The Homemade Hard Disk Destroyer

Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."

Stand drill

[Nikademus]

I just use a stand drill. I goes through all the platters and the circuitboard.
Fairly easy to find and purchase.

Re:Overkill?

[LordLimecat]

Thats probably because you used some silly setting like Gutmann. Just use pseudorandom and be done with it. (esp since gutmann isnt really relevant anymore....)

Pseudorandom wipe can apparently do an 80gb drive (hooked up via usb) in about 40 minutes.

If youre doing multiple passes, you may want to make sure that doing it via overwrites (rather than destruction) is really good enough for your data :)

Re:Not 100%, but otherwise cost-effective given ri

[LordLimecat]

Raise the drive to the curie point. All magnetic domains are destroyed, and recovery is impossible with currently known methods.

Re:This is just a controlled hammer

[Miros]

dont forget the safety goggles!

Re:This is just a controlled hammer

[Hyppy]

If they're reusable afterwards, you didn't use a proper degausser.

Re:7.62mm holes

[Miros]

7.62x51mm NATO, aka .308 Winchester, is a standard cartridge round developed before WWII which (contrary to my earlier post) is not shot from the M1 (which shoots far more common .30-06) but is shot from the far more entertaining M14.

Gutmann was wrong

[feenberg]

There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data [nber.org] that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.

Re:Not 100%, but otherwise cost-effective given ri

[Peter Steil]

This is not effective, I've successfully recovered drives where the PCB had been smashed, broken, etc. You just need to find the same model and replace with that.

Easier home made method

[will_die]

Here is an easier method [hackaday.com] (version that may make from work [gizmodo.com]).
There are commerical version that do alot better bending job, try http://www.garner-products.com/ [garner-products.com] for videos and pictures to gladden your hard drive destroying heart.

Re:Overkill?

[Hubbell]

Buy a package or 2 of sparklers, scrape the magnesium off onto the hardisk (encased or not, if cased maybe 2-3packages), light a sparkler and stick the end into the pile. Done.

Re:The Columbia test

[damburger]

If the thermite is on top of the drive, it won't just heat the outside; it will rapidly melt the outside then fall into the interior of the drive. Thats the point. Youtube abounds with vidoes of thermite burning down through car engines, and hard drive cases are a lot less substantial.

Re:7.62mm holes

[Anonymous Coward]

Err wrong again. 7.62mm was developed AFTER world war II.
Good catch though on your earlier monday mistake.

Re:Not 100%, but otherwise cost-effective given ri

[damburger]

Over temperature might not correspond to data bit temperature for a very long time. If, for example, materials on the platter or elsewhere on the hard drive ablate they could keep it below the Curie temperature for quite a while. This is just speculation of course, I have no idea what hard-drive platters have on them - but I don't think its as simple as dialing an oven above the Curie temperature and then assuming the jobs done after X hours.

Re:Overkill?

[Anonymous Coward]

A collegue of mine used to work at a financial institution where they had a special heat resistant receptacle for hard disk destruction. They put the stacks of hard disks down, put thermite packs on top, closed the lid, and punched the "ON" button. Said slag after cooldown was then put out for scrap metal.

Another place didn't go with the thermite, but instead had an industrial grade shredder where the drives were tossed in, and parts the size of marbles came out the other end.

Both methods work. The thermite is more thorough and fun to watch, but the industrial confetti also does the job well. In a business, I prefer the shredder, because it is more idiot resistant than highly reactive chemical processes.

Re:Overkill?

[ta bu shi da yu]

Sure it can. And then someone can use techniques such as MFM, SPM or STM [usenix.org] to recover the disk. And then there is this patent [freshpatents.com] which notes that data is often partially written off the track, and thus can't be wiped.

I guess for most people's purposes something like DBAN will work well. But for the truly paranoid, you really need to read NIST's recommendation [nist.gov] that you clear, purge and destroy. And by destroy, they mean that you use "Disintegration, Pulverization, Melting, and Incineration." At a "outsourced metal destruction or licensed incineration facility with the specific capabilities to perform these activities effectively, securely, and safely", no less.

Re:Why people keep unencrypted data?

[Iphtashu Fitz]

My university group manages about 500 systems, mostly various flavors of solaris & linux with a few other unixes tossed in. First off, trying to encrypt all the disks in all of those systems (some of which are HUGE) would be a massive undertaking. Then there's the issue of trying to find an encryption system that's compatible across all these systems, the additional overhead needed to do the encryption/decryption, and the process of storing the encryption keys for all these systems. It's simply not worth the effort in large environments like this.

Re:Not 100%, but otherwise cost-effective given ri

[dbIII]

A lot lower for alloys so it really depends on what it is. If we assume it's pure iron and a decades old drive then you are correct but small traces of other alloying elements have a dramatic effect (eg. for most stainless steel it's below room temperature in the extreme example).
There's a discussion at http://www.ocforums.com/archive/index.php/t-454159.html [ocforums.com] of a few different magnetic materials used in drives and Curie points with a few links to where they got the source data from.

Re:Overkill?

[maxwell demon]

Even then, you'll never be fully comfortable with the job until you destroy the entire galaxy that the drive was in. Maybe the whole universe. You can't be too sure.

Just destroying the universe after the disk failed isn't enough. If many-worlds is true (and the paranoid sysadmin must consider this possibility), the fact that you destroyed the universe in this world doesn't guarantee that the data isn't destroyed in any other world. Indeed, you have to setup the universe-destroying device before writing the first bit of data onto the drive, and have it automatically triggered if it can't detect any accesses to the drive any more (after all, you might forget to activate it by hand in some of the universes). Only by setting it up before writing data you ensure that it will be in every universe where the disk contains any data, despite all the universe splitting going on.

Re:Overkill?

[Anonymous Coward]

Why Chinese? I was worrying about Homeland Security right wingers.

Beside, just reformat a few times--first with reiser, then NTFS, then another Linux format, then whatever you want to use in the end. Pretty hard to unscramble all that.

Re:Overkill?

[h4rr4r]

Where are you buying ammo?
Plinking:
300 win mag $22.95
http://www.jgsales.com/product_info.php/products_id/3153 [jgsales.com]

Hunting
$31.95
http://www.cheaperthandirt.com/15754-5.html [cheaperthandirt.com]

Cost & Speed

[Anonymous Coward]

Why not just use a degausser? or DBAN?

The answers are cost and speed, respectively.

A degausser strong enough to quickly and effectively erase today's high density hard drives costs quite a bit of money. One that can do one drive after another without a lengthy cool down period can cost thousands of dollars.

DBAN takes hours per drive at best.

A mechanical crusher such as the one described in the article is quick, effective and cheap. It can be used repeatedly with your arm strength as the only limitation. And, if that gets to be too much, you could use an electric motor to power it, rather than you arm.

Think of the problem from a business perspective where you are trying to wipe/destroy numerous drives in a session, rather than the single drive from your home PC.

Destroying 100 hard drives is a big and time consuming job with degaussers and DBAN. With a crusher, it's only a few minutes.

Re:Overkill?

[chaim79]

I consider this one of the best methods, you get three great things out of this: non-recoverable drives, frustrations worked out, and some really interesting conversation starters if you take it apart (the disk platter deforms in very interesting ways when hit!) For example: This Drive [flickr.com] is no longer readable, and if you look at any of the photos that show the top of the drive, you can see how the disk platter deformed.

Re:Overkill?

[TheRaven64]

Note that there are two dimensions to security. One is how big a problem it is if the secret leaks, the other is how long this is true for. Troop movements in Iraq, for example, could cost lives if they are leaked today, but if they are leaked next month then the data is irrelevant. The NIST recommendations that suggest destroying the drive are based in the principle that the secrets may be important in 20-50 years. They factor in attacks that are hypothetical now, but could become practical over this timeframe. For a commercial entity, this level of paranoia is rarely required. Most businesses don't have any data that would be a problem if it leaked even 5 years in the future - even credit card numbers have a shorter lifespan than that, so if someone recovered a five-year-old list of credit card numbers they wouldn't get anything of value.

Re:Waste of Time, Money and Good Equipment

[mlts]

If you are wiping a hard disk to reassign within a company, and the hard drive isn't requiring top security, I've found that using HDDErase and DBAN are a good combo. HDDErase performs a complete erase on the controller level using ATA firmware commands (zeroing even the relocated sectors), then following up by usage of DBAN will put the chance of any recovery past anyone but the most determined.

Bonus points if you use TrueCrypt or BitLocker, so to ensure that a HDD is wiped, you just do a quick format, or a once over with zeroes. If you format a BitLocker drive in Windows 7, the format command explicitly zeroes out the areas with the volume keys on it making it impossible to recover the rest of the volume (more info here http://technet.microsoft.com/en-us/library/cc512654.aspx [microsoft.com]).

Re:Stand drill

[AP31R0N]

You broke my heart!

i joyfully clicked that link, eager to see a frozen hard drive shatter like glass. But all i found was a T2 clip. Now i have blue-eyeballs and have to watch a few Will It Blend videos.

Thanks for nothing!

__

i've always wanted to try using duct tape to strap an HD to a sledge hammer. If i used enough tape, the pieces would stay somewhat together. Eventually i'd have a duct tape bag full of HD bits.

Re:Overkill?

[GiMP]

You can always melt it [backyardmetalcasting.com]. A blast furnace will degauss it for you too, for no additional fee ;-)

Re:Overkill?

[Gilmoure]

Every drive at my place of work does not leave. They have a big ole shredder that eats drives and spits out rice grain sized pieces of metal. This is for all drives, not just classified materials ones. Is too easy to be safe this way.

Re:Overkill?

[rsmith]

If you read the enhanced version on his homepage, he says that he didn't update the paper because it is practically unfeasable to try and restore overwritten data from a modern disk. In the epilogue he says:

Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging.

Re:Overkill?

[rsmith]

Gutmann's paper was based on 1990-era technology. And even then you didn't need all 35 passes, just the ones that correspond to the encoding used on the disk. If I read the enhanced version of the paper [auckland.ac.nz] correctly, restoring even plainly overwritten data from a modern disk is a hopeless task.

Re:Overkill?

[Wee]

I've shot more than a few dozen drives. At a previous workplace, we had to come up with a policy for destroying drives on decommissioned machines (you never know where an SSN might have been left laying about). It was decided that overwriting the writable sectors followed by physical destruction of the controller board and at least four holes through each platter was acceptable.

I'd just save them all up in a box and whenever I'd manage to make it out to the desert, I'd bring them with me. We'd shoot them all pretty well full of holes. I'd clean the target area up and send it all off to be recycled.

We never offered certificates of destruction or anything. Writing the number of drives that were in the box and counting the husks as they went back in when we cleaned up was about the extent of it.

The spec only said that the platters/controller had to be perforated, and didn't specify the method or device used. Some of the more fearful types found out I was shooting them and objected on moral grounds (or whatever). So the policy was amended such that the drives couldn't leave the premises unless all three steps had been performed. So we had to waste time with a drill to appease the leftists. We still shot them, though.

-B

Not Overkill

[Pontiac]

I do work at a DOE site..

The current method is now an industrial shredder.. Nothing left bigger than a dime..
This goes for Hard Drives, Flash drives, cell phones.. Anything that can store data never goes out. till it's been through the shredder.
See one in action [youtube.com]