A close shave: How to destroy your hard drives without burning down the data centre Four years ago at DEF CON a popular presentation examined how best to destroy hard drives in a data centre within 60 seconds of a three-letter agency knocking at the door. Now, that research has been updated with new techniques. Security researcher Zoz looked at three core methods for destroying platter and SSD drives – …
This post has been deleted by its author
Probably better to place a capsule filled with an enchant for the magnetic film material (usually cobalt based these days) in the drive that can be triggered to spray the platters with the etchant & corrode them. The storage portion of the films are so thin (a few tens of nanometers), that they'd be destroyed in seconds.
Yes a corrosive gas or spray/fluid sounds a good idea and would allow the platters to spin for a small time (assuming the arm is brought into the rest position) to evenly coat them.
My idea was somewhat more destructive, and I'm not sure how reliable or the size of the powertools required. May not quite fit in a rack space. :P
How about blowing up a small capsule of magnetic dust?
Better still, get some radioactive isotopes. Radiation safety rules will keep the agencies from opening the housing for years.
Thermal destruction might work great if you don't blow your thermal load in a second, but instead heat the platters to an even few-hundred C.
I assume you don't mind killing the heads at the same time, so fine pumice powder would take advantage of the disks spinning and get the head to grind it in...
Alternately, corrosive magnetic epoxy resin would be handy, it'd turn the platters into one solid mass, and do a pretty good job of rendering unreadable any bits that someone managed to delaminate...
I've often wondered about the suitability of common household chemicals for this purpose. Shame the boffins didn't stop playing with the obviously unsuitable and almost certainly illegal explosives for long enough to try a selection of those... bleach, oven cleaner, nail-varnish remover, etc. Can't imagine much data would survive a hefty syringeful of bleach being injected through a breather, followed by a squirt of vinegar for good measure...
Look the premise here is that you want to blow the disks quickly because of certain government agency is going to be coming through the door. So the disk has to be usable and then while its being used... you need to destroy it.
Using an encrypted drive, a small amount of det cord will be enough or a small shaped charge... It doesn't matter if some of the platters are readable. How do you decrypt a chunk of data if you don't know the start or end of the record. At the same time... as other readers point out... there's alternatives that would be corrosive to the drives... what happens if you have a shaped charge that vaporizes a different metal that coats and melts the surface of the drives? I mean lets face it... the surface of the drives are more fragile than the drive case.
But what do I know?
I'm all for the SSD and RRAM which I think a high voltage pop would be enough to fry the machines and storage.
BTW isn't Thermite an explosive? So if you're going to risk the charge of handling explosives which could also label you a terrorist, why worry about destroying the rest of the server too?
Shouldn't degaussing be sufficient? Or maybe that was too boring.
Probably. The problem with things like this is that there's generally too much "knowledge" around that is of purely historical value. A lot of the stories that get cited refer to e.g. floppies or low density hard drives - you can forget about them entirely for modern drives.
As the density goes up what it takes to make the data completely irretrievable goes through the floor: e.g. if you physically overwrite a sector once what was on it before is lost forever - those algorithms you have read about involving multiple passes and random data belong to a different age. Significant damage anywhere on a platter essentially makes the entirety unreadable - it doesn't matter if most of the data is still perfectly intact if there is no way it can be subsequently read out.
The fact some of the methods tested are not very exciting does not mean they are not completely effective. Hell, I wouldn't want to could on it but I'd imagine simply taking the top cover off outside of a clean room environment would counter even the most sophisticated attacks a good proportion of the time.
If you're careful you can operate on a drive without a cleanroom. I wouldn't trust the drive after, but it can be done. I've done it - replaced the cover of a drive with a plastic panel so the insides could be seen. It was intended as a working demonstration drive for an IT class.
Confirmed S. Raven. I had bought a used HD that had the top/bottom clam shell not a boat... I used a USB microscope and a video camera, no cover.
Powered up XP, and commanded a conversion from FAT32 to NTFS5.
This morning I think I just found the HD with that very movie.
"[...] degauss and shred the platters and dispose of them in multiple locations."
For (some?) metal platters you can quickly reduce them to a shapeless lump by applying the flame of a standard plumber's gas blowtorch. Haven't tried that with vitreous platters.
When taking the drive to pieces you need a screwdriver set that covers small Torx screws and other "security" types.
