People looking to recycle old computer kit are being given confusing advice by local councils that could lead to identity theft, a consumer group has warned. Which? Computing magazine telephoned more than 100 councils across the UK asking for information on how to safely recycle defunct computers and monitors. Only two fifths …
The only way...
to "secure" personal information on an old PC when you get rid of it, as we should all know, is to remove the HDD and turn it into fine sand with a large hammer.
Nothing else comes close.
(Given the recent articles on data recovery from RAM, the more paranoid should employ the same approach here. The truly psychotically paranoid would probably be best pulverising all the internal components!)
Plus there's a distinct amount of satisfaction in the process.
Yup, this could be a typical scare story from a consumer advice group, media, etc.
Masked villans creaping around landfills at night dipping into the iccky goo pulling out slimey pieces of IT equipment with their hands, oooh the smell.
I usually find putting a great big dent in a HDD with a hammer and chisel is a good method of "Deleting".
Anyone who goes to the trouble of actually getting useful information off my hard disk after me and the landfill have finished with it may have actually worked hard enough to be welcome to my personal data, you may want to spend the money on Hep C jabs tho'.
Why not do what I do...
And keep your hard drive. They arnt that big, means no-one can get your data and means that If I do need anything from them it is not lost for ever (Well, possibly the older ones, but they are that old the data is probably useless anyway). One day I may get round to properly distroying them, but for now I think this is much safer.
My data erasing tool
If you can literally _see_ the platter in a bajillion pieces on your driveway, it's unlikely to be of much use to identity thieves.
Sounds about right
In the school I work at, there used to be no data destruction policy for EOL IT equipment. One of the first things I did was show the manager how much information I could get from an EOL PC (I got Staff access on the network in about 20 minutes, which gives read access to pretty much anything but other users areas and medical records, and write access to learning materials for that dept. Also raised web access priviliges).
Now everything we have is either run through a sheep-dip station (DBAN live CD usually does the trick), or taken down to D&T to give the staff some stress relief with a nail gun. It didn't cost a penny, and everybody is happy.
Actual hardware is handled by a contractor, unless Art are feeling a little New-Tokyo this term.
Invest in a large magnet.
A big magnet ought to do it. Something I learned the hard way when I couldn't figure out why two PDA's in succession stopped working after I had been in the workshop at work, where some very large magnets are kept.
Paris, because lets face it, she is probably using up a good few meg on most warm blooded males drives.
 connect drive to working machine
 boot from a DBAN CD
 select any of the DOD-standard wipe methods
 wait until it says it's complete
the software is freely available, in a bootable iso. rocket science it is not, really.
But what about recycling?
If you don't care that it'll never be used again, then degaussing or a large hammer (a 14lb sledge is a bit OTT - I find a few loving taps with a 4lb lump will do the trick) is fine. But if you want it to be reusable by someone else, then a simple low-level format should suffice. It might not be enough to stop GCHQ or the NSA getting (some of) your data back (in which case see solution above - you'll need a proper degaussing chamber though, not just a big magnet), but it will keep confidential customer data (or whatever you might want to protect) from appearing on eBay.
I usually go down to my local scrap dealer and get him to use an oxy cutting torch on my old HD's . Seeing them go up in smoke and end up in a molten pile is good enough for me.
Why is it the council's job to provide information or assurances about data?
You wouldn't just take a load of unshredded bank or credit card details to a public dump.
Once again, it's all about numpties owning computers who shouldn't be allowed if they can't operate them properly. Make them go back to 8 bit computers.
I could make a little fort out of them.
I've always removed the hard drive when decomissioning an old machine, I've an entire cabinet full of the things, never know when you might need suitable blackmail material on one of your (l)users. Ofcource, my own ones are always introduced to the horrors of my toolbox
@ Chris Hamilton
No need to spend out on a magnet, Chris.
Simply select a suitable screwdriver, from the massive range that every proper bloke keeps in the shed, and open up the case.
Pop out the platters and scrub with the magnets you'll find conveniently provided inside the case. Job done!
Good point sir!
Paris, because she's not so daft (hmm, perhaps she is)
It's no wonder we live in a Nanny State when magazines like Which? seem to think that the govt/local council should provide advice on every part of life, thus removing from the individual any possible responsibility to self.
Dispose of a drive?
My hard disks get disposed of only when they are totally knackered and NOTHING will recognise them due to things like the motors or bearings failing.
If it works, it gets kept until it dies, simple as that, and that goes for any component. No need for hammers then, is there.
@dispose of a drive
Your lack of understanding how the data can be recovered is obvious. The platters of the HDD can be removed even though your motor and/or bearings are kaput. All that needs to be done fromt here is remounting the platters in a WORKING drive unit. Hey Presto, your complete data is there on this working drive.
I have heard that it is possible to just look at the spindles without mounting and reconstruct the data from the 0's and 1's that are discernable under microscopes/ magnified cameras etc. Even badly fire damaged disks and the like. Even hammering them wil not remove all that data. Some will be recoverable. Re-writing random 0 and 1's or all 0's or 1's would work, but when you delete on your computer I think it just flags the addresses of the data as usable, doesn't actually write or delete them.
Now perhaps you understand that you are literally handing your data to anyone that is inclined to carry out any of the above methods.
Two flower pots
and some thermite does the trick for me, but that'll be the serious arsonist in me...
Take out platter.
Dress down to half thickness (on both sides) with an angle grinder.
Use map gas torch to reduce remains of platter to slag.
Or, zap the platter to bits with an arc welder...great fun!
The leather apron, please.
How you can put these two sentences together in the same comment strikes me as a touch amusing...
"Your lack of understanding how the data can be recovered is obvious."
"Re-writing random 0 and 1's or all 0's or 1's would work, but when you delete on your computer I think it just flags the addresses of the data as usable, doesn't actually write or delete them."
Are you sure that's how it works? You don't seem at all confident about it.
Just for those that are unclear, deleting simply marks the file space in the FAT that the space is available for rewriting over. This is how you get a fragmented disk for example. If you want to be sure, have an app that opens every single (and I mean every) file on your pc and refills it with an exact size match of 1's and zeros to erase the content. Then fill all the rest of your hard drive with random files full of random sequences. Then, once the drive is full, delete everything and start the process again, filling the drive with random files etc. Make sure it's all used up and that there really is NO space left. Then format it. Then run the sequence again. Then format it again. Then put it by a big magnet. Then hit it with a hammer.
Further reading might include: Ontrack
All that said, the old hammer and chisel methodology generally negates the cost/benefit ratio for the average potential doppelganger wanna be. Anybody who wants your data badly enough will get it unless the HDD has been completely melted down...just a matter of money and time.
Sysinternals offers a free utility as well that could be handy to wipe out a HDD or just individual files on a running system: sdelete
I ran it on my last laptop on D:\ and E:\ partitions before turning it in. Then finally started on C:\ just to see how long Windows XP can run without its system files. I wiped the ancillary stuff first and then System32. I watched with goulish train crash curiousity. I was impressed at how long it took to quietly expire.
Of course then they turned around and our contract disposal company offered it to me for 100€.
Like I said at the start...
(Pyromaniacs may burn/melt the remains if desired)
Goggles (not Googles) advised by the Health & safety Nazis.
I made a lovely garden shed.
Take the old hard drives and drill a large hole through it.
Cement into place. The large holes are good places to stick some rebar for strength.
Reuse at it's best.
PH, because she is VERY used.
Eraser, made by Heidi in Ireland, does the same good job as sdelete by Sysinternals.
I use it regularly on a scheduled task to erase my free space on all my drives. Does wonders...
The idea that it is possible to use microscopes to see the overwritten 1s and 0s is just a claim by Peter Gutmann about intelligence agencies - an unverified claim, obviously.
I few passes of the DBAN CD should be enough for almost everybody - you flatter yourself if you think your data is _that_ valuable. Any angle-grinder approach is just wasting a computer which could do some good somewhere else.
For the most part your method would be adequate unless someone really wanted the data. See, it's like this: A 0 is written on a hard drive as a magnetic signal (for the sake of this example lets call it a clockwise magnetic force) and a 1 would therefore be an anticlockwise signal. Overwriting with a random sequence of 1s and 0s would help, it would help quite a lot and successive passes would help even more, however, your data may still be retrievable.
If a clockwise force is overwritten by another clockwise force then you get a stronger clockwise force - same for anticlockwise being overwritten by anticlockwise. But if a clockwise force is overwritten by an anticlockwise force you get a weaker anticlockwise force which can be detected and your data can be reassembled.
The best ways I've seen to maintain data security have already been posted here: Keeping the discs is a good option (unless you are Gary Glitter I guess, in which case I don't even want to help you) but my favourite solution which would work is the flower pots and thermite solution supplied by AC above. :-)
Mr Sledgehammer meets Mrs Stake
Tend to use the pair above after stripping to the platters.
