Where Old Hard Disks (with Digital Secrets) Go To Die

Hugh Pickens DOT Com writes "Justin George writes at McClatchy that in a 20,000-square-foot warehouse, where visitors are required to trade in a driver's license for a visitor's badge, some of the nation's secrets are torn apart, reduced to sand or demagnetized until they are forever silent. Need to destroy a rugged Toughbook laptop that might have been used in war? E-End will use a high-powered magnetic process known as degaussing to erase its hard drive of any memory. A computer monitor that might have some top-secret images left on it? Crushed and ground into recyclable glass. Laser sights for weapons? Torn into tiny shards of metal. "We make things go away," says Arleen Chafitz, owner and CEO of e-End Secure Data Sanitization and Electronics Recycling, a company with sixteen employees that destroys hard drives, computers, monitors, phones and other sensitive equipment that governments and corporations don't want in the wrong hands. Chafitz say the information technology departments at typical companies might not have the proper tools or training to adequately dispose of data. IT departments focus on fixing and restoring data, they say, while data-wiping companies focus on just the opposite."

Using encryption is the better option

[ffkom]

Using encryption not only saves you effort when the harddisk dies after years, it also provides security benefits during the drives lifetime and makes warranty-exchanges of young defect drives painless.

Re:

[maxwell demon]

Of course having a key of all zeroes is a bad mistake. That's why I always go away from that mistake as far as possible, by using a key which has no zero altogether. That is, a key of all ones. Clearly as opposite of the most insecure key, that's the most secure one. ;-)

Re:

[ArcadeMan]

We're in 2014, ROT26 has been a weak encryption scheme since the 1970's. You really should upgrade to ROT436207616.

Re:

[ebvwfbw]

Not me, rot13 still.
Abg zr, ebg13 nyy gur jnl.

Re:

[rubycodez]

wrong point of view. you have no way of knowing what algorithms will fall to simpler solutions or more powerful solvers in the future. and your favorite method might have a back door. or perhaps the key was make known

Re:

[C3ntaur]

This is why I have little use for cloud storage. Encryption is best thought of as a delay mechanism.

By 2025 a children's Speak & Spell Could Crack

[Warhawke]

You can’t hide secrets from the future with math.
You can try, but I bet that in the future they laugh
at the half-assed schemes and algorithms amassed
to enforce cryptographs in the past.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Poingggg]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.\

So I wonder how long voodoo from the age of DOS is gonna be taken as fact? An encrypted drive with a single wipe would insure there was zero data to recover and wouldn't be based on 30+ year old info, it would also deal with the real issue, the fact that there is no way to securely wipe an SSD that I know of, because SSDs don't "erase", just mark sectors as available to minimize writes.

Maybe because degaussing takes seconds (i think) and wiping takes hours? Not unimportant for a business I would think. (You are right about the SSD's though).

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[TheLink]

But will it blend?

Seriously though I was wondering why they were using so many different ways to destroy stuff when they could just use the same method to destroy most of them: very high temperatures.

You're not going to recover much from a hard drive that's been in a pool of molten "lava" for a mere 10 seconds.

If you insulate it well it shouldn't take that much power to maintain a pool of lava. Even easier if the site happens to be next to a volcano ;).

Of course you better have many security cameras just in

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[icebike]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

That's not half of it. There is also this bit:

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Re:

[drkim]

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Monitor burn-in.

http://stevenandy.files.wordpr... [wordpress.com]

Re:

[DarwinSurvivor]

They could be referring to screen-burn on old CRTs.

Re:

[ihtoit]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

Degaussing is only useful if you don't intend to use the drive again, considering the vulnerability of controller chips and servo tracks to strong EMP renders drives useless.

That's not half of it. There is also this bit:

A computer monitor that might have some top-secret images left on it?

Seriously? How does stupidity of this level actually make it to the real world?>

Burn-in. A common problem on CRTs and on early OLED screens (I just ditched a CRT with an image coldburned into the screen (you could actually make out what it was with the monitor turned off), and I have an mp3/media player that plays video on a 1.1" OLED - which has the player screen permanently burned in. Actually, somewhere around I

Re:

[DarwinSurvivor]

These are not your everyday run of the mill business hard drives. These are drives that other countries would invest significant resources to read. This could include malicious firmwares that detect wipes and "pretend" to be empty. Firmware infection is starting to rise and governments are realizing that "nuke it from orbit" is in fact the only way to be sure.

Re:

[mpe]

Not to mention it appears they are still using voodoo like having to degauss drives instead of simply wiping them.

Probably because people are prepared to pay money for it. At least this is a little more plausible than repackaging a novalty golf ball finder as an IED detector.

Re:

[DarkVader]

No, they were moved by stepper motors on quite a few hard drives. I'm sure some may have used linear actuators, but certainly not any hard drive I ever worked with back then.

Re:

[ihtoit]

I've never come across a hard drive with a stepper motor actuated arm. Care to cite a model number for me?

(I have a Quantum Fireball 5.25" 40MB drive that uses a voice coil actuator and two very strong rare-earth magnets to move the heads, the exact same technology used in my Hitachi Deskstars and in my 1TB Seagate 7200.12 SATA).

Of course, I stand to be corrected on this, but: model numbers, please, none of this "You're a fuckin' idiot!" bullshit.

Re:

[Anonymous Coward]

Why can't you just google it? Seriously. There's even video of an old hard drive with a stepper motor for the heads. Jesus Christ, if you still don't believe me, because you're under 25 and can't possibly imagine that the world was different before you popped into it, you can buy some on eBay.

What do you think RAMAC used? Here's a part number for you, you obtuse Asperger's ignoramus:

IBM 305

Oh wait, that was COMPRESSED AIR.

Oh geez, what's with all this history stuff? If only there could be some way to sto

Re:

[__aajfby9338]

My first hard drive was a 20M 3.5" full height SCSI drive made by Miniscribe. It not only had a stepper motor to position the heads; it also simply jammed the heads against a hard stop to find track zero to save the expense of an optical sensor. I don't recall the model number. That piece of junk didn't last too long.

Re:

[__aajfby9338]

A quick search for "miniscribe" on Youtube turned up the Miniscribe 3212 [youtube.com] and Miniscribe 3650 [youtube.com] as a couple of examples. Unlike my first Miniscribe hard drive (whose model number I don't remember), these ones appear to have optical sensors for track zero mounted on the outside of the stepper motor. Mine simply had a mechanical stop that the drive noisily buzzed against at power-up. But at least it wasn't a brick [vintage-computer.com] for the year or two that it lasted before failing.

Re:

[ncc74656]

I've never come across a hard drive with a stepper motor actuated arm. Care to cite a model number for me?

I'm pretty sure the Seagate ST225 I once had in an IBM PC/XT used a stepper motor to move the heads. Voice-coil actuators only came on the scene sometime in the late '80s or so.

Re:

[ihtoit]

ah, cool. I might even have one of those around somewhere...

Re:

[couchslug]

While encryption is desirable, hard disks, all of them, are trivially cheap compared to loss of classified into.

When in doubt, shred.

Duh

[g0bshiTe]

Silicone Heaven, otherwise where do all the calculators go?

Re:

[sunderland56]

Silicone Heaven, otherwise where do all the calculators go?

Didn't there used to be a strip bar named Silicone Heaven?

And yeah, there were a lot of accountants there.

Re:

[excelsior_gr]

You mean Silicon Heaven. Silicone Heaven is yo mama's boobs.

Re:

[dissy]

No he means Silicone. Calculators obtain that by displaying 58008
You can't spell out "mama" on a 7 segment display

(Kids these days!)

Re:

[Darinbob]

That completely changes how I understood that episode.

Jump The Shark

[retroworks]

Data destruction industry has finally "jumped the shark" with the posting of the Guardian Newspaper's hard drive destruction just a few hours ago. This sales pitch shows the billion dollar industry behind selling insurance to people afraid of digital losses via old hardware. http://www.theguardian.com/wor... [theguardian.com]

Identity theft and trade secret losses are real, very real risks. But physically destroying hardware is to data protections as toilet paper on the loo lid is to AIDS prevention. The real threats are phishing (getting employees to log in credentials on fake websites), and loss of active PCs (theft of laptops from the back of cars), and the new credit-card swiping devices used at Target stores are the actual risks.

I have heard the argument that physically destroying the disks eliminates the potential for bad apple employees to skirt the wiping of disks, and that with physical destruction you really control human error. I say bullhockey. When I have a staffer wiping disks, I can inventory the disks and randomly sample them to see if the data has been erased, and replace the staffer if necessary. If the drives are thrown in a mechanical shredder, how do I know a PARTICULAR drive was thrown in the shredder? How will I ever catch the bad apple? Try sifting through the scrap fluff for serial numbers to make sure the right one went through the machine.

The big opportunity is "digital haystacks", putting randomized and false data out, especially metadata. If enough bad data written on to drives, it has the added benefit of wasting the time of Russian hackers who have too much of it on their hands.

Re:

[SuricouRaven]

Physical destruction is something you do to put on a show for the boss's boss's boss.

Re:

[Anonymous Coward]

Physical destruction is something you do to put on a show for the boss's boss's boss.

"Look, Smithers! It blends!"

Re:

[fuzzywig]

We had the truck round to destroy a bunch of disks recently at work (most of the drives wouldn't have had anything on them, but a few might have been exposed to customer's credit card data), and watching this big green lump of steel turn a harddrive into tiny mettle chips was really fucking cool!
So yeah, maybe it's not necessary, but it's a bloody good show.

Re:

[dbIII]

Try sifting through the scrap fluff for serial numbers to make sure the right one went through the machine.

That's a very good point. In my case I could keep the part of the casing with the serial number after I've ripped the thing apart to get the magnets, but in industrial quantities that would require too much time. I'd suggest putting pallets of the things in steel heat treatment ovens for a bit but only because I've worked with those things. Maybe soaking them for a bit in vats of citric or phosphori

Re:

[Eskarel]

It sort of depends on the value of your secrets. People are reasonably certain that if you wipe random data over a disk 32 times that it can never be recovered, reasonably certain, with current technology anyway, well with the current technology we know about anyway. Now you have to ensure of course that it's been done properly and some dimwit hasn't just cleared a partition instead of the whole volume, and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ab

Re:Jump The Shark

[mikael]

Those smarter drives do insane things that having a pool of surplus disk blocks and having a virtual disk cylinder/sector map that can swap out old blocks that have become damaged and replace them with a new block. Just because you think you are writing on cylinder 32, sector 5, block 3, doesn't mean it's really at that location. Theoretically, it might be possible to fill up every possible block with data, but that's no guarantee.

So the only safe way is to destroy the hard disk drives.

Re:

[jamesmeece]

Usually using "Secure Erase" gets around this issue. Even for SSD's (assuming implemented properly, which most major companies do)

Re:

[tbuskey]

Exactly this. When the firmware automatically substitutes good sectors to replace bad sectors, you can't erase the bad. If there was sensitive data on that bad sector, you can no longer get to it to erase it unless you use a vendor (and model) specific program. Even if you have software for every drive, it will take far more time and labor to erase all the data. A shedder does it in minutes. You can't even spin a drive up that fast.

If your data is less sensitive that a sector being exposed is ok, use t

Re:

[tlhIngan]

It sort of depends on the value of your secrets. People are reasonably certain that if you wipe random data over a disk 32 times that it can never be recovered, reasonably certain, with current technology anyway, well with the current technology we know about anyway. Now you have to ensure of course that it's been done properly and some dimwit hasn't just cleared a partition instead of the whole volume, and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ab

Re:

[dissy]

and of course when you start dealing with SSD's or more expensive drives with smarter controllers your ability to actually do a write to every sector to achieve this goal is somewhat questionable

Every IDE drive made since the 90s has a multicore processor on it that is already more powerful than most hobbiest computers sold as actual computers just the decade before.

The translation between an address on disk to read or store a byte has not matched a static physical location since MFM drives, which most people these days have never seen or heard of.

