"Smash Your Hard Drive" To Fight Identity Theft 527
Will Do This For Free writes "BBC News has a story about the only fireproof way of safeguarding your personal information when dumping your old computer: 'It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens. [...] The more thoroughly the better.'
This sounds like so much fun that I almost feel like doing it right now. Let me press Submit Story first."
"The only fireproof way of safeguarding your data" (Score:5, Funny)
Re:"The only fireproof way of safeguarding your da (Score:5, Interesting)
Throwing into fire is not enough, the magnetic domain on the platter is still there for highly technical team to retrieve. You have to melt the hard disk into liquid and stir thoroughly.
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
DOD Guidlines. Re:"The only fireproof (Score:5, Informative)
To properly dispose of hard drives which may contain Top secret information is a 5 step process to be performed in the order specified and by competent engineers.
1. Perform a triple overwrite security erase on the entire disk.
2. Use a bulk degausser (AKA a powerful electro magnet).
3. Crush the drive under a roller or tank tracks, whichever is more convenient.
4. Melt the scrap into slag.
5. Bury that Slag in a toxic waste dump to deter any attempts at data recovery.
That's not exactly how it went but I think this is pretty close. Can anyone find the original?
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Informative)
The real spec is DoD 5220.22-M, available at http://www.dtic.mil/whs/directives/corres/html/522022m.htm [dtic.mil].
DoD standard superceded by NIST's standard (Score:3, Informative)
There's no original because that's not the spec.
The real spec is DoD 5220.22-M, available at http://www.dtic.mil/whs/directives/corres/html/522022m.htm [dtic.mil].
The DoD standard has been superceded by NIST Special Publication 800-88:
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
http://en.wikipedia.org/wiki/Data_remanence
How we declassified disks in the 1980s (Score:3, Interesting)
Back in the 1980s and early 90s, when I was working as a tool for the military-industrial complex, I ran a VAX lab that processed classified information. I forget which DoD standard we followed (it was equivalent to Army 380-380), but I got to write our declassification processes and my successor at the job had the fun of implementing them. The basic choices were
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Interesting)
About a decade ago, our artillery unit did do "rollovers" on hard drives for the intel unit. The drives, although already drilled through, were stored in a safe and ecsorted by Military Police. After we ran them over, the pieces went back into the safe. After the drilling and crushing, the drives were to be put into a 55 gallon barrel (along with wood or paper), doused in fuel, and burnt for a minimum of 30 minutes.
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
.. and that's how the Pentium bug came into existence.
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
You're just jealous because you don't have a tank.
Admit it.
Re: (Score:3, Funny)
Those data recovery people are pretty savvy. They just recovered the 18 1/2 minute gap on the Nixon tapes. It is Nixon listening to Alice's Restaurant by Arlo Guthrie.
Re: (Score:3, Interesting)
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Insightful)
Am I crazy when I think that when one gets to the point where one is overwriting with random data 10+ times and degaussing afterwards, the chance of some enemy recovering your data is pretty much zero, and the money such a recovery would require would be enough to buy a hundred spies? No point in destroying your data to the point where only divine intervention could restore it when it is several orders of magnitude easier to steal the data before it is destroyed, right?
Re:DOD Guidlines. Re:"The only fireproof (Score:4, Insightful)
> Has anyone ever gone to Mars or brought peace to the middle east? Surely if this has been possible for a long time it must be possible for you to point to two or three reliable articles where someone has done this.
This Gutmann guy tells us how overwritten data could be recovered. Reading his paper makes one suspect this would all be very easy for one with access to scanning probe microscopy, and he suggests a scanning probe microscope could be built for as little as $1400. The paper has been 'in the wild' for over 10 years now. Why can't I find any articles wherein his techniques have been used to recover just a single sector that has been overwritten 5 times? By the looks of it such an experiment could be performed for relatively little money, and any university who would do such an experiment would gain much publicity. Either nobody has ever tried this very cheap and easy thing that would make that person very famous, or it is impossible.
Which makes it, off course, completely different from going to Mars or bringing peace to the middle east. The former is extremely expensive, and nobody knows an acceptable way to solve the latter. Neither of these problems apply to the paper you mentioned, or so the writer suggests.
Re: (Score:3, Interesting)
Then they play with the magnents, figuring out ways to ruin each others credit cards from a distance.
Re:DOD Guidlines. Re:"The only fireproof (Score:5, Funny)
Having a tank would make technical support a lot more satisfying:
C: "Hello, is this technical support?"
M: "Yes. May I help you?"
C: "There's a big black thing where my Internet Windower Vista should be"
M: "Very well sir. Did you turn your computer on?"
C: "....is that under the start menu?"
*rumble rumble*.....BOOM!
DoD sanitization (Score:5, Insightful)
Depends on the value of the information. Are you willing to spend $500-$10000 on a professional recovery service, or is your information not worth that much? Can it be reconstructed through different means?
The DoD has to worry about enemies getting ahold of the disk and sending it to a multi-million dollar clean-lab with stuff like electron microscopes and post-doc engineers to recover the information.
Something properly classified 'Top Secret' is done so on the basis of it being possible for it to cause 'exceptionally grave damage'. IE lives lost, cities nuked, embarrasing the POTUS, etc...
The reason you destroy the information in so many different ways is in case one of the ways fail. For example, degaussing is often possible in-house, but what if the degausser doesn't work well enough? On the other hand, sending it to a facility capable of smelting it down requires transporting it - an opportunity for it to be lost. So you degauss it first to make it harder to retrieve data in the facility, then send it to the smelter 'to make sure'.
Re:"The only fireproof way of safeguarding your da (Score:5, Informative)
The platters don't have to be melted, they only need to be heated to the Curie point [wikipedia.org] to loose all their information. Of course, that would still take a pretty hot fire.
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
Re: (Score:3, Informative)
Heating a destroys the magnetic domain's long before it melts. As density increases the ability to do data recovery when things go bad keeps decreasing.
No you don't. (Score:5, Insightful)
Disassemble the drive and remove the platters. Take sandpaper and sand off the oxide. There's no way in hell any data will be recovered after that.
Not everyone has access to a furnace hot anough to melt the whole thing.
Re: (Score:3, Informative)
Don't forget to harvest the handy magnets if you bother to do it that way.
Some hard disk platters are glass, so be careful!
Re: (Score:3, Interesting)
I built a kiln out of a trash can, ceramic fiber mat, and some venturi propane burners made from 3/4" pipe. I've fired to Cone 4 (2124ÂF - 1162ÂC) in it. Cost about $200 to make. Would be cool to get a crucible and melt down a drive or two. I have some old scsi stuff from the 90's...
Re: (Score:3, Funny)
Re:"The only fireproof way of safeguarding your da (Score:4, Informative)
Whoosh!
The point was that they said this is a "fireproof" way of restoring your data - which is basically saying that throwing the hard drive into a fire would somehow recover the data.
Foolproof would have been a better word to use; as in "even a fool could protect their data using this method".
Re:"The only fireproof way of safeguarding your da (Score:5, Funny)
Shoot It (Score:3, Informative)
Five shots from a .458 Winchester Magnum firing soft-points really wrecks a drive into smithereens. It's actually hard to find a spot on the platters that isn't either punched through or scratched to near-oblivion by tiny fragments bouncing around inside the thing. Really, they look almost sandblasted where not outright gone.
And it is a lot of fun, too.
Nuke it from space (Score:5, Funny)
saveguarding, eh? (Score:2)
Re: (Score:2)
Re:saveguarding, eh? (Score:5, Insightful)
Re:saveguarding, eh? (Score:5, Funny)
Re:saveguarding, eh? (Score:5, Funny)
It would certainly make smashing a hard drive to smithereens more interesting.
I wouldn't recommend it though. The paranoia you'd need to decide smashing a hard drive was the best way of preserving your identity would likely make it a pretty harsh trip.
