Typically this blog focuses on the intricacies of preserving data, including backups and disaster recovery. However, this time we’re going to talk about destroying it — or, in other words, blowing *&(*&(& up.
The topic has been alluded to before, most recently in the context of the guy who threw a disk drive away and then was trying to figure out a way to find it in the landfill so he could retrieve the up to $7.5 million in Bitcoin from it. It was noted at the time that he could have had a problem with simply throwing away a disk drive in the first place, as the data was still accessible and could have been used for nefarious purposes had it been found, regardless of how much Bitcoin might be on it, and that people getting rid of PCs in the near future might want to be particularly careful because people might be cruising dumps for similar largesse.
This also being the end of the year, typically the end of the budget year when companies buy new equipment, and people get new electronic gadgets for Christmas — particularly for organizations with BYOD policies — means it’s a good time to discuss the proper method of disposing of the old stuff.
A survey last year from Fiberlink, conducted by Harris Interactive, showed the extent of the problem in connection with replaced BYOD devices. “Only 16% had the data professionally wiped from the old device and only 5% had the device securely destroyed,” the report noted. “The majority of respondents, 58%, said they kept the old device, although it remained inactive; 13% turned it over to their service provider; 11% said they donated the device, simply gave it away or threw it in the trash; and 9% did something else with their previous device.”
While there are a number of entertaining ways to destroy disk drives — melting them in acid, setting them on fire with thermite, taking them out to the desert and shooting them (popular here in Idaho) — a number of these methods are apparently not only dangerous but won’t necessarily destroy data on the drives. (Note, for example, that though Adam Lanza reportedly destroyed the hard drives on his computer before his Newton, Conn., shooting rampage, the final report includes information from his computer.)
So how do you get rid of the darn thing?
- Cornell University recommends that disks that will be reused be rewritten three times, following DoD standards, and that disks that are too decrepit to follow this procedure should be physically destroyed by methods such as drilling, hammering, or crushing. “Destroying the logic section of the drive without damaging the platters is insufficient and not recommended,” it cautions.
- In a very thorough 2010 article, Andrew Kelleher, president of Security Engineered Machinery (SEM), a direct supplier of high-security information destruction equipment, recommends a “belt and suspenders” system using at least two methods, such as degaussing the drive with a strong magnet and then shredding it. He also has a lot of contempt for some of the more fanciful methods of disk destruction. “Many so-called methods of destruction border on the insane and unsafe, not to mention the unreliable,” he writes. “Yes, some might be feasible if you have one or two hard drives to dispose of, but even those could pose huge liability risks when done for an employer. If you have time to waste, gloves on your hands, and safety goggles on your eyes, some of these methods might even work. But businesses that have to deal with liability, workplace safety, and the disposal of multiple hard drives should have a problem with these methods, not to mention they are just crazy dangerous! Besides, even if carried out as recommended, most of these measures are far less than 100% effective.”
- Remember to destroy SD cards, SIM cards, and other accoutrements, notes Dark Reading’s Kelly Jackson Higgins.
- Specifically for old ZIP disks, take them apart and run them through the shredder.
Fun as it might be, though, this really isn’t a situation for testing out the new Christmas Glock 9mm. Sorry. Christmas thermite, on the other hand…