The Homemade Hard Disk Destroyer 497
Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."
Stand drill (Score:5, Informative)
I just use a stand drill. I goes through all the platters and the circuitboard.
Fairly easy to find and purchase.
Re:Overkill? (Score:5, Informative)
Pseudorandom wipe can apparently do an 80gb drive (hooked up via usb) in about 40 minutes.
If youre doing multiple passes, you may want to make sure that doing it via overwrites (rather than destruction) is really good enough for your data
Re:Not 100%, but otherwise cost-effective given ri (Score:3, Informative)
Re:This is just a controlled hammer (Score:4, Informative)
Re:This is just a controlled hammer (Score:5, Informative)
Re:7.62mm holes (Score:3, Informative)
Gutmann was wrong (Score:5, Informative)
There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data [nber.org] that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.
Re:Not 100%, but otherwise cost-effective given ri (Score:5, Informative)
Easier home made method (Score:4, Informative)
There are commerical version that do alot better bending job, try http://www.garner-products.com/ [garner-products.com] for videos and pictures to gladden your hard drive destroying heart.
Re:Overkill? (Score:3, Informative)
Re:The Columbia test (Score:3, Informative)
If the thermite is on top of the drive, it won't just heat the outside; it will rapidly melt the outside then fall into the interior of the drive. Thats the point. Youtube abounds with vidoes of thermite burning down through car engines, and hard drive cases are a lot less substantial.
Re:7.62mm holes (Score:1, Informative)
Err wrong again. 7.62mm was developed AFTER world war II.
Good catch though on your earlier monday mistake.
Re:Not 100%, but otherwise cost-effective given ri (Score:3, Informative)
Re:Overkill? (Score:3, Informative)
A collegue of mine used to work at a financial institution where they had a special heat resistant receptacle for hard disk destruction. They put the stacks of hard disks down, put thermite packs on top, closed the lid, and punched the "ON" button. Said slag after cooldown was then put out for scrap metal.
Another place didn't go with the thermite, but instead had an industrial grade shredder where the drives were tossed in, and parts the size of marbles came out the other end.
Both methods work. The thermite is more thorough and fun to watch, but the industrial confetti also does the job well. In a business, I prefer the shredder, because it is more idiot resistant than highly reactive chemical processes.
Re:Overkill? (Score:4, Informative)
Sure it can. And then someone can use techniques such as MFM, SPM or STM [usenix.org] to recover the disk. And then there is this patent [freshpatents.com] which notes that data is often partially written off the track, and thus can't be wiped.
I guess for most people's purposes something like DBAN will work well. But for the truly paranoid, you really need to read NIST's recommendation [nist.gov] that you clear, purge and destroy. And by destroy, they mean that you use "Disintegration, Pulverization, Melting, and Incineration." At a "outsourced metal destruction or licensed incineration facility with the specific capabilities to perform these activities effectively, securely, and safely", no less.
Re:Why people keep unencrypted data? (Score:3, Informative)
My university group manages about 500 systems, mostly various flavors of solaris & linux with a few other unixes tossed in. First off, trying to encrypt all the disks in all of those systems (some of which are HUGE) would be a massive undertaking. Then there's the issue of trying to find an encryption system that's compatible across all these systems, the additional overhead needed to do the encryption/decryption, and the process of storing the encryption keys for all these systems. It's simply not worth the effort in large environments like this.
Re:Not 100%, but otherwise cost-effective given ri (Score:4, Informative)
There's a discussion at http://www.ocforums.com/archive/index.php/t-454159.html [ocforums.com] of a few different magnetic materials used in drives and Curie points with a few links to where they got the source data from.
Re:Overkill? (Score:5, Informative)
Just destroying the universe after the disk failed isn't enough. If many-worlds is true (and the paranoid sysadmin must consider this possibility), the fact that you destroyed the universe in this world doesn't guarantee that the data isn't destroyed in any other world. Indeed, you have to setup the universe-destroying device before writing the first bit of data onto the drive, and have it automatically triggered if it can't detect any accesses to the drive any more (after all, you might forget to activate it by hand in some of the universes). Only by setting it up before writing data you ensure that it will be in every universe where the disk contains any data, despite all the universe splitting going on.
Re:Overkill? (Score:1, Informative)
Why Chinese? I was worrying about Homeland Security right wingers.
Beside, just reformat a few times--first with reiser, then NTFS, then another Linux format, then whatever you want to use in the end. Pretty hard to unscramble all that.
Re:Overkill? (Score:3, Informative)
Where are you buying ammo?
