SwiftOnSecurityDec 31, 2022

Fun fact: Windows includes an HDD overwrite functionality. (Note: This won't hardware-level wipe SSDs)
(Also, don't do this you'll probably do it wrong and delete all your data.)

diskpart.exe
list disk
select disk #
clean all

It writes 0's to all logical sectors on the disk. But this isn't the same as all physical sectors on an HDD, and nothing much guaranteed on an SSD. You need to (also) use ATA SECURE ERASE to do that.

But if you have drives you want to dispose and aren't paranoid it's what I did to go through 15 old disks in my closet before smashing them up with a hammer. (Just the hammer works fine too)

Show threadSwiftOnSecurity

The thing about data storage is that they are so incredibly intricate and low-level complicated, just giving a HDD or SSD some really solid whacks with a hammer that messes up the internals a bit makes it functionally impossible to recover.

And Google and Microsoft and Amazon and NSA don't software-wipe hard drives they physically destroy them.

Dec 31, 2022 at 11:11pmWeb
Show threadSwiftOnSecurityDec 31, 2022

Data destruction is actually a super-nuanced area with layers of fundamental obfuscation of plaintext such as software encryption escrowed to DPAPI, file system data structure fragmentation, OS encryption escrowed to TPM, intrinsic always-on SSD firmware encryption via a disposable key for instant wiping, SSD firmware controller data distribution of shards to noncontiguous physical memory cells, the encoding of data in those memory cells...

Don't think about it too hard unless it's your job or you run a darkweb drug marketplace. Just hit it with a hammer.

Show thread0xC0DEC0DE07EADec 31, 2022
@SwiftOnSecurity there exist sanitization procedures for removing unclassified devices from a classified area, but if you’re talking about something that’s end-of-life (or just no longer needed by the org) physical destruction is the way to go. Degaussing is also a fun step you might see orgs do to a hard disk before punching a literal hole in the thing.
Show threadJernej Simončič �Dec 31, 2022
@SwiftOnSecurity Don't forget modern SMR hard drives, which also store data in a similar fashion to SSDs (write zones and sharding; they even support TRIM).
Show threadTravis Newton 👨‍💻Dec 31, 2022
@SwiftOnSecurity Hitting drives with a hammer always gets the job done. One place I worked sold the experience to employees. It was how we also got extra money in the IT budget. Some employees will gladly spend $20 to beat the living hell out of some obsolete junk 😂
Show threadGeorge MitchellJan 1, 2023
@travis @SwiftOnSecurity “This disk holds the code repo for that project where you ruined your health and relationships by spending a hundred hours a week on for six years before the company decided to ‘go another direction’. How much do you bid?”
Show threadTravis Newton 👨‍💻Jan 1, 2023
@gemitch @SwiftOnSecurity My soul. 😆
Show threadGeorge MitchellJan 1, 2023
@travis @SwiftOnSecurity Thanks, we already have that. Next!
Show threadOggieDec 31, 2022

@SwiftOnSecurity The perfect set up for the line and you missed it-

'Or, to save on postage'

Show threadsmartwatermelon Jan 1, 2023
@Oggie @SwiftOnSecurity I am always here for gratuitous Yzma references.
Show threadKnut MoråDec 31, 2022
@SwiftOnSecurity My mother gave some archival disks and tools to us kids, I think we got to the grind-the-disk-with-stone stage before we were done :)
Show threadJamesHaughtonDec 31, 2022
@SwiftOnSecurity
Reminds me back in the day (‘86) supervisor said, (of a couple of rows of DASD and CPUs), ‘all you need to do is walk down this aisle with a huge magnet and we’re done’ the relationship between hardware, 1s and 0s.
Show threadgingerjessJan 1, 2023
@SwiftOnSecurity An interesting aspect of TPM usage to escrow encryption keys is that it allows for a more robust form of data destruction—your TPM can provide a defined interface to destroy the volume key, and this results in full destruction even if the primary mass storage medium isn't designed to allow you to change the values stored in each physical sector.
Show threaddewrz1Jan 1, 2023
@SwiftOnSecurity That is a mouthful.
Show threadThe DoctorJan 1, 2023

@SwiftOnSecurity Dropping them off the roof of a four or five story building works well, too. If you don't plan on cleaning up the wreckage, that is.

You can also skim them down a highway at 75 mph, but I don't recommend that at all. It's way too easy to fall out of the window at speed.

Show threadJohn CasJan 1, 2023
@SwiftOnSecurity i quite like sandpapering old hdds with them spinning, delivering voltage to the circuit board to release the smoke, the taking out the magnets (always useful). Fun stuff!
Show threadTex MorganDec 31, 2022
@SwiftOnSecurity you can also just drop HDD a few times and the headslap will do the same thing.
Show threadQueDec 31, 2022
@SwiftOnSecurity drums full of hard drives straight into shredders. It’s a sight to behold.
Show threadThat Anonymous CowardDec 31, 2022

@BabblingGeek @SwiftOnSecurity

But I could use all of those magnets on the fridge!!!

Show threadShanya (Over at BlueSky)Dec 31, 2022

@That_AC But consider this:

sharp magnetic putty

Show threadThat Anonymous CowardDec 31, 2022

@Almafeta

Now I want to know how many drives you can feed into a shredder before the magnetgoo kills it.

Show threadFree RadicalJan 1, 2023
@SwiftOnSecurity @BabblingGeek @That_AC There’s a paper in the Journal of Chemical Education where they use HD magnets to make cheap magnetic stirplates for the teaching labs.
Show threadLordgandalf 🏳️‍🌈Dec 31, 2022
@BabblingGeek @SwiftOnSecurity only way to securely destroy data securely
Show threadHugo Slabbert ⚠️Dec 31, 2022
@BabblingGeek @SwiftOnSecurity hard disk shredding is one of those #OddlySatisfying things
https://youtu.be/2tX5Scm-i3U
How Does Hard Drive Shredding Work?

YouTube
Show threadBob ThomsonDec 31, 2022
@SwiftOnSecurity @BabblingGeek worked at a place that contracted a gent who’d come, remove the platters and grind the surface off of them. He upgraded to a de-Gausser eventually.
Show threadThat Blair GuyJan 1, 2023
@bobthomson70 I used to disassemble them by hand and use the platters to make clocks and such. I still have some of the magnets on the refrigerator.
Show thread4censordJan 1, 2023
@ThatBlairGuy @bobthomson70 the platters also work well on scarecrows
Show threadThat Blair GuyJan 1, 2023
@4censord @bobthomson70 I used a few *as* scarecrows, trying to keep the deer away from the garden.
Show threadFuzzysteveDec 31, 2022
@SwiftOnSecurity Physical shredding is, tbh, faster and easier than software wiping, if you have the equipment in place. Take a note of the serial number, stick it in the shredder. software takes more steps.
Show threadJenn CutterDec 31, 2022
@SwiftOnSecurity depressed myself with my lack of strength (and prob technique) when learning it was a lot harder to physically destroy a drive than I thought!
Show threadAK23 Dec 31, 2022

@JennCutter @SwiftOnSecurity If you have the tools remove the platter(s) and dispose them separately from the drive. If there’s more than one in there, just slightly misaligning it is enough to put recovery out of reach even for most professional shops.

Giving them a good whack will also help the cause 😅

Show threadAK23 Jan 1, 2023
@JennCutter @SwiftOnSecurity On a second thought, the whacking part might be unsafe advice. Some models use glass substrate for the platters 😖
Show threadRiley S. FaelanDec 31, 2022
@SwiftOnSecurity: In Google's case, it amounts to hitting it with a big, high-powered, electric hammer.
Show threadGrathDec 31, 2022
@SwiftOnSecurity We did some cathartic stress relief/secure erasing when my best friend's hard drive was failing, after we recovered everything we could (which was luckily most of the data) onto a replacement drive.
Show threadMark BrittenDec 31, 2022
@SwiftOnSecurity there's also something quite satisfying about giving a hard drive a good whack with a lump hammer.
Show threadJim P.Dec 31, 2022
@SwiftOnSecurity For spinning rust disks, I usually open them up, steal the nice magnets, then smash them up a bit.
Show threadKenn WhiteDec 31, 2022

@SwiftOnSecurity good thread but re the Big 3 cloud providers, for AWS anyway that does vary slightly by region and kit age (e.g., for the Nitro servers, NVMe is integrated into the entire board), so hardware rekeying is sometimes used. For nerds who want to dig deeper, see Appendix A of 800-88-rev1-final:

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

https://aws.amazon.com/compliance/data-center/controls/#Device_Management

Show threadAK23 Dec 31, 2022
@kennwhite @SwiftOnSecurity Is this similar to running „nvme-cli sanitize -a 0x04“ (https://manpages.debian.org/testing/nvme-cli/nvme-sanitize.1.en.html )?
nvme-sanitize(1) — nvme-cli — Debian testing — Debian Manpages

Show threadMythic BeastsDec 31, 2022
@SwiftOnSecurity we physically destroy at end of life. The extra cost is worth the peace of mind. We spend thousands on disk shredding.
Show threadMarkus of the CatDec 31, 2022

@SwiftOnSecurity If you encrypt the drive contents and keep the encryption key outside the drive, is it still necessary to shred?

Seems so wasteful, especially if they're doing it on the scale of the NSA or a big tech company

Show threadmnemonicoverloadJan 1, 2023
@SwiftOnSecurity @FutureMarkus Kinda depends. Do you think the data on the drive will still have value X years down the road when an exploit for the encryption method used is eventually uncovered? Or baring that, in Y years when computational power increases to the point that it becomes trivial to brute force the encryption? For some particularly sensitive data the answer might be yes.
Show threadMax Riethmuller (TechLife)Dec 31, 2022

@SwiftOnSecurity That's how I guarantee my customer's their data has been wiped on machines I dispose of or get as trade in's (I don't usually need the drives - of I do I secure wipe).

Except I use a sledge hammer. Same principle though.

Show threadAK23 Dec 31, 2022

@SwiftOnSecurity I don’t give or throw away physically intact storage media. But I do sanitize before I repurpose them internally.

Usually a single 0-pass overwrite to weed out faults, followed by a device specific Secure Erase.

Takes some time, but makes me sleep better 

Show threadGregory P. Smith (he/him)  🚲🦝 Dec 31, 2022

@SwiftOnSecurity Google does a software wipe as well as wiping out related encryption keys. Physical destruction is a last resort for ones where 100% confidence cannot be verified. - https://cloud.google.com/docs/security/deletion

When you're a Big Target: don't trust that ATA SECURE ERASE actually does what it's told unless you have ways to independently verify that.

For my personal media... physical destruction is fun! As is having an increasingly finger pinchy heavy drawer labelled **Caution: Strong Magnets.**

My magnet accumulation days seem to be ending, SSD is so cheap now.

The only way to destroy an SSD is physical.

Data deletion on Google Cloud  |  Documentation

Google Cloud
Show threadBill Plein🌶Jan 1, 2023

@SwiftOnSecurity

My recollection is that National Labs (I heard it in reference to Lawrence Livermore) use hammer mills designed to grind anything thrown into them into particles the size of a grain of sand or smaller.

That’s where their hard drives, SSDs and just about everything else goes. I’m sure it’s going to a toxic waste dump after that.

Show threadDavidJan 1, 2023
@SwiftOnSecurity And what about the TV thing of sticking a HDD in a microwave?
Show threadmnemonicoverloadJan 1, 2023
@SwiftOnSecurity @techdesignau That sounds like a really good way to break your microwave.
Show threadDavidJan 1, 2023
@mnemonicoverload @SwiftOnSecurity lol I am aware
Show threadThe DoctorJan 1, 2023
@SwiftOnSecurity Quite a few jobs ago we had a hard drive shredder in the basement. The kind that turned an old MFM hard drive from an ancient computer into 2mm confetti. They used to joke that it worked as well on interns as it did on hard drives.
Show threadSensibleOtterJan 1, 2023

@SwiftOnSecurity

Only one way to properly dispose of used disks.

Keep all your old SAN, NAS and boot disks in a large box until you get a school kid come in, or a lowly IT intern on day 1.

Literally give them the task of destroying shit with a couple of different weights of hammer … you just not only made their day, not only gave them an awesome “Office Space” experience, but also made an IT convert for life 🥳

Show threadDave PJan 1, 2023
@SwiftOnSecurity Yep, can’t retrieve any data if it’s scrap metal in many small pieces. Here’s what we used at a former employer’s datacenter.
Show threadBen Curran Jan 1, 2023
@SwiftOnSecurity I have had to dispose of a bunch of government data Oracle DB servers. Got to witness the physical destruction of the drives. They become the teeniest 4D jigsaw puzzle in about 2 seconds.