Slashdot Log In
"Smash Your Hard Drive" To Fight Identity Theft
Posted by
CmdrTaco
on Thu Jan 08, 2009 08:47 AM
from the i-can-get-behind-that dept.
from the i-can-get-behind-that dept.
Will Do This For Free writes "BBC News has a story about the only fireproof way of safeguarding your personal information when dumping your old computer: 'It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens. [...] The more thoroughly the better.'
This sounds like so much fun that I almost feel like doing it right now. Let me press Submit Story first."
Related Stories
Submission: "Smash your hard drive" to fight identity by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
"The only fireproof way of safeguarding your data" (Score:5, Funny)
Re:"The only fireproof way of safeguarding your da (Score:5, Interesting)
Throwing into fire is not enough, the magnetic domain on the platter is still there for highly technical team to retrieve. You have to melt the hard disk into liquid and stir thoroughly.
Parent
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
Parent
DOD Guidlines. Re:"The only fireproof (Score:5, Informative)
To properly dispose of hard drives which may contain Top secret information is a 5 step process to be performed in the order specified and by competent engineers.
1. Perform a triple overwrite security erase on the entire disk.
2. Use a bulk degausser (AKA a powerful electro magnet).
3. Crush the drive under a roller or tank tracks, whichever is more convenient.
4. Melt the scrap into slag.
5. Bury that Slag in a toxic waste dump to deter any attempts at data recovery.
That's not exactly how it went but I think this is pretty close. Can anyone find the original?
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Informative)
The real spec is DoD 5220.22-M, available at http://www.dtic.mil/whs/directives/corres/html/522022m.htm [dtic.mil].
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Interesting)
About a decade ago, our artillery unit did do "rollovers" on hard drives for the intel unit. The drives, although already drilled through, were stored in a safe and ecsorted by Military Police. After we ran them over, the pieces went back into the safe. After the drilling and crushing, the drives were to be put into a 55 gallon barrel (along with wood or paper), doused in fuel, and burnt for a minimum of 30 minutes.
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
.. and that's how the Pentium bug came into existence.
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
You're just jealous because you don't have a tank.
Admit it.
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Insightful)
Am I crazy when I think that when one gets to the point where one is overwriting with random data 10+ times and degaussing afterwards, the chance of some enemy recovering your data is pretty much zero, and the money such a recovery would require would be enough to buy a hundred spies? No point in destroying your data to the point where only divine intervention could restore it when it is several orders of magnitude easier to steal the data before it is destroyed, right?
Parent
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
Having a tank would make technical support a lot more satisfying:
C: "Hello, is this technical support?"
M: "Yes. May I help you?"
C: "There's a big black thing where my Internet Windower Vista should be"
M: "Very well sir. Did you turn your computer on?"
C: "....is that under the start menu?"
*rumble rumble*.....BOOM!
Parent
DoD sanitization (Score:5, Insightful)
Depends on the value of the information. Are you willing to spend $500-$10000 on a professional recovery service, or is your information not worth that much? Can it be reconstructed through different means?
The DoD has to worry about enemies getting ahold of the disk and sending it to a multi-million dollar clean-lab with stuff like electron microscopes and post-doc engineers to recover the information.
Something properly classified 'Top Secret' is done so on the basis of it being possible for it to cause 'exceptionally grave damage'. IE lives lost, cities nuked, embarrasing the POTUS, etc...
The reason you destroy the information in so many different ways is in case one of the ways fail. For example, degaussing is often possible in-house, but what if the degausser doesn't work well enough? On the other hand, sending it to a facility capable of smelting it down requires transporting it - an opportunity for it to be lost. So you degauss it first to make it harder to retrieve data in the facility, then send it to the smelter 'to make sure'.
Parent
Re:"The only fireproof way of safeguarding your da (Score:5, Informative)
The platters don't have to be melted, they only need to be heated to the Curie point [wikipedia.org] to loose all their information. Of course, that would still take a pretty hot fire.
Parent
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
Parent
No you don't. (Score:5, Insightful)
Disassemble the drive and remove the platters. Take sandpaper and sand off the oxide. There's no way in hell any data will be recovered after that.
Not everyone has access to a furnace hot anough to melt the whole thing.
Parent
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
Parent
Nuke it from space (Score:5, Funny)
I find a Magnet Works (Score:4, Informative)
I doubt anyone could recover data from it, as it is surely scrambled.
Re:I find a Magnet Works (Score:5, Insightful)
NO! It does NOT make it completely useless. Someone with a scanning-tunneling microscope could still retrieve portions of your data! The thing that makes this article retarded isn't the difficulty of permanently destroying data, which is best done with intense heat (as in, burn the disk to the point it melts) but the fact that no one cares about your identity OR your porn collection. Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something. Zero the disk or if you must, run a secure formatter, and put it on freecycle if it's too old to sell.
Parent
Re:I find a Magnet Works (Score:4, Funny)
Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something.
"Can you guys recover my data?"
"Yes we can!"
Parent
Or make it reusable... (Score:5, Informative)
and just use dBan, Derrick's Boot and Nuke. [dban.org]
Nothing beats an afternoon of watching dBan and a comfy chair. Beer or whisky optional.
Re:Or make it reusable... (Score:5, Funny)
Nothing beats an afternoon of watching dBan and a comfy chair. Beer or whisky optional.
dBan sounds cool. So I put it on a disk and ran it. It really doesn't look that special. My computer won't turn on now.
Parent
Kindness (Score:5, Funny)
You'll have to excuse me. I'm need to go protect my ex-wife from identity theft.
Re:Kindness (Score:5, Funny)
So she uses ReiserFS?
Parent
Environmentally criminal! (Score:4, Informative)
This recommendation from Which? magazine has incensed me today. They're reported as saying "It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens." [bbc.co.uk]. There's no need to do this if you use disk wiping software, which is probably even better than a hammer; as the BBC article points out. Darik's Boot And Nuke [dban.org] is perfect for this. It's environmentally criminal to be suggesting the best way to wipe a disk is to smash it.
Pete Boyd
Re:Environmentally criminal! (Score:5, Informative)
Problem is that most people are way too stupid to understand how to use that, but they can understand smash.
The funny part, 90% of those people that understand smash, will not smash it enough. I have recovered data from laptop hard drives that looked pretty smashed, but 45 minutes in my improvised clean room moving the platters to a different drive and I was able to read the contents.
Parent
Re:Environmentally criminal! (Score:5, Funny)
The funny part, 90% of those people that understand smash, will not smash it enough.
Another 5% will enjoy it so much that they will do the same thing to their new computer, the TV and the next door neighbours car.
Parent
Re:Environmentally criminal! (Score:5, Informative)
It's really not that hard to transfer platters. and yes use an identical drive.
a makeshift clean room is easy. run the shower in the bathroom for 15 minutes on the hottest setting and then shut it off and let the room cool down completely. the mist in the air will remove all dust as it falls to the ground. use a tyvek suit and cover your hair, face, hands and you're good to go.
Parent
An Alternative Approach... (Score:5, Funny)
Smash An Identity Thief.
Just told my brother this (Score:4, Interesting)
His PC died due to dust accumulation (fried mobo, dead power supply, fused RAM) and he asked me what to do with his system. I told him the only thing he needed to worry about was his HD. Told him to drill a few holes in the drive, use a blowtorch in those holes if he still had one (he used to work in home remodeling), smash the drive with a hammer and put it in a bag with his used cat litter (they have two cats).
If someone is desperate enough to want the information on his drive, they're going to have to work for it.
Re:Just told my brother this (Score:5, Funny)
His PC died due to dust accumulation (fried mobo, dead power supply, fused RAM) and he asked me what to do with his system. I told him the only thing he needed to worry about was his HD. Told him to drill a few holes in the drive, use a blowtorch in those holes if he still had one (he used to work in home remodeling), smash the drive with a hammer and put it in a bag with his used cat litter (they have two cats).
If someone is desperate enough to want the information on his drive, they're going to have to work for it.
Well that depends, what breed of cat?
