Forgot your password?
typodupeerror

The Homemade Hard Disk Destroyer 497

Posted by CmdrTaco
from the if-you-can-recover-that-you-earned-it dept.
Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."
This discussion has been archived. No new comments can be posted.

The Homemade Hard Disk Destroyer

Comments Filter:
  • Overkill? (Score:5, Insightful)

    by Miros (734652) * on Monday August 17, 2009 @08:52AM (#29090303)
    Why not just use a degausser? or DBAN?
    • Re:Overkill? (Score:3, Insightful)

      by cdrudge (68377) on Monday August 17, 2009 @08:57AM (#29090353) Homepage

      The paranoid crowd will argue that either method might still be able to be recovered. I thought I saw an article once here that in the real world basically debunked this myth. Physical destruction just takes the process one step further. Plus it's quicker then running some type of a disk wiping program.

    • Re:Overkill? (Score:4, Interesting)

      by Anonymous Coward on Monday August 17, 2009 @08:57AM (#29090357)

      I'd just use my rifle and a few rounds of .308 Winchester (or .303 British, 7.5mm Swiss, 8mm Mauser, whatever). Problem solved...

      If you really want to go low tech, a sledgehammer would do fine.

      • Re:Overkill? (Score:3, Informative)

        by Hubbell (850646) <brianhubbelliiNO@SPAMlive.com> on Monday August 17, 2009 @09:25AM (#29090687)
        Buy a package or 2 of sparklers, scrape the magnesium off onto the hardisk (encased or not, if cased maybe 2-3packages), light a sparkler and stick the end into the pile. Done.
      • Re:Overkill? (Score:3, Informative)

        by chaim79 (898507) on Monday August 17, 2009 @10:35AM (#29091663) Homepage

        I consider this one of the best methods, you get three great things out of this: non-recoverable drives, frustrations worked out, and some really interesting conversation starters if you take it apart (the disk platter deforms in very interesting ways when hit!) For example: This Drive [flickr.com] is no longer readable, and if you look at any of the photos that show the top of the drive, you can see how the disk platter deformed.

      • Re:Overkill? (Score:3, Informative)

        by Wee (17189) on Monday August 17, 2009 @02:14PM (#29095355)
        I've shot more than a few dozen drives. At a previous workplace, we had to come up with a policy for destroying drives on decommissioned machines (you never know where an SSN might have been left laying about). It was decided that overwriting the writable sectors followed by physical destruction of the controller board and at least four holes through each platter was acceptable.

        I'd just save them all up in a box and whenever I'd manage to make it out to the desert, I'd bring them with me. We'd shoot them all pretty well full of holes. I'd clean the target area up and send it all off to be recycled.

        We never offered certificates of destruction or anything. Writing the number of drives that were in the box and counting the husks as they went back in when we cleaned up was about the extent of it.

        The spec only said that the platters/controller had to be perforated, and didn't specify the method or device used. Some of the more fearful types found out I was shooting them and objected on moral grounds (or whatever). So the policy was amended such that the drives couldn't leave the premises unless all three steps had been performed. So we had to waste time with a drill to appease the leftists. We still shot them, though.

        -B
    • Re:Overkill? (Score:5, Interesting)

      by ByOhTek (1181381) on Monday August 17, 2009 @09:08AM (#29090493) Journal

      Where I used to work (~5 years ago), we used an erasure tool that wrote random data over the entire drive (10 times), then introduced the drive to "Mr. Band Saw" in the machine shop, to quarter the platters, on any DoD/DoE stuff

      • Re:Overkill? (Score:3, Informative)

        by Anonymous Coward on Monday August 17, 2009 @09:49AM (#29091043)

        A collegue of mine used to work at a financial institution where they had a special heat resistant receptacle for hard disk destruction. They put the stacks of hard disks down, put thermite packs on top, closed the lid, and punched the "ON" button. Said slag after cooldown was then put out for scrap metal.

        Another place didn't go with the thermite, but instead had an industrial grade shredder where the drives were tossed in, and parts the size of marbles came out the other end.

        Both methods work. The thermite is more thorough and fun to watch, but the industrial confetti also does the job well. In a business, I prefer the shredder, because it is more idiot resistant than highly reactive chemical processes.

      • Re:Overkill? (Score:3, Insightful)

        by CharlieG (34950) on Monday August 17, 2009 @10:54AM (#29091959) Homepage

        Last time I needed to really kill a drive, I put it in the lathe, and turned the platters - nice snall swarf chips

      • Not Overkill (Score:3, Informative)

        by Pontiac (135778) on Monday August 17, 2009 @05:17PM (#29097759) Homepage

        I do work at a DOE site..

