Forgot your password?
typodupeerror

The Homemade Hard Disk Destroyer 497

Posted by CmdrTaco
from the if-you-can-recover-that-you-earned-it dept.
Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."
This discussion has been archived. No new comments can be posted.

The Homemade Hard Disk Destroyer

Comments Filter:
  • Overkill? (Score:5, Insightful)

    by Miros (734652) * on Monday August 17, 2009 @08:52AM (#29090303)
    Why not just use a degausser? or DBAN?
    • Re: (Score:3, Insightful)

      by cdrudge (68377)

      The paranoid crowd will argue that either method might still be able to be recovered. I thought I saw an article once here that in the real world basically debunked this myth. Physical destruction just takes the process one step further. Plus it's quicker then running some type of a disk wiping program.

      • Re:Overkill? (Score:4, Insightful)

        by Hyppy (74366) on Monday August 17, 2009 @09:03AM (#29090411)
        Some places still require both. When it comes to extremely sensitive (classified, etc) data, "absolutely unreadable" must be absolute. Even if only one technician in the entire world, with a billion-dollar lab, is capable of recovering the data from a zero'd drive, it's too much of a risk. What if that one technician is Chinese?
        • by Scrameustache (459504) on Monday August 17, 2009 @10:11AM (#29091337) Homepage Journal

          Even if only one technician in the entire world, with a billion-dollar lab, is capable of recovering the data from a zero'd drive, it's too much of a risk. What if that one technician is Chinese?

          Oh, that's ok, my data isn't written in Chinese...

          • by inviolet (797804) <slashdot&ideasmatter,org> on Monday August 17, 2009 @11:50AM (#29092863) Journal

            [What if the one well-funded hacker who can recover the data is Chinese?]

            Oh, that's ok, my data isn't written in Chinese...

            Doesn't matter. They could still read images, sound recordings, schematics, spreadsheets of numbers...

            Well, they COULD, except the West uses a different binary encoding scheme than the Chinese. Over here everything is written as ones and zeros, but over there everything is written as ones and zewos. And I doubt they have the technology to convert.

        • Re:Overkill? (Score:5, Informative)

          by TheRaven64 (641858) on Monday August 17, 2009 @10:41AM (#29091773) Journal
          Note that there are two dimensions to security. One is how big a problem it is if the secret leaks, the other is how long this is true for. Troop movements in Iraq, for example, could cost lives if they are leaked today, but if they are leaked next month then the data is irrelevant. The NIST recommendations that suggest destroying the drive are based in the principle that the secrets may be important in 20-50 years. They factor in attacks that are hypothetical now, but could become practical over this timeframe. For a commercial entity, this level of paranoia is rarely required. Most businesses don't have any data that would be a problem if it leaked even 5 years in the future - even credit card numbers have a shorter lifespan than that, so if someone recovered a five-year-old list of credit card numbers they wouldn't get anything of value.
        • Re: (Score:3, Informative)

          by Gilmoure (18428)

          Every drive at my place of work does not leave. They have a big ole shredder that eats drives and spits out rice grain sized pieces of metal. This is for all drives, not just classified materials ones. Is too easy to be safe this way.

    • Re:Overkill? (Score:4, Interesting)

      by Anonymous Coward on Monday August 17, 2009 @08:57AM (#29090357)

      I'd just use my rifle and a few rounds of .308 Winchester (or .303 British, 7.5mm Swiss, 8mm Mauser, whatever). Problem solved...

      If you really want to go low tech, a sledgehammer would do fine.

      • Re: (Score:3, Informative)

        by Hubbell (850646)
        Buy a package or 2 of sparklers, scrape the magnesium off onto the hardisk (encased or not, if cased maybe 2-3packages), light a sparkler and stick the end into the pile. Done.
      • Re: (Score:3, Informative)

        by chaim79 (898507)

        I consider this one of the best methods, you get three great things out of this: non-recoverable drives, frustrations worked out, and some really interesting conversation starters if you take it apart (the disk platter deforms in very interesting ways when hit!) For example: This Drive [flickr.com] is no longer readable, and if you look at any of the photos that show the top of the drive, you can see how the disk platter deformed.