Plinking:
300 win mag $22.95
http://www.jgsales.com/product_info.php/products_id/3153 [jgsales.com]
Hunting
$31.95
http://www.cheaperthandirt.com/15754-5.html [cheaperthandirt.com]
Cost & Speed (Score:1, Informative)
Why not just use a degausser? or DBAN?
The answers are cost and speed, respectively.
A degausser strong enough to quickly and effectively erase today's high density hard drives costs quite a bit of money. One that can do one drive after another without a lengthy cool down period can cost thousands of dollars.
DBAN takes hours per drive at best.
A mechanical crusher such as the one described in the article is quick, effective and cheap. It can be used repeatedly with your arm strength as the only limitation. And, if that gets to be too much, you could use an electric motor to power it, rather than you arm.
Think of the problem from a business perspective where you are trying to wipe/destroy numerous drives in a session, rather than the single drive from your home PC.
Destroying 100 hard drives is a big and time consuming job with degaussers and DBAN. With a crusher, it's only a few minutes.
Re:Overkill? (Score:3, Informative)
I consider this one of the best methods, you get three great things out of this: non-recoverable drives, frustrations worked out, and some really interesting conversation starters if you take it apart (the disk platter deforms in very interesting ways when hit!) For example: This Drive [flickr.com] is no longer readable, and if you look at any of the photos that show the top of the drive, you can see how the disk platter deformed.
Re:Overkill? (Score:5, Informative)
Re:Waste of Time, Money and Good Equipment (Score:4, Informative)
If you are wiping a hard disk to reassign within a company, and the hard drive isn't requiring top security, I've found that using HDDErase and DBAN are a good combo. HDDErase performs a complete erase on the controller level using ATA firmware commands (zeroing even the relocated sectors), then following up by usage of DBAN will put the chance of any recovery past anyone but the most determined.
Bonus points if you use TrueCrypt or BitLocker, so to ensure that a HDD is wiped, you just do a quick format, or a once over with zeroes. If you format a BitLocker drive in Windows 7, the format command explicitly zeroes out the areas with the volume keys on it making it impossible to recover the rest of the volume (more info here http://technet.microsoft.com/en-us/library/cc512654.aspx [microsoft.com]).
Re:Stand drill (Score:3, Informative)
You broke my heart!
i joyfully clicked that link, eager to see a frozen hard drive shatter like glass. But all i found was a T2 clip. Now i have blue-eyeballs and have to watch a few Will It Blend videos.
Thanks for nothing!
__
i've always wanted to try using duct tape to strap an HD to a sledge hammer. If i used enough tape, the pieces would stay somewhat together. Eventually i'd have a duct tape bag full of HD bits.
Re:Overkill? (Score:3, Informative)
You can always melt it [backyardmetalcasting.com]. A blast furnace will degauss it for you too, for no additional fee ;-)
Re:Overkill? (Score:3, Informative)
Every drive at my place of work does not leave. They have a big ole shredder that eats drives and spits out rice grain sized pieces of metal. This is for all drives, not just classified materials ones. Is too easy to be safe this way.
Re:Overkill? (Score:5, Informative)
If you read the enhanced version on his homepage, he says that he didn't update the paper because it is practically unfeasable to try and restore overwritten data from a modern disk. In the epilogue he says:
Re:Overkill? (Score:5, Informative)
Gutmann's paper was based on 1990-era technology. And even then you didn't need all 35 passes, just the ones that correspond to the encoding used on the disk. If I read the enhanced version of the paper [auckland.ac.nz] correctly, restoring even plainly overwritten data from a modern disk is a hopeless task.
Re:Overkill? (Score:3, Informative)
I'd just save them all up in a box and whenever I'd manage to make it out to the desert, I'd bring them with me. We'd shoot them all pretty well full of holes. I'd clean the target area up and send it all off to be recycled.
We never offered certificates of destruction or anything. Writing the number of drives that were in the box and counting the husks as they went back in when we cleaned up was about the extent of it.
The spec only said that the platters/controller had to be perforated, and didn't specify the method or device used. Some of the more fearful types found out I was shooting them and objected on moral grounds (or whatever). So the policy was amended such that the drives couldn't leave the premises unless all three steps had been performed. So we had to waste time with a drill to appease the leftists. We still shot them, though.
-B
Not Overkill (Score:3, Informative)
I do work at a DOE site..
The current method is now an industrial shredder.. Nothing left bigger than a dime..
This goes for Hard Drives, Flash drives, cell phones.. Anything that can store data never goes out. till it's been through the shredder.
See one in action [youtube.com]