I'm sorry to be an idiot—I can't tell if I'm looking at multiple views of one thing, or one view each of multiple things, or what. Is this just demonstrating that hard drives are commonly enclosed in oversized enclosures, so that it's easy to position the punch in a way that totally misses the actual electronics?
Those aren't hard drives, they're solid state drives in the SATA form factor which was originally designed for hard drives. SSDs are much more compact than HDDs, so the components are usually all bunched up at one side near the connectors and the rest is just air, thus punching a hole in them at random probably won't achieve anything. Punching a hole through the PCB might not destroy the data either depending on where exactly you hit it but it would at least make it difficult to recover.
I usually "dissolve" mine in a bucket of non-diet cola. Cheap & easy to source. The acid to damage electronics, and the sugar gums up mechanical parts.
As someone whose job in the past was mass destruction of HDDs and SSDs (thousands on weekly basis) for a major cloud provider this is pretty much useless.
You'd be surprised how much enterprises pay for Protons and Garners. For approx tripple the price (my links above) you get about 30x throughput.
But I agree, not everyone needs that speed.
If there's even theoretical possiblity to recover even a piece of customer data you're risking your entire existence. Serious companies don't wanna do that
The feasability is the same whether you crush a drive or erase it normally. A serious company would worry about the people who are inside your network reading the live drives, not campfire scare stories about drives magically remembering previous values.
Drives are extremely dense. If there were any way to store a value and still have any remnants of the old one, we would have slapped an error-correcting code on it and used that effect to double drive density.
Companies who believe in this magical spare capacity to read values that have been overwritten suffer from an entirely irrational fear. A paranoia that there is always a possibility.
The actual, non-theoretical possibility of recovering customer data is those companies being hacked by bored teenagers or everyday ransomware. Not empty drives.
Better to encrypt your drives. Like ZFS encryption. No need to destroy the hardware in this case and you're also save from someone stealing the server.
In many compliance-heavy fields, there are specific requirements around data destruction, sometimes involving physically destroying the storage medium up to some given standard.
Most data destruction compliance standards I am familiar with allow for cryptographic erasure when the device is encrypted prior to sensitive data being written to it (excluding some specific data-sensitivity levels).
If they are strict enough to not allow for cryptographic erasure (or the data is above a specific sensitivity), this device would likely not be in compliance either -- physical destruction generally requires shredding/grinding to a specific particulate size, or incineration, and this device does not appear to do either.
This isn't necessarily sufficient unless you encrypt the drives before any data is written to them. If any potentially sensitive data has been written to the drive prior to encryption, the only 100% method is physical destruction.
Of course, this clarification only matters if your threat model involves dealing with top-secret data and/or nation-state enemies.
I don't know, personally, I would be very unhappy if someone stole my server and then starts blackmailing me to reveal private information somewhere (unless I pay a certain sum). I don't have anything to hide, but I still don't want my private information public. I don't need to mind about this with encrypted data.
Depending on your threat model, a drill isn't even the right tool.
This will significantly complicate data recovery and render data where the drill impacts it destroyed, but it will in theory still be possible to decap/analyse platters or nand with a SEM microscope and reconstruct data off the surviving parts of the storage medium.
The cost may not be worth it even to some state actors, but such a cost is peanuts to the NSA, CIA, or any other organisation tasked with geopolitical standing. Depending on who's after you, they may even pass it to these organisations to get the data for them at cut-rate.
Only sure-fire way is to toss it in one of those big grinders data destruction companies like Iron Mountain have. They even let you watch it go in.
"Only sure-fire way is to toss it in one of those big grinders data destruction companies like Iron Mountain have. They even let you watch it go in."
This is what rsync.net does with drives that need to stop existing.
I do, indeed, watch it go in and I strongly recommend a canister respirator when entering a shredding/destruction facility.
I cannot believe the operators of these devices - which are pulverizing glass and circuitry, