back to article A close shave: How to destroy your hard drives without burning down the data centre

Four years ago at DEF CON a popular presentation examined how best to destroy hard drives in a data centre within 60 seconds of a three-letter agency knocking at the door. Now, that research has been updated with new techniques. Security researcher Zoz looked at three core methods for destroying platter and SSD drives – …

  1. This post has been deleted by its author

    1. The Man Who Fell To Earth
      Boffin

      Meh

      Probably better to place a capsule filled with an enchant for the magnetic film material (usually cobalt based these days) in the drive that can be triggered to spray the platters with the etchant & corrode them. The storage portion of the films are so thin (a few tens of nanometers), that they'd be destroyed in seconds.

      1. TechnicalBen Silver badge

        Re: Meh

        Yes a corrosive gas or spray/fluid sounds a good idea and would allow the platters to spin for a small time (assuming the arm is brought into the rest position) to evenly coat them.

        My idea was somewhat more destructive, and I'm not sure how reliable or the size of the powertools required. May not quite fit in a rack space. :P

      2. Sorry that handle is already taken. Silver badge
        Joke

        Re: Meh

        Probably better to place a capsule filled with an enchant for the magnetic film material

        Well if you're going to invoke magic, the sky's the limit!

        1. Schultz

          Magnetic dust

          How about blowing up a small capsule of magnetic dust?

          Better still, get some radioactive isotopes. Radiation safety rules will keep the agencies from opening the housing for years.

          Thermal destruction might work great if you don't blow your thermal load in a second, but instead heat the platters to an even few-hundred C.

          1. Roq D. Kasba

            Re: Magnetic dust

            I assume you don't mind killing the heads at the same time, so fine pumice powder would take advantage of the disks spinning and get the head to grind it in...

            Alternately, corrosive magnetic epoxy resin would be handy, it'd turn the platters into one solid mass, and do a pretty good job of rendering unreadable any bits that someone managed to delaminate...

        2. The Man Who Fell To Earth
          Boffin

          Re: Meh

          All of the alloys used will dissolve quite readily in a number of common acids or proprietary clean room etchants, such as those made by Transcene.

      3. Solmyr ibn Wali Barad

        Re: Meh

        There's a problem, though. Airflow inside the drive is set up quite delicately. Capsule would probably crash the heads right away.

    2. Anonymous Coward
      Anonymous Coward

      I've often wondered about the suitability of common household chemicals for this purpose. Shame the boffins didn't stop playing with the obviously unsuitable and almost certainly illegal explosives for long enough to try a selection of those... bleach, oven cleaner, nail-varnish remover, etc. Can't imagine much data would survive a hefty syringeful of bleach being injected through a breather, followed by a squirt of vinegar for good measure...

  2. tin 2

    "But Zoz found this solution rather boring and moved on to explosives"

    tells you a lot about the real motives of this research :)

    1. Mark 85 Silver badge

      Aha!!! A wannabee Mythbuster.

    2. Ian Michael Gumby Silver badge

      Meh

      Look the premise here is that you want to blow the disks quickly because of certain government agency is going to be coming through the door. So the disk has to be usable and then while its being used... you need to destroy it.

      Using an encrypted drive, a small amount of det cord will be enough or a small shaped charge... It doesn't matter if some of the platters are readable. How do you decrypt a chunk of data if you don't know the start or end of the record. At the same time... as other readers point out... there's alternatives that would be corrosive to the drives... what happens if you have a shaped charge that vaporizes a different metal that coats and melts the surface of the drives? I mean lets face it... the surface of the drives are more fragile than the drive case.

      But what do I know?

      I'm all for the SSD and RRAM which I think a high voltage pop would be enough to fry the machines and storage.

      BTW isn't Thermite an explosive? So if you're going to risk the charge of handling explosives which could also label you a terrorist, why worry about destroying the rest of the server too?

  3. Anthony Hegedus Silver badge

    Just open your documents in MS Word, remembering to tell the computer how important the files are. Usually they'll corrupt themselves beyond any hope of recovery, just because Microsoft.

    1. Pascal Monett Silver badge

      Not a good idea with Win 1 0, the NSA will get a functional copy within seconds and the agents at the door will just check their messages and say "K thx bye !".

  4. David Roberts Silver badge

    Wonder if they tried two shaped charges top and bottom.

  5. adnim Silver badge
    Devil

    Remove platters

    degauss, gently caress platter surfaces with an angle grinder, leave to soak in hydrochloric acid.

    Overkill perhaps?

    1. Bluto Nash

      Re: Remove platters

      Not overkill, but doesn't fulfill the original requirement of "how best to destroy hard drives in a data centre within 60 seconds of a three-letter agency knocking at the door."

    2. Anonymous Coward
      Anonymous Coward

      Re: Remove platters

      adnim, i've just said your recipe in my head with the bird who does the voice overs on Masterchef...it works:)

    3. Doctor Syntax Silver badge

      Re: Remove platters

      "degauss etc"

      Shouldn't degaussing be sufficient? Or maybe that was too boring.

      1. the spectacularly refined chap

        Re: Remove platters

        Shouldn't degaussing be sufficient? Or maybe that was too boring.

        Probably. The problem with things like this is that there's generally too much "knowledge" around that is of purely historical value. A lot of the stories that get cited refer to e.g. floppies or low density hard drives - you can forget about them entirely for modern drives.

        As the density goes up what it takes to make the data completely irretrievable goes through the floor: e.g. if you physically overwrite a sector once what was on it before is lost forever - those algorithms you have read about involving multiple passes and random data belong to a different age. Significant damage anywhere on a platter essentially makes the entirety unreadable - it doesn't matter if most of the data is still perfectly intact if there is no way it can be subsequently read out.

        The fact some of the methods tested are not very exciting does not mean they are not completely effective. Hell, I wouldn't want to could on it but I'd imagine simply taking the top cover off outside of a clean room environment would counter even the most sophisticated attacks a good proportion of the time.

        1. Suricou Raven

          Re: Remove platters

          If you're careful you can operate on a drive without a cleanroom. I wouldn't trust the drive after, but it can be done. I've done it - replaced the cover of a drive with a plastic panel so the insides could be seen. It was intended as a working demonstration drive for an IT class.

          1. Tcat

            Re: Platters and clean room no required

            Confirmed S. Raven. I had bought a used HD that had the top/bottom clam shell not a boat... I used a USB microscope and a video camera, no cover.

            Powered up XP, and commanded a conversion from FAT32 to NTFS5.

            This morning I think I just found the HD with that very movie.

  6. Anonymous Coward
    Anonymous Coward

    "[...] degauss and shred the platters and dispose of them in multiple locations."

    For (some?) metal platters you can quickly reduce them to a shapeless lump by applying the flame of a standard plumber's gas blowtorch. Haven't tried that with vitreous platters.

    When taking the drive to pieces you need a screwdriver set that covers small Torx screws and other "security" types.

    Have had to do that incineration a few times when a drive had died and couldn't be erased. It also sidesteps the problem of there being data on any "hidden" damaged tracks that are no longer visible to the PC.

    1. Snafu1

      [quote] "[...] degauss and shred the platters and dispose of them in multiple locations."

      For (some?) metal platters you can quickly reduce them to a shapeless lump by applying the flame of a standard plumber's gas blowtorch. [/quote]

      Works for bosses too.. allegedly ;)

    2. Ben Tasker Silver badge

      For (some?) metal platters you can quickly reduce them to a shapeless lump by applying the flame of a standard plumber's gas blowtorch. Haven't tried that with vitreous platters.

      My preference - primarily because it's far more fun - is to use an Arc welder. If you're very careful about where you put the ground clamp and where you strike your arc you can have some (very, very brief) fun with the motors too. Occasionally you can get a chip to pop nicely as well, though obviously your main focus should be around the platters :)

  7. Kevin McMurtrie Silver badge

    Slate bar

    I stab them a few times with a diamond point slate bar. It's fast, no fuss, and it causes the platter surface to wrinkle up. Just mind your toes.

  8. moiety

    Didn't try Sulphuric/other variety of acid? It'd be relatively easy to completely flood the platter space remotely. No idea how effective it would be.

  9. Andy Tunnah

    My method works a treat

    I use a password and keyfile. The password is well over 100 chars long and impossible to remember - it's kept in text format, along with the key, on a USB drive.

    I mount the data, then move the key and password file to the encrypted partition, and secure erase the USB device. When I am doing a reboot or anything like that I copy it back to the USB device

    But if anyone comes knocking, the power just needs to be knocked off, and BAM! Impossible to recover

    1. Soruk

      Re: My method works a treat

      @Andy Tunnah And if your machine crashes...? it's all lost.

      1. Anonymous Coward
        Anonymous Coward

        Re: My method works a treat

        Not lost if the user still knows the password. The USB offers ease of use and plausible deniability, if also lost in the "power outage" that was "just by chance when you knocked" and "made me loose all my [encrypted] Spice Girls MP3s (with CDs on shelf as proof of usage)".

      2. Solmyr ibn Wali Barad

        Re: My method works a treat

        If the password doesn't have to be rememberable, then you can use a hash of some obscure file. This gives a way to recreate password, provided that you know which file it was, and it hasn't developed bad bits in the meantime. Even an AOL installation CD would suffice. Har har.

    2. LDS Silver badge

      Re: My method works a treat

      It's just very difficult to recover. Not impossible.

    3. Lynrd

      Re: My method works a treat

      Great. Someone knocks one the door. Your plan goes into action..."sorry guys, it's encrypted and I destroyed the key".

      Then an extended stay in A windowless room because they don't believe you.

      I like the methods listed because even a jackbooted thug could look at a hard drive punched through with nailholes or melted with thermite and figure out that you really cannot get the data off it.

    4. Anonymous Coward
      Anonymous Coward

      Re: My method works a treat

      He said nothing about whether he keeps a backup copy or two of PW & keyfile at secure & obscure offsite location(s). A TF card wrapped in tinfoil* could easily be secreted in any metallic environment.

      Of course his mounting procedure should involve overwriting the entire USB device rather than just erasing the files. Which will significantly reduce the lifespan of the thing but with small thumbdrives so cheap that isn't the problem it once was. It would also be sensible to ensure the keyfile(s) are sufficiently sizable to overwhelm any wear-levelling reserve. With TC using no more than the first MB of every file, a directory holding a decent MP3 collection or JPEG library would be practically perfect.

      *aluminium might suffice for the less puritanical ;-)

  10. Your alien overlord - fear me

    Liquid nitrogen for 30 seconds then your choice of explosives, C4 being a rapid explosive would be my personal favorite.

    Of course, if a certain tthree letter agency was knocking on your front door, they might ask why you were exploding things, maybe more criminal charges against you as opposed the owner of said hard disk.

    1. Anonymous Coward
      Anonymous Coward

      Of course, if a certain three letter agency was knocking on your front door, they might ask why you were exploding things

      Ah, you're right. You need to build up plausible deniability. So, start blowing things up frequently, just for fun. That way, the explosions when they enter the building won't look out of character.

      Yeah, I couldn't sell it to the IT director either. Was worth a try, though :).

    2. R Callan

      What be this C4 stuff? The explosive is RDX with plasticisers, a copy of the British Plastique from WW2. Just call it RDX and cover all of the possibilities.

    3. Tom 13

      Re: maybe more criminal charges against you

      Oh, I think we can ignore that, because the original premise pretty much ignores that too. All of your data goes at the exact moment the three letter agency knocks yet you claim you were running a legit business? Nope, you're taking a long vacation overseas. Probably someplace that will make Gitmo look like the Rivera.

  11. jason 7 Silver badge

    Run the HDDs in a small 'clean room'...

    ...with just a perspex cover over the opened drives with exposed platters.

    The knock at the door means you walk in with a hammer and chisel and go to town on the platters within seconds.

    However, being found standing next to a load of destroyed sparking smouldering HDDs would make you look like a guilty puppy sitting next to a pile of poo.

  12. Old Handle
    Boffin

    It does seem like he could have pursued degaussing options. I'm thinking perhaps the kind of electromagnet people use to shrink coins, only bigger. If you could do the same thing to the platters, I think it'd be pretty safe to say the data is irrecoverable.

    Though the "safe for a data center" criterion might become an issue again.

    1. Snafu1

      Whatever happened to the Pinch ;) ?

  13. Bruce Ordway

    Need more time

    >>60 seconds of a three-letter agency knocking at the door.

    This reminded me of a custom spring loaded security door mentioned in "The Construction & Operation of Clandestine Drug Laboratories".

    Might give a person a lot more time to destroy drives... as long as they can get into the room and close that door.

    An auto-destruct button would certainly be cooler but.. I really liked the diagrams for that door too.