Parent
Shredder (Score:5, Interesting)
Re:Shredder (Score:4, Interesting)
You mean like this? http://www.youtube.com/watch?v=UIRXh2oiqtA&NR=1 [youtube.com]
Parent
Article or Ontrack Promotional Video? (Score:5, Insightful)
The whole discussion is made pointless when Ontrack says, "Oh, we can't restore a zero'd drives either."
Some ideas for destruction (Score:4, Informative)
If you want to go the nuclear option, they demonstrated some favorites: mangling the platters in a vice, dremel or hand grinder, propane or cutting torch, melting it in thermite, etc.
A hospital I worked for once, when decommissioning old computers, would take the hard drive over to a drill press and put a couple holes through it. Nowadays I think they've bought a drive shredder.
Just wipe it once (Score:5, Informative)
Really, there's no need to wipe it more than once unless you honestly think it will matter. At least these guys think so:
http://16systems.com/zero [16systems.com]
Give the disk to my girlfriend . . . (Score:5, Funny)
. . . and tell her to put it in a safe place, and that you might need it later.
It's gone forever.
There is no chance that anyone will ever have access to that disk again.
Re:saveguarding, eh? (Score:5, Funny)
It would certainly make smashing a hard drive to smithereens more interesting.
I wouldn't recommend it though. The paranoia you'd need to decide smashing a hard drive was the best way of preserving your identity would likely make it a pretty harsh trip.
Try crystal meth instead. The aggression and hyperactivity'd make be damn sure that HDD was properly smashed.
Parent
Re:saveguarding, eh? (Score:5, Insightful)
Parent
Re:saveguarding, eh? (Score:5, Funny)
Parent
Re:RBFH (Score:5, Funny)
RBFH - is that "Really Big F**king Hammer?"
Damn, I just bought a BFH to smash some walls. I wonder if I can upgrade with a serial number?
Parent
Re:Whats the problem with... (Score:4, Interesting)
It is possible to reread some data from a zeroed (or oned (sp?)) disk. Pretty obscure, but I think it is to do with the threshold values of zero and one. For example, writing a location in sequence with 1,1,0 will result in a measurable [ though below threshold ] difference than if it had been 1,0,0. Seagate and the like do their best to squeeze this to the absolute minimum, thus maximizing utilization of the magnetic disc. I suspect it is much harder to recover anything meaningful from a 1TB platter than from a 5MB platter.
The other leak is with remapped sectors. Remapped sectors may contain live data, but have been switched out of use because they were unreliable. Flash has the same problem.
dd if=/dev/random of=/dev/sda takes care of the first problem - if you more paranoid than that, you should probably stop whatever it is you are doing.
You need a custom tool to access the remapped sectors.
Parent
Re:Whats the problem with... (Score:5, Funny)
Come on people! Zeroing a disk drive only removes half of your data. The other half is unchanged and still perfectly readable!
Parent
Re:Whats the problem with... (Score:5, Funny)
Exactly! You have to XOR every bit! :)
Parent
Re:In other news (Score:5, Informative)
In other news: people still stupid. Has anyone here actually TRIED to get stuff back off a Guttmann wiped drive? Or even a DoD 7 wiped drive?
My class in computer security had some time to kill and someone brought that up so the teacher said "Well, we've got a bunch of PCs from last upgrade waiting to be re-imaged and given away to students...let me see what I can score us!". He ended up getting us a half a dozen PCs set up in the back of the class with 2 HDDs set up in each so we could run plenty of different tests. We did everything from MSFT format to one pass to three pass to DoD 7 to Guttman. We researched and then used every piece of freeware and trialware that we could get our little hands on. Here is our findings:
MSFT format is of course pointless, as everyone knows. 1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC. 3 pass was lower(0,1,random), somewhere in the 10-20% range, depending on the software used, but most of the "recovered" data was garbled beyond use, DoD-7 made it pretty much impossible, I think we got 2 .txt files and they were so garbled we couldn't decide if it had actually recovered ANYTHING, certainly nothing you could use, and finally Guttmann we got squat.
