Does drilling a hole into a hard drive suffice to make its data unrecoverable?

Question

We have a lot of PCs in the company and nobody wants to wipe a multitude of hard drives. We also have many apprentice toolmakers who really want to destroy things. Thus, every couple of months, our apprentices receive two heavy baskets of hard drives to drill through.

Some of my coworkers believe that this is absolutely overkill. I, however, believe that not wiping the drives before drilling through them might make some data recoverable.

According to this question, wiping with DBAN will make data completely unrecoverable.

DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.

How about drilling a hole?

Always encrypt everything on your hard drives, even though it is an hassle during reboots. This way you are sure no-one can read the hard drive, even in the case of leaking a hard drive by accident — Ferrybig, Aug 16 '17 at 07:31
[How to securely, physically destroy a hard drive at home?](https://security.stackexchange.com/q/100100/2138) and [How do you destroy an old hard drive?](https://security.stackexchange.com/q/11313/2138), both on [security.se], may be of interest as well. — user, Aug 16 '17 at 11:40
If you're looking at it from an efficiency point of view, then drilling is surely the more labour intensive option? A secure wipe sakes a few seconds to get started, and you can be doing other things while it works. You can buy a bunch of SATA -> USB cables and a powered hub so you don't have to mess around putting the drives into a machine. @Ferrybig If the only objective is to be able to securely discard drives, then you can remove the reboot hassle by having the drive auto-decrypt at boot. Then you just securely erase the key file when you want to discard. — Jon Bentley, Aug 16 '17 at 13:43
@JonBentley information on drive could be worth waiting one or two decades for more powerful computers to decrypt it, and there is a (tiny) chance that someone will suddenly find weakness in encryption algorithm, so it's better to destroy data physically — Victor, Aug 16 '17 at 16:00
@Victor Yes that's a useful point to consider, but not relevant to my comment. I was arguing for secure erasing vs drilling, not encryption vs drilling. The second part of my comment was that if you've already opted for encryption per Ferrybig's suggestion, then there is a way to avoid the inconvenience aspect. — Jon Bentley, Aug 16 '17 at 16:25
RE: your comment about overwriting every byte. Check out [my question](https://security.stackexchange.com/questions/8965/how-to-recover-securely-deleted-data) about recovering from that. — Canadian Luke, Aug 16 '17 at 16:31
If they're enthusiastic, have them use a belt sander rather than a drill. — Mark, Aug 16 '17 at 18:43
Why not just get a metal forge. Put all the metal in heat to whatever thousand degree, and let melt. Your apprentice toolmakers can make something new with the metal. Now the data is destroyed. — cybernard, Aug 16 '17 at 19:00
@Victor If the encryption is done right, you'll have to wait a lot longer than one or two decades. Compare [Amount of simple operations that is safely out of reach for all humanity?](https://security.stackexchange.com/q/6141/2138) on [security.se]. (Admittedly, this assumes no huge breakthroughs in cryptanalysis of modern ciphers, but I find the existence of a *major* flaw in, say, AES, to be unlikely, particularly one that would allow decryption at many orders of magnitude faster than exhaustive key search. Not inconceivable, but unlikely.) — user, Aug 16 '17 at 20:03
We belt sanded some (completely to dust). Hydrochloric acid was too slow (destroyed casing quickly, but platters "survived"), but [hydrocholoric + nitric](https://en.wikipedia.org/wiki/Aqua_regia) was quite sufficient. — Eric Towers, Aug 17 '17 at 05:43
There are HDD destroyer devices available. They are a bit expensive for small businesses but otherwise good since shredded drives are hard to recover. And they make the job safer and a bit more straightforward. — , Aug 17 '17 at 08:58
I hate to sound ultra crazy, but putting a .50BMG round through a hard drive causes a lot of damage on impact - seven drives I've totally obliterated this way over a handful of years - I don't own the gun but a friend who has a license for those weapons and a huge private area he owns let me do this. Took an old hard drive to his range and shot a .50BMG round through it - the entire set of drive platters was shattered, and I mean *shattered* to bits - probably the most inefficient way to destroy a hard drive but eh, it totally destroyed the platters. — Thomas Ward, Aug 17 '17 at 14:36
@corsiKa All of them are. However, I think the same question about SSDs would also be quite interesting. Here might be the answer: https://www.backblaze.com/blog/how-to-securely-recycle-or-dispose-of-your-ssd/ — RubbelDieKatz, Aug 18 '17 at 05:14
@cybernard Cost? The considerable safety issues around handling molten metal? The time and cost of the training required to mitigate those issues? The fact that other, much easier, much simpler solutions are available that don't require equipment that won't be used for anything else? — David Richerby, Aug 18 '17 at 13:07
Superuser answers that, too: https://superuser.com/questions/343198/destroy-a-hard-drive-without-proper-equipment/343216#343216 — woliveirajr, Aug 18 '17 at 18:08
There was a very nice video here, and there is still a small written explanation: http://www.networkworld.com/article/2202487/data-center/google-crushes--shreds-old-hard-drives-to-prevent-data-leakage.html — Andrea Lazzarotto, Aug 18 '17 at 20:58
@DavidRicherby It might be possible to recovery data around/between the drilled holes, this is a non-issue for my solution. They have to do to it every couple months so the safety skills they learn won't goto waste. Additionally, your going to end up with approx 100lbs (maybe less) of metal so you don't need a big crazy forge, just a small one. A couple propane or similar torches and a crucible, toss everything in and wait. — cybernard, Aug 18 '17 at 21:54
Drill a hole in it, then drive over it with your car, then put it on a charcoal fire for about an hour. Remove when evenly browned. — Hot Licks, Aug 18 '17 at 22:25
Melting hard drives full of data? Are you trying to make a sonic screwdriver? cos that's how you get a sonic screwdriver... — Engineer, Aug 18 '17 at 23:23
The massive overkill in these answers feels like the end-scene from Terminator 2. — smci, Aug 20 '17 at 21:07
I use DBAN to wipe the data (usually an overnight run) then I disassemble the disk and use the angle grinder to obliterate the platter. Then I stick the magnets on the fridge and challenge my children to try get them off :-) — , Aug 21 '17 at 01:33
There is a defcon talk about destorying hard drive on the fly in server room. With out trigeerring security or fire alarm. I don't have the link on my phone but I feel its mandatory link on this question! — Drag and Drop, Aug 21 '17 at 10:04
If you're paranoid, disassemble the drive, drill through the platters and toss them out (or melt them down). Reassemble the drive and pretend you never touched it. — Clearer, Aug 21 '17 at 11:29

score 165 · Accepted Answer · edited Sep 08 '21 at 16:13

165

Drilling a hole in the drive enclosure which passes through all the platters will make it impossible to run the drive. Most modern HDDs don't have air inside the enclosure, and you've let what was in there escape. You've filled the cavity with tiny pieces of drill swarf, which will be on everything including the platters, and will crash the heads if someone tries to lower them onto the rotating platters. You've also unbalanced the platters, though I don't have an estimate for whether this will be fatal. The drill bit will likely pass through the controller board on the way, which though not fatal will certainly not help anyone trying to hook the drive up.

You have not prevented someone from putting the platter under a magnetic force microscope and reading most of the data off that way. We can be fairly sure this is possible, because the SANS paper linked from the linked SF article demonstrates that you can't recover data from a platter with an MFM after a single overwriting pass, and such a test would be completely meaningless if you couldn't recover non-overwritten data using the same procedure.

So drilling through the platters will very likely prevent data from being read off the HDD by normal means. It won't prevent much of the data being recoverable by a determined, well-funded opponent.

All security is meaningless without a threat model. So decide what you're securing against. If you're worried about someone hooking up your old company HDDs and reading them, after they found them on ebay / the local rubbish dump / the WEEE recycling bin, then drilling is good. Against state-level actors, drilling is probably insufficient. If it helps, I drill most of my old drives, too, because I am worried about casual data leakage, but I doubt the security services are interested in most of my data. For the few drives I have which hold data that Simply Must Not Leak, I encrypt them using passphrases of known strength, and drill them at the end of their lives.

edited Sep 08 '21 at 16:13

Chris

113
4

answered Aug 16 '17 at 06:51

MadHatter

78,442
20
178
229

14

Most HDDs have their board (and arm "engine") off the disks. That's why they are rectangular and not square. You won't hurt the board by drilling the disk (you may destroy the head's arm though). Of course HDDs *have* air inside (otherwise you couldn't not open them without excessive force) they even have breathing hole with filter. Open one and you will see. A determined attacker could be able to open the disk clear, replace damaged heads if needed, rebuild and read (most of) the data. – goteguru Aug 16 '17 at 09:30
17

@goteguru *"Of course HDDs have air inside"* Except those that don't, of course; such as for example these new-fangled helium-filled drives. – user Aug 16 '17 at 11:36
13

@MichaelKjörling Yes, yes of course. All has some gas in them. That's the correct wording. Nevertheless the point is the same. Helium filled drives will go happily with simple air. No problem. Dust, maybe humidity can kill the drive fast, special gas is just an extra. – goteguru Aug 16 '17 at 11:52
1

@MichaelKjörling new-fangled? like 20 years-already-done new? – Swift Aug 16 '17 at 14:24
2

@MichaelKjörling The point is, the air won't eat away the HDD platters, even if the drive was initially filled with helium. – Dmitry Grigoryev Aug 16 '17 at 14:45
12

A while ago, I visited the Information Security Research Group's Computer Forensics Research Lab and the Senior Lecturer / Advanced Data Recovery Consultant demonstrated the many ways that they can recover data off of HDDs and said that, pretty much, the best way to destroy HDDs and their data is to leave the platters in water then air to rust them. – mythofechelon Aug 16 '17 at 15:34
9

No; Like MadHatter mentioned, simply drilling a hole will not render all drive data unrecoverable. This is also going to depend on how large of a hole is being drilled. Forensic labs can pull platters and run those individually through data dumping hardware/software in clean rooms. A solid swing or 2 of a sledge hammer can be very effective and may help reduce some stress as a byproduct.. Just don't forget the protective eye wear! This will be effective on just about any drive whether they store on platters or not. – eyegropram Aug 16 '17 at 16:36
2

"So drilling through the platters will very likely prevent data from being read off the HDD by normal means." But so would a secure wipe, and that would also leave the disk (re)usable and thus reduce waste. – qris Aug 17 '17 at 07:07
1

@qris yes, I completely agree. Do, however, read the question: the OP stipulates that wiping the drive will work well, and wants to know if drilling will work comparably well; telling him/her that secure wiping works well isn't really answering that. I take your point about environmental impact, but I also feel that it is permissible to make a sufficiently small mess in a sufficiently good cause, plus it's a different question. – MadHatter Aug 17 '17 at 07:23
2

I usually get a good heavy hammer, put the disks down, and give it a jolly good whack in the center where the axis is. The shock will splinter all platters in gazillion tiny fragments. A lot more fun, and you get a great rattler. Of course that won't work for ssds, for those I suggest tearing them open with big tongs, then whack the chips., but then you might have to account for particulates you let into the air which may be a health hazard. – Tschallacka Aug 17 '17 at 07:58
3

@Tschallacka I suspect that will work fine with glass platters, but not at all with aluminium ones. I have no doubt the drive rattles afterwards, but there are other things inside the enclosure to come loose and rattle around besides bits of platter. I do recommend watching [the DefCon talk](https://www.youtube.com/watch?v=-bpX8YvNg6Y) that rinukkusu links to: if 100g of shaped-charge explosive detonating on the drive case doesn't shatter the platters (which it doesn't) then I doubt that a "*jolly good whack*" to the spindle will do so. – MadHatter Aug 17 '17 at 08:15
2

@Tschallaka this will work with some makes and models that have glass platters - not so much with metal platters (which are more common). And actually, helium fills (as opposed to just cleanroom air protected by a filter) will still be uncommon on what we are *decommissioning* these days.. – rackandboneman Aug 17 '17 at 10:26
1

If I really want to destroy a hard drive and make it un-recoverable I tend to drill holes in it with 7.62 NATO rounds... multiples. Although multiples probably aren't needed, it sure is FUN :) – ivanivan Aug 17 '17 at 12:28
2

A little faster and more destructive than drilling is a concrete chisel point with a 4 lbs hammer. You can punch 3 holes in <1 minute. – Trevor Boyd Smith Aug 17 '17 at 12:34
36

Upvoted specifically for this... **All security is meaningless without a threat model** – barbecue Aug 18 '17 at 18:23
2

@mythofechelon Why would that be the best way? It takes a long time, during which said drives could be stolen. But physics tells us that raising the hard drive platters beyond their Curie point causes the magnetic domains' alignment to be lost, becoming totally disordered. So exposure of the drive to temperatures in excess of 1200 degrees Celsius guarantees permanent, total loss of the information contained therein, irrespective of threat model. The complete liquefaction of the drive would be even better. An oxyacetylene torch or the Fe2O3-Al thermite reaction can generate the requisite heat. – Iwillnotexist Idonotexist Aug 18 '17 at 23:13
2

+1 Comment about threat model and who attackers of interest are. This is crucially important. Another way to look at question is economically. What is the value of the data to you? To potential attackers? Is it worth it to attackers to use, say, advanced, expensive lab equipment and time required do the recovery? Is it worth your time to destroy the data in a more elaborate fashion? – user2460798 Aug 20 '17 at 01:07
1

-1 for misinformation: hard drives use air bearings to levitate the head over the platters. Hard drives **must** contain gas of some sort, helium or air, otherwise the head will crash into the platters. If you wanted to ruin your hard drive, hook it up to a vacuum pump and power it on. – Nick T Aug 21 '17 at 04:06
1

@NickT I completely agree with you, which is why I wrote *most modern hard drives don't [contain] air* (which is, whether you like it or not, literally true) rather than *most modern hard drives contain vacuum*. I'm sorry a few people read the first as implying the second, but the sentences are quite different to each other, and I'd prefer not to be censured for something I didn't say. – MadHatter Aug 21 '17 at 06:21
2

A couple of things: to me, in a colloquial context like this, "air" meant "gas", so I was *very* confused by your first second sentence. Second, *"what is your threat model?"* seems to be the newly-legitimized *"ionno, what do you think?"* It's an easy cop-out, but the reality is when a layman asks asks an expert a security question, he often **DOES NOT KNOW** his threat model, as he neither knows which attacks are possible, nor the likelihood of each. You need to explain both and *make an educated guess* for the latter. *Should* he be worried about state actors? Do others in his shoes worry? – user541686 Aug 22 '17 at 03:28
1

@Mehrdad here's the thing: SF *isn't* a colloquial context for those of us who do this professionally. We're using language *very* precisely, because when you're trying to diagnose TLS handshake problems, DNSSEC misconfigs, or similar, considerable precision of thought and language is required. Do by all means read without thinking, but don't expect others to shoulder the blame. As for the threat model, [we're here for questions on *professional* setups](https://serverfault.com/help/on-topic), and professionals are expected to have thought about their threat model already. – MadHatter Aug 22 '17 at 06:27
1

@MadHatter: It seems like you didn't understand anything I said. First, I said the context for the word "air" was colloquial, in that I'm 100% sure some non-chemists will read this and think "no air" = vacuum. Second, where was I asking for *less* precision? I was asking for *more* precision in your answer: instead of just a vague-but-technically-correct "it depends", I was saying you should give an accurate assessment of what the general practice is and what other similar professionals consider tolerable. Yes, he's *a professional*, but that doesn't mean he knows all possible security risks. – user541686 Aug 22 '17 at 06:56
@MadHatter: FYI, I hadn't even seen that others had commented about this issue until now, but now I finally did. That makes your response even more lame, since my prediction was just proven correct (though yes, you have no way to verify this) and you're just defending something that's already misled other people too. If I were you I would fix my answer instead of claiming "precision" as an excuse. When your readers don't understand what your'e saying, it doesn't matter anymore if you think you're "right". – user541686 Aug 22 '17 at 07:01
@Mehrdad you may feel my readers don't understand what I'm saying. Count the upvotes on barbecue's comment above, and on Michael Kjorling's rebuttal of goteguru's original complaint, and consider that *others might not be making the mistakes you are*. – MadHatter Aug 22 '17 at 07:55
@MadHatter: What the heck are you even replying to? barbecue's comment is about the threat model. I'm saying your readers do not understand what you're saying about helium vs. air. Are you even reading the same page? The concern I had related to the threat model was NOT that your readers misunderstand what you're telling them -- they understand you perfectly fine. The concern was that they don't necessarily know what they should consider a threat and what they shouldn't. Are you even *trying* to understand what I'm saying? You keep making me chase your tail in a circle. – user541686 Aug 22 '17 at 08:41
@Mehrdad you wrote "*when a layman asks asks an expert a security question, he often DOES NOT KNOW his threat model*"; I think it's reasonable to assume your later comments were in reference to the threat model, *inter alia*. I accept your subsequent assurances that your comments dated 06:56:10Z and 07:01:30Z above were intended to address only the gas filling issue, but that wasn't obvious at the time. I don't intend to modify my answer in the light of your comments, and I don't intend to continue this discussion here, as it's not the right place. – MadHatter Aug 22 '17 at 09:43
@MadHatter I can confirm the statement of *user541686* that non-scientists will most likely misunderstand your answer. I've read your answer and was of the impression that that "no air" means "vacuum". You could simply extend your sentence to make things clear. Don't be stubborn. – ViRuSTriNiTy Aug 09 '20 at 07:37

score 45 · Answer 2 · answered Aug 16 '17 at 07:04

45

The security policy for many companies is to universally physically destroy all data carriers, so plain old paper documents and prints, spinning hard disks, SSD's etc. all get shredded before they get recycled.

In that regard your question might be irrelevant and you may simply need to comply to that policy.

With SSD's becoming more prevalent it is also good to realise that software wipes are not reliable for SSD's.

With regards to physically destroying drives by drilling a hole: That will prevent normal usage, resale and refurbishing.

In many cases that may be sufficient, but while drilling a hole makes the disk inoperable that still only destroys a fraction of the data. With sufficient money to spend a determined attacker can still recover the remaining data. If that is a risk is something you need to determine for yourselves.

answered Aug 16 '17 at 07:04

HBruijn

72,524
21
127
192

9

+1 from me for the SSD case, plus the pointer about policy. +another, if I could, for *drilling a hole ... will prevent ... resale*: I'm now imagining the worst eBay feedback *evar*. – MadHatter Aug 16 '17 at 07:05
4

@MadHatter it happens frequently enough that security researchers buy batches of old drives, laptops and workstations and recover sensitive data. I can also quite easily imagine an engineer otherwise skipping the intermediate steps of binning gear and dumpster diving after following the companies policy to *"dispose of old drives"* and simply taking them home and putting them up on eBay for a quick buck. – HBruijn Aug 16 '17 at 07:22
2

Yes, indeed, see "*found them on eBay*" part of my answer above. – MadHatter Aug 16 '17 at 07:35
4

+1. for spinning drives, overwriting all sectors renders the data impossible to recover even for determined attackers, AND avoids wasting perfectly fine hard drives. – JanErikGunnar Aug 16 '17 at 10:43
4

Note that an SSD is comprised of multiple chips - several storage chips running in parallel connected to some controller chips. Depending on where you drill the hole, and how many holes you drill, the data may be more or less recoverable. I think all in all, running the TRIM command on the entire SSD is more secure than drilling it as well. – JanErikGunnar Aug 16 '17 at 10:48
2

For what it's worth, the standard for destroying hard drives and SSDs holding HIPAA (US personally identifiable health care) data is shredding the entire device. That's the standard because wiping and hole-drilling aren't reliably thorough enough to protect patient confidentiality. Disposal services operate monster grinding machines. They videotape the serial number on the drive, then the tossing of the drive into the grinder. Those grinders make the youtube series "will it blend" look tame. – O. Jones Aug 19 '17 at 11:54
1

Refurbishing is a bad thing now? – jobukkit Aug 19 '17 at 21:35
2

@O.Jones I suspect in the case of HIPAA data, the concern is not so much that wiping isn't reliable as that the people doing the wiping aren't reliable. If the wiping is done correctly, it's quite reliable. I suspect the HIPAA entire device shredding standard has more to do with not trusting the IT staff at some random doctor's office to understand how to properly wipe a drive than with actual vulnerabilities in a correctly-performed wipe. – reirab Aug 21 '17 at 15:28
2

worked for a company that had a tree shredder in the basement (one of those things used to shred tree limbs and stumps into wood chips). Everything was put through that thing, set at smallest setting so the shards would only be like half an inch in size, motherboards, video cards, network cards, hard drives, floppies. The resulting dust and fragments would go into an incinerator and be burned. Noisy, but it works. – jwenting Aug 22 '17 at 05:48

score 26 · Answer 3 · answered Aug 16 '17 at 09:18

26

Don't drill all the way through, just through the top of the housing. Pour in thermite and ignite!*

Definitely safer than drilling one hole all the way through.
Probably a lot safer than overwriting every bit too.
This will even take care of SSDs, though they may not have a hollow for powder to fill.
Your apprentice toolmakers will think this is a lot more fun even than drilling!

*do this outside.

answered Aug 16 '17 at 09:18

Adam Eberbach

377
2
5

30

Depending on what the apprentices are apprenticed as, "safer" is a relative concept when igniting thermite ;) – Toby Aug 16 '17 at 11:40
8

Related https://www.youtube.com/watch?v=-bpX8YvNg6Y :) ... Trying to "wipe" it with thermite, while it probably looks pretty cool, might not be the most feasable way to do it. – rinukkusu Aug 16 '17 at 12:25
4

This technique completely defeats the purpose of drilling. If you have time for this, you have time to simply wipe the drives. – Dmitry Grigoryev Aug 16 '17 at 14:42
4

"safer" is definitely not the correct word to use here. do you mean more secure? in both your first and second points. how is overwriting bits not a safe thing to do? how is drilling a hole not safe? – Octopus Aug 16 '17 at 18:45
1

@DmitryGrigoryev surely if you drill all the way through the thermite can fall out? But for my boring data a simple trip to the drill press is plenty. – Adam Eberbach Aug 17 '17 at 01:10
2

Or in my case, I decommissioned a cell-phone battery at the same time — two items killed with one blow (or nail, as the case may be). – JDługosz Aug 17 '17 at 08:52
2

Using thermite is not even remotely safe, it literally melts steel and causes molten aluminum to boil. No need for drilling a hole, just watch the 4000 degree molten metal turn the drive into a puddle. – barbecue Aug 18 '17 at 18:33
1

Thermite can be quite hard to acquire in many regions of the world. Not only will it wipe your disk, it will burn a small hole in your floor. – Mast Aug 21 '17 at 14:29
1

@Mast Or a large one, if your floor is flammable. – reirab Aug 21 '17 at 15:33
1

@reirab That would be one method of wiping the floor and the disk at the same time. – Mast Aug 21 '17 at 17:12

score 13 · Answer 4 · answered Aug 16 '17 at 12:57

Its worth remembering that drilling and other physical destruction methods are relatively fast compared to a wipe, and it is simple to verify that the disk has in fact been processed by looking at it, since unlike a wiped and unwiped disk, it is obvious that a disk with a hole in it will not work.

So, either a few hours, or a minute or (less!) with a drill press per disk.

You'd obviously want to tailor your approach for SSDs but the advantage with physical destruction for a lot of disks is speed and relative verifiability that the data on the disks is no longer recoverable.

score 13 · Answer 5 · answered Aug 16 '17 at 14:24

13

While drilling a hole is sufficient against most real-life attackers, why not buy an HDD shredder? It's only $3000 to $5000 for smaller models, and it works pretty well with SSDs too. Also, having your drives shredded will sound much more convincing in case of an audit than "we have drilled holes in them".

answered Aug 16 '17 at 14:24

Dmitry Grigoryev

588
4
14

2

just an industrial shredder with same capability may cost less.. specialized shredders are overpriced. E.g. here, in Russia it is almost a monopoly for one company-importer to exploit. – Swift Aug 16 '17 at 14:31
1

Just wondering... If drilling a hole is sufficient against "most real-life attackers", just what class of attackers would you consider hole-drilling to *not* be sufficient against? – user Aug 21 '17 at 15:04
3

@MichaelKjörling He did say 'most,' not 'all.' I suppose the wording also leaves open the possibility of imaginary attackers, dead attackers, or perhaps undead attackers. I'm not sure how attackers get multiplied by sqrt(-1), but the wording does seem to suggest such attackers might pose a threat. – reirab Aug 21 '17 at 15:39
2

@reirab I will readily admit that my comment was written slightly tongue in cheek, but given that the question was whether drilling a hole is sufficient to render data unrecoverable, it's not unreasonable for an answer that claims it will be for only some adversaries to discuss which class of adversaries it would *not* provide sufficient difficulty for. Not everyone has the luxury of not being of interest to relatively capable adversaries; if OP is considering drilling holes into HDDs to render them unusable, it stands to reason that they might at least be *considering* powerful adversaries. – user Aug 22 '17 at 07:21
1

@MichaelKjörling Oh, yes, I agree. My comment was a bit tongue-in-cheek, too. :) If your adversary is an APT (e.g. a state-level actor,) drilling holes may very well not be sufficient. – reirab Aug 22 '17 at 14:56
2

@MichaelKjörling I'm thinking about the kind of attackers which have sufficient resources to build a proper data recovery lab where individual HDD platters can be read and are OK with fragmentary data. E.g. if the drives in question are filled with plain-text credit card numbers, getting chunks of 16 consecutive bytes from the drive may already be a problem. – Dmitry Grigoryev Aug 22 '17 at 15:32
@DmitryGrigoryev, yes, after funding the data recovery lab and the salaries of the technicians involved, I'm sure a few credit card numbers will thoroughly remunerate the black-hat investors for their troubles. – Wildcard Aug 22 '17 at 20:08

score 9 · Answer 6 · answered Aug 17 '17 at 10:41

Drilling, or disassembling the platter stack and bending/breaking the platters, will certainly make any non-laboratory, non-multi-$1000 recovery effort futile. Any HDD, even 1980s types, relies on the platter surface being perfectly level, since aerodynamic effects are used to keep head and platter very close to each other without touching. Any reading method that can deal with a bent or perforated platter no longer resembles a hard drive, and would certainly not only require expensive and/or custom made equipment but would also be orders of magnitude slower than reading from an intact drive.

Theoretically, someone could attempt to modify the drive to do a partial recovery on tracks not interrupted by the hole, so to be safe, drill several holes so most concentric tracks are effected.

Damaging or removing (and separately disposing or keeping) the circuit board is either pointless (if dealing with an even slightly determined attacker - using a replacement circuit board from the same model is a common technique in data recovery) or absolutely sufficient (to deter opportunistic, trivial attackers like someone that would resell an intact drive not meant to be sold).

BTW, any claims about software-wiped data being recoverable depends a lot on two things: a) which encoding type was used (2000 and newer will likely be PRML, which already exploits any error margins it can to store more data), b) how the wiping method deals with HBA features and fault-remapping algorithms (and the spare sectors they use) in the drive (crude wipe programs usually won't, builtin "secure erase" firmware usually will).

If a drive's controller encrypts data using a key that is not stored anywhere in the universe except in the controller, destroying the controller may render the drive's contents permanently unrecoverable. Depending upon circumstances, that might be viewed as a good thing or a bad thing. — supercat, Aug 26 '17 at 18:39

Tuğberk Kaan Duman · Answer 7 · 2017-08-17T16:10:52.660

4

This question reminded of something. I studied Electrical and Electronics Engineering. We had a lecturer who used to work for the army. In one lecture he said that from time to time the army destroyed some HDDs.

Asked if anyone knows the correct answer about how, many answers came. Then he said, we take a sledgehammer. Make sure that it gets beaten hard. Right after that we shred it.

My only reaction to that was "primal". Seems like it is the correct way to destroy a HDD.

Also I suggest you to read this link: https://community.spiceworks.com/topic/586771-the-leftovers-is-drilling-holes-in-an-old-hard-drive-really-enough

It will most probably answer many of your questions.

edited Aug 17 '17 at 16:10

answered Aug 16 '17 at 18:40

Tuğberk Kaan Duman

151
1
9

6

Shredding I like; I'm less convinced that hitting it with a sledgehammer beforehand adds much. It seems a bit like administering a punishment beating to your treacherous henchman, then shooting him in the head. The beating might make you feel better, but it seems unlikely to have any long-term effect on his behaviour. – MadHatter Aug 18 '17 at 16:16
2

When I was in the Navy, we had to destroy thousands of disk platters and magnetic tapes when a secret project was dismantled. We had degausing wands (strong magnets), and had to wave them over the reels of tape and platters in a specific manner, then remove classification markings. – Steve Aug 18 '17 at 16:34
2

The army has access to explosives. Would exploding them with handgrenades or similar be more fun than just sledgehammering? – Thorbjørn Ravn Andersen Aug 19 '17 at 11:45
1

@ThorbjørnRavnAndersen no idea, but if I was at the army I'd explode them so hard. – Tuğberk Kaan Duman Aug 19 '17 at 12:29
2

I have destroyed hard drives with a sledgehammer. Highly recommended as therapeutic. – dmourati Aug 23 '17 at 03:18
Surprisingly, explosives could be far more ineffective than sledgehammers if just set off near or under a pile of drives - I could imagine them just caving in the top cover and erasing innocent bystanders with flying hard drives. – rackandboneman Aug 24 '17 at 22:12
@MadHatter hammering is a well known method to demagnetize objects. I can't say with 100% certainty it does anything to hard drive platters, but it is definitely used for demagnetization in other contexts. – Tim Seguine Nov 03 '21 at 13:26

score 4 · Answer 8 · edited Aug 20 '17 at 08:27

4

Hard drive platters are made either of aluminium or tempered glass. If you are to quickly render the data of many such drives absolutely irrecoverable, using a drill-press will utterly destroy the glass ones. (Even the smallest damage will cause them to fracture into thousands of shards.) After drilling the hole, the aluminium platters would be destroyed best / easiest by injecting a quantity of a strong lye (NaOH) solution. There are other methods f.e. throwing them into an active volcano, but this is how I would do it. 'Could do 50 over drives in an hour like that, I reckon. Do wear eye protection though -not only is lye a nasty substance, but highly tempered glass will violently shatter and project very dangerous shards.

edited Aug 20 '17 at 08:27

BaronSamedi1958

12,510
1
20
46

answered Aug 16 '17 at 21:18

William Snoch

49
2

22

Please don't put things on train tracks. – David Richerby Aug 17 '17 at 20:10
(Ignore my unfinished comment) The fact that my "dangerous suggestion" about putting it on the tracks was in the same sentence with the patently, even more absurd method of throwing it in an active volcano, flew clean over your head, no? I mean, folks who are so stupid not to get the jocular hyperbole of this, should rather not use dangerous power-tools, or caustic chemicals either. I suppose You would commend me for not advising to use 500 grams of Semtex as a method of destroying data on hard-drives. Not to mention cutting them up in small pieces and then eating them...really! – William Snoch Sep 14 '17 at 13:00
3

You suggested three things. One (drill press) was your recommendation. One (volcano) was so absurd that probably nobody would try it (most people don't live anywhere near an active volcano). The other one (train tracks) was of completely unclear status. It isn't obviously absurd, and the majority of the site's users probably live close enough to a railway line to try it. You say you intended it as a joke but this wasn't at all obvious, and there was a real danger that somebody would take it as a serious suggestion. Most people don't have access to semtex; eating is obviously absurd. – David Richerby Sep 14 '17 at 13:02
And if you think that putting something on the train tracks is so absurd that nobody would try it, I invite you to consider the number of people who die each year while either trespassing on the railway or driving across level crossings ("grade crossings" in North America) when the gates are closed and the lights are flashing. – David Richerby Sep 14 '17 at 13:09

score 3 · Answer 9 · answered Aug 18 '17 at 12:02

The plates can be removed, cleaned up and installed into another (new) hard drive. Cylinders that are fully outside the hole area should be readable no problem. This means, majority of the content, if there is only a single small hole.

The plates may be re-balanced by drilling another hole of the same diameter in the opposite side. Some means must be taken to prevent heads running over the holes, but looks possible.

Stilez · Answer 10 · 2017-08-23T03:00:47.920

There are two points here - what works, and what you should (or should not) do.

When I'm done with an old HDD, I open the top and heat it red-hot internally with a small DIY gas torch. It takes a few seconds from start to end. No magnetic data is going to survive the heat rise, which destroys/randomises the magnetic domains with absolute certainty, even if the plating on the platters wasn't oxidised/charred/burnt off and peeling. The case is easy to open too.

Notice the emphasis above: it's what I do. Almost certainly it isn't what you should do as a business. Nor is drilling, acid, electrocution, thermite, or any other fun activity. There are serious issues to consider before letting staff loose on the disks.

As an individual I'm fine doing what I prefer. As an employer your company is probably legally liable for staff safety and any accidents (in most if not all countries). I wouldn't allow my staff to do what I do personally. All it takes is one accident with a drill, due to exuberance or carelessness, some metal swarf to hit an eye, or anything else, and you can expect a visit from the lawyers who will ask you exactly what training and control your company gives, when it turns ugly.

Most of the alternatives suggested in other answers are a lot of fun - until they go wrong. At which point one person is in the line of fire. You.

Alternatives - top off case (ensures exposure as other answers state), and ideally some action that physically damages the platters (in any manner) but doesn't incite reckless conduct or risk an accident. Perhaps buy a hand-held demagnetiser (mains powered, produces a powerful local magnetic field designed to randomise data, has little or no harmful potential). Less exciting but a lot safer.

Our toolmaker apprentices are under supervision and using specialized drilling machines and wear protective gear. I think they'll be fine. — RubbelDieKatz, Aug 24 '17 at 05:40

score 2 · Answer 11 · answered Aug 17 '17 at 02:50

I take a two-pronged approach to sensitive data and old drives, that involve my children:

All /home/user directories are encrypted (with default Ubuntu home directory encryption).
All user data except for large work-in-progress media files, that is stored in custom directories, is encrypted with EnCryptFS. (Possibly doubly encrypted if under a /home/user directory - for standardization, not "extra encryption".)
If the drive is still operational at EOL:
- If it contained potentially sensitive data: a one-pass randomized wipe is performed.
- If no sensitive data: A new MBR or GPT table is written, a new partition created, and a few MB of random data is written. (Time permitting.)
All SSDs get hit repeatedly with a hammer and discarded.
All HDDs get handed to my children. They can do anything they want with them, with minimum parameters:
- All platters must be physically, individually removed.
- Platters must be physically scrambled/jumbled from all drives and within each drive (e.g. by scattering on the floor and shuffling them around).
- Making duct-tape animals out of the platters and parts is totally OK.
- Scratching the platters is totally OK.
- I've never gone farther than that, but throwing the platters in a bonfire, or taking a torch to them, might make for a fine additional step.

How does this answer the question of whether drilling a hole into a hard drive makes data irrecoverable? — user, Aug 17 '17 at 10:56
Two points: 1) I meant to reply with a comment rather than an answer. [Forgive me, I'm new.] 2) Many of the other comments AND answers are lighthearted and do not directly answer the question - while still sincerely addressing the implicit larger question [that also seemed implied], with excellent ideas and points. I get that that many on this family of boards are militant about the precise rules, and rewarded through gamification for doing so, thereby creating a hugely successful and useful franchise. So - the last point is just an observation, not a defense. The first point is my defense. — Jim, Aug 18 '17 at 19:52

score 2 · Answer 12 · answered Aug 20 '17 at 09:09

Considering that you''ve many drives to wipe, you may invest some time in an auto-eraser PC : barely a linux host that wipes any attached drive(s) and fill them with random data.

