Mangle those hard drives!
Summary: I have posted before about the need for good data destruction. Remember my story about the discovered affair on a corporate PC I was using in the lab?
I have posted before about the need for good data destruction. Remember my story about the discovered affair on a corporate PC I was using in the lab? Remember this cool picture from the CeBIT?
It is enough to make anyone who owns a laptop shudder to see a big box full of electromagnets sitting out in the open like that. (Insert laptop, close door, push button, goodbye data!)There are two stories this week that merited inclusion in the Data Protection Weekly newsletter. The first deals with data mining of re-cycled PCs in Nigeria. This BBC report:
discovered that fraudsters in Nigeria were able to find internet banking data stored on recycled PCs sent from the UK to Africa.
This goes beyond the casual discovery of critical information. Cyber thieves are well equipped to use forensic tools to recover deleted files. In this case they were capturing bank account information and selling credentials for $30-40.
The second is from a study that BT did about data destruction. No surprises here.
The BT-funded research, carried out by the University of Glamorgan in Wales, analyzed 317 hard drives purchased second-hand in the U.K., Australia, Germany and the U.S.This new level of attack against old PCs induces me to raise my recommendation for disposing of old PCs: totally destroy the hard drives. Hard drives are one of the cheapest components of a PC and could easily be replaced with a higher capacity, faster, disk if the computer is to be re-used. Remove the disks and crush the cases, making sure that you break or bend the actual platters. Use a hammer. Wear safety glasses. (And yes, you paranoid geeks, I know that the NSA can recover data from such a disk. But it would cost a lot more than $40 to do that and I do not expect cybercriminals in Nigeria to be going to those extents anytime soon.) Make sure to send the mangled hard drives to a suitable recycling facility!
About 35% to 40% of these turned out to come from businesses, 23% of which contained enough information to identify the specific company that had owned them using only off-the-shelf analysis tools. A shocking 5% held sensitive business information.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Use Eraser or Some other Wiping Program
When I recently sold a 10 GB hard drive for my computer, I put it in my new computer and wiped it clean with the Gutmann form of secure file deletion.
It is IMPOSSIBLE for even the NSA to recover anything from a computer hard drive after you do that, coming straight from my ex-A+ teacher who works for the Army and used to work for the NSA.
Why?
It's more than that
write 1's and 0's you need to check your facts.
For example, look at
http://dban.sourceforge.net/. I personally feel
more comfortable wiping a disk with dban and
giving it to someone than smashing it with a
hammer and throwing it in the trash. Unless you
sand the platters with a belt sander and then dip
them in acid it's probably easier to recover
information from them than a disk that's been
thourally wiped.
re "Use Eraser or Some other Wiping Program"
1) Remove old hard drive from old computer
2) Buy a USB hard drive kit ($30-50)
3) Put old HD in USB HD kit and plug into a new computer with USB 2.0 for the speed
4) Do a quick format on the old hard drive
5) Copy gigs, upon gigs of music, video's anything that's junk or otherwise worthless, until you fill up the whole hard drive. This way, everything on the hard drive is completely overwritten with useless data, making your sensitive data complete usless and also, completely gone.
""The best thing to do before selling a hard drive that you have used in your computer for a long time that still works, is to use a disk wiping program like Eraser 5.7 to wipe the entire hard drive with the highest level of wipes that it can do.
When I recently sold a 10 GB hard drive for my computer, I put it in my new computer and wiped it clean with the Gutmann form of secure file deletion.
It is IMPOSSIBLE for even the NSA to recover anything from a computer hard drive after you do that, coming straight from my ex-A+ teacher who works for the Army and used to work for the NSA.""
This looks like a job for... THERMITE!
I'd like to find a clip of that segment. I'd also like to see the NSA try to recover data from a thermite-fried drive. ]:)
Yep, that would do it.
I know what theme music to use!
More fun than nuking a CDROM in the microwave! Actually that would work too. Just get the platters out and nuke thme in a microwave, 15 20 seconds on a side would maybe do it. Just gotta get the magnetic material up past the Curie Temp. No more magnetic material!
Better idea
It's the only way to be sure. ;)
this can be accomplished with software
before one of my clients chucks an old pc
It works really well
they even make a version for a 5 1/4" floppy
Software alone is not enough
Do you have a link to that
to that information. In my experience, it is
impossible to recover data from a drive that's
been wiped with dban.
Just a good policy and the right software tools...
Just use the right software tools and a good company-wide policy and I think you are done.
The policy thing is not optional, no matter what. But again, I think a good software tool (like Eraser), with a multipass setting is enough.
I'm sure your secrets won't have the same importance today as they will in 10 years.
However, if you store national security information, or your lover's email, or images of your boss naked, or the plan to destroy your competitor using illegal tactics, maybe destroying the hard disk is an option, because you don't know what kind of technology will be available in 10, 20 or 50 years, which can recover your data even if you used Eraser to do a 1000-passes erasing.
Regards,
MV
not good enough
I think software works just fine
that I've wiped. You recover a file and I'll pay
you $5,000. You don't recover a file and you pay
me $5,000. I'm that confident in the power of
software like dban to wipe a drive. Are you that
confident in the power of whatever you use to
recover it.
Do it the old fashioned way
2. Reformat the drive.
3. Repartition the drive.
4. Pull the drive from the computer.
5. Remove the cover of the drive.
6. Place drive on a large block of wood (an old stump works well).
7. Chop the disks up with a splitting wedge several times.
8. Roast the peices in a fire. (Use a well-ventilated location as some of the materials can produce toxic fumes.)
9. Dispose of peices at your local metal recycler location.
10. I suppose you could dunk it in liquid nitrogen for a minute and then toss it on the sidewalk and watch it shatter into a bazillion peices; but I don't usually have access to that much cryogenic material.
Yeap, don't believe in software-based erasures
Nothing short of scraping out the platters and then dipping the whole assembly in acid until it dissolves will really get rid of data.
Modern instruments are so sensitive, and correlation techniques so advanced, that I believe data could be recovered from any hard drive that has not been chemically destroyed.
P.S.: Don't forget their internal caches, either! OK, I may be getting paranoid here, but would you put your hand in the fire for those, also? I would not.
I would
any research project that can demonstrate that a
drive correctly wiped with a program like dban
has EVER been recovered. If you have such
information, please post it.
You are paranoid
The idea that some high tech thugs could recover data that has been dban'd is laughable. I can't imagine how long it would take, probably weeks to retreive data that probably will never earn them a penny. I could see if it was a gov't computer but even then thugs are pretty lazy by nature.
Mangle Hard Drives?
Secure and fun!