Re: [PLUG] Securely destroy and responsibly recycling hardware

[PaulNM <plug@paulscrap.com>]

On 10/22/2017 12:50 PM, Paul Walker wrote:
> Here's a gif of Elliot wiping all his gear - looks like he puts sd / ssd 
> / memory in the microwave (I'm obviously not going to do that) and hits 
> the hard disk platters with a cordless drill.
>
> https://i.imgur.com/WmRwjI3.gifv
>
> So, I have a couple questions:
>
> 1. Will microwaving memory or solid state storage actually render ALL 
> data entirely irretrievable?
> 2. Same question for the spinny drives - will passing a drill bit 
> through a hard drive actually render ALL data entirely irretrievable?
> 3. What is the non-Hollywood way to do this (render ALL data an physical 
> media irretrievable)?

The key part of these scenarios is time. These methods are effective 
when you're in a rush (5 minutes or less) and do a good job of either 
tremendously slowing down whoever is after you.

Microwaves will definitely fry the electronic, and I suspect actually 
damage the data store. Not sure if it'll be readable after moving it to 
a new control board, but there'll still need to be a lot of 
reconstructive work done to figure out how the data fits together even 
if it is readable. This would be days, more likely weeks of work.

A drill will likely shatter platters, but data recovery companies deal 
with those all the time. Again, that would take time though.

The truth is, for any modern (~20 year old) drive a single overwrite 
with 0s (or some other pattern) is plenty. The data is gone, no electron 
microscope is going to find it again.  The so called "Gutmann method" is 
a misreading of his actual paper, which itself is a now 21 year old 
paper describing issues with drive technologies that are now 26 years 
old and more.

Now if you have actual serious concerns on the level of national 
security secrets, there are 2 caveats. It's possible that some sectors 
on your sinning drive got remapped because they're no longer writable, 
but are still readable. Another entity could get a hold of the drive, 
override the firmware, and read that. Doesn't mean there'll be any 
usable info, though.

The second is ssd drives that have a very large amount of extra capacity 
devoted to wear leveling. You might need to do a random pattern instead 
of zeros, and write out the equivalent of 1.5x or 2x the drive's 
supposed capacity to make sure you get it all.

Destroying perfectly good hardware instead of donating it is a massive 
waste due to paranoia. This is something that groups like NTR have been 
struggling with for a long time. Sure, there are occasionally articles 
and news stories of people buying used stuff and "recovering" personal 
info. In all of those cases, the data had never been overwritten. In 
some cases it had been deleted, but I've trash picked lots of stuff 
where even that hadn't been done.


> 4. Once this is done, how do people recycle old electronics in the 
> philly region?

If the stuff is too old/damaged to donate to organizations, take it to a 
recycling center. As long as you're a Philly resident you can use any of 
them. A big time for this is January. You'll see huge piles of old 
flatscreens, crts, tvs, computers, and so on after Christmas.

- PaulNM

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug