Smash up your hard drives
THROW DOWN your mouse and grab your toolbox as Which? Computing has a hands-on approach to making sure all information is removed from your hard drive.
The computer magazine wants to raise the awareness of the risks involved in disposing of your old PC without thinking about all the data still recoverable from the hard drive – and most valuable to an identity thief.
There are many a case of identity theft caused by the seemingly safe disposal of a PC, as readily available software can easily recover deleted files which the user presumes are gone forever.
Which? cites the case of a Mr. Skipworth (possibly not his real name) who was advised by Mesh Computers that his faulty hard drive would be wiped of all information before being sent back to the manufacturer.
Only a little while later Skipworth found he was being blackmailed by a man in Latvia who had got hold of some of his most personal information, and sent him one of his most personal photos to show he meant business.
This goes to show that even the computer companies don’t always realise the risks involved in hard drive wiping, as it is not 100 percent effective - either that or they don't actually care.
Most identity thieves of this kind trawl through the local council tips looking for old PCs, the less brassic may buy their hard drives from auction sites such as Ebay. The information gathered from this kind of foraging could lead to duplicate credit card manufacture, applications for birth certificates or as in Skipworth’s case, good old-fashioned blackmail.
So what is to be done about this problem we hear you cry – well Which?’s solution is simple, grab a hammer and smash the living daylights out of your hard drive.
This is no joke, according to Sarah Kidner, Editor at Which? Computing, “PCs contain more valuable personal information than ever as people increasingly shop online, use social networking sites and take digital photos. It sounds extreme, but the only way to be 100 per cent safe is to smash your hard drive into smithereens.”
You may get carted off to the looney bin when your wife comes home and finds you laying into your PC, but at least your data will be safe. μ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Fair enough. Although wouldn't it be enough to undo the screws and break the air tight seal? Actual removal of the platters is probably recommended, then for added fun, do the screws back up and chuck it out... he he he
...but how many people do you know that call the base unit of their PC the "Hard Drive". If it's anything like me; that's plenty of people.
So you'll have plenty of people smacking the snot out of their base units, because they think they're beating the bytes out of their box.
As well as being extremely wasteful, it's likely that whacking the side of your base unit isn't going to damage the hard drive, so it will give people a false sense of security.
Just unscrewing the lid on a hard drive won't do it. (this is how the data recovery experts get to the drive in case of head failure).
Degaussing and/or shredding the drive is completely safe, but expensive - to stop opportunistic data thieves, it'll probably be enough to physically damage the drive with a hammer, drill, angle grinder, drive a stake through it's heart..
A more sane approach would perhaps be downloading and using one of the numerous freeware security suites out there to simple wipe the drive before selling it. The data will still be recoverable with the right equipment, sure. But people who have that kind of equipment usually have bigger fish to fry.
Better for the environment, better for your pocket and even better for your safety.
If you plan on selling the Drive or PC it's in just 'Erase' it. http://www.heidi.ie/node/6 just run a 7 pass DOD erase or 35 pass guttman erase for the super paranoid, then delete all partition and re-partition and quick format the drive to a half a dozen random chucks, then delete all those partition and re-partition as a single drive and format.
If you plan to dump the drive, hitting the with hammer works well for drives with glass platters, but you really want to hammer a 6" nail though a aluminum platter drive a in a dozen or so place to be sure it's dead.
If you try to claim a dead drive under warranty then things get ugly, you either hand over your data basically intact or forget about your warranty.
I took an electric drill to mine, and photographed them:
http://camltastic.blogspot.com/2008/12/destroying-old-hard-drives.html
To all the people who respond "but that leaves 99% of the data intact", I'll mail you one and you get the data off then. You pay postage one way, I'll refund it double if you manage it.
One might laugh at someone who dumpster dives but a buddy of mine does it all the time and gets tons of stuff to sell. One of his most recent dives netted him HP server 8gig dimms that he sold on e-bay for $1600 a pair. He found 2 pair. I have done this also on offices that clear out and throw the machines next to the dumpster and have pulled out many many hard drives and sticks of ram. The procs are usually too old. I skip the small drives but sometimes there is tons of customer information on the ones you pluck even company tax information. Lucky for them I just erase the drives and someone dishonest didn't find them. When I worked at Merck they would destroy the hard drives either with a large magnet or punch a screw driver through the unit. Most companies should adopt this practive.
Open the drive's case and put the whole drive in the microwave for a few minutes.
You'll ruin the electronics in a few seconds but the platters would need more time.
I can't guarantee you won't destroy your microwave oven.
I do what Ben does, I remove the platters for use as coffee coasters - specially now that AOL CD's are so much harder to find! :)
For those who aren't afraid of a command line ...
boot a linux live-cd to the $ prompt
dd if=/dev/zero of=/dev/hda
Wait until it crashes with "out of disk space". Your data is now beyond any hope of easy recovery.
Incidentally, that's what most of these "trash your hard-drive" utilities do. Just be warned - even flat out, it takes quite a while to write half a terabyte of zeros to disk!