Some brilliant hackers are only just recently reverse engineering these controllers, learning to run code directly on them.

This guy [spritesmods.com] even has a Linux kern

Re:

[tomhath]

I'd be happy with a log of what was destroyed. Maybe pictures/scans of the drive just before it was destroyed if the stuff on it was really important. Keeping thousands of wiped drives around so you can go look at them occasionally is kind of pointless

Re:

[drinkypoo]

The big opportunity is "digital haystacks", putting randomized and false data out, especially metadata. If enough bad data written on to drives, it has the added benefit of wasting the time of Russian hackers who have too much of it on their hands.

So how much of your time are you going to spend to one-up the Russians, well-educated in maths, by creating convincingly fake data?

wait... That doesn't protect against AIDS?!

[mekkab]

Guess I need to find a new General Practitioner! >:(

Re:

[Lumpy]

The IT security staff at Comcast required the power supplied to be destroyed as they can contain "data"

That is the day that I realized that IT security guys at most corporations are simply Cops that cant keep a job as a cop and fake their IT background.

Re:

[rubycodez]

you are silly, your process depends on *you* being trustworthy. A proper shredding program with witnesses at each step ensures the data is really destroyed, and keep those who can cause the most damage by being a bad apple, which mostly means you, in line.

Directed at Justin George

[g0bshiTe]

This is /. brother, I'm sure everyone here knows what the hell a degaussing gun does without the description there.

Due explain how other than burn in a computer monitor may still contain top secret images though.

Re:Directed at Justin George

[the_skywise]

Yeah I was about to post the same question.

But given the over-explanation for degaussing maybe it's something as simple as burn-in on old CRT monitors that did status displays for weapons panels/nuclear reactors, etc; ?

Re:

[miaDWZ]

[Do] explain how other than burn in a computer monitor may still contain top secret images though.

When it comes to security, sometimes you can never be too careful [slashdot.org].

Let me guess - GCHQ?

[dcollins117]

Just scanning the title of TFS I thought this was going to be an article about GCHQ technicians, angle grinders, and electric drills.

Degaussing? Really?

[Anonymous Coward]

Degaussing? On a modern hard disk, with that level of coercivity? Bloody amateurs. Degaussing won't do shit to a modern hard disk.

A dd zerofill pass is actually enough to stop the NSA and GCHQ in a determined 'recovery' attack, for any sector that's actually overwritten, to their immense frustration. Meanwhile, remapped sectors and removing HPAs are the domain of ATA Secure Erase - Enhanced, and all the firmware seems to do just what it says on the tin for that. One pass of each would be just fine.

Bets are

Re:

[Anonymous Coward]

Read the second and third links, this is a /. advertisement aimed at government surplus property managers. Those are the only people still capable of convincing that screen burn on a CRT monitor will be read by spies to obtain valuable secrets (like Windows 98 logos), and degaussing sounds very safe too.

Re:

[Lumpy]

Most executives are incredibly low IQ types that believe the crap such as degaussing this is who they cater to.

Re:

[datapharmer]

a drill is usually faster than zeroing out the drive and works for 99% of cases. Maybe not nsa, but it will even slow them down a bit.

Re:

[bill_tvm]

If the drive ain't working how you going to run dd on it mate?

If it's not being reused - go full industrial

[dbIII]

If it's not being reused then degaussing is a waste of time and money if an oxy torch or plasma cutter is available. Even cheaper would be the sort of rollers used to make steel rod from billets. I'm sure any junkyard on the planet would have even better suggestions for total destruction. You can't recover data from tiny fragments, especially if they've been heated up to less than red heat to lose their magnetism for a while and come back to room temperature with the magnetic domains in different places.

Re:

[sunderland56]

If it's not being reused, just build one giant Blendtec blender [youtube.com].

Re:

[rotorbudd]

Hard Drive meet Hammer Drill

Re:

[maxwell demon]

Those who will see your comment are not those why may need reminding. It's not the readers of Slashdot who give you the beta interface.