  14. Paul Crawford Silver badge

    Really, why go to all the physical risk and effort apart from the fireworks in testing?

    Doh, I just answered my own question...

    But really the answer is much simpler: all disks encrypted with a long random block of data that is stored on a chip, and then just zap the chip with a high energy discharge while rebooting the servers in to the usual memory testing slow BIOS start-up that you always use as you worry about data integrity if your RAM is not checked. Key gone = data gone and in-RAM copies overwritten as well.

  15. Michael Thibault

    No 50-calibre? No EMP? Budget cuts, I must suppose.

  16. Christoph Silver badge

    Crack open a capsule of Chlorine Trifluoride inside the drive.

    1. Paul Crawford Silver badge

      Sand won't save you this time!

      (really though, they did say without burning down the centre)

      1. Mage Silver badge
        Coat

        Sand? Chlorine TriFluoride

        Chlorine trifluoride and gases like it have been reported to ignite sand, asbestos, and other highly fire-retardant materials. In an industrial accident, a spill of 900 kg of chlorine trifluoride burned through 30 cm of concrete and 90 cm of gravel beneath.

        The compound reacts violently with water-based suppressors, and oxidizes in the absence of atmospheric oxygen, rendering atmosphere-displacement suppressors such as CO2 and halon completely ineffective. It ignites glass on contact.

        Fun stuff.

        It is extremely reactive with most inorganic and organic materials, including glass and teflon, and will initiate the combustion of many otherwise non-flammable materials without any ignition source. These reactions are often violent, and in some cases explosive. Vessels made from steel, copper or nickel resist the attack of the material due to formation of a thin layer of insoluble metal fluoride, but molybdenum, tungsten and titanium form volatile fluorides and are consequently unsuitable.

        Not sure how you modify HDD to use it. Sounds like it will do in SSDs too!

        It's likely you are mad if you consider it as a rocket fuel

        https://en.wikipedia.org/wiki/Chlorine_trifluoride#Rocket_propellant

        It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water

        1. Jan 0
          Devil

          Re: Sand? Chlorine TriFluoride

          >"is also hypergolic with such things as cloth, wood, and test engineers'

          Now we're cooking with gas. That's a truly incandescant mental image. Never mind puny crucibles or chicken fat bars of iridium, if you can ignite test engineers then you're truly on your way to world domination.

        2. Michael Thibault

          Re: Sand? Chlorine TriFluoride

          >In an industrial accident, a spill of 900 kg of chlorine trifluoride burned through...

          WTF? Which industry has a plant/facility that requires having 900 kg of alien blood such as this around? And in one container? Or even one county?

          1. phuzz Silver badge
            Flame

            Re: Sand? Chlorine TriFluoride

            "WTF? Which industry has a plant/facility that requires having 900 kg of alien blood such as this around? And in one container? Or even one county?"

            You can read all about the terrors of Chlorine Trifloride it in John D. Clarke's book on the development of rocket fuels called "Ignition!" (pdfs are available). Below is the relevant section:

            "Chlorine trifluoride, ClF3, or "CTF" as the engineers insist on calling it, is a colorless gas, a greenish liquid, or a white solid. It boils at 12° (so that a trivial pressure will keep it liquid at room temperature) and freezes at a convenient -76°. It also has a nice fat density, about 1.81 at room temperature.

            It is also quite probably the most vigorous fluorinating agent in existence — much more vigorous than fluorine itself. Gaseous fluorine, of course, is much more dilute than the liquid ClF3, and liquid fluorine is so cold that its activity is very much reduced.

            All this sounds fairly academic and innocuous, but when it is translated into the problem of handling the stuff, the results are horrendous. It is, of course, extremely toxic, but that's the least of the problem. It is hypergolic with every known fuel, and so rapidly hypergolic that no ignition delay has ever been measured. It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water — with which it reacts explosively. It can be kept in some of the ordinary structural metals — steel, copper, aluminum, etc. — because of the formation of a thin film of insoluble metal fluoride which protects the bulk of the metal, just as the invisible coat of oxide on aluminum keeps it from burning up in the atmosphere. If, however, this coat is melted or scrubbed off, and has no chance to reform, the operator is confronted with the problem of coping with a metal-fluorine fire. For dealing with this situation, I have always recommended a good pair of running shoes. And even if you don't have a fire, the results can be devastating enough when chlorine trifluoride gets loose, as the General Chemical Co. discovered when they had a big spill. Their salesmen were awfully coy about discussing the matter, and it wasn't until I threatened to buy my RFNA from Du Pont that one of them would come across with the details.

