Holiday Hackit: Automated hard drive destruction

One of our recent posts took an interesting tangent: physical hard drive destruction. First, [wolf] wanted to use a 20ga shotgun shell on his hard drive. [brk] suggests an electromagnet applied to the drive while it’s still spinning. Everyone thought thermite might be interesting… Finally, [wolf] noted this commercial auto destruction drive that floods itself with an acid mist. I’ll suggest a few ideas and let you guys take it from there.

I’d suggest pneumatic injection of two part epoxy into the drive mechanism. Remove the top of the casing using the diy clean room method, add a port for the epoxy and use a cheap CO2 bike injector to force the liquid into the drive on demand.

So, got a better idea? Let’s hear it.

163 thoughts on “Holiday Hackit: Automated hard drive destruction

  1. I’d want something that not only destroys all data from the disks in an instant… Damage to third party would also be wanted, if he stole my hard disk or if he is a cop, I’m not really worried about him getting acid splash in his face…
    For immediate data destruction, could a high magnetic field be used, resetting everything to 0?

  2. how about this a large electronic magnet in the door frame of where the computer is being stored. Once the drive is removed the frame magnet kicks on and toasts the drive(s) with out anybody being the wiser or having something noticable.

  3. I propose compromising the hermetic seal and mounting the HD inside an old microwave oven with a large polystyrene container sitting on top of it.

    When the microwave goes on, it shorts out the electrical components as well as compromising the polystyrene container and immersing the drive in water. After a few minutes, the heat of the water should be enough to erase and remaining magnetic data on the disc platters.

  4. Try a high end magnet. I work for an outpatient radiology and imaging facility. Since we must destroy all data by law (HIPPA ACT) before disposing of our hard drives, we have a great solution. We put our hard drives in a cloth sheet (so we don’t break our wrists when the magnet grabs) and move them into the MRI machine. Just don’t let it hit the side. It took 5 people to pull the last one off that we accidently let go of. You just can’t get too close to the magnet. Anyway, that magnet is so awesome, it actually demagnetizes the natural magnets inside the hard drives. Just don’t take your cell phone, credit cards, or jewlery inside! Electronics die instantly and piercings will get ripped from the body.

  5. Everyone always forgets about the Faraday cage effect when they say “use an electromagnet”. Sorry, as long as that metal case is on the drive, the data is well protected from any magnetic fields.

  6. Some years ago I attempted to bring something like the to market the magic number is 372 deg f the closest to this is the temp need to hit the curie on the drive platers for a modern drive

  7. Make a teeny, tiny microwave with its own battery. It simply microwaves the platters. Another idea is to encrypt the drive using a complex system and key held in firmware. If need be it can delete the decryption key and software, making recovery tantamount to impossible. Last one: like acid mist, but cyanolite mist instead, both etching the platters and sticking the heads to them.

  8. Here is a way that would work take say a 3/4″ center cutting end mill add a drive motor and a slow linear actuator.

    As the drive is spinning activate the end mill and the actuator. As the end mill cuts through the drive platters the will become unbalanced and destroy the platers. No longer will the drive be readable or usable.

  9. An automated self destructing drive would be expensive, I would use solid state for such sensitive stuff. How big are sd cards now? have it eject into a coffee grinder.

    Or how about this: build a VM with vmware, take a snapshot, write whatever evil stuff you want in it, and REVERT to the snapshot when danger arrives. How recoverable is a lost VM state? If your’e really worried, have the vm start recording a video as part of the “oh sh!t” script.

  10. “97. Everyone always forgets about the Faraday cage effect when they say “use an electromagnet”. Sorry, as long as that metal case is on the drive, the data is well protected from any magnetic fields.”

    Faraday cage effect only works for electric fields, not magnetic ones, sorry bud…

  11. How about a spring loaded cutting bit? When something releases the bit it starts cutting the spinning platters until there is nothing left of them.

    before:platter O – bit
    during:platter o- bit
    after:platter .- bit

  12. There are a number of ways to destroy the disc:

    1. Changing the magnetic data
    2. Removing the magnetic material
    3. Destroying the magnetic material, platter, enclosure, casing and probably most of the room (when it comes to data security there is little room for error).

    * low-level format the disc – slow; many hours at best)
    * high encryption – currently secure, but as pointed out previously theoretically unsecure; requires additional computing power and to be implemented at the start of your setup; and despite current rulings could land you in a lot of judicial trouble and what to do with your 4096b decryption key? Remember a 512 character password?
    * heating – elegant solution, however at raid time quite slow (the thermal energy required to heat up the magnetic material is not much at all, however this is deposited on an aluminium platter which take a lot more to heat up). Note that Cobalt has a Curie temperature of somewhere between 1100 and 1400 K (slightly higher than Iron). Flash heating by electrical arcing or flame (req. fuel) would be possible but probably wouldn’t cover the entire platter, leaving the same effect as scratching the platter manually.
    * magnetic – elegant and self contained solution as a coil could be spun within the casing (and shielding!) of the harddisc. Externally this would require a simple AC->DC converter with an optional capacitor array or battery backup for creating the large magnetic field required to format the disc even if mains supply is temporarily unavailable.

    Most options would have to involve changing the structure of the Cobalt deposit the simplest being by (electro)chemical oxidation of the surface.
    * oxidant flooding – simple, yet totally unspectacular (for those of you also require a dose of flair). Chemical oxidants as bromine, (acidic) hydrogen peroxide, bleach would all suffice. Of course many more exist. (Personally a solution of potassium perchlorate in acetonitril would be interesting as it is not only a strong oxidant, it is also explosive for a double whammy effect; simply install a sparkplug in the disc).
    * For the ingenious electrochemical oxidation would be clever, but making platter into an electrode and still have it work until destruction date seems unlikely at the least, but for those wanting a challenge… (also this require immersion in a conductive liquid).

    Destroying the lot is a very nice way, though special care should be taken to make sure that no forensic recovery is possible (simply launching a platter through the neighbours wall will not ensure data security even though it does score highly on the hilarity scale). NB: Shrapnel is not cool, don’t get in it’s way or put it in anyone else’s way.
    * thermite – hard to light (Magnesium ribbon works, so will an acetylene torch), relatively slow to burn. Not something that could be subtly done whilst being arrested.
    * various explosives (tnt, c4, etc) – Not easy to obtain; require a blasting cap to ignite (trivial)
    * other explosives (nitroglycerine, etc.) – Way too unstable to put inside a heat source like a pc, on the other hand it is easily ignited.
    * still other explosives (black powder, perchlorates, various nitrates) – still require a blasting cap to ignite (trivial), easy to obtain (legally?), stable enough for use. Check.

  13. One quick method take a really beefy drill like a dewalt 24v or corded AC drill and a big bit and drill right through it platters and all.
    Another quick method take sledge hammer and smash it real good make sure the platters are damaged 3 to 5 swings will usually render any data destroyed.
    The my favorite method I like to do take is take it to the firing range and use it for target practice and put a few .357 slugs into it.

  14. Oh I have another that could be automated paint the top of the drive black and place a piece of refractory material from a kiln on the other side as a beam stop. Then have a 150 watt or larger CO2 laser with focusing optics aimed at the drive and if you need to destroy the data fire up the laser while the drive is still on.
    If you don’t have a big laser maybe rig a plasma cutter or heli arc welder to destroy it.
    A second trick but this will also likely destroy the attached computer as well have a coil of heavy wire placed over the drive connected to a large HV cap bank about 600 joules worth fired by a SCR or spark gap basically the old can crusher circuit .
    This will wipe any magnetic data and distort the platters all at once.

  15. The 2-component epoxy thing… that can be removed chemlically without damaging the data on the disk…
    I like the idea of handing it to the fedz saying it has the complete 911 truth on it…

    BUT, I think the most effective method would be to install an oscillator in the direct perimeter of the platters that emits the eigen-frequency of the platters, so when triggered, the platters will amplify that frequency and start vibrating so hard they will break. As glass is a very sturdy material, it will break really soon. Ever seen a tenor break a glass by singing? Kindof the same.

  16. I would think that since the platters are made of aluminum injecting a strong caustic solution of say 50% NaOH into the spinning platters would result in effectively reducing the aluminum to goo in a very short time while releasing heat and H2 as a plus.

  17. I run a small computer shop in my home town, one day I drove to work on my riding lawnmower (yes it is a very small town). I was hauling a harddrive with me and I got tired of holding it and waving at the passing cars. So I sat the harddrive on the foot rest and held it there with foot so I could drive and wave at people. I got to the shop and guess what, the harddrive was completely dead and would not even detect. I guess the viberations from the mower did it in, there you go, an easy, low effort way to kill a harddrive. You don’t have to drive around town to do it either I imagine you could do it just mowing the grass. I never take harddrives for rides on the mower anymore.
    Local computer guy.

  18. like you guys dont know this one

    step 1
    put hard disk in microwave set microwave to 5 seconds

    step 2
    hand disk over to fbi and ask them if they want fries with that

    know of people building whole pc in a microwave for this reason

  19. step 1:
    remove heads
    step 2:
    microwave heads
    step 3:
    attach heads to a dremel tool or something else to spin at speeds of 10,000+ rpm
    step 4:
    remove shards of hdd heads from face, place in a pile
    step 5:
    move pile to “somewhere in the pacific”
    step 6:
    perform nuclear testing at “somewhere in the pacific”
    step 7:
    kill yourself before the nuclear radiation poisoning does

  20. well, you could just run your os from a usb memory stick, which is alot eaiser to destroy, or you could run it from an old 5.25″ hard drive (yes, they exist, i have one, it’s a 6 gig), since they arent a current production item, killing the controller board should do it since the indivual platters are bigger. The other option would be one of the old IDE tape drives that hold about 400mb, just melt the tape in the microwave.

  21. For decomissioning drives:
    Remove cover seals and immerse drives in a strong saltwater solution, it’ll eat the 100uM coating right off the disk in a few hours. No nasty chemicals or smashing needed.

    For Flash erase: Best thing is to encrypt everthing on the drive with an encryting device driver. Use a USB key to hold the 8000+ bit key, then all that needs to be done is destry the USB key.
    Or if you are daring, keep the key in RAM, flip the power and all your data is non-recoverable within your lifetime. Put a note inside the machine “Removal of power will render all data non-recoverable due to volitile encryption key storage” Once they open the machine, too bad, sorta like a Microsoft EULA. For extra fun, load the crypto routines at boot from an external key that you toss. Make sure you have a very good UPS for normal operating.

  22. I think this would be a viable option for automating this.

    Build a small drill into your rig. Load it with diamond encrusted hole saws nested from the smallest size to one just under the platter size. When you hit self-destruct, it drills into the running drive. Basically what is not turned to dust by the saw should be small enough surface area to not be recoverable. Here the nesting of the saws is key. Just drilling the drive does not destroy enough surface area.

    Also in case power is cut, you could have a battery powered drill in this design backed up by a battery backup UPS.

    All of this should be built into your rig, and preferably the rig locked in a way that it would take several minutes to get into. That way no one can pull the plug or kill the drill.

    As an added feature, you could have a drive wiping program start and delay the drilling by 30 seconds or so. That way part of the drive is clean even before drilling.

    This idea could also be used for simple destruction of old drives in a Non-emergency situation.

    It is imperitive to remember though, given enough time and money, almost any security or failsafe can be disabled or overccome. So, I would suggest good passwords, High encryption, and a safe machine that is not network connected to store private data.

  23. what about an estes rocket in a housing over the center of the radius of the platter with an igniter connected to a killswitch, you could even stick some batteries in there if your worried about the power, its simple and as long as you can keep the flame concentrated on the disks somehow i could see it doing fatal damage (fatal to data that is ;D)

  24. the best way to “legally” erase the data on the harddrive using an automated method, would be to use a custom made hex virus. write one to randomly spit out some messed up random bits and have them scattered into files and blank area. then using the virus you could get it to fragment the files on your hdd. now of course when your using a virus of this potential, and with instructions to move data. you will need a bit of time before its “task” is complete. if your using modern parts and software, you should have it done in approximatly 5mins, depending on size of the disks, partitions and other processes running at the same time.

    im no expert on writing hex code or virus to be exact. its just an idea more than anything

  25. i wonder if injecting ferrofluid onto the platter would have an effect. at the very least it would spread evenly across the surface and be VERY difficult to remove (if even feasible) as well as preventing it from being read.

    it’s also cheap and stable. just let it get sucked into the breather.

  26. Effective data drive destruction must be automated (by tamper sensors or zone alert) since efforts by evil agents to seize data will occur when you cannot intervene. Drive and destruct device should be constructed in a concrete vault or temporarily hidden area that will allow at least a few minutes to assure full destruct before interference from agents. I’m thinking along lines of high amp battery/inverter/microwave to destroy USB flash drive and possibly a computer/motherboard to assure RAM kill as well.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s