Cheers,
Wol
If the harddrive and the system it's in is still operable, there are plenty of programs to wipe the data on the drive. Darik's Boot And Nuke and the DoD's "scrub" utility comes to mind. Any DoD 5220.22-M compliant program will do. Doing several wipes using different programs might be good if you're paranoid.
When destroying the drive, be sure to wear protection... and do it away from windows. A harrdrive and a sledgehammer out on the loading dock sounds fun until a piece of shrapnel takes out a $300 pane of high-rise glass... Or your jugular...
If your company makes use of a document shredding service, their shredder can usually handle one or two harddrives at a time. Just be sure to check with the shredder operator before chucking them in the bin.
When I'm that paranoid about throwing out a drive, I usually disassemble it and melt the platters with a propane torch. I would bet my life on the fact that no one can recover data from a drive whose platters have been turned into a puddle of aluminum.
It is possible to safely wipe your data for good. It's not difficult at all and there are free tools for that. Most identity-thieves will only try to restore the recycle bin, assuming that the previous owner of the machine ever remembered to delete any sensitive data. You really shouldn't tell people to destroy their hardware, because some will actually follow your advice (e.g. Mac users).
I'll second the recommendation to use Darik's Boot and Nuke. It's a great, free and open source program based on Linux. Boot's from either a bootable CD, or floppy diskette.
http://www.dban.org/
Keep in mind though that it needs to have at least 8MB of RAM to run. This sounds laughably irrelevant at this point. But I have run into a few really old computers that some friends needed to have the data wiped before recycling the whole thing.
That's when you remove the hard drive from the case and take a hammer to it! Then recycle the hard drive in the scrap metal bin at the recycling depot, and the the rest goes in the electronics recycling area.
Hi-Bill here, got this nice invite I'm Passing On to You & family; heres Cut:
Dear Hillary,
On January 20th, Barack Obama is going to be sworn in as America's 44th President, and you can be there to witness history in the making.
It's going to be a remarkable moment when he takes the oath of office, a moment for America to come together and begin our journey down a new path. I know how much I'm looking forward to this great event, and I hope you will take advantage of this special opportunity to watch Barack Obama and Joe Biden become President and Vice-President of the United States.
The Inaugural Committee will select 10 supporters and their guests to travel to Washington and watch as the new president is sworn in.
Sheeish Screamed & Screamed, Well Come to Town & Stay.yet proclization isn't from commitee that pays for TEN, thats X in R.Nums,Guest Imports, of Course I Got one. Sir William drshek es & esq wire. this just in, solictation is for SELF Supporters.
Now Burn Hardrive for Security Reasons. Its actually illegal to ease dumped, data records.Pentagon does sell DVD dystroyer since 1963, My Uncle Had One.Probably required. Reason such was done stemed from 1960Russian Research Document published in US on How Small Data bit could be done optically, that being 5 nm, so fight for Secretcy. began, bloomed & slowly broke with Age limits. Itass NOT That TS, its just Secret.
On leopard you have the options of don't erase data, zero out, 7-pass, and 35-pass. I use TrueCrypt to encrypt all of my non-bootable hard drives, and Apple's file vault for the bootable one. I think the 7-pass is the most I would do (if I was planning to sell a hard drive), eventhough just zeroing the data would probable be enough kill any hope of someone recovering the entire encrypted disk image. Any company that handles people's personal data should be encrypting everything anyway and securely deleting it.
"I took an electric drill to mine, and photographed them: http://camltastic.blogspot.com/2008/12/destroying-old-hard-drives.html To all the people who respond "but that leaves 99% of the data intact", I'll mail you one and you get the data off then. You pay postage one way, I'll refund it double if you manage it."
Getting most of the data off a drive in that condition can certainly be done, but will cost at least 1,000 pounds. There are firms that specialize in such things (disaster recovery). Unless someone with a large budget is picking your garbage, your safe.
This article is suggesting that wiping a drive is not secure. But offers nothing to back that up. The story doesn't say the drive was actually wiped, just that the customer was told it would be done. Most likely the drive was not wiped. Very poor story, tabloid headline and nothing backed up by investigation. Very poor.
...Depending on how you manage it. I like to pass along things that work, in hopes that good ideas make their way back to me. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a breach.
http://16systems.com/zero/
The author of this article and everybody else recommending physical damage to the HD as the only way to ensure your data doesn't get into the wrong hands needs to visit the link above.
16systems.com should modify their challenge so that they include a textual file with their bank account number and PIN.
Then, some company doing professional data recovery on a lower level than 16systems.com ever heard of should recover the numbers and withdraw all the money from it.
1. Writing zeros to the drive once is not enough.
2. Wiping more than once is too time consuming even if you want to sell the drive.
So clearly, the best way is to actually destroy the platters.
Just put it in the dishwasher and pitch it out when you unload the rest of your dishes.
Get a set of small torx Bits.
Disassemble drive (10 min max)
Toss logic board in trash today
Get A pair of tin Snips
Snip platters into nice pizza slices
Toss in trash on 2nd collection day (mix with used Diapers if available).
I'd give even the NSA long odds on recovering much.