oxide on the platters which holds the information. The amount of phosphoric acid in coca cola is enough to remove a bit of rust over a couple of days.

Re:Jump The Shark

[Eskarel]

It sort of depends on the value of your secrets. People are reasonably certain that if you wipe random data over a disk 32 times that it can never be recovered, reasonably certain, with current technology anyway, well with the current technology we know about anyway. Now you have to ensure of course that it's been done properly and some dimwit hasn't just cleared a partition instead of the whole volume, and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ability to actually do a write to every sector to achieve this goal is somewhat questionable, and of course doing a 32 times rewrite on a large drive is going to take a few days to actually finish, days you're paying someone you trust with that data to sit and watch it, well presumably anyway.

On the other hand, physically destroying the disc is much faster and much more effective, depending on what the company charges, it might actually even be cheaper since you could actually do it to a whole bunch of hard drives at once.

Is it probably excessive if you're the radio shack at the mall? Sure, if you're the government though?

Re:Jump The Shark

[tomhath]

I'd be happy with a log of what was destroyed. Maybe pictures/scans of the drive just before it was destroyed if the stuff on it was really important. Keeping thousands of wiped drives around so you can go look at them occasionally is kind of pointless

Re:Jump The Shark

Physical destruction is something you do to put on a show for the boss's boss's boss.

"Look, Smithers! It blends!"

Re:Jump The Shark

[drinkypoo]

The big opportunity is "digital haystacks", putting randomized and false data out, especially metadata. If enough bad data written on to drives, it has the added benefit of wasting the time of Russian hackers who have too much of it on their hands.

So how much of your time are you going to spend to one-up the Russians, well-educated in maths, by creating convincingly fake data?

Re:Jump The Shark

[Lumpy]

The IT security staff at Comcast required the power supplied to be destroyed as they can contain "data"

That is the day that I realized that IT security guys at most corporations are simply Cops that cant keep a job as a cop and fake their IT background.

Re:Jump The Shark

[mikael]

Those smarter drives do insane things that having a pool of surplus disk blocks and having a virtual disk cylinder/sector map that can swap out old blocks that have become damaged and replace them with a new block. Just because you think you are writing on cylinder 32, sector 5, block 3, doesn't mean it's really at that location. Theoretically, it might be possible to fill up every possible block with data, but that's no guarantee.

So the only safe way is to destroy the hard disk drives.

Re:Jump The Shark

[rubycodez]

you are silly, your process depends on *you* being trustworthy. A proper shredding program with witnesses at each step ensures the data is really destroyed, and keep those who can cause the most damage by being a bad apple, which mostly means you, in line.

Re:Jump The Shark

[jamesmeece]

Usually using "Secure Erase" gets around this issue. Even for SSD's (assuming implemented properly, which most major companies do)

Re:Jump The Shark

[fuzzywig]

We had the truck round to destroy a bunch of disks recently at work (most of the drives wouldn't have had anything on them, but a few might have been exposed to customer's credit card data), and watching this big green lump of steel turn a harddrive into tiny mettle chips was really fucking cool!
So yeah, maybe it's not necessary, but it's a bloody good show.

Re:Jump The Shark

"Usually" is precisely why for high security content the drives are simply destroyed. No way to know that the firmware actually did what it is supposed to do, and no way to easily audit it on the spot means destruction is more cost effective.

Re:Jump The Shark

[tlhIngan]

It sort of depends on the value of your secrets. People are reasonably certain that if you wipe random data over a disk 32 times that it can never be recovered, reasonably certain, with current technology anyway, well with the current technology we know about anyway. Now you have to ensure of course that it's been done properly and some dimwit hasn't just cleared a partition instead of the whole volume, and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ability to actually do a write to every sector to achieve this goal is somewhat questionable, and of course doing a 32 times rewrite on a large drive is going to take a few days to actually finish, days you're paying someone you trust with that data to sit and watch it, well presumably anyway.

On the other hand, physically destroying the disc is much faster and much more effective, depending on what the company charges, it might actually even be cheaper since you could actually do it to a whole bunch of hard drives at once.

You don't even need to do 32 wipes - a single pass of zeros is enough on a modern drive to render it impossible to retrieve. Even the big data recovery companies note that.

But it takes HOURS to do a wipe - easily 2-3 hours per drive.

You can physically destroy drives in a few seconds. Even one drive at a time, the time it takes to wipe one drive you can do over 1000 drives. And this is a press style which simply push the platters from the top through the bottom chassis.

Only SSDs can be erased faster - which work by simply regenerating the encryption key which destroys the FTL tables (rendering the sector maps useless) and the data irretrieveable.

Re:Jump The Shark

[dissy]

and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ability to actually do a write to every sector to achieve this goal is somewhat questionable

Every IDE drive made since the 90s has a multicore processor on it that is already more powerful than most hobbiest computers sold as actual computers just the decade before.

The translation between an address on disk to read or store a byte has not matched a static physical location since MFM drives, which most people these days have never seen or heard of.

Some brilliant hackers are only just recently reverse engineering these controllers, learning to run code directly on them.

This guy even has a Linux kernel running on a 2tb Western Digital HD controller chip, and reprogrammed it to silently watch for a certain string to be written by the PC and then return additional data.

His idea was to create a program that could be triggered remotely by getting said string to be written to disk, say by utilizing a webserver log file which puts even invalid requests into an error log.

That drive has a 150mhz 3 core ARM processor, which has a 32 bit memory map, direct access to the sata bus and direct access to the raw storage.
By pausing the HD CPU, memory locations can be changed and the currently running program modified, then the CPU can be unpaused and the code continues to run.

Basically anything you can do from the sATA interface is pretty garenteed not to be able to touch or even be aware of specific locations on the platters where data is stored.

Re:Jump The Shark

[tbuskey]

Exactly this. When the firmware automatically substitutes good sectors to replace bad sectors, you can't erase the bad. If there was sensitive data on that bad sector, you can no longer get to it to erase it unless you use a vendor (and model) specific program. Even if you have software for every drive, it will take far more time and labor to erase all the data. A shedder does it in minutes. You can't even spin a drive up that fast.

If your data is less sensitive that a sector being exposed is ok, use those general purpose wipers like dban. I think my home drives are ok (I know what data was on them and encrypted sensitive data). Work drives, not so much and shedding is less labor anyways.

Re:Jump The Shark

So yeah, maybe it's not necessary, but it's a bloody good show.

. . . "Security Theater"

Directed at Justin George

[g0bshiTe]

This is /. brother, I'm sure everyone here knows what the hell a degaussing gun does without the description there.

Due explain how other than burn in a computer monitor may still contain top secret images though.

Re:Directed at Justin George

[the_skywise]

Yeah I was about to post the same question.

But given the over-explanation for degaussing maybe it's something as simple as burn-in on old CRT monitors that did status displays for weapons panels/nuclear reactors, etc; ?

Re:Directed at Justin George

[miaDWZ]

[Do] explain how other than burn in a computer monitor may still contain top secret images though.

When it comes to security, sometimes you can never be too careful.

Re:Directed at Justin George

This is /. brother, I'm sure everyone here knows what the hell a degaussing gun does without the description there.

I'm curious as to how they made a strong enough degaussing gun to work on modern hard drive platters. The old style of "wave the hard drive over a wire coil a few times" no longer works like it does with old-style tape backups and floppies.

Re:Directed at Justin George

Hmm, well, in _theory_, one might imagine that the frame buffer / scaler chip memory on a modern digital flat-panel monitor might somehow retain a (probably partial, corrupted) copy of the last image that the monitor was displaying before it was powered off.

Now you might say, "but that memory is sure to be DRAM, which loses its state without power!". Yes, but maybe there is just enough residual capacity / charge for the data to be read out with some kind of super-sensitive probe?

Alternatively, if the monitor was displaying some kind of static image, it might have left slight differences in wear in the memory cells containing say light vs dark pixels? Again, rather far-fetched, but I wouldn't say that the basic physics rules out the possibility completely.

Re:The Slashdot Beta needs to die.

http://slashdot.org/?nobeta=1

Let me guess - GCHQ?

[dcollins117]

Just scanning the title of TFS I thought this was going to be an article about GCHQ technicians, angle grinders, and electric drills.

Degaussing? Really?

Degaussing? On a modern hard disk, with that level of coercivity? Bloody amateurs. Degaussing won't do shit to a modern hard disk.

A dd zerofill pass is actually enough to stop the NSA and GCHQ in a determined 'recovery' attack, for any sector that's actually overwritten, to their immense frustration. Meanwhile, remapped sectors and removing HPAs are the domain of ATA Secure Erase - Enhanced, and all the firmware seems to do just what it says on the tin for that. One pass of each would be just fine.

Bets are only off if the drive firmware's implanted (in which case, they probably already exfiltrated the data while it was running, anyway). If you suspect that, kill it with fire: you need to raise the platter above the Curie point. This means heat. That actually destroys the data. You could destroy the drive in any reasonable form by shredding it, but there's little point in that - see above - you could just erase it.

Re:Degaussing? Really?