Then, destroy them physically :

For HDDs: an hydraulic press with a sharp end
For SSDs: 300V AC on the chips' pins.

score 2 · Answer 13 · answered Aug 24 '17 at 22:18

Adjunct: In case you want to orderly disassemble a hard drive to dispose of the platters, there is a trick to know. If you attempt to remove all the screws on the plate stack one after another, the last one or two will always appear to be immovably stuck, and the torque you can bring to bear on it safely is severely limited by the screw still being in an easily rotated part. This is because the unequal tension on the top washer invariably jams it into the threads. Loosen all the screws evenly but only very slightly at first, only then remove them all the way.

score 1 · Answer 14 · answered Aug 16 '17 at 20:35

1

Determined attackers will still be able to retrieve partial data and there are places I've heard that specialize in this sort of thing.

If you really want to wipe the drive's data, simply employ the Gutmann method (https://en.wikipedia.org/wiki/Gutmann_method). Then run the drive under a powerful electromagnet.

Anything short of this and you will at least have partial data recovery as possibility. That being said, unless the NSA or some organization with very high technical resources/skills is after your data, it's usually safe to just do a DoD 5220.22-M wipe(3 Passes).

The alternative is to melt down the drives, in which case data recovery is infeasible in any case.

Now the matter is different for SSDs, for normal attack vectors, a "secure erase" (typically available in your SSDs management software) is usually enough. TRIM does not erase data on an SSD, simply marks it as empty and ready for re-usage.

Otherwise, melting is still a good option :)

answered Aug 16 '17 at 20:35

Akumaburn

127
2

3

As the OP makes clear, the Gutmann method has been superseded by more up-to-date data. – MadHatter Aug 17 '17 at 05:38
1

Gutmann is worthless for SSDs (you can't count on getting the entire data area) and pointless for modern HDs (the magnetic domains are so small that a single zero-wipe pass will get everything). – Mark Aug 17 '17 at 18:54
1

"performing the full 35-pass overwrite is pointless for any drive" ~Peter Gutmann. The whole quote is on wikipedia. – TemporalWolf Aug 17 '17 at 21:58
1

@Mark I never claimed it was useful for SSDs. A single zero-wipe pass will be completely recoverable even with consumer grade software like Recuva. – Akumaburn Aug 18 '17 at 13:59
@TemporalWolf Hence my comment about it being overkill and using DOD 3 Pass overwrite being better for normal usage. – Akumaburn Aug 18 '17 at 14:02
4

I disagree with "Anything short of [Gutmann + magnet] and you will at least have partial data recovery as possibility." I have yet to see a single claim to be able to reliably recover data overwritten once with zeroes. That an attacker being able to do 6% better than random guessing via using an electron microscope means you don't have to worry about it. A single zero pass is sufficient to protect your data from anyone who isn't a state-level adversary... and even they are unlikely to be able to recover usable information. – TemporalWolf Aug 18 '17 at 17:31
5

Why do people continue to recommend a 20 year old technique designed to work with hard drives that haven't been manufactured for years and had a capacity much smaller than a cheap flash drive today? Even Gutmann says the Gutmann method is unnecessary, and he's been saying that for over a decade. – barbecue Aug 18 '17 at 18:47
1

@TemporalWolf That is patently false, again you can use CONSUMER grade software to recover from a single zero pass. Stop spreading mis-information. Do you work for the NSA perchance? – Akumaburn Aug 21 '17 at 14:28
3

@Akumaburn Gutmann even states right in the paper on his web site that "a few passes of random scrubbing is the best you can do". https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html If you're going to try to go against the person who studied how to reliably overwrite data on MFM and RLL media on the difficulty of recovery on modern media (which basically means *anything* made within the last two decades or so), you'll have to do better than unsubstantiated claims. – user Aug 21 '17 at 15:18
2

I've got a couple of decomissioned modern SATA drives that are basically sitting around waiting to be delivered to electronics recycling. I could wipe one of those, then write some data to it and overwrite that once more. How about I ship such a drive to you, you recover the data, and show me a sample? You pay shipping. I'll be willing to pre-publish something like a SHA512 hash up front. – user Aug 21 '17 at 15:19
1

@MichaelKjörling You've misread my answer and comments. Please re-read them in order. – Akumaburn Aug 21 '17 at 16:28
1

If you read my answer completely, you'll see I remark that the Gutmann method is extreme, and unnecessary unless facing an extremely well funded attacker and that a 3-pass wipe is the best option. Now what I did remark to TemporalWolf and Mark was that a **single**-pass zero wipe, is completely recoverable with consumer grade software on **HDDs**. – Akumaburn Aug 21 '17 at 16:35
1

Please, by all means link some of these "consumer grade software" suites which claim to be able to recover zeroed drives. – TemporalWolf Aug 21 '17 at 16:48
@TemporalWolf https://www.piriform.com/recuva/download , https://www.easeus.com/datarecoverywizard/recover-formatted-partition.htm – Akumaburn Aug 21 '17 at 18:04
5

Formatting a drive != a zero pass. Neither of those will recover anything from a single-pass zero wiped drive. From easeus: "Formatting a disk does not erase the data on the disk, only the data on the address tables." – TemporalWolf Aug 21 '17 at 18:09
1

@TemporalWolf Wrong! They are describing what is known as a quick format in their advertisement. A full format is the essentially the same as a zero wipe and Recuva works fine for that, as do dozens of other consumer grade software I'm sure as I've used it. – Akumaburn Aug 21 '17 at 18:49
4

easeus [again contradicts you](https://www.easeus.com/data-recovery/recover-data-after-dban.html): "In the process when DBAN is working on wiping disk data, you managed to interrupt DBAN before it finished its first pass. Only in this case, you might be able to use EaseUS hard disk data recovery software to recover data that hasn't been touched yet. If the entire disk has been erased, we're afraid that you're out of luck, and nothing could help with DBAN data recovery." – TemporalWolf Aug 21 '17 at 18:57
1