            It happened at their Shreveport, Louisiana, installation, while they were preparing to ship out, for the first time, a one-ton steel cylinder of CTF. The cylinder had been cooled with dry ice to make it easier to load the material into it, and the cold had apparently embrittled the steel. For as they were maneuvering the cylinder onto a dolly, it split and dumped one ton of chlorine trifluoride onto the floor. It chewed its way through twelve inches of concrete and dug a three foot hole in the gravel underneath, filled the place with fumes which corroded everything in sight, and, in general, made one hell of a mess. Civil Defense turned out, and started to evacuate the neighborhood, and to put it mildly, there was quite a brouhaha before things quieted down. Miraculously, nobody was killed, but there was one casualty — the man who had been steadying the cylinder when it split. He was found some five hundred feet away, where he had reached Mach 2 and was still picking up speed when he was stopped by a heart attack."

  17. Dr. G. Freeman

    if in doubt 100mL hydrofluoric acid.

    Just don't get any on yourself.

  18. Unicornpiss Silver badge
    Meh

    Degaussing isn't as instantly effective as you might think..

    Some years ago a colleague was wiping some tapes with an AC-powered (mains) bulk tape eraser. I thought I'd see how effective it would be at wiping out the data on an (already failing) laptop drive. I positioned the degausser above the drive and pulled the trigger. The resultant effect was the drive leaping to the sole plate of the tape eraser and vibrating violently at the power line frequency. I did this at least a half dozen times, amusing myself with how high I could get the drive to leap from the table. Amazingly when I hooked it back up I could still read most of the data with no problem (even in Windows with no recovery tools), and a disk check found only a few more errors than it did on this already failing drive. True, I didn't remove the platters from the aluminum casing, but still, I expected a rather more dramatic effect. I hope it at least worked better on tapes.

    1. Grikath

      Re: Degaussing isn't as instantly effective as you might think..

      not really surprising.. the platters sit, as you say, in a thick-walled aluminium Faraday cage...

      1. Francis Vaughan

        Re: Degaussing isn't as instantly effective as you might think..

        Faraday cages don't make the slightest difference to magnetic fields. They stop electrical fields. Until your magnetic field is oscillating at radio frequencies you won't see enough of an effect from a Faraday cage to make a measurable dent in the magnetic field intensity.

        Shielding a magnetic field is extremely difficult, usually done with Mu-metal cages. These have all sorts of problems in implementation, not the least of which is that they saturate and cease to shield at all in the face of high intensity fields.

  19. Fruit and Nutcase Silver badge
    Mushroom

    You Were Only Supposed To Blow The Bloody D̶o̶o̶r̶s̶ Platters Off!

    The bomb squad also gave him a couple of shaped charges that would normally be used to blast out the side of oil wells. While these punched through the drive's platters admirably, they also went through the quarter inch steel plate the drive was resting on and pummelled another 15 inches into the ground

  20. Stuart Halliday

    Heat will do it everytime. Magnetic particles lose their field at 200°C.

    1. Chris G Silver badge

      A high amperage short should cook a drive nicely or discharging a large high voltage capacitor through a drive could be more sparkly and might work.

      An alternative would be to fire a rifle sized blank directly into the casing through a pre cut hole, I bet the high speed high temperature gasses would do a good job of making the platters unreadable.

      Quite easy to rig up too.

    2. Suricou Raven

      They do lose their field when heated, but not at 200°C. The temperature is material dependent, and you'll have to go a lot higher than that.

  21. Andy Non Silver badge
    Trollface

    Carefully remove the drives and mail them via Royal Mail in a box marked FRAGILE, HANDLE WITH CARE.

    1. chivo243 Silver badge
      Facepalm

      Then send them to my folks, they will fubar it..

  22. Linker3000

    Lazy people's problems

    For when you're hyped up over data security, but can't be arsed to buy drives with instant secure erase (ISE).

    /I just know you're convinced the NSA has cracked that eh!?

    1. Ben Tasker Silver badge

      Re: Lazy people's problems

      It's not really a suitable solution if you care about being sure the data is actually gone/unreadable.