DBAN and similair seem to work very well
Backup dvd and cd's go thru the shredder which cuts them into strips about 1 cm wide, the shredding effect rips up the silver from both sides
If want to go further, can buff the platters with a drill mounted wire brush
Try this for fun:
chuck it in a furnace
Or, if you're a council with lots of budget for recycling, consider a plasma converter from the guys at startech.net
Hit it with a hammer.. Nah nah nah... Use a grinder on it. Nah nah nah... Use thermite on it.... Tee hee hee.
As if you guys really do any of that stuff. Its just jive talk. Now me, personally, I use fuckoff big nukes on the bastards. Atomisation is the only way, and to be sure, I do it from orbit.
I don't want anyone to find my stash of rick ghastly mp3's and a couple of bootleg windows applications on my machine do I.
DBan does the job for me. I don't really keep anything important on my hard drive anyway.
If I can't find my dban disk, an ubuntu disc does the job, open up a terminal and run...
dd if=/dev/random of=/dev/sda bs=512
Does the job well enough for my liking.
I think I've only ever gone to the extreme measures of chucking a hard drive out the window once, and that was just to see if it would survive the drop intact, it did. It didn't work anyway, so I didn't loose much.
The company I work for offers a data destruction service where *you* feed your drives into a shredder machine and you see your drives cut up into pieces, and then those pieces are recycled.
We do it for big contractors, banks, etc - they love it, as it gives them total assurance that (a) the data doesn't leave the site as we take the shredder to them, (b) they get a certificate saying what has been destroyed, and (c) it all gets recycled, so they company looks green.
I used to work as a network admin at a secondary school in Solihull and when I asked them how to dispose of EOL machines, I was told to put them in the skip which was emptied every two weeks, which then went to landfill. Everything went in there - CRTs, base units, the lot. Also heard reports of a fair few kids taking machines home with them, but we'd done a *basic* DBAN on them so it was fairly non-recoverable anyway. Obviously a one-pass random wipe wouldn't deter the determined data thief...
Thermite is actually incredibly easy to make, we made it in chemistry a number of times, so it's quite possible some people use it.
Personally I usually just write over a few times and then reformat, all the stuff I wouldn't want people to see is encrypted anyway.
Will it blend?
http://www.willitblend.com ... Save money on that sledgehammer. Could even sprinkle it over your dinner.
Hammer or Axe
Lots of people above recommend using secure erasing programs to wipe disks and whilst this may be good to reuse a disk for yourself if your giving it away i am afraid its not good enough.
As no matter how geekily sure i am at that its deleted / erased i like to ensure that my goat pr0n cant be recovered and so the only real decision is hammer or axe?
I prefer axe personally.
(Paris because shes the pin up girl for poor data security)
overwriting multiple times is good enough.
One pass of all zeros or 1 and you can probably figure out what the previous data was. One pass of random data and maybe with high enough resolution equipment you can tell one pass form another by minor variances in each paths alignment. That is one time the head might be a tiny bit high, next a tiny bit low....
Three random passes and the data is simply gone beyond any recovery.
The only reason to physically destroy the data is fear of human error or laziness. You tell a guy to erase a pile of HD's maybe he will switch to one pass to finish faster so can sneak a cigarette break.
You physically destroy the drive and you can tell at a glance the job was done right.
All those files will be lost in time, like tears in rain. Time to die.
Mostly, I keep my old hard drives. When I'm ready to recycle them, I take the platters out and use them as geek drink coasters. Ooh, shiny! A few passes from the bottom of a porcelain mug makes it economically unviable to recover the data.
Hang on a minute...
...Aren't 'Recycled' and 'Put into a landfill' two very different things? What the fuck? not that it affects me, I never throw away bits of wire or string, never mind *entire computers*...
Overwrite every file individually?
You can just open the drive itself as a file (e.g. /dev/hdb) and write to that.
Data Disposal (by Andy Gibson)
I agree with
"Why? By Andy Gibson".
First and only rule: Don't dispose of sensitive data via a public service. HDDs, memory sticks, CDs, DVDs, tapes, floppies (maybe you still use them or have a few from earlier days), condoms (and other DNA samples such as paper tissues or even anything you may have touched and left greasy fingerprints on), etc etc.
If one has sensitive information one should consider the practical aspects of disposal.
If data is 'personal' or 'sensitive' don't give it to anyone else.
