60 comments

[ 5.0 ms ] story [ 120 ms ] thread
Wouldn't a standard drill press accomplish the same thing, and be a lot cheaper?
Depending on your threat model, a drill isn't even the right tool.

This will significantly complicate data recovery and render data where the drill impacts it destroyed, but it will in theory still be possible to decap/analyse platters or nand with a SEM microscope and reconstruct data off the surviving parts of the storage medium.

The cost may not be worth it even to some state actors, but such a cost is peanuts to the NSA, CIA, or any other organisation tasked with geopolitical standing. Depending on who's after you, they may even pass it to these organisations to get the data for them at cut-rate.

Only sure-fire way is to toss it in one of those big grinders data destruction companies like Iron Mountain have. They even let you watch it go in.

> They even let you watch it go in.

I wonder if/when there's a data destruction company that employs professional magicians, who swap out the drives from under you at some point, while you watch "your" drive going into the grinder, never the wiser.

> professional magicians

Centuries of prior art on disappearing!

Would thermite be enough?
In what situation is thermite _not_ enough (Given enough thermite)?

Melting tungsten?

Some number of years ago there was someone that built a smelter and melted down the drives. Not sure everything melted but getting anything glowing hot demagnitizes it.
"Only sure-fire way is to toss it in one of those big grinders data destruction companies like Iron Mountain have. They even let you watch it go in."

This is what rsync.net does with drives that need to stop existing.

I do, indeed, watch it go in and I strongly recommend a canister respirator when entering a shredding/destruction facility.

I cannot believe the operators of these devices - which are pulverizing glass and circuitry, among other things - don't wear lung protection as they stand over the machine-turning-drive-into-dust.

To my sibling who wondered about sleight of hand:

I can only speak for the machine I take drives to but it is an immediate and brutal reaction with sparks flying and pieces flying up ... and sometimes the machine jams and they back it out and re-feed it ... there is no question as to what is occurring to that specific drive.

> with a SEM microscope

Not so much anymore. Increasing data density and the two step nature of the technique make it much less applicable. There are newer techniques but they're more expensive and much more sensitive to the physical state of the media being scanned.

I mean this is probably why the CIA and NSA spend so much on tailored access operations and on zero day vulnerabilities instead. Not only is it easier to get the data in flight but it's much more likely to be timely for their purposes.

Non-diet cola - sugar gums up the mechanical parts and phosphoric acid destroys electronics.
A drill press is more dangerous (rotating tools can get clothes/gloves/hair caught in them), and less effective.

Bending the platters is, in practice, irrecoverable due to the sheer amount of data that's impossible to read in any reasonable amount of time unless the platter can be rotated while keeping the reading tool aligned.

With a cleanly drilled hole, and some preparation (carefully machining out the area around the hole with precision tools), the platters would be a lot more suitable for partial data recovery.

If you happen to find yourself destroying SSDs, try not to make this mistake: https://i.imgur.com/XBbLQEQ.jpeg
I'm sorry to be an idiot—I can't tell if I'm looking at multiple views of one thing, or one view each of multiple things, or what. Is this just demonstrating that hard drives are commonly enclosed in oversized enclosures, so that it's easy to position the punch in a way that totally misses the actual electronics?
Those aren't hard drives, they're solid state drives in the SATA form factor which was originally designed for hard drives. SSDs are much more compact than HDDs, so the components are usually all bunched up at one side near the connectors and the rest is just air, thus punching a hole in them at random probably won't achieve anything. Punching a hole through the PCB might not destroy the data either depending on where exactly you hit it but it would at least make it difficult to recover.
Thank you for a clear and courteous answer to my silly question. (I am so used to not thinking about spinning hard disks that I didn't even notice that I'd used the term to refer to SSDs.)
It wasn't a dumb question, pictures could have been clearer.
Hah.

Kinda wonder what’s on there. Just because somebody didn’t want anybody to see. Probably just boring business records or something though.

I usually "dissolve" mine in a bucket of non-diet cola. Cheap & easy to source. The acid to damage electronics, and the sugar gums up mechanical parts.
SSD stores your data on flash chips.

They are coated and only the connectors are exposed.

You are not destroying anything you just make it hard to access

So I don't believe the NSA are out to get me, if I did I'd want something a bit more thorough. My main "threat model" is someone picks up the drive from the trash and tries to read it.