      For the paranoid, the following are just a few examples of the possible issues that might lead to the data being recoverable

      - NSA has cracked it (as you say - though unlikely on it's own)

      - Manufacturer has fouled up the crypto implementation, so it's not as well encrypted as you thought

      - Manufacturer has bollocksed up the key erase, so they key's still there if you know how to access it

      There are probably a good number of other possibilities too, and whether they're applicable depends on how much you need to protect the data, and who might get hold of the drive.

      Ultimately, if you want to be sure the data is gone, the only solution is the physical destruction of the drive. For most people, that probably is overkill, but ISE is a "should be good enough" solution rather than a cast-iron guarantee.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lazy people's problems

        "the only solution is the physical destruction of the drive"

        Yes, if the problem is to destroy the data on the drive. But it should be quite easy to set things up so that only encrypted data is written to the drive and the decryption key is only held in volatile memory. You also need to keep a key somewhere else, like on a piece of paper, for example, in order to survive ordinary power failures, but you have now reduced the problem to one of quickly destroying a piece of paper, which is a much older problem, with established solutions for use by old-school spies.

  23. Captain DaFt

    I have a nephew...

    All he needs is access to the computer and an internet connection.

    Guaranteed hard drive corruption in less than 30 seconds.

  24. Arachnoid

    Irradiate the drives

    or install an ampule of anthrax in each one whilst it doesnt stop recovery it sure gives them some big hurdles to get over

    1. Suricou Raven

      Re: Irradiate the drives

      A big sticker reading 'EXPLOSIVE CHARGE OXYGEN DETONATED' and an obvious plug in the equaliser port should at least buy a couple of days while they call in the bomb squad.

  25. Infernoz Bronze badge

    Drilling, encryption, abrasion, solvents, boom.

    I tend to use a large drill bit with a cordless Li-ion drill, and drill a couple of holes, but that requires having the drive top accessible and manual use of a drill, I then completely dismantle the drive and often add multiple scratches across the platter surfaces too. Destroying all the big chips on the drive PCB would be a good idea too, to destroy any data, including calibration and configuration data. Yes, someone may be able to recover some platter data, however the holes, burrs and any scratches would probably challenge or destroy drive heads.

    Other possible physically destructive solutions include:

    * the rapid injection of aggressive de-greasing solvents mixed with a little abrasive dust via an inflow pressure valve near the edge of the spinning platters, while there are rapid head movements, to abrade the platter surfaces, with an outflow pressure valve to clear some used solvent; this would probably work best if the de-greasing solvents and abrasive dust was not electrically conductive, and may cause rapid destruction.

    * a fuel air explosion inside the drive, which may be far more effective at destroying more platter surface than other types of explosive.

    Another layer of security would be to have symmetrical hardware encryption (like AES256) with a unique key for every drive, so that when the cypher electronics is erased or burnt the key to decrypt the data is permanently lost.

  26. Robin 12

    Two things I have read and seen work.

    1. Coke (original?) is acidic and will eat the surface of the platters. Now the problem is getting it into your drive when needed.

    2. Heat. Heat will remove all magnetism in the material. It randomizes the magnetic poles. All you need is 200 to 300 degrees for a few minutes and your drives are totally erased. The temperature required depends on various factors but with the new drives, it may be much lower. Some magnets can be demagnetized at less than 100 degrees.

    Temperature and Neodymium Magnets

    http://www.kjmagnetics.com/blog.asp?p=temperature-and-neodymium-magnets

    Put drives at risk into an insulated steel box with a blow torch that is designed to ignite when the "alarms" go off. By the time the three letter agency can cool it down, there is nothing left to work with. If the heat is high enough, the SSD's will also be destroyed.

    It is reported that SSD's will also lose there data at elevate temps, though higher than 125 degrees.

    As some data centres are using mineral oil baths for cooling, all you have to do is heat the mineral oil to it's boiling temp at about 300 degrees. Just need to do it quick.

    1. BristolBachelor Gold badge

      I once worked on an air crash investigation where a plane overshot a runaway on landing. There was a huge fire, and we got our box back with a request to read out any fault codes and calibration data that are stored internally in flash. Basically there was nothing left of the PCBS, except a pile of fibre glass strands and a birds nest of the copper PCB traces. Also the flash devices were in MIL ceramic packages. These packages have a ceramic lid and base, and are "glued" together and sealed with glass. Well, the glass had melted, and the ceramic top and bottom of the packages had come off.