So if someone were to spend the $$$$ to have the drive taken apart in a clean room and analyzed and you only used one or two pass of predictable patterns then yeah, I might see wanting to destroy. But I haven't seen anyone bragging about beating D0D-7 with what the average hacker would have access to, much less Guttmann. So frankly unless someone here has a citation I have to call bullshit. Frankly it makes me wonder if this kind of stuff isn't cooked up by the HDD manufacturers. I can just imagine them spinning this- "Before giving away that machine destroy the hard drive first!(so they'll have to buy a new one from us! Yay!)"
Parent
Re:In other news (Score:5, Informative)
Hard drives are cheap. If you have any data that you absolutely don't want to get out...EVER...physical destruction is the 100% solution.
And, in terms of practicality, running DoD-7 takes about 1000 times longer than whipping out the old Sledge-O-Matic. If you're retiring a few dozen computers, even that gets old, and you start looking for the thermite.
Parent
Not cheap if computer is free (Score:5, Insightful)
Hard drives are NOT cheap if your goal turn the computer around for use by someone with low income. I rebuild computers and give them away for free to people who need them. Spending even $20 to replace the hard drive would increase the cost of the computer enough to make it unusable for my purposes.
Is it really possible to recover data from a disk that has been wiped with DBAN? I highly doubt it -- I've never heard of data being recovered after wiping with DBAN.
If you want to be friendly to the environment and spread the availability of low-cost computing, don't destroy the disk, use DBAN instead.
Parent
Re:In other news (Score:4, Informative)
Parent
Re:In other news (Score:5, Interesting)
The problem is that modern hard drives do automatic defect mapping. The end result is that sometimes important data can be written to a sector, and then the drive will decide that sector is unreliable and map it out. That sector can no longer be accessed in any way. As a result you have a sector which contains data but cannot be wiped because the drive won't let you write there.
Flash memory is even worse since it does write balancing between all cells to PREVENT a failure of a sector, rather than deciding a sector is on its way out and mapping around it then.
Parent
Re:In other news (Score:5, Insightful)
Well if you can't access it in any way, then why would it matter? Remember, what folks are afraid of is some hacker will get their CC numbers or some business will end up with a lawsuit because the hackers got everyone's social off their old machine. But I have yet to see anyone actually pull anything useful off without going clean room, which frankly is so crazy expensive that no hacker in his right mind would bother. And for the poster that said it would take too long? You do know there are free programs like this [terabyteunlimited.com] that can boot off CD and do the job for you, right? Hell I bet the FLOSS guys have a nice CD that you can stick in that is simple to script. Simply write a script, burn the disc, and then set the headless machine in the corner.
And finally let us not forget that in this economic downturn that many machines being tossed by enterprise and SMBs as "junk" could be given a new lease on life and help those that have not been as fortunate as us. I repair and give away machines from businesses and you would be surprised what even a 400MHz P2 can do for those that have none. I have turned a 233MHz into a bookkeeping appliance for a little church who helps out families, the homeless, and migrant workers by installing Puppy Linux with OO.o and some simple Dbases set up. Once shown how the wife of the pastor makes her own databases using the wizard and uses them to track donations, make mailing lists, help with inventory, etc. I have given a 400MHz to a single mom who cried because she now had a way to help her kids with homework and thanks to that donation would have something nice to give her kids for Xmas, and I have set up a group of old 350-600MHz along with an old 700MHz donated server I was able to talk the school out of for a class project on networking for a shelter for battered women. They use them to teach office skills to the women to help them become self sustaining and the server reimages them and does backups on the ones we gave the office workers.
So while the cost of a new HDD might not be a big deal for most of us, for them it could have hurt. I tell all of those that are nice enough to donate that I will DoD-7 wipe the HDD, which for the smaller drives in older machines really doesn't take long. And of course now that IDE drives are no longer being made they will probably end up more expensive which will make it even harder for somebody who doesn't have much to begin with to afford one. I figure it is better for the environment as well as my heart to take a little time and sit a PC in the corner and run DoD-7 than it is to just see it end up as more e-waste polluting our landfills. Don't you?
Parent
Re:In other news (Score:4, Insightful)
1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC.
OK, I'm impressed. Would you care to explain in more detail how you did that? From your description, you used "every piece of freeware and trialware that we could get our little hands on". I haven't heard of any software solution that can recover overwritten data.
Parent