However you're wrong about this. As we know from when capacitors and batteries leak, the acid or alkali in those can get inside chip packaging by being wicked through the leads, which will destroy them thoroughly from the inside as well.

If i found an SSD that someone incompetently attempted but failed to destroy, It would DEFINITELY make me much more curious about trying to recover data off of it.

The mild phosphoric acid in your cola beverage is nowhere near strong enough to cause corrosion inside of chip packaging, lol. I doubt that it is even enough to remove a significant quantity of the anodic plating on the chip leads to permit the base metal to be attacked.

This reads like a press release.
Yes, I'm surprised why an advertising article for a random disk crusher (with nothing special about it as far as I can tell) is on HN.

I expected this to be an hobbyist implementation, not an ad.

As someone who hoards my own old USBs and hard drives, which I don’t think hold anything particularly interesting, this idea was violent at first. But yeah, I get it lol
Better to encrypt your drives. Like ZFS encryption. No need to destroy the hardware in this case and you're also save from someone stealing the server.
This isn't necessarily sufficient unless you encrypt the drives before any data is written to them. If any potentially sensitive data has been written to the drive prior to encryption, the only 100% method is physical destruction.

Of course, this clarification only matters if your threat model involves dealing with top-secret data and/or nation-state enemies.

I don't know, personally, I would be very unhappy if someone stole my server and then starts blackmailing me to reveal private information somewhere (unless I pay a certain sum). I don't have anything to hide, but I still don't want my private information public. I don't need to mind about this with encrypted data.
>I don't need to mind about this with encrypted data.

I'm not sure if I wasn't clear or if you didn't read my comment correctly.

Encrypting is not enough to prevent data recovery if data was written to disk prior to encrypting it.

In other words, if you want to be 100% sure about your data being safe, you must encrypt first (when the drive is brand new), or you must physically destroy the drive.

Yes, I understood - but this has nothing to do with encryption. Data that is encrypted is save. Any data that is not encrypted (or was not encrypted) would offer an attack surface. Since I use ZFS for all my data, all my data is encrypted from Minute 1 of a new hard drive.
Format, then sdelete x 10 passes writing random data, then secure erase for good measure, will take care of it for 99% of use cases out there.
Sure, if you don't need to meet any compliance standards and your threat model is pretty relaxed, this is likely okay.

But if your threat model is that relaxed, you can just encrypt the whole drive, toss the key, and then format the device. This would likely be quicker than doing 10x write passes.

As a note, write passes are really only good for HDDs due to wear-leveling algorithms in every SSD.

Doesn't help the millions of unencrypted hard drives that are currently in service and will need to be disposed of eventually.
I’d say it depends on your use case.

In many compliance-heavy fields, there are specific requirements around data destruction, sometimes involving physically destroying the storage medium up to some given standard.

I’d assume this device targets that market.

Most data destruction compliance standards I am familiar with allow for cryptographic erasure when the device is encrypted prior to sensitive data being written to it (excluding some specific data-sensitivity levels).

If they are strict enough to not allow for cryptographic erasure (or the data is above a specific sensitivity), this device would likely not be in compliance either -- physical destruction generally requires shredding/grinding to a specific particulate size, or incineration, and this device does not appear to do either.

I'm not saying there are many (any?) modern standards that would allow physical destruction without cryptographic erasure. As far as I know, physical destruction requirements are usually accompanied by cryptographic erasure requirements.

I'm also not saying that all compliance standards related to data security require physical destruction; just that these absolutely exist, mostly in defense and similar areas.

Most standards (e.g. ISO 27001, NIST 800-88) do allow for physical destruction without cryptographic erasure if the device is being shredded or incinerated (to the applicable shredding/incineration standard of particulate size/temperature). Especially because cryptographic erasure is effectively pointless (at high data-sensitivity levels) if the device wasn't encrypted immediately and prior to data being written. Notably, NIST 800-88 2.6 explains when not to use cryptographic erasure, and when to consider it, but there is no requirement for it.

But, I mainly made my comment in reply to this part of your comment:

>I’d assume this device targets that market.

Because I don't think there is any market where this SSD punching device would be compliant and cryptographic erasure wouldn't be compliant. At least, in my career, I have not seen any environment or standard where this would be considered compliant but cryptographic erasure wouldn't be.

Right, but nobody's arguing that there are cases where you'd physically destroy a device, while cryptographic erasure of the data is not required as well.