      Long story short, the manufacturer of the flash chips read the data out of the bare die no problems. I think you need more than 125°C to ensure their destruction.

  27. Joe User
    Thumb Up

    The firepower method

    I like to take unwanted hard drives to the target range and put a few 7.62mm gaps in their data (or 12.7mm gaps, if someone brought their pygmy cannon to the range that day).

  28. John Tserkezis

    I seem to recall a device, about the size of a washing machine, that was purpose built for the job. It punched a specially designed drill bit into the drive, which not only drilled through the platters, the vibrations left ripples in the platters. It even had a conveyor belt for more than one drive.

    However, it would fail the 60 second requirement, I think the order lead time on the device was a bit longer than that.

  29. Unicornpiss Silver badge
    Happy

    Another method?

    How about encasing the drives in an inductive heating coil, similar to what is used to harden drill bits, gears, and other metallica? When you say the special code word "Shitstorm", high current is passed through the coils, reducing the drives to slag very quickly, with minimal damage to adjacent servers...

    1. foxyshadis

      Re: Another method?

      Hm, placing a custom heat sink across the electronics and the top of every drive is a good idea. After all, drive shelves get hot and you can't be too careful. It's not your fault the sinks suddenly became sources turning all the silicon on board white hot in a matter of seconds and burning right through the casing.

  30. jobst
    Trollface

    Surf the Internet and click on everything possible ...

    Surf the dark sides of the Internet and click on everything possible ... buttons/links/images and let the root kits, trojans and crypto bugs do the rest. You hit two birds with one stone - surf the dark Internet without any worries and have a useless drive afterwards.

  31. Camilla Smythe

    Don't blow up your hard ones.

    Just install Ed 209..

    https://www.youtube.com/watch?v=A9l9wxGFl4k

    0800-Omni-Corp.

    Shout 'three letters' .

    "You have 30 seconds to comply"

  32. Schultz

    Make the data fragile...

    The data should be stored in compressed / encrypted format with low redundancy. Destroying just a fraction of the drive should then be enough to fubar the data. Need to think about the compression / encryption algorithms though.

  33. PNGuinn
    Mushroom

    "The bomb squad also gave him a couple of shaped charges..."

    "Clearly this technique wouldn't work in a data centre"

    'Course it would.

    Bonus points if beancounter central is on the floor below.

  34. PNGuinn
    Black Helicopters

    Power bar

    Power bar from explosions everywhere. Plausible deniability.

    Seriously, there are so many ways of instantly destroying data. The main problem is NOT actually protecting the data centre. The real challange is doing it in a way that only destroys the dodgy bit and does so in a way that is undetectable.

    So perhaps you need to have all the dodgy data stored on known devices with no backups. Or records.

    So, if you can be sure that the device(s) has /have actually properly died you actually need to advertise the failure as an alarm.

    How you do that....

    I think the speed requirement may rule out killing spinning rust.

  35. Tim99 Silver badge
    Coat

    Too Boring?

    A single large encrypted USB flash thumb drive on a front panel. The adrenalin surge you get when the 3LA breaks down the first door should be sufficient to allow you to pull the drive out and snap it in half with your bare hands.

  36. Captain DaFt

    Firmware modification?

    Add a routine to the drive's firmware to spin the disks too slowly to lift the read/write head, then have the head scrape rapidly back and forth across the rotating disks. Massive deliberate head crash.

    Of course that'd take a decent knowledge of the drive's circuitry, but they are hackable... http://spritesmods.com/?art=hddhack

  37. Huckleberry Muckelroy

    Degaussing???

    I have used a professional tape degausser, a powerful electromagnet which changes polarity 60 times a second. I have held it on one side of a hard drive for a full minute, flipped the drive over and applied it to the other side for a full minute. I might as well have been stroking it with a feather. Unless you might try a crane magnet, my experience with degaussing has proved it ineffective.

  38. HKmk23

    Easy

    I have on many occasions used a 12 gauge slug from 2 yards, does an excellent job of total destruction. No good for a data centre obviously but otherwise great fun.

  39. jason 7 Silver badge

    However...

    ...the best solution would be to not have a huge sign over your lair saying "Getting up to evil stuff with computers here!" in the first place.