@TemporalWolf DBAN is not the same as single pass zero-wipe.. – Akumaburn Aug 21 '17 at 19:18
2

Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/64201/discussion-between-akumaburn-and-temporalwolf). – Akumaburn Aug 21 '17 at 19:18
1

If a drive decides to map out areas because of recoverable read errors (since attempts to reuse such areas will have a much higher-than-average likelihood of yielding unrecoverable read errors) such areas might never get overwritten no matter how many times one tries to overwrite the drive using conventional methods. – supercat Aug 26 '17 at 18:37

Tmanok · Answer 15 · 2017-08-17T09:38:55.990

0

Well seeing as Zero-ing out the disk using military grade writing doesn't suit your fancy, a sledge hammer will do the trick better than a car or drill press. my preferred method: metal CNC (Fusion 360 or find an online 3D model of a hard drive and feed that into a linux CNC) and watch the machine battle the machine! Gloriously calculated "paths" for the mill to follow!

Note that the military has their hard drives embedded with thermite (no joke) and they just shoot the darn things till they melt. Ooo nifty idea, take a torch to them, or cook them in an aluminum oven!

Personally the magnets are awesome and the platters make good mirrors so my bad drives are on the wall :D

edited Aug 17 '17 at 09:38

answered Aug 17 '17 at 09:14

Tmanok

247
1
11

3

What is this "military grade writing" of which you speak? – user Aug 17 '17 at 10:53
4

@MichaelKjörling capital letters, I'm guessing? – MadHatter Aug 17 '17 at 15:18
1

You cannot set thermite off by shooting it. Maybe with tracer ammo but even that is doubtful. – Journeyman Geek Aug 18 '17 at 00:23
1

https://en.wikipedia.org/wiki/Data_erasure#Standards Look for the DoD 5220.22-M it's available for all Operating Systems. Under Mac OS (x) you'll notice "Security Options" when wiping a disk, select that and then move the scroller farthest right. Also I have no idea in that case, a data specialist and Radio HAM in the military told me they coated platters in thermite and would shoot the drive. – Tmanok Aug 18 '17 at 00:37
2

Have a link confirming that the military (US?) actually puts *thermite* around their hard drives? That sounds insanely dangerous, computers (especially laptops & batteries) do overheat & catch fire sometime, it doesn't strike me as a safe practice. And where would they find the space for thermite anyway, laptops don't have much spare room, or are there really HD manufacturers that would stock thermite & put a sliver of it inside a HD, safely in their factory? – Xen2050 Aug 18 '17 at 15:57
2

When I was in the navy, we used normal 'ol hard drives. Both on shore stations and onboard ship, both for [SIPRNET](https://en.wikipedia.org/wiki/SIPRNet) and [NIPRNET](https://en.wikipedia.org/wiki/NIPRNet). – Steve Aug 18 '17 at 16:36
2

@Xen2050 - triggering a thermite reaction is insanely difficult. You have to get it up to a temperature of [1600K](https://www.researchgate.net/publication/287165856_Ignition_temperature_of_2AlFe2O3_thermite) to ignite it. Depending on how they arrange to trigger it, I don't see any safety concerns here. – Jules Aug 20 '17 at 08:02
8

@Xen2050 **“Note that the military has their hard drives embedded with thermite (no joke) and they just shoot the darn things till they melt.”** Yes, the original poster should please provide some context to this fairly ridiculous claim. It’s the kind of claim some self deluded “mall cop” would make. – Giacomo1968 Aug 20 '17 at 16:28
2

You all doubt, but there is no link that I can provide. If you aren't military and you aren't very technical military then you won't see any proof. Also this information is sourced from Canadian Military from a high technical officer I'm friends with. Whether you believe it or not doesn't affect me in the slightest. – Tmanok Aug 20 '17 at 18:08
5

@Tmanok So it's really only second-hand info from one friend of yours? Others in the military dispute the claim (Steve). Not that I don't believe you, I'm sure your one friend could've said that, but without any proof you should question your friend's claim too. (Just an idea, but for example was there any alcohol around when he made the claim?) – Xen2050 Aug 21 '17 at 06:18
1

Haha no alcohol we're both sober as can be permanently, not too many computer scientists that I know drink a whole lot. I'll follow it up to humour this chat. :P – Tmanok Aug 21 '17 at 18:34

score -2 · Answer 16 · answered Aug 16 '17 at 06:38

-2

DBAN may be preferable up to a given size. If you have to wipe disks containing terabytes of data it will take hours to wipe it completely.

Using a drill takes only a second. I'll let you do the math yourself what makes more sense for you.

answered Aug 16 '17 at 06:38

Gerald Schneider

19,757
8
52
79

3

But what's your answer to the question? You seem to state that drilling a hole makes all the data unrecoverable, is that correct? – pipe Aug 16 '17 at 13:44
2

It makes it unrecoverable for the vast majority of use cases. As the later answers explained in detail, it depends on the threat model if it (while it is the fastest method) is sufficient enough. – Gerald Schneider Aug 16 '17 at 13:54

score -3 · Answer 17 · edited Aug 24 '17 at 21:32

-3

Depends on the requirements of your enterprise and also the level of the group attempting to reconstruct your data.

Casual hackers may be defeated by this but some specialized agencies can get past, about, 6 layers of "wipe" and can also recover all the data but the hole (On raid though, they can usually reconstruct that, depending on whether they have some of the parity drive etc.).

In our copany, we bulk demagnetize and shred most. Some projects also require that the drives are disassembled and the individual disks sanded,.. after the demag and then a shred.

edited Aug 24 '17 at 21:32

Community

1

answered Aug 16 '17 at 17:07

Anonimo

11

10

"our agency can get past, about, 6 layers of "wipe"" is a pretty tall claim with no supporting evidence. I suspect there are a lot of caveats to that statement. – TemporalWolf Aug 16 '17 at 18:00

Does drilling a hole into a hard drive suffice to make its data unrecoverable?

17 Answers17

Linked