        The current method is now an industrial shredder.. Nothing left bigger than a dime..
        This goes for Hard Drives, Flash drives, cell phones.. Anything that can store data never goes out. till it's been through the shredder.
        See one in action [youtube.com]

    • Re:Overkill? (Score:3, Insightful)

      by Miros (734652) * on Monday August 17, 2009 @09:11AM (#29090529)

      Someone should suggest that the Mythbusters "put this to the test," assuming their production company has the financial resources to pay for even modest data recovery services.

      Even that might be effective. If you have like, a dozen drives, all of them similar, all of them wiped, one of which contains good data (or worse, a group of which once comprised like, a RAID 5 array so you need at least a few of them) you would be looking at a hypergeometric distribution, and the actual probable cost of recovering the data could grow extremely rapidly to something quite impractical. If instead, you had a big box full of used drives, five of which had been bent in half, it might actually be cheaper

      • Re:Overkill? (Score:3, Insightful)

        by damburger (981828) on Monday August 17, 2009 @09:36AM (#29090819)
        TBH they might not have to pay at all. I'm sure data recovery companies wouldn't mind showing on national TV what they are capable of getting from an apparently bricked hard drive. It would be an advertising opportunity.
    • Re:Overkill? (Score:5, Interesting)

      by mellon (7048) on Monday August 17, 2009 @09:19AM (#29090619) Homepage

      A degausser weakens the magnetized regions, but it's still at least theoretically possible to read it if it's not done thoroughly enough. What I don't get is why you don't just take it apart and sand the platters clean. There's zero chance of reading it after that, and it's a lot less energy intensive than actually chunking the platters. Extra credit if you use the disk drive motor to spin the disk so that you can sand it without any actual effort...

    • by jonadab (583620) on Monday August 17, 2009 @09:29AM (#29090733) Homepage Journal
      Because for a system administrator, paranoia is a basic job requirement. Consequently, when it comes to data security, there's no such thing as too much overkill. Even when you have subjected the drive to a thermite reaction, let it cool, and ground the whole resulting mess down to the consistency of talcum powder, you still have to scatter the ashes over at least a thousand square miles of ocean, just to be sure. Ideally, you'd scatter half the ashes over the central Pacific, some of them over the north Atlantic, and the rest over the southern ocean.

      Extra bonus points if you scrub the platters with fluorine trichloride before putting it through the thermite reaction.

      Even then, you'll never be fully comfortable with the job until you destroy the entire galaxy that the drive was in. Maybe the whole universe. You can't be too sure.
      • Re:Overkill? (Score:5, Informative)

        by maxwell demon (590494) on Monday August 17, 2009 @10:08AM (#29091273) Journal

        Even then, you'll never be fully comfortable with the job until you destroy the entire galaxy that the drive was in. Maybe the whole universe. You can't be too sure.

        Just destroying the universe after the disk failed isn't enough. If many-worlds is true (and the paranoid sysadmin must consider this possibility), the fact that you destroyed the universe in this world doesn't guarantee that the data isn't destroyed in any other world. Indeed, you have to setup the universe-destroying device before writing the first bit of data onto the drive, and have it automatically triggered if it can't detect any accesses to the drive any more (after all, you might forget to activate it by hand in some of the universes). Only by setting it up before writing data you ensure that it will be in every universe where the disk contains any data, despite all the universe splitting going on.

    • by ripnet (541583) on Monday August 17, 2009 @10:22AM (#29091487)
      Just mark the drive 'fragile' and post it via CityLink (UK courier firm)... guaranteed that THAT data wont be seen again...
  • Stand drill (Score:5, Informative)

    by Nikademus (631739) * <renaud@allar d . it> on Monday August 17, 2009 @08:56AM (#29090335) Homepage

    I just use a stand drill. I goes through all the platters and the circuitboard.
    Fairly easy to find and purchase.

  • by wjh31 (1372867) on Monday August 17, 2009 @08:56AM (#29090337) Homepage
    Just give the hard drive to your kid with a hammer, tell them to go nuts, come back 10 mins later with a dustpan and brush and you are sorted.
  • Underkill? (Score:3, Insightful)

    by O('_')O_Bush (1162487) on Monday August 17, 2009 @08:56AM (#29090347)
    Sounds like you could fix it with... Pops-a-dent!

    Jokes aside, from the FA: "The Bustadrive, then, looks like it&#226;&#8364;(TM)ll thwart all but the wealthiest and most determined of hard disk hackers"

    So what they're saying is, this doesn't do the job as well as something like one of those DOD disc scraper/shredder things, but it is more fun, which I guess makes it news worthy?
  • by farnham (160656) on Monday August 17, 2009 @08:57AM (#29090355)

    My drill press makes for a very effective drive killer.

    Use what you got!

  • 7.62mm holes (Score:4, Interesting)

    by Bob the Super Hamste (1152367) on Monday August 17, 2009 @08:57AM (#29090359) Homepage
    I have always preferred putting some 7.62mm holes through old hard drives at a distance of 50 to 100m. Just remove the electronics so you don't end up with circuit board debris all over and old hard drives make great targets.
  • by operator_error (1363139) on Monday August 17, 2009 @08:58AM (#29090361)

    As the RTF states, data can be re recovered, given a financial budget & time.

    But I wonder. I posed the same question to a buddy awhile back, and he suggested baking the disks in an oven at 250 degrees C for an hour. The idea being that well, yeah, sure the magnetic platters can theoretically be recovered given time, budget, and determination. But still, the printed circuit board, etc. would be melted and thus ruined. Seems just as sensible, and more cost effective given readily available tools, (and sufficient ventilation!!!)

  • Oblig... (Score:5, Funny)

    by rumith (983060) on Monday August 17, 2009 @08:59AM (#29090369)
    Nuke your old hard drive from the orbit. It's the only way to be sure.
  • By destroying the drive, you make it so that the drive cannot be re-used. Why not just secure erase the entire drive? I bet it takes less time to plug the machine in and boot off a CD than it does to open the case, remove the drive, and then smash it. Isn't there some free software that you can use to securely erase all the data on a drive with minimal effort?
    • by chill (34294) on Monday August 17, 2009 @09:07AM (#29090469) Journal

      I bet it takes less time to plug the machine in and boot off a CD than it does to open the case, remove the drive, and then smash it.

      Not if you actually let the software RUN, it doesn't. Using DBAN on a 500 GB drive can take days, whereas this solution takes a few minutes at most. Your solution is only practical if you have one hard drive to destroy, and it is attached to a machine. The usual situation is the hard drive died and you replaced it with a good one, now need to make sure the dead one is REALLY dead before you toss it. Or, you have a batch of them that need to go because you're refreshing PCs.

    • by Tom (822) on Monday August 17, 2009 @09:07AM (#29090477) Homepage Journal

      RTFA. This is about drives that they don't want to use again. They're being thrown out. They just want to make sure no dumpster-diving hacker gets all their data.

  • Gross Overkill (Score:3, Insightful)

    by kingsack (779872) on Monday August 17, 2009 @09:13AM (#29090545)
    A ball pean hammer applied vigorously to the drive spindle will render all but the most wealthy and determined effort to recover data fruitless and even then it is highly unlikely that all or even most of the data would be recoverable.
  • Gutmann was wrong (Score:5, Informative)

    by feenberg (201582) on Monday August 17, 2009 @09:16AM (#29090575)

    There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data [nber.org] that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.

    • by Anonymous Coward on Monday August 17, 2009 @09:45AM (#29090945)

      Physically overwritten sectors are (almost) certainly unrecoverable. But what about remapped 'bad' sectors? AFAIK these cannot be accessed in any way by software wiping tools, but could be accessed and potentially read by tweaked drive firmware. They might be overwritten if you use the drive's own firmare erase command if it supports this.

      • by TheRaven64 (641858) on Monday August 17, 2009 @10:52AM (#29091933) Journal
        And how many of these are there? SMART can tell you how many sectors have been remapped, and I've only seen this over 50 on a hard drive that completely failed a few hours later. 50 512-byte sectors works out to be 25KB of data, taken at random from the data ever written to the disk. What is the probability of this being something useful? If you use encryption or compression on the disk - or the files - then these sectors will contain data that is completely meaningless without the relevant headers.
    • by arcade (16638) on Monday August 17, 2009 @10:10AM (#29091301) Homepage

      Let me pull a bugtraq posting from 2005 out for perusal. There are other interesting tidbits in that thread too.

      http://seclists.org/bugtraq/2005/Jul/0464.html [seclists.org]