I didn't explicitly say this in my original comment since it seemed implicit given the context.

>nobody's arguing that there are cases where you'd physically destroy a device, while cryptographic erasure of the data is not required as well.

I am very explicitly saying cryptographic erasure is not required if you are following physical destruction standards (in ISO 27001 and NIST 800-88, at least).

There is a encryption standard for ssds and the better ones do this anyway.

The boot password might be needed to be configured but it's unlocks your SSD. It's enough for the SSD to forget the AES key

As someone whose job in the past was mass destruction of HDDs and SSDs (thousands on weekly basis) for a major cloud provider this is pretty much useless.

If you wanna do it efficiently on scale then something like this is much better option: https://m.youtube.com/watch?v=iqU9QSwHcNg

And for SSDs you'd want something like this: https://phiston.com/product/mediadice-ssd-disintegrator-2c/

This is designed for low hundreds per week and probably is priced much more reasonably for that market than what you are suggesting.
You'd be surprised how much enterprises pay for Protons and Garners. For approx tripple the price (my links above) you get about 30x throughput. But I agree, not everyone needs that speed.
I did this for years with a beefy arbor press (just for mechanical drives).

For our scale at the time (destroying 10s of drives a month) it worked fine and it was a great stress reliever.

Get off a frustrating customer call? Go take 15 and take it out on the stack of drives needing destruction.

An awful lot of the destruction can be done with a torx screwdriver:

Step 1: take the screwdriver, dismantle the drive, and remove the platter(s).

Step 2: take the screwdriver and gouge the platters.

Step 3: take the screwdriver, lay each platter across it on the floor and stamp your foot down, hard.

Destroying the metal casing is fun but it doesn’t really do an awful lot in terms of making your bits harder to read.

Destroying the metal casing means the whole disk takes about 10 seconds to destroy, and doesn't require a "stomp on a screwdriver" step that OSHA may not approve of.

Your procedure absolutely makes sense if you have a single-digit number of drives to destroy once in a while at home, not if you have to destroy dozens regularly.

I hate to imagine how much ewaste is produced from destroying these drives, rather than simply wiping them and reselling them as refurbs.
Some orgs crush entire computers, so crushing just the drives is at least better than that.
Never heard or seen this.

Who? And why?

Because it's very very hard to ensure modern computers dont have storage integrated into some unexpected part. UEFI on board can have a pretty significant amount of storage. All kinds of other devices can have storage in them too. Rather than ensure everything has been erased, they grind up the whole thing.
If there's even theoretical possiblity to recover even a piece of customer data you're risking your entire existence. Serious companies don't wanna do that
The feasability is the same whether you crush a drive or erase it normally. A serious company would worry about the people who are inside your network reading the live drives, not campfire scare stories about drives magically remembering previous values.

Drives are extremely dense. If there were any way to store a value and still have any remnants of the old one, we would have slapped an error-correcting code on it and used that effect to double drive density.

Companies who believe in this magical spare capacity to read values that have been overwritten suffer from an entirely irrational fear. A paranoia that there is always a possibility.

The actual, non-theoretical possibility of recovering customer data is those companies being hacked by bored teenagers or everyday ransomware. Not empty drives.

Its not the feasibility of reading previously erased data.

The much more simple issue, is that drives that have not been erased look exactly like drives that have been erased. Does the drive contain data? Who knows until you hook it up to a computer.

Meanwhile It's very easy to distinguish a drive that has been crushed and can be e-wasted, from a drive that has not been crushed, and can't be e-wasted.

While I understand where you're coming from, this does not paint a reassuring picture of the organizational capacity of those companies, when they are handling sensitive data.

No matter what a drive looks like, you simply erase it again. Does the drive contain data? Send it to erasure one more time, and then it doesn't.

I expect the objection that someone could still mess this up, there is still a risk of an employee being terribly confused and putting a drive directly into the trash, instead of the erase box.

But my point is, if this is a realistic problem with your employees, you have bigger problems. Even if you destroy instead of erasing, your employees could also throw drives into the nearest kitchen trashcan instead of putting them in the destroy box. Your front desk could just let someone through because they had a good story, and they'll make an exception just this time. Your employee clicked on the wrong button and you have ransomware. These are real things that happen every day and result in data leaks.

If erasing drives is too complex to have it handled reliably, the organizational capacity is already too low to handle sensitive data. You will lose the data one way or the other.