Re:

[hcs_$reboot]

Thank you for your feedback.

degaussing fails on SSD

[johnjones]

so when you want to take a storage device into rough environment would you take spinning media...

so the question would be what do they do to SSD...

John Jones

Re:

[AndroSyn]

I'd imagine physically shred the SSDs back into sand? When I've needed to destroy an SSD, I've just taken a power drill to the flash chips.

Re:

[MiniMike]

I took this to mean they want to keep the design of the optics secret.

Re:

[maxwell demon]

I have no idea what you speak of, but I guess AdBlock Plus and RequestPolicy would each get rid of it. Possibly NoScript would suffice, too. (I run all three, and that certainly is enough to not make me see it).

Re:

[jones_supa]

I have no idea what you speak of

He means the articles submitted by Hugh Pickens, who has "DOT Com" in his username, which some people see as an advertisement for hughpickens.com.

Re:

[Lumpy]

Yes it's called adblock plus. Stop trying to block ad's with greasemonkey.

Simpler, incinerate with common trash

[Framboise]

My town has a huge incinerator for common trash that will bring any computer component well over 1000C: most computer component would be finely destroyed to atomic level. As a bonus the incinerator produces electricity.
It would suffice to secure the transport to the incinerator and let heat finish the task.

Re:

[ImprovOmega]

Except for the environmental toxins that would release, I would agree with you.

What we really need is a local black hole to chuck unwanted devices into. Guaranteed information destruction baby!

Re:

[rubycodez]

you are funny, such a temperature does not render things to "atomic level", many metals won't even melt at that temperature. you will break down many toxic organics though. but you will turn other things into poisonous fumes (solids suspended in hot gases)

Paid Ad Again

[fat_mike]

EPC [epcusa.com] does the same thing. Though they don't degauss the drive. They completely destroy it. I am fortunate to have one of their recycling centers in town and believe me there is nothing like watching your hard drives go up a 30 foot conveyor belt into a 30 foot tall shredder and come out as slivers.

I don't work for them, I'm just damn happy they exist. Capitalism at its best, find a need and fill it.

Ye Olde "drill bit through the platters?"

[mekkab]

If you make a couple of holes with a 1/4" titanium bit, is there anything salvageable? Or is this service really marketed for the paranoids?

Re:

[NemoinSpace]

Not if you are counting on the disk spinning. But if you are seriously going through the trouble because your data *is* really sensitive, (even a HIPPA breach is a serious liability), then i suggest to you that all the sections of the disk without holes are pretty much readable. So, the long and short of this is, if you have a real need to destroy data, better not leave it up to the kid with the Ryobi.

Disgusting.

[Lumpy]

A lot of us firearm enthusiasts would love to buy used some of those military gun sights. I cant afford a $7800 laser sight, so they just destroy it to protect the manufacturer's high price point. It's why we dumped tens of thousands of Jeeps into the ocean instead of allowing Americans to buy them surplus, it would drive down the price of new cars and we cant have rich people making less money.

Re:Disgusting.

[Lumpy]

Then it's the idiot managers paradox. Because even if I gave you a $50,000 holographic night vision scope, 99% of the population could not hit a target unless they had the skill to actually shoot a gun. You know those videos of samalis holding the AK 47 above their head firing? all they are hitting are buildings and the ground, if they were fighting a trained enemy force they would be wiped out in mere moments. A well trained soldier from a western or eastern country could easily take out 20 untrained soldiers without effort or fear.

So someone having it is not a risk. Just like how they whine about people being able to buy defused grenades at surplus stores. Yes, someone with an IQ above 120 can make them work again, but the risk is so low it's not funny. Plus it is a lot easier to make a new one from gas pipe than trying to fix a Vietnam era grenade. But it does not stop uneducated people from being horrified that I can go and buy "grenades" for $5.00 each.

Re:

[ebvwfbw]

.... But it does not stop uneducated people from being horrified that I can go and buy "grenades" for $5.00 each.

Or having a cap gun with a red barrel on an aircraft in my Son's carry on. "Looks like a gun, he could threaten someone." I said only if they are in management here making decisions on what can be brought on an aircraft. That of course flew right over his head and wacked him in the back of the head the next month.