Try crystal meth instead. The aggression and hyperactivity'd make be damn sure that HDD was properly smashed.
Re: (Score:2)
what about using acid?
dude, that's like such an awesome idea... like I can see patterns on the disk man. Wow man, you have a wicked selection of porn
Re: (Score:3, Insightful)
What about having it fully encripted at all times?
If your computer is stolen it's quite hard to convince the thief to store it in an acid bath till it stops bubbling.
I find a Magnet Works (Score:4, Informative)
I doubt anyone could recover data from it, as it is surely scrambled.
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
Re:I find a Magnet Works (Score:5, Insightful)
NO! It does NOT make it completely useless. Someone with a scanning-tunneling microscope could still retrieve portions of your data! The thing that makes this article retarded isn't the difficulty of permanently destroying data, which is best done with intense heat (as in, burn the disk to the point it melts) but the fact that no one cares about your identity OR your porn collection. Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something. Zero the disk or if you must, run a secure formatter, and put it on freecycle if it's too old to sell.
Re:I find a Magnet Works (Score:4, Funny)
Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something.
"Can you guys recover my data?"
"Yes we can!"
Re: (Score:3, Insightful)
TFA makes the point that for most of us, a wipe or a hammer job is adequate to deter the schmoogs. The web is full of various tests of redox reactions to destroy the platters, if your data is in a glowing puddle of molten aluminium, it's probably secure.
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
but the fact that no one cares about your identity OR your porn collection. Just zero the disk once and odds are that will be more than good enough for any of your personal data, unless you are the fucking president or something.
I agree completely. No one is going to bother with a few weeks of work taking apart the drive to get access to you're $371.39 bank account when they can spend 1 hour and simply find that the next disk in line is fully formatted and has all the information they need.
The whole article is a little sensationalist and ridiculous to me. I'm surprised to see such shoddy reporting from the BBC.
Re: (Score:3, Insightful)
It's really surprising to see a comment like this get moderated informative on slashdot.
Re: (Score:3, Interesting)
If you're really want to have fun, you should take the magnet out of the drive. Those things area amazing. I had a co-worker who pulled the magnets out a whole slew of retired 5" hard drives. You could hang incredible amounts of weight from those things. Very easy to smash your fingers between them too. Just don't do it on your employer's time.
oh yeah, you could use that magnet to wipe the platter while you've got the drive open.
Re: (Score:3, Interesting)
Wrong. There were several airlines that suffered complaints that laptops were failing on their planes. The table/trays were magnetic so they could be folded and stowed away. Turns out if you sit a laptop on top of a magnet, [elliott.org] the hard drive soon fails.
Or make it reusable... (Score:5, Informative)
and just use dBan, Derrick's Boot and Nuke. [dban.org]
Nothing beats an afternoon of watching dBan and a comfy chair. Beer or whisky optional.
Re:Or make it reusable... (Score:5, Funny)
Nothing beats an afternoon of watching dBan and a comfy chair. Beer or whisky optional.
dBan sounds cool. So I put it on a disk and ran it. It really doesn't look that special. My computer won't turn on now.
Kindness (Score:5, Funny)
You'll have to excuse me. I'm need to go protect my ex-wife from identity theft.
Re:Kindness (Score:5, Funny)
So she uses ReiserFS?
Environmentally criminal! (Score:4, Informative)
This recommendation from Which? magazine has incensed me today. They're reported as saying "It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens." [bbc.co.uk]. There's no need to do this if you use disk wiping software, which is probably even better than a hammer; as the BBC article points out. Darik's Boot And Nuke [dban.org] is perfect for this. It's environmentally criminal to be suggesting the best way to wipe a disk is to smash it.
Pete Boyd
Re:Environmentally criminal! (Score:5, Informative)
Problem is that most people are way too stupid to understand how to use that, but they can understand smash.
The funny part, 90% of those people that understand smash, will not smash it enough. I have recovered data from laptop hard drives that looked pretty smashed, but 45 minutes in my improvised clean room moving the platters to a different drive and I was able to read the contents.
Re: (Score:2)
Nice. I've not come across anyone transferring platters before. Presumably you use an identical drive with the same controller board?
This is what I meant that disk wiping software will be more thorough than a hammer.
But yeah, people aren't able to download an ISO and burn it to disc, then set their BIOS to boot from CD.
Re:Environmentally criminal! (Score:5, Informative)
It's really not that hard to transfer platters. and yes use an identical drive.
a makeshift clean room is easy. run the shower in the bathroom for 15 minutes on the hottest setting and then shut it off and let the room cool down completely. the mist in the air will remove all dust as it falls to the ground. use a tyvek suit and cover your hair, face, hands and you're good to go.
Re:Environmentally criminal! (Score:5, Funny)
The funny part, 90% of those people that understand smash, will not smash it enough.
Another 5% will enjoy it so much that they will do the same thing to their new computer, the TV and the next door neighbours car.
Re: (Score:2)
I think Darik's Boot And Nuke actually is better at preventing identity thief then smashing your drive. Ok less assume you are tossing an old drive say a 20GB You smash the drive into 100 pieces each piece has about 200mb on the average. Chances are if you really wanted that data you take the pieces and make a custom drive that can read the data off a fragment of disk. Yes it will be to much work for the casual id thief but it is still there. Fill with 1 then with 0 then randomly a few times any additiona
RBFH (Score:2)
Re: (Score:3, Funny)
RBFH - is that "Really Big F**king Hammer?"
Re:RBFH (Score:5, Funny)
RBFH - is that "Really Big F**king Hammer?"
Damn, I just bought a BFH to smash some walls. I wonder if I can upgrade with a serial number?
smithereens might be a bit excessive (Score:2)
I'm generally happy to drill a few holes through different parts of the platters and then just whack the whole thing a couple times with a hammer. Sure, someone with a the right equipment and a lot of time on their hands could potentially take the drive apart, and pull some data off the undamaged parts of the disk, but my data isn't worth the trouble.
That being said, I've sometimes smashed them further just for the fun of it, and completely obliterating a drive is a lot harder than you'd originally think. S
Cool method (Score:3, Funny)
"It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens."
And I know of a great [tinypic.com] way to do that.
An Alternative Approach... (Score:5, Funny)
Smash An Identity Thief.
Return merchandise authorization (Score:2)
Because those smithereens contain environmentally harmful materials, they should be recycled - for instance at the vendor from whom a new hard drive is purchased.
Or just RMA it.
Dear Seagate, I've only had your drive a few weeks and it smash itself to smithereens.
Stupid (Score:2, Insightful)
Or you could, you know, overwrite the bits with new garbage data.
At work, we've had dealings with data recovery labs and they've never, ever been able to retrieve anything useful.
My method (Score:2, Funny)
I fill mine with concrete and drop them in the ocean. Stuffed inside an informant, of course.
Nobody will be getting more information from either one.
I am intrigued by the clever use of a hammer in the video, I may have to modify my method slightly.
Windows Vista (Score:2, Funny)
Just told my brother this (Score:4, Interesting)
His PC died due to dust accumulation (fried mobo, dead power supply, fused RAM) and he asked me what to do with his system. I told him the only thing he needed to worry about was his HD. Told him to drill a few holes in the drive, use a blowtorch in those holes if he still had one (he used to work in home remodeling), smash the drive with a hammer and put it in a bag with his used cat litter (they have two cats).
If someone is desperate enough to want the information on his drive, they're going to have to work for it.
Re:Just told my brother this (Score:5, Funny)
His PC died due to dust accumulation (fried mobo, dead power supply, fused RAM) and he asked me what to do with his system. I told him the only thing he needed to worry about was his HD. Told him to drill a few holes in the drive, use a blowtorch in those holes if he still had one (he used to work in home remodeling), smash the drive with a hammer and put it in a bag with his used cat litter (they have two cats).
If someone is desperate enough to want the information on his drive, they're going to have to work for it.