  40. Anonymous Coward
    Anonymous Coward

    Put the dodgy drives under the data centre floor and some pretty decoys in the cabinet. When the door knocks you can trigger a nice slow multiple overwrite and format as the TLAs seize the visible disks with the flashing lights.

  41. Datamd

    Degaussing is extremely unreliable when destroying data, and the only way to check if it has been successful is to read the hard drive.

    It might not be sexy, but erasure using an approved product, deems data irrecoverable. Alternatively physically shredding the drive is effective.

    What I am unaware of is a method taking less than 60 seconds which effectively destroys data without endangering human life.

  42. DJO Silver badge
    Mushroom

    Shakes head in despair

    Two pages of comments and nobody has so far said:

    "Nuke the site from orbit, it's the only way to be sure"

  43. theOtherJT

    You want a shredder

    Like this one

    Position under the rack and install some remotely triggered solenoids that can pull the disks out of the frame so they fall in and crunch.

    1. This post has been deleted by its author

      1. Snafu1

        Re: You want a shredder

        /The/ rack? Only one? We're talking about a DC here..

        Possibly substitute your triggered solenoids for shaped charges or 10 gauge.. but may be a little noisy heh?

        How about (thinking Google-sized DCs) simply have an auto-reverse on the coolant system? Instead of pumping cold in, pump hot: instant death for data outflow & (if allowed to runaway) physical meltdown into a heap of aluminium/silicate slag

        (for.the GCHQ operatives watching, I'm copyrighting & patenting this idea..)

  44. ~mico
    Black Helicopters

    With this amount of shaped charges...

    ...and an adversary knocking at the door, one wonders if charge application point was chosen correctly. Perhaps better put them on that door?

    It's so windy in here sudde

  45. Anonymous Coward
    Anonymous Coward

    UK Laws

    Under UK laws, if you destroy the key, you can be imprisoned indefinitely until you hand the key over... which you can't as you don't have it. The law assumes if they THINK you have it, then you have to hand it over, even if you don't have it. If they THINK you have a key, they can hold you indefinitely. And you can't tell anyone you've been asked for the key, not even your own lawyer. So you can tell you lawyer you have been held, and he can go to a judge and say my client is being held and I can't say why, and the judge will tell him to go away and find out. But he can't, as no-one is allowed to tell him you've been asked for a key.

    No, I'm not making this up.

    A/C for obvious reasons.

    1. Anonymous Coward
      Anonymous Coward

      Re: UK Laws

      Thank god we have the law givers protecting us

  46. Tubz
    Mushroom

    I can see a call for some White Phosphorus !

  47. Mummy's 'ickle soldier

    Encrypt and Smash

    I'm for encrypting your drive using FDE as standard and if necessary use liquid nitrogen injection and soak for 15 seconds then the effacious application of a bricking hammer. Would love to see a video of this being tested.

  48. GrumpenKraut Silver badge

    For magnetic disks..

    ... pump a few milliliters of an appropriate solvent (acetone?) into the casing. Clean platters within seconds, NO way to restore. Check beforehand that the coating is removed by solvent, use platters of dead disk to test.

    I admit that I have no (good) ideas how to build the injection mechanism.

    For SSDs, high-voltage frying should be easy in comparison to the above; you need to make sure you actually fry the memory chips proper. A magnetron could well be a workable option.

    Make sure all of the above works within seconds and when power is cut (don't forget that "power cut" can imply "pitch black").

    You are welcome.

  49. Anonymous Coward
    Anonymous Coward

    Have a PD-8400 lying around

    That's what Google uses (videos on youtube).

    In a former life, I recall mil-specs specifying grinding the plates with certain grades of sand-paper (both clockwise and counter-clockwise, no less) before taking a hammer to them.

  50. vang0gh
    Mushroom

    Seagate to the rescue!

    This gentleman needs to confer with the fine folks over at Seagate. In my experience, they're the masters at producing self-destructing hard drives.

  51. razorfishsl

    Gallium and mercury mix, you only need to take the platters out of alignment

  52. Suricou Raven

    Not sulfuric acid.

    Tried that already, while attempting to copper-plate platters. The ultra-thin coating on the surface, whatever it is, serves as very effective acid-proofing.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sulfuric acid.

      "while attempting to copper-plate platters"

      Erm... why?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019