We shouldn't have to dumb everything down to the lowest level. Worry about what insane people think/do. They should be taken care of like we used to do, before they emptied out the wards in the

Have some fun

[m0s3m8n]

Have some fun with hard drives. AR-15 practice targets.

Re:

[jedidiah]

> Have some fun with hard drives. AR-15 practice targets.

Despite of all of the hysteria and propaganda, the AR-15 is actually pretty weak. If you're interested in destroying hardware, you probably want something with a bigger slug and better range. Even something with bolt action might be more destructive.

Re:

[ihtoit]

kind of expensive on ammo as well... I prefer my Air Arms Mistral .22 or my Webley Stingray .177. Quiet, accurate and a tin of 500 .22 pellets weighs the same as a pair of 32-round 5.56x45mm box magazines.

Re:

[__aajfby9338]

An AR-15 will destroy a hard drive just fine. I think that even regular soft-point hunting rounds would easily penetrate an old 5.25" full-height hard drive. I suppose that something with better range would be preferable if I found a need to destroy hard drives from more than 300 yards away...

Plasma furnace

[Anonymous Coward]

(posting as AC because) as someone who used to supervise drive destruction at a rather touchy agency... we used plasma furnaces. Would could still recover the odd bits from shredding.

Bitcoin wallets

[ArcadeMan]

If they're not stupid, they're checking to see if the drives don't have any crypto-coin wallets before destroying them.

Recycle them for scrap

[Hamsterdan]

That's what I do when a drive fails or becomes noisy. I keep some of the magnets, remove the board, heads and platters, remove the copper coil from the head assembly. When I have around 10 or 20 drives (5 to 10 pounds), I sell them to the scrap yard. Good luck retrieving data after everything has been tossed in the big aluminum bin. Not a big amount at 50 cents a pound though.

Working for the DOD

[tie_guy_matt]

One nice thing about working for the DOD is that Dell doesn't expect you to be able to return your old hard drive. Just say that your hard drive is defective and they will send you a new one no questions asked. Of course most of the people I know (myself included) were to honest and would only ask for a new HD if their old one was in fact defective. But I suppose if you were into using your power for evil and not good you could have gotten an entire collection of new HD's that way. You also could have been

Always elaborate and expensive

[Maxo-Texas]

Just dump them in a storage water pool for five or six years.

Oh- - I recently got an enclosure and am going through my old IDE drives.
The oldest so far is 8gig from 1999/2000. All work perfectly.
It was ironic that I had trouble tossing it in the trash even i had an 8gig memory stick I bought that day for $4.99 at Fry's. LOL!

The 80GB drive is more interesting. keep or toss.

These things are good forever if you dont' spin them apparently.

Re:

[jedidiah]

I just disassemble them. Yank out the disks themselves and separate them from their housing. If you had disks from more than one drive, I wonder if anyone could ever sort that out again.

16 employees?

[Brian Mahoney]

Odd that the number of employees is mentioned, to me anyway. What would happen if even one of those 16 was disgruntled, or whatever Snowden was? If the 20,000 sq. ft. warehouse, not that big at all, is just as secure as the NSA office where he worked, then another leak seems imminent.

when permanent secure erase is needed: recycle

[ihtoit]

660.32C melts aluminium, this temperature is fairly easily attainable in a domestic furnace (eg a garden incinerator or wood stove, a blacksmith's forge if you're of such a mind as to have one of these). OK, just doing a melt-n-pour into ingots leaves you with a variable-purity alloy containing 99.9 aluminium, the rest a mix of palladium, platinum and chromium, but that's still useful (and being ready melted in your own furnace guarantees you the data is gone forever, and you have full chain of custody of t

Re:

[ArcadeMan]

I will remember. I will read. Squirrel!

Re:

[ebvwfbw]

They don't do that. I've seen agencies and the destruction in process. They bring a truck out and destroy it on the premises with government dude watching. Granted the government dude is usually about as bright as a bowling ball and things could still get out. Never the less I've never seen the chain broken. If you know of a case, report it to their Inspector General.