Read the second and third links, this is a /. advertisement aimed at government surplus property managers. Those are the only people still capable of convincing that screen burn on a CRT monitor will be read by spies to obtain valuable secrets (like Windows 98 logos), and degaussing sounds very safe too.

Re:Degaussing? Really?

[Lumpy]

Most executives are incredibly low IQ types that believe the crap such as degaussing this is who they cater to.

Re:Degaussing? Really?

[datapharmer]

a drill is usually faster than zeroing out the drive and works for 99% of cases. Maybe not nsa, but it will even slow them down a bit.

Re:Degaussing? Really?

[bill_tvm]

If the drive ain't working how you going to run dd on it mate?

If it's not being reused - go full industrial

[dbIII]

If it's not being reused then degaussing is a waste of time and money if an oxy torch or plasma cutter is available. Even cheaper would be the sort of rollers used to make steel rod from billets. I'm sure any junkyard on the planet would have even better suggestions for total destruction. You can't recover data from tiny fragments, especially if they've been heated up to less than red heat to lose their magnetism for a while and come back to room temperature with the magnetic domains in different places.

Re:If it's not being reused - go full industrial

[sunderland56]

If it's not being reused, just build one giant Blendtec blender.

Re:If it's not being reused - go full industrial

[rotorbudd]

Hard Drive meet Hammer Drill

Reminder

It is rude to randomly redirect visitors to beta.slashdot.
Even more so because beta sucks.

Providing a hard to find opt-out, adding /?nobeta=1 to the url, just upgrades the aggravation level from "rude" to "insulting and infuriating".
The only acceptable option is, as always, opt-in.

I guess you need reminding. a lot.

Re:Reminder

[maxwell+demon]

Those who will see your comment are not those why may need reminding. It's not the readers of Slashdot who give you the beta interface.

Re:Reminder

[hcs_$reboot]

Thank you for your feedback.

degaussing fails on SSD

[johnjones]

so when you want to take a storage device into rough environment would you take spinning media...

so the question would be what do they do to SSD...

John Jones

Re:degaussing fails on SSD

[AndroSyn]

I'd imagine physically shred the SSDs back into sand? When I've needed to destroy an SSD, I've just taken a power drill to the flash chips.

Laser sights for weapons?

What kind of secrets does a laser sight have? It's just a glorified laser pointer.

Re:Laser sights for weapons?

[MiniMike]

I took this to mean they want to keep the design of the optics secret.

Pelease!

Anybody having e Greasemonkey script to filter out these awful Pickens ads?

Re:Pelease!

[maxwell+demon]

I have no idea what you speak of, but I guess AdBlock Plus and RequestPolicy would each get rid of it. Possibly NoScript would suffice, too. (I run all three, and that certainly is enough to not make me see it).

Re:Pelease!

I have no idea what you speak of

Clearly.

Re:Pelease!

[jones_supa]

I have no idea what you speak of

He means the articles submitted by Hugh Pickens, who has "DOT Com" in his username, which some people see as an advertisement for hughpickens.com.

Re:Pelease!

[Lumpy]

Yes it's called adblock plus. Stop trying to block ad's with greasemonkey.

Simpler, incinerate with common trash

[Framboise]

My town has a huge incinerator for common trash that will bring any computer component well over 1000C: most computer component would be finely destroyed to atomic level. As a bonus the incinerator produces electricity.
It would suffice to secure the transport to the incinerator and let heat finish the task.

Re:Simpler, incinerate with common trash

Does your town filter the exhaust or are you breathing in old harddrive atoms right now???

Re:Simpler, incinerate with common trash

No... Not the companion cube...

Re:Simpler, incinerate with common trash

[ImprovOmega]

Except for the environmental toxins that would release, I would agree with you.

What we really need is a local black hole to chuck unwanted devices into. Guaranteed information destruction baby!

Re:Simpler, incinerate with common trash

[rubycodez]

you are funny, such a temperature does not render things to "atomic level", many metals won't even melt at that temperature. you will break down many toxic organics though. but you will turn other things into poisonous fumes (solids suspended in hot gases)

Paid Ad Again

[fat_mike]

EPC does the same thing. Though they don't degauss the drive. They completely destroy it. I am fortunate to have one of their recycling centers in town and believe me there is nothing like watching your hard drives go up a 30 foot conveyor belt into a 30 foot tall shredder and come out as slivers.

I don't work for them, I'm just damn happy they exist. Capitalism at its best, find a need and fill it.

wait... That doesn't protect against AIDS?!

[mekkab]

Guess I need to find a new General Practitioner! >:(

Ye Olde "drill bit through the platters?"