Have had to do that incineration a few times when a drive had died and couldn't be erased. It also sidesteps the problem of there being data on any "hidden" damaged tracks that are no longer visible to the PC.
For (some?) metal platters you can quickly reduce them to a shapeless lump by applying the flame of a standard plumber's gas blowtorch. Haven't tried that with vitreous platters.
My preference - primarily because it's far more fun - is to use an Arc welder. If you're very careful about where you put the ground clamp and where you strike your arc you can have some (very, very brief) fun with the motors too. Occasionally you can get a chip to pop nicely as well, though obviously your main focus should be around the platters :)
I use a password and keyfile. The password is well over 100 chars long and impossible to remember - it's kept in text format, along with the key, on a USB drive.
I mount the data, then move the key and password file to the encrypted partition, and secure erase the USB device. When I am doing a reboot or anything like that I copy it back to the USB device
But if anyone comes knocking, the power just needs to be knocked off, and BAM! Impossible to recover
Not lost if the user still knows the password. The USB offers ease of use and plausible deniability, if also lost in the "power outage" that was "just by chance when you knocked" and "made me loose all my [encrypted] Spice Girls MP3s (with CDs on shelf as proof of usage)".
If the password doesn't have to be rememberable, then you can use a hash of some obscure file. This gives a way to recreate password, provided that you know which file it was, and it hasn't developed bad bits in the meantime. Even an AOL installation CD would suffice. Har har.
Great. Someone knocks one the door. Your plan goes into action..."sorry guys, it's encrypted and I destroyed the key".
Then an extended stay in A windowless room because they don't believe you.
I like the methods listed because even a jackbooted thug could look at a hard drive punched through with nailholes or melted with thermite and figure out that you really cannot get the data off it.
He said nothing about whether he keeps a backup copy or two of PW & keyfile at secure & obscure offsite location(s). A TF card wrapped in tinfoil* could easily be secreted in any metallic environment.
Of course his mounting procedure should involve overwriting the entire USB device rather than just erasing the files. Which will significantly reduce the lifespan of the thing but with small thumbdrives so cheap that isn't the problem it once was. It would also be sensible to ensure the keyfile(s) are sufficiently sizable to overwhelm any wear-levelling reserve. With TC using no more than the first MB of every file, a directory holding a decent MP3 collection or JPEG library would be practically perfect.
*aluminium might suffice for the less puritanical ;-)
Liquid nitrogen for 30 seconds then your choice of explosives, C4 being a rapid explosive would be my personal favorite.
Of course, if a certain tthree letter agency was knocking on your front door, they might ask why you were exploding things, maybe more criminal charges against you as opposed the owner of said hard disk.
Of course, if a certain three letter agency was knocking on your front door, they might ask why you were exploding things
Ah, you're right. You need to build up plausible deniability. So, start blowing things up frequently, just for fun. That way, the explosions when they enter the building won't look out of character.
Yeah, I couldn't sell it to the IT director either. Was worth a try, though :).
Oh, I think we can ignore that, because the original premise pretty much ignores that too. All of your data goes at the exact moment the three letter agency knocks yet you claim you were running a legit business? Nope, you're taking a long vacation overseas. Probably someplace that will make Gitmo look like the Rivera.
...with just a perspex cover over the opened drives with exposed platters.
The knock at the door means you walk in with a hammer and chisel and go to town on the platters within seconds.
However, being found standing next to a load of destroyed sparking smouldering HDDs would make you look like a guilty puppy sitting next to a pile of poo.
It does seem like he could have pursued degaussing options. I'm thinking perhaps the kind of electromagnet people use to shrink coins, only bigger. If you could do the same thing to the platters, I think it'd be pretty safe to say the data is irrecoverable.
Though the "safe for a data center" criterion might become an issue again.
>>60 seconds of a three-letter agency knocking at the door.
This reminded me of a custom spring loaded security door mentioned in "The Construction & Operation of Clandestine Drug Laboratories".
Might give a person a lot more time to destroy drives... as long as they can get into the room and close that door.
An auto-destruct button would certainly be cooler but.. I really liked the diagrams for that door too.
Really, why go to all the physical risk and effort apart from the fireworks in testing?
Doh, I just answered my own question...
But really the answer is much simpler: all disks encrypted with a long random block of data that is stored on a chip, and then just zap the chip with a high energy discharge while rebooting the servers in to the usual memory testing slow BIOS start-up that you always use as you worry about data integrity if your RAM is not checked. Key gone = data gone and in-RAM copies overwritten as well.
Chlorine trifluoride and gases like it have been reported to ignite sand, asbestos, and other highly fire-retardant materials. In an industrial accident, a spill of 900 kg of chlorine trifluoride burned through 30 cm of concrete and 90 cm of gravel beneath.
The compound reacts violently with water-based suppressors, and oxidizes in the absence of atmospheric oxygen, rendering atmosphere-displacement suppressors such as CO2 and halon completely ineffective. It ignites glass on contact.
Fun stuff.
It is extremely reactive with most inorganic and organic materials, including glass and teflon, and will initiate the combustion of many otherwise non-flammable materials without any ignition source. These reactions are often violent, and in some cases explosive. Vessels made from steel, copper or nickel resist the attack of the material due to formation of a thin layer of insoluble metal fluoride, but molybdenum, tungsten and titanium form volatile fluorides and are consequently unsuitable.
Not sure how you modify HDD to use it. Sounds like it will do in SSDs too!
It's likely you are mad if you consider it as a rocket fuel
https://en.wikipedia.org/wiki/Chlorine_trifluoride#Rocket_propellant
It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water
>"is also hypergolic with such things as cloth, wood, and test engineers'
Now we're cooking with gas. That's a truly incandescant mental image. Never mind puny crucibles or chicken fat bars of iridium, if you can ignite test engineers then you're truly on your way to world domination.
"WTF? Which industry has a plant/facility that requires having 900 kg of alien blood such as this around? And in one container? Or even one county?"
You can read all about the terrors of Chlorine Trifloride it in John D. Clarke's book on the development of rocket fuels called "Ignition!" (pdfs are available). Below is the relevant section:
"Chlorine trifluoride, ClF3, or "CTF" as the engineers insist on calling it, is a colorless gas, a greenish liquid, or a white solid. It boils at 12° (so that a trivial pressure will keep it liquid at room temperature) and freezes at a convenient -76°. It also has a nice fat density, about 1.81 at room temperature.
It is also quite probably the most vigorous fluorinating agent in existence — much more vigorous than fluorine itself. Gaseous fluorine, of course, is much more dilute than the liquid ClF3, and liquid fluorine is so cold that its activity is very much reduced.
All this sounds fairly academic and innocuous, but when it is translated into the problem of handling the stuff, the results are horrendous. It is, of course, extremely toxic, but that's the least of the problem. It is hypergolic with every known fuel, and so rapidly hypergolic that no ignition delay has ever been measured. It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water — with which it reacts explosively. It can be kept in some of the ordinary structural metals — steel, copper, aluminum, etc. — because of the formation of a thin film of insoluble metal fluoride which protects the bulk of the metal, just as the invisible coat of oxide on aluminum keeps it from burning up in the atmosphere. If, however, this coat is melted or scrubbed off, and has no chance to reform, the operator is confronted with the problem of coping with a metal-fluorine fire. For dealing with this situation, I have always recommended a good pair of running shoes. And even if you don't have a fire, the results can be devastating enough when chlorine trifluoride gets loose, as the General Chemical Co. discovered when they had a big spill. Their salesmen were awfully coy about discussing the matter, and it wasn't until I threatened to buy my RFNA from Du Pont that one of them would come across with the details.
It happened at their Shreveport, Louisiana, installation, while they were preparing to ship out, for the first time, a one-ton steel cylinder of CTF. The cylinder had been cooled with dry ice to make it easier to load the material into it, and the cold had apparently embrittled the steel. For as they were maneuvering the cylinder onto a dolly, it split and dumped one ton of chlorine trifluoride onto the floor. It chewed its way through twelve inches of concrete and dug a three foot hole in the gravel underneath, filled the place with fumes which corroded everything in sight, and, in general, made one hell of a mess. Civil Defense turned out, and started to evacuate the neighborhood, and to put it mildly, there was quite a brouhaha before things quieted down. Miraculously, nobody was killed, but there was one casualty — the man who had been steadying the cylinder when it split. He was found some five hundred feet away, where he had reached Mach 2 and was still picking up speed when he was stopped by a heart attack."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