Well that depends, what breed of cat?
Re: (Score:3, Funny)
Well that depends, what breed of cat?
Civet of course - you then get to enjoy the coffee.
Shredder (Score:5, Interesting)
Comment removed (Score:4, Interesting)
Article or Ontrack Promotional Video? (Score:5, Insightful)
The whole discussion is made pointless when Ontrack says, "Oh, we can't restore a zero'd drives either."
Some ideas for destruction (Score:4, Informative)
If you want to go the nuclear option, they demonstrated some favorites: mangling the platters in a vice, dremel or hand grinder, propane or cutting torch, melting it in thermite, etc.
A hospital I worked for once, when decommissioning old computers, would take the hard drive over to a drill press and put a couple holes through it. Nowadays I think they've bought a drive shredder.
Just wipe it once (Score:5, Informative)
Really, there's no need to wipe it more than once unless you honestly think it will matter. At least these guys think so:
http://16systems.com/zero [16systems.com]
Give the disk to my girlfriend . . . (Score:5, Funny)
. . . and tell her to put it in a safe place, and that you might need it later.
It's gone forever.
There is no chance that anyone will ever have access to that disk again.
My favourite method for 3.5" HDDs - the best imho (Score:3, Interesting)
- Take old drive.
- Screw drive apart. (Might require Torx screwdriver or bit)
- Take percision manufactured aluminum seperation washers and use them as keyrings, strap-loops or simular stuff.
- Take drive platters and work over them with fine grained sandpaper.
- Move head magnets over them a few times.
- Work over them with even finer grain afterwards.
- Dishwash platters and polish afterwards.
- Dry and clean platters.
- Precisely glue thick undied felt to one side of platter using cut-to-fit carpet tape.
- Cut out platter shape and hole with a sharp knife.
- Use and/or sell as avantgarde design coasters (10$ - 12$ a piece).
- Bring the rest of the dives to recycling, seperating electronics from scrap metal first.
No way anybody will recover any usefull data of a platter after this treatment. And the platter will look like in mint condition. And they make way cool coasters.
This message (Score:3, Insightful)
...but the only way to be 100% safe is to smash your hard drive into smithereens. [...]
This message brought to you by the Hard Drive Manufacturers Association.
Perfect solution (Score:4, Funny)
Put your hard drive in a sock, and toss it in the dryer with a matching sock. You have a 50% chance of it disappearing into an alternate universe, never to be seen again.
Re: (Score:2)
Re: (Score:3, Insightful)
Put it this way ... if it could then your drive would have double the capacity.
Drive makers aren't stupid.
http://en.wikipedia.org/wiki/Data_recovery#Recovering_overwritten_data [wikipedia.org]
Re:Whats the problem with... (Score:4, Interesting)
It is possible to reread some data from a zeroed (or oned (sp?)) disk. Pretty obscure, but I think it is to do with the threshold values of zero and one. For example, writing a location in sequence with 1,1,0 will result in a measurable [ though below threshold ] difference than if it had been 1,0,0. Seagate and the like do their best to squeeze this to the absolute minimum, thus maximizing utilization of the magnetic disc. I suspect it is much harder to recover anything meaningful from a 1TB platter than from a 5MB platter.
The other leak is with remapped sectors. Remapped sectors may contain live data, but have been switched out of use because they were unreliable. Flash has the same problem.
dd if=/dev/random of=/dev/sda takes care of the first problem - if you more paranoid than that, you should probably stop whatever it is you are doing.
You need a custom tool to access the remapped sectors.
Re:Whats the problem with... (Score:5, Funny)
Come on people! Zeroing a disk drive only removes half of your data. The other half is unchanged and still perfectly readable!
Re:Whats the problem with... (Score:5, Funny)
Exactly! You have to XOR every bit! :)
Re:Whats the problem with... (Score:4, Funny)
Exactly! But I do it twice for additional protection.
Comment removed (Score:5, Informative)
Re:In other news (Score:5, Informative)
Hard drives are cheap. If you have any data that you absolutely don't want to get out...EVER...physical destruction is the 100% solution.
And, in terms of practicality, running DoD-7 takes about 1000 times longer than whipping out the old Sledge-O-Matic. If you're retiring a few dozen computers, even that gets old, and you start looking for the thermite.
Not cheap if computer is free (Score:5, Insightful)
Hard drives are NOT cheap if your goal turn the computer around for use by someone with low income. I rebuild computers and give them away for free to people who need them. Spending even $20 to replace the hard drive would increase the cost of the computer enough to make it unusable for my purposes.
Is it really possible to recover data from a disk that has been wiped with DBAN? I highly doubt it -- I've never heard of data being recovered after wiping with DBAN.
If you want to be friendly to the environment and spread the availability of low-cost computing, don't destroy the disk, use DBAN instead.
Comment removed (Score:4, Insightful)
Re: (Score:3, Informative)
Yup, my work donates newer stuff to local school board but all they get is case/logic board/processor/powersupply. They pull ram/drives/video cards. Can also pick up older stuff at auction but it's sold by the pallet, usually for under $100.00. Got a load of old Mac stuff this way but had two nice G5's in there.
Re: (Score:3, Interesting)
Closet redneck that I am, I usually just make a big pile of wood, drives, old backup tapes, and add gasoline. You can pass the melting point of lead in a wood fire, easy.
The waste is an issue though. I wouldn't want to eat out of the oven either, and I'm not too keen on breathing/cleaning up drive slag either.
Re: (Score:3, Insightful)
Unlikely. Your HDD has a metal case that would keep the microwaves from penetrating to the platters. If you were to put it in the microwave, you would likely get some sparking/smoking from the controller board, but the acutal platters likely wouldn't even get warm.
But dont take my word for it, try it! Your work has a microwave, no? Or just watch this crappy video on YouTube: http://www.youtube.com/watch?v=hRU7yEEgRaw [youtube.com]
Re:In other news (Score:4, Informative)
Re:In other news (Score:5, Interesting)
The problem is that modern hard drives do automatic defect mapping. The end result is that sometimes important data can be written to a sector, and then the drive will decide that sector is unreliable and map it out. That sector can no longer be accessed in any way. As a result you have a sector which contains data but cannot be wiped because the drive won't let you write there.
Flash memory is even worse since it does write balancing between all cells to PREVENT a failure of a sector, rather than deciding a sector is on its way out and mapping around it then.
Comment removed (Score:5, Insightful)
Re: (Score:3, Interesting)
Disclaimer: I work in an industry where we DO worry about people taking drives to the clean room...
Re: (Score:3, Funny)
Re: (Score:3, Informative)
The drive's firmware is what keeps track of where the "good" and "bad" sectors are on the drive. Presumably, if you took the platters out, and put them in a different drive, it would have no idea which were the good or bad sectors, and therefore WOULD let you read those sectors. No guarantees that what it reads was what was originally there, but I'd be surprised if it didn't let you read them.
Re:In other news (Score:4, Insightful)
1 pass of zeroes we got around,sorry but it has been awhile, but we got around 80% IIRC.
OK, I'm impressed. Would you care to explain in more detail how you did that? From your description, you used "every piece of freeware and trialware that we could get our little hands on". I haven't heard of any software solution that can recover overwritten data.
Mod Parent up (Score:4, Insightful)
I haven't heard of any software solution that can recover overwritten data.
Likewise. Barring actually disassembling the drive, I think GP's post is bullshit.
How can software get past the fact that the hard disk controller will be handing the OS all 0's?
Re: (Score:3, Interesting)
If you want to do it really right, then use whatever handy utility you know of that claims to write over the whole drive. Just once. With zeroes.
I'd quibble over that "With zeroes" part. The problem is that this overwrites each bit with the same value. On a lot of kinds of disks, this leaves behind a lot of disks that have two distinguishable value, which are easily read and interpreted as zeroes and ones, giving the previous data. The data-recovery people have equipment that can read the value of each "bi