      • Re: (Score:3, Informative)

        by Wee (17189)
        I've shot more than a few dozen drives. At a previous workplace, we had to come up with a policy for destroying drives on decommissioned machines (you never know where an SSN might have been left laying about). It was decided that overwriting the writable sectors followed by physical destruction of the controller board and at least four holes through each platter was acceptable.

        I'd just save them all up in a box and whenever I'd manage to make it out to the desert, I'd bring them with me. We'd shoot
    • Re:Overkill? (Score:5, Interesting)

      by ByOhTek (1181381) on Monday August 17, 2009 @09:08AM (#29090493) Journal

      Where I used to work (~5 years ago), we used an erasure tool that wrote random data over the entire drive (10 times), then introduced the drive to "Mr. Band Saw" in the machine shop, to quarter the platters, on any DoD/DoE stuff

      • Re: (Score:3, Informative)

        by Anonymous Coward

        A collegue of mine used to work at a financial institution where they had a special heat resistant receptacle for hard disk destruction. They put the stacks of hard disks down, put thermite packs on top, closed the lid, and punched the "ON" button. Said slag after cooldown was then put out for scrap metal.

        Another place didn't go with the thermite, but instead had an industrial grade shredder where the drives were tossed in, and parts the size of marbles came out the other end.

        Both methods work. The therm

      • Re: (Score:3, Insightful)

        by CharlieG (34950)

        Last time I needed to really kill a drive, I put it in the lathe, and turned the platters - nice snall swarf chips

      • Not Overkill (Score:3, Informative)

        by Pontiac (135778)

        I do work at a DOE site..

        The current method is now an industrial shredder.. Nothing left bigger than a dime..
        This goes for Hard Drives, Flash drives, cell phones.. Anything that can store data never goes out. till it's been through the shredder.
        See one in action [youtube.com]

    • Re: (Score:3, Insightful)

      by Miros (734652) *

      Someone should suggest that the Mythbusters "put this to the test," assuming their production company has the financial resources to pay for even modest data recovery services.

      Even that might be effective. If you have like, a dozen drives, all of them similar, all of them wiped, one of which contains good data (or worse, a group of which once comprised like, a RAID 5 array so you need at least a few of them) you would be looking at a hypergeometric distribution, and the actual probable cost of recovering

      • Re: (Score:3, Insightful)

        by damburger (981828)
        TBH they might not have to pay at all. I'm sure data recovery companies wouldn't mind showing on national TV what they are capable of getting from an apparently bricked hard drive. It would be an advertising opportunity.
    • Re:Overkill? (Score:5, Interesting)

      by mellon (7048) on Monday August 17, 2009 @09:19AM (#29090619) Homepage

      A degausser weakens the magnetized regions, but it's still at least theoretically possible to read it if it's not done thoroughly enough. What I don't get is why you don't just take it apart and sand the platters clean. There's zero chance of reading it after that, and it's a lot less energy intensive than actually chunking the platters. Extra credit if you use the disk drive motor to spin the disk so that you can sand it without any actual effort...

      • Re: (Score:3, Informative)

        by GiMP (10923)

        You can always melt it [backyardmetalcasting.com]. A blast furnace will degauss it for you too, for no additional fee ;-)

    • by jonadab (583620) on Monday August 17, 2009 @09:29AM (#29090733) Homepage Journal
      Because for a system administrator, paranoia is a basic job requirement. Consequently, when it comes to data security, there's no such thing as too much overkill. Even when you have subjected the drive to a thermite reaction, let it cool, and ground the whole resulting mess down to the consistency of talcum powder, you still have to scatter the ashes over at least a thousand square miles of ocean, just to be sure. Ideally, you'd scatter half the ashes over the central Pacific, some of them over the north Atlantic, and the rest over the southern ocean.

      Extra bonus points if you scrub the platters with fluorine trichloride before putting it through the thermite reaction.

      Even then, you'll never be fully comfortable with the job until you destroy the entire galaxy that the drive was in. Maybe the whole universe. You can't be too sure.
      • Re:Overkill? (Score:5, Informative)

        by maxwell demon (590494) on Monday August 17, 2009 @10:08AM (#29091273) Journal

        Even then, you'll never be fully comfortable with the job until you destroy the entire galaxy that the drive was in. Maybe the whole universe. You can't be too sure.

        Just destroying the universe after the disk failed isn't enough. If many-worlds is true (and the paranoid sysadmin must consider this possibility), the fact that you destroyed the universe in this world doesn't guarantee that the data isn't destroyed in any other world. Indeed, you have to setup the universe-destroying device before writing the first bit of data onto the drive, and have it automatically triggered if it can't detect any accesses to the drive any more (after all, you might forget to activate it by hand in some of the universes). Only by setting it up before writing data you ensure that it will be in every universe where the disk contains any data, despite all the universe splitting going on.

    • by ripnet (541583) on Monday August 17, 2009 @10:22AM (#29091487)
      Just mark the drive 'fragile' and post it via CityLink (UK courier firm)... guaranteed that THAT data wont be seen again...
  • Stand drill (Score:5, Informative)

    by Nikademus (631739) * <renaud.allard@it> on Monday August 17, 2009 @08:56AM (#29090335) Homepage

    I just use a stand drill. I goes through all the platters and the circuitboard.
    Fairly easy to find and purchase.

  • by wjh31 (1372867) on Monday August 17, 2009 @08:56AM (#29090337) Homepage
    Just give the hard drive to your kid with a hammer, tell them to go nuts, come back 10 mins later with a dustpan and brush and you are sorted.
  • Underkill? (Score:3, Insightful)

    by O('_')O_Bush (1162487) on Monday August 17, 2009 @08:56AM (#29090347)
    Sounds like you could fix it with... Pops-a-dent!

    Jokes aside, from the FA: "The Bustadrive, then, looks like it&#226;&#8364;(TM)ll thwart all but the wealthiest and most determined of hard disk hackers"

    So what they're saying is, this doesn't do the job as well as something like one of those DOD disc scraper/shredder things, but it is more fun, which I guess makes it news worthy?
  • by farnham (160656) on Monday August 17, 2009 @08:57AM (#29090355)

    My drill press makes for a very effective drive killer.

    Use what you got!

  • 7.62mm holes (Score:4, Interesting)

    by Bob the Super Hamste (1152367) on Monday August 17, 2009 @08:57AM (#29090359) Homepage
    I have always preferred putting some 7.62mm holes through old hard drives at a distance of 50 to 100m. Just remove the electronics so you don't end up with circuit board debris all over and old hard drives make great targets.
    • Yeah, I used some hard drives for 9mm practice about 2 years ago... It makes a GREAT desk ornament, because of the funny faces people make when they see a hard drive with bullet holes.
    • by Miros (734652) *
      Would you do this at a range? I'd imagine there might be a few that would take some issue with you shooting at something other than paper; it's pretty cool if they're cool with that. What were you using, an M1?
    • by IBBoard (1128019) on Monday August 17, 2009 @09:10AM (#29090509) Homepage

      7.62mm seems like an unusual size for a drill bit, and what kind of drill are you managing to use at up to 100m? Seems like a longer distance than I've seen any normal pillar drill move over.

      I do agree that not removing the circuit board causes lots of debris, though, and is especially dangerous when it spins off at an angle!

      • Re: (Score:3, Informative)

        by Miros (734652) *
        7.62x51mm NATO, aka .308 Winchester, is a standard cartridge round developed before WWII which (contrary to my earlier post) is not shot from the M1 (which shoots far more common .30-06) but is shot from the far more entertaining M14.
  • As the RTF states, data can be re recovered, given a financial budget & time.

    But I wonder. I posed the same question to a buddy awhile back, and he suggested baking the disks in an oven at 250 degrees C for an hour. The idea being that well, yeah, sure the magnetic platters can theoretically be recovered given time, budget, and determination. But still, the printed circuit board, etc. would be melted and thus ruined. Seems just as sensible, and more cost effective given readily available tools, (and suf

  • Oblig... (Score:5, Funny)

    by rumith (983060) on Monday August 17, 2009 @08:59AM (#29090369)
    Nuke your old hard drive from the orbit. It's the only way to be sure.
  • By destroying the drive, you make it so that the drive cannot be re-used. Why not just secure erase the entire drive? I bet it takes less time to plug the machine in and boot off a CD than it does to open the case, remove the drive, and then smash it. Isn't there some free software that you can use to securely erase all the data on a drive with minimal effort?
    • by chill (34294) on Monday August 17, 2009 @09:07AM (#29090469) Journal

      I bet it takes less time to plug the machine in and boot off a CD than it does to open the case, remove the drive, and then smash it.

      Not if you actually let the software RUN, it doesn't. Using DBAN on a 500 GB drive can take days, whereas this solution takes a few minutes at most. Your solution is only practical if you have one hard drive to destroy, and it is attached to a machine. The usual situation is the hard drive died and you replaced it with a good one, now need to make sure the dead one is REALLY dead before you toss it. Or, you have a batch of them that need to go because you're refreshing PCs.

    • by Tom (822)

      RTFA. This is about drives that they don't want to use again. They're being thrown out. They just want to make sure no dumpster-diving hacker gets all their data.

  • Gross Overkill (Score:3, Insightful)

    by kingsack (779872) on Monday August 17, 2009 @09:13AM (#29090545)
    A ball pean hammer applied vigorously to the drive spindle will render all but the most wealthy and determined effort to recover data fruitless and even then it is highly unlikely that all or even most of the data would be recoverable.
  • Gutmann was wrong (Score:5, Informative)

    by feenberg (201582) on Monday August 17, 2009 @09:16AM (#29090575)

    There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data [nber.org] that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.

    • by Anonymous Coward on Monday August 17, 2009 @09:45AM (#29090945)

      Physically overwritten sectors are (almost) certainly unrecoverable. But what about remapped 'bad' sectors? AFAIK these cannot be accessed in any way by software wiping tools, but could be accessed and potentially read by tweaked drive firmware. They might be overwritten if you use the drive's own firmare erase command if it supports this.

      • by TheRaven64 (641858) on Monday August 17, 2009 @10:52AM (#29091933) Journal
        And how many of these are there? SMART can tell you how many sectors have been remapped, and I've only seen this over 50 on a hard drive that completely failed a few hours later. 50 512-byte sectors works out to be 25KB of data, taken at random from the data ever written to the disk. What is the probability of this being something useful? If you use encryption or compression on the disk - or the files - then these sectors will contain data that is completely meaningless without the relevant headers.
    • by arcade (16638) on Monday August 17, 2009 @10:10AM (#29091301) Homepage

      Let me pull a bugtraq posting from 2005 out for perusal. There are other interesting tidbits in that thread too.

      http://seclists.org/bugtraq/2005/Jul/0464.html [seclists.org]

      ===
      From: dave kleiman
      Date: Sun, 24 Jul 2005 15:30:30 -0400

      Here is a quote directly from Peter I received Saturday, he asked to have it
      passed on to the list.
      -Snip-
      >I'd love to hear some thoughts on this from security and data experts
      >out there.
      People should note the epilogue to the paper:
          Epilogue
          In the time since this paper was published, some people have treated the
      35-
          pass overwrite technique described in it more as a kind of voodoo
          incantation to banish evil spirits than the result of a technical analysis
          of drive encoding techniques. As a result, they advocate applying the
          voodoo to PRML and EPRML drives even though it will have no more effect
      than
          a simple scrubbing with random data. In fact performing the full 35-pass
          overwrite is pointless for any drive since it targets a blend of scenarios
          involving all types of (normally-used) encoding technology, which covers
          everything back to 30+-year-old MFM methods (if you don't understand that
          statement, re-read the paper). If you're using a drive which uses
      encoding
          technology X, you only need to perform the passes specific to X, and you
          never need to perform all 35 passes. For any modern PRML/EPRML drive, a
      few
          passes of random scrubbing is the best you can do. As the paper says, "A
          good scrubbing with random data will do about as well as can be expected".
          This was true in 1996, and is still true now.
          Looking at this from the other point of view, with the ever-increasing
      data
          density on disk platters and a corresponding reduction in feature size and
          use of exotic techniques to record data on the medium, it's unlikely that
          anything can be recovered from any recent drive except perhaps one or two
          levels via basic error-cancelling techniques. In particular the the
      drives
          in use at the time that this paper was originally written have mostly
      fallen
          out of use, so the methods that applied specifically to the older, lower-
          density technology don't apply any more. Conversely, with modern high-
          density drives, even if you've got 10KB of sensitive data on a drive and
          can't erase it with 100% certainty, the chances of an adversary being able
          to find the erased traces of that 10KB in 80GB of other erased traces are
          close to zero.

      Peter.
      ===

  • by will_die (586523) on Monday August 17, 2009 @09:18AM (#29090599) Homepage
    Here is an easier method [hackaday.com] (version that may make from work [gizmodo.com]).
    There are commerical version that do alot better bending job, try http://www.garner-products.com/ [garner-products.com] for videos and pictures to gladden your hard drive destroying heart.
  • by Anonymous Coward on Monday August 17, 2009 @10:25AM (#29091545)

    Mail it to yourself via registered mail and then refuse deliver. Once it enters the Post Office loop, it'll never be seen again.

  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday August 17, 2009 @11:43AM (#29092747) Homepage Journal

    Reduce - Buy the biggest disks you can afford, they're worth repurposing and you won't have to spend as much on successors or the attendant labor.

    Reuse - Repurpose disks for other purposes. Use last years' disks as part of your backup solution. Secure-format them on a low-power machine and put them on eBay.

    Recycle - There must be SOMEONE willing to break the drives down and give you back the platters for destruction. There's significant aluminum in some of those drives.

    All this crushing, drilling, and shooting of drives is fun. But it's also extremely wasteful. I understand destroying the drives if lives are at stake, but otherwise, stop.

  • by swordgeek (112599) on Monday August 17, 2009 @11:54AM (#29092923) Journal

    Seriously, everyone comes up with these elaborate schemes to physically destroy disks, as a means of destroying data. Let's say this one MORE time: Can your method provide with a consistent, known, and guaranteed level of data destruction?

    Consider the terms I used here.

    1) Consistent: Is this going to be the same for every drive?
    2) Known: How much effort in terms of hours and dollars is required to recover some or all of the data?
    3) Guaranteed: Oh, really? Prove it to me!

    With a software wipe, you can calculate (and measure) residual magnetism, and also account for 'hidden' areas on the disk (recovery sectors, etc.) With a hardware destruction method, what can you guarantee me?

    In fact, the gushing article from PCPro even shows the weaknesses of this method:
    "The Bustadrive, then, looks like it'll thwart all but the wealthiest and most determined of hard disk hackers"

    Whereas, to the best of anyone's (public) knowledge, a single random overwrite will wipe data beyond any hope of recovery. A pass with DBAN will wipe it completely out, and if you pay for EBAN support, you can even get a certificate guaranteeing the data destruction.

    Why are people so determined to destroy disks, rather than data? Even worse, people are eager to PAY for questionable disk destruction methods, rather than just simply destroy the data--what they want gone in the first place.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (2) Thank you for your generous donation, Mr. Wirth.

Working...