[mekkab]

If you make a couple of holes with a 1/4" titanium bit, is there anything salvageable? Or is this service really marketed for the paranoids?

Re:Ye Olde "drill bit through the platters?"

drills and exercises,
anything plugged into terrestrial power-grids has already been uploaded (see stuxnet duqu).
Truly sorry folks, it`s all been in vain. If it aint been slurped by the AKAMAI VIRUS, it has been accessed and stolen via STUXNET and DUQU VIRUS.

Re:Ye Olde "drill bit through the platters?"

[NemoinSpace]

Not if you are counting on the disk spinning. But if you are seriously going through the trouble because your data *is* really sensitive, (even a HIPPA breach is a serious liability), then i suggest to you that all the sections of the disk without holes are pretty much readable. So, the long and short of this is, if you have a real need to destroy data, better not leave it up to the kid with the Ryobi.

Disgusting.

[Lumpy]

A lot of us firearm enthusiasts would love to buy used some of those military gun sights. I cant afford a $7800 laser sight, so they just destroy it to protect the manufacturer's high price point. It's why we dumped tens of thousands of Jeeps into the ocean instead of allowing Americans to buy them surplus, it would drive down the price of new cars and we cant have rich people making less money.

Re:Disgusting.

Maybe they are afraid of what one day may happen if american citizens kept buying military surplus. IMHO it shows forward thinking.

Re:Disgusting.

[Lumpy]

Then it's the idiot managers paradox. Because even if I gave you a $50,000 holographic night vision scope, 99% of the population could not hit a target unless they had the skill to actually shoot a gun. You know those videos of samalis holding the AK 47 above their head firing? all they are hitting are buildings and the ground, if they were fighting a trained enemy force they would be wiped out in mere moments. A well trained soldier from a western or eastern country could easily take out 20 untrained soldiers without effort or fear.

So someone having it is not a risk. Just like how they whine about people being able to buy defused grenades at surplus stores. Yes, someone with an IQ above 120 can make them work again, but the risk is so low it's not funny. Plus it is a lot easier to make a new one from gas pipe than trying to fix a Vietnam era grenade. But it does not stop uneducated people from being horrified that I can go and buy "grenades" for $5.00 each.

Re:Disgusting.

[ebvwfbw]

.... But it does not stop uneducated people from being horrified that I can go and buy "grenades" for $5.00 each.

Or having a cap gun with a red barrel on an aircraft in my Son's carry on. "Looks like a gun, he could threaten someone." I said only if they are in management here making decisions on what can be brought on an aircraft. That of course flew right over his head and wacked him in the back of the head the next month.

We shouldn't have to dumb everything down to the lowest level. Worry about what insane people think/do. They should be taken care of like we used to do, before they emptied out the wards in the 1970s.

Have some fun

[m0s3m8n]

Have some fun with hard drives. AR-15 practice targets.

Re:Have some fun

[jedidiah]

> Have some fun with hard drives. AR-15 practice targets.

Despite of all of the hysteria and propaganda, the AR-15 is actually pretty weak. If you're interested in destroying hardware, you probably want something with a bigger slug and better range. Even something with bolt action might be more destructive.

Re:Have some fun

[ihtoit]

kind of expensive on ammo as well... I prefer my Air Arms Mistral .22 or my Webley Stingray .177. Quiet, accurate and a tin of 500 .22 pellets weighs the same as a pair of 32-round 5.56x45mm box magazines.

Re:Have some fun

[__aajfby9338]

An AR-15 will destroy a hard drive just fine. I think that even regular soft-point hunting rounds would easily penetrate an old 5.25" full-height hard drive. I suppose that something with better range would be preferable if I found a need to destroy hard drives from more than 300 yards away...

Plasma furnace

(posting as AC because) as someone who used to supervise drive destruction at a rather touchy agency... we used plasma furnaces. Would could still recover the odd bits from shredding.

Nothing is Destroyed, Nothing is Forgotten

Remember. Read. Think.

Re:Nothing is Destroyed, Nothing is Forgotten

[ArcadeMan]

I will remember. I will read. Squirrel!

Bitcoin wallets

[ArcadeMan]

If they're not stupid, they're checking to see if the drives don't have any crypto-coin wallets before destroying them.

Recycle them for scrap

[Hamsterdan]

That's what I do when a drive fails or becomes noisy. I keep some of the magnets, remove the board, heads and platters, remove the copper coil from the head assembly. When I have around 10 or 20 drives (5 to 10 pounds), I sell them to the scrap yard. Good luck retrieving data after everything has been tossed in the big aluminum bin. Not a big amount at 50 cents a pound though.

