Go to Top

Who would James Bond be without his toys?

Total and unrecoverable annihilation of data isn’t easy these days, as the GCHQ agents who supervised the drilling through The Guardian’s hard drives knew all too well. The hard drives contained data stolen from the NSA by one Edward Snowden. Drilling is still a popular method of destroying data. But is it effective? Putting aside the fact that data can be easily copied and stored in an almost infinite amount of physical places (for example, when you upload or host it online), it’s actually disputable whether or not drilling through disks is effective. James Bond would surely have done that with more finesse, while ensuring that data is destroyed and unrecoverable (in style, of course). I’ll give you a couple of ideas for how he could do it — but let’s start from the beginning.

 Destroying the storage device physically is your best guarantee that the data won’t ever come back to haunt you. It eliminates the risk of a data leak that is technically possible when wiping a disk programmatically, or when highly sophisticated data recovery equipment is used on the drive (tools of this calibre are not commercially available, but we can’t rule out that they one day will be or that some institutions don’t already have them). There is a downside to this method though – you will not be able to use this storage device again. Unlike a hard drive wiped with data erasure software, a physically destroyed disk can only be recycled. In some cases this will be your best option though.

When should you consider destroying your memory disk physically?

  1. You can only overwrite data stored on a functional storage device – corrupted devices that can’t be turned on can’t be secured in this way (though data stored therein can still be read)
  2. When some sectors on your the hard drive are corrupted
  3. When you’re retiring company machines that are intended for recycling – those disks should never leave the company premises unsecured
  4. When dealing with outdated storage devices, such as magnetic strips and tapes, old HDD’s with poor data density and old SSD’s
  5. Wiping data using software tools takes time, so if you need the job done quickly, physically destroying the disks will be preferable

Once you’ve decided that you want to physically annihilate your disks, you’ll have several options to choose from. Starting with drilling through the disk with a regular drill, through demagnetisation, chemical utilisation (using highly concentrated chemicals that wipe out the magnetic layer of the disk) and ionisation, to heating it up and grinding it. Some of those methods are particularly worth our attention.

I mentioned drilling through the disks as one of the most popular methods of annihilating data. At the moment, there’s no way to read data from a disk destroyed in this way. But information security experts recommend using different methods for getting rid of confidential and highly sensitive data — drilling is only a mechanical method of destruction, but the parts might still contain undamaged data written into their layers. One day, this data could potentially become recoverable.

Heating it up — to erase data using high temperatures, you need to ensure that the temperature reaches the Curie point (as in the husband of Marie Curie, who coined the term) for the particular material that the magnetic layer of the storage device is made of. Unfortunately, those materials are highly guarded secrets of their manufacturers, but it’s a common guess that a temperature of 700 to 1200°C is enough to destroy data. That means that you won’t remove it by tossing the disk into a bonfire (wood burns at around 500°C). You’ll need special equipment to reach the minimal temperature needed for your data to perish.

Demagnetisation — demagnetisers (known as degaussers) are tools that erase data using an electromagnetic impulse of up to 1.8 teslas (according to the International System of Units SI; in older systems it would have been an equivalent of 18000 gauss). The degausser generates an impulse that releases magnetic induction, which then permanently removes electromagnetic charges from the surface of the disk. Of course this method is only effective for magnetic data storage — it won’t be any good for flash memory, although it can mess up the electronics of some of those devices (the data might still be possible to read though).

Of course you could always skip then more sophisticated methods and use brute force to shred, grind or blend your disks. There are tools that let you turn your entire hard drive to dust – no need to take the disk out first. I encourage you to watch this video, which shows just how easy it is to turn hardware into confetti (not for the faint hearted). Personally, I doubt that James Bond would ever succumb to methods like that – this level of brutality is more suitable for the opponents of Her Majesty’s Secret Service.

We’re almost done here. Almost. In the last part of this series we’ll be going game hunting. Stick around to find out whether you’re the hunter – or the prey.

See you soon!

P.S. As usual, any questions, doubts or comments about this series can be shared in the comment box below.

, , , , , , , , ,