Discussions about the best way to 'destroy' a disk are little more than an afterthought and provide a entertaining forum for the most devious and creative ways of having fun by destroying hardware.
Other 'sensitive' data should be covered by existing company or government procedures - and if you don't know how to deal with it you shouldn't store it or even have access to it. By the way, losing a laptop is a popular and topical way of getting rid of data - unless it can be traced back to you personally that is.
Comments about being able to recover data from smashed-up disks are valid - data can be recovered but only at a very high cost. So if some snifter, crawling through a rubbish tip, finds a flattened HDD, or other media, they could theoretically recover data, assuming they have access to clean-room laboratory equipment and the appropriate forensic expertise - plus a fence to market it through. If the HDD is in good condition they’ll plug it in and see what they can find (ever spent any time searching a HDD for ‘interesting’ info?)
Ok, go for a walk down to the local scrap-yard and hire a gas cutter or a disc-cutter – you might save your time by going to the pub or somewhere else if when you get back to your house you discover the burglars have been and left a card advertising Milk Tray.
When I’ve write-off a PC I retain the HDD(s) – not because of the data but because it may be useful later, maybe as part of an archive system or something.
Be realistic – stop jumping at shadows and start thinking what you are actually doing and what you hope to achieve.
1 x HDD, working or not
1 x Bucket of pool water (salt)
1 x Drill
1 x Lump hammer
1 x Cup of hydrochloric pool acid
Drill hole through said HHD
Mash HDD with said hammer
Add HHD to bucket of water, add acid to taste, leave stand for 1 week.
Drain, dispose, enjoy.
I say we take off and...
....nuke the entire site from orbit. It's the only way to be sure.
Install the HHD on a senior manager's PC
The data will be unrecoverable by the end of the day. Or does this only happen at my place?
I just like taking hard drives apart with my handy torx kit just 4 fun.
Windows Fista is a good way to trash a perfectly good disc.
But it's still a prob for the general populace...
Let's face it: I still find I frequently have to explain to others the difference between a computer's memory (as in RAM) and storage (as in HDD). I still have users who refer to something they call "the hard drive", by which it turns out they mean that big tall box under their desk with the little green lights on it, as distinct from their "terminal" by which it turns out they mean the big screen thing on top of the desk. Gawd knows what they make of an iMac. Since so many folk are clueless about what bits make up a Personal Computer, it's no wonder they're clueless about how to erase data terminally with extreme prejudice. So give Which? a break. As long as people can buy cheap computers in Tesco without needing to show their ECDL, this ignorance will prevail.
As for me: why would I ever want to trash a working component? Green computing means there's always a repurpose for it somewhere. If I had a dead HDD, I'd trash it physically before dumping it, and it's pointless being paranoid about data recovery after that - realistically, the Spetznaz have better things to do with their time and budget.
clockwise and anticlockwise rubbish
The AC who claimed that 0s and 1s are recorded as clockwise and anticlockwise signals on the disk platter is ignorant, and claiming knowledge that he, she, or it, clearly doesn't have.
All modern hard drives are recorded using coding schemes where a signal is recorded when the data changes from a sequence of 1s to a sequence of zeros, with the length of a given sequence limited within constraints - these coding schemes allow the packing of more data onto a platter, which is why they are used. Moreover, there is a ECC coding scheme layered on top to provide data recovery in the event of a missed signal. There is no simple relationship between the signals on the hard drive and the original data.
Physical destruction of the platters is sufficient to protect the data - you can do this by grinding them into powder, dissolving them in acid, melting them - whatever takes your fancy. Anything less, is less protection.
One of the theoretical exposures is that the disk heads move slightly during writes, so one disk write may not cover the previous write exactly - might be a bit further in or out. So there may be a trace of a previous write left behind no matter how many times you overwrite. Overwriting may be 99.9% secure. Physical destruction is 100.000% secure.
Replacing the hard drive in a machine that is being recycled is cheap, and will probably give the recycled machine a longer life. Replace the drive, open the old one, remove the platters - destroy them.
Yes trollboy, I really do "do all that stuff"
One because it works, and Two because I enjoy it immensely, I'm officially a headcase.
- IT bloke publishes comprehensive maps of CALL CENTRE menu HELL
- Nine-year-old Opportunity Mars rover sets NASA distance record
- Analysis Who is the mystery sixth member of LulzSec?
- Prankster 'Superhero' takes on robot traffic warden AND WINS
- Comment Congress: It's not the Glass that's scary - It's the GOOGLE