Working for the DOD

[tie_guy_matt]

One nice thing about working for the DOD is that Dell doesn't expect you to be able to return your old hard drive. Just say that your hard drive is defective and they will send you a new one no questions asked. Of course most of the people I know (myself included) were to honest and would only ask for a new HD if their old one was in fact defective. But I suppose if you were into using your power for evil and not good you could have gotten an entire collection of new HD's that way. You also could have been guilty of stealing government property if you used them for anything but work (which wouldn't be likely since they aren't barcoded but you never know) so I guess that is also why nobody bothered with that. HD are cheap enough that it isn't worth it.

greyholes

But hawking says the info is still there, now.

Craftsman has long metal shears

In Sears, you can get long Craftsman metal shears. These are a little longer than normal ones. The blade is long enough to bite into a disc platter. So what I do is disassemble the disk (Craftsman has star wrenches, too, and you need good ones because machine-screwed star screws are hard to get out without stripping your screwdriver), remove the platters, and cut them apart with the long metal shears. Won't work in bulk, but works for me.

Always elaborate and expensive

[Maxo-Texas]

Just dump them in a storage water pool for five or six years.

Oh- - I recently got an enclosure and am going through my old IDE drives.
The oldest so far is 8gig from 1999/2000. All work perfectly.
It was ironic that I had trouble tossing it in the trash even i had an 8gig memory stick I bought that day for $4.99 at Fry's. LOL!

The 80GB drive is more interesting. keep or toss.

These things are good forever if you dont' spin them apparently.

Re:Always elaborate and expensive

[jedidiah]

I just disassemble them. Yank out the disks themselves and separate them from their housing. If you had disks from more than one drive, I wonder if anyone could ever sort that out again.

Can't Trust American Co's - HSec and if .us.gov

All those secret orders. Assume you were Siemens or another leading company. Wanna bet your e-trash is not diverted. Sure?
Due to revelations and grave constitutional disrespect - behaviours need to change - and outsourcing and cloud are not solutions.
Pay someone else because your staff are too dishonest and may ebay them, or unskilled in using a hammer?
A pottery kilin will liquify metal Use a grinder to reduce PCB's to granules. Take the platters out and sandblast them clean. Think real carefully - it is reported agencies have thier own HDD firmware - and why is that? Short the device power pins for good measure.or solder in a strip of magesium ribbon.

Thermite, HCL baths, and pumping a drive with acetelyne and glow plugging it is fun too.Forget degaussing - seen mag tapes jump through 5mm aluminium sheilds and neary kill employees. Salt your old drives and have some dummies lying about.

Broken chain of custody

The deal-breaker in every single data-destruction company I've looked into, is that they don't allow regular joe-six-pack to physically hold the asset from start to finish. At some point they all say "Now we go behind this closed door with your drive and or documents, staff only. But *trust* us, we will destroy it."

Complete deal-breaker.

Re:Broken chain of custody

[ebvwfbw]

They don't do that. I've seen agencies and the destruction in process. They bring a truck out and destroy it on the premises with government dude watching. Granted the government dude is usually about as bright as a bowling ball and things could still get out. Never the less I've never seen the chain broken. If you know of a case, report it to their Inspector General.

By 2025 a children's Speak & Spell Could Crack

[Warhawke]

You can’t hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

16 employees?

[_BrianMahoney]

Odd that the number of employees is mentioned, to me anyway. What would happen if even one of those 16 was disgruntled, or whatever Snowden was? If the 20,000 sq. ft. warehouse, not that big at all, is just as secure as the NSA office where he worked, then another leak seems imminent.

What's wrong with using DBAN?

Seems a waste to destroy components when they might be reused after wiping.

when permanent secure erase is needed: recycle

[ihtoit]

660.32C melts aluminium, this temperature is fairly easily attainable in a domestic furnace (eg a garden incinerator or wood stove, a blacksmith's forge if you're of such a mind as to have one of these). OK, just doing a melt-n-pour into ingots leaves you with a variable-purity alloy containing 99.9 aluminium, the rest a mix of palladium, platinum and chromium, but that's still useful (and being ready melted in your own furnace guarantees you the data is gone forever, and you have full chain of custody of the data until it dies). That said it is more expensive to recycle aluminium than it is to refine it from bauxite (tho if it's there, right?), reflected in the abysmal value of scrap aluminium and even considering the fact that following a major bauxite find in Western Australia in the middle of last year the arse fell right out of the scrap aluminium market.

Re:By 2025 a children's Speak & Spell Could Cr

Oh for mod points for the Frontalot ref.