      ===
      From: dave kleiman
      Date: Sun, 24 Jul 2005 15:30:30 -0400

      Here is a quote directly from Peter I received Saturday, he asked to have it
      passed on to the list.
      -Snip-
      >I'd love to hear some thoughts on this from security and data experts
      >out there.
      People should note the epilogue to the paper:
          Epilogue
          In the time since this paper was published, some people have treated the
      35-
          pass overwrite technique described in it more as a kind of voodoo
          incantation to banish evil spirits than the result of a technical analysis
          of drive encoding techniques. As a result, they advocate applying the
          voodoo to PRML and EPRML drives even though it will have no more effect
      than
          a simple scrubbing with random data. In fact performing the full 35-pass
          overwrite is pointless for any drive since it targets a blend of scenarios
          involving all types of (normally-used) encoding technology, which covers
          everything back to 30+-year-old MFM methods (if you don't understand that
          statement, re-read the paper). If you're using a drive which uses
      encoding
          technology X, you only need to perform the passes specific to X, and you
          never need to perform all 35 passes. For any modern PRML/EPRML drive, a
      few
          passes of random scrubbing is the best you can do. As the paper says, "A
          good scrubbing with random data will do about as well as can be expected".
          This was true in 1996, and is still true now.
          Looking at this from the other point of view, with the ever-increasing
      data
          density on disk platters and a corresponding reduction in feature size and
          use of exotic techniques to record data on the medium, it's unlikely that
          anything can be recovered from any recent drive except perhaps one or two
          levels via basic error-cancelling techniques. In particular the the
      drives
          in use at the time that this paper was originally written have mostly
      fallen
          out of use, so the methods that applied specifically to the older, lower-
          density technology don't apply any more. Conversely, with modern high-
          density drives, even if you've got 10KB of sensitive data on a drive and
          can't erase it with 100% certainty, the chances of an adversary being able
          to find the erased traces of that 10KB in 80GB of other erased traces are
          close to zero.

      Peter.
      ===

  • by will_die (586523) on Monday August 17, 2009 @09:18AM (#29090599) Homepage
    Here is an easier method [hackaday.com] (version that may make from work [gizmodo.com]).
    There are commerical version that do alot better bending job, try http://www.garner-products.com/ [garner-products.com] for videos and pictures to gladden your hard drive destroying heart.
  • by Anonymous Coward on Monday August 17, 2009 @10:25AM (#29091545)

    Mail it to yourself via registered mail and then refuse deliver. Once it enters the Post Office loop, it'll never be seen again.

  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday August 17, 2009 @11:43AM (#29092747) Homepage Journal

    Reduce - Buy the biggest disks you can afford, they're worth repurposing and you won't have to spend as much on successors or the attendant labor.

    Reuse - Repurpose disks for other purposes. Use last years' disks as part of your backup solution. Secure-format them on a low-power machine and put them on eBay.

    Recycle - There must be SOMEONE willing to break the drives down and give you back the platters for destruction. There's significant aluminum in some of those drives.

    All this crushing, drilling, and shooting of drives is fun. But it's also extremely wasteful. I understand destroying the drives if lives are at stake, but otherwise, stop.

  • by swordgeek (112599) on Monday August 17, 2009 @11:54AM (#29092923) Journal

    Seriously, everyone comes up with these elaborate schemes to physically destroy disks, as a means of destroying data. Let's say this one MORE time: Can your method provide with a consistent, known, and guaranteed level of data destruction?

    Consider the terms I used here.

    1) Consistent: Is this going to be the same for every drive?
    2) Known: How much effort in terms of hours and dollars is required to recover some or all of the data?
    3) Guaranteed: Oh, really? Prove it to me!

    With a software wipe, you can calculate (and measure) residual magnetism, and also account for 'hidden' areas on the disk (recovery sectors, etc.) With a hardware destruction method, what can you guarantee me?

    In fact, the gushing article from PCPro even shows the weaknesses of this method:
    "The Bustadrive, then, looks like it'll thwart all but the wealthiest and most determined of hard disk hackers"

    Whereas, to the best of anyone's (public) knowledge, a single random overwrite will wipe data beyond any hope of recovery. A pass with DBAN will wipe it completely out, and if you pay for EBAN support, you can even get a certificate guaranteeing the data destruction.

    Why are people so determined to destroy disks, rather than data? Even worse, people are eager to PAY for questionable disk destruction methods, rather than just simply destroy the data--what they want gone in the first place.

Each honest calling, each walk of life, has its own elite, its own aristocracy based on excellence of performance. -- James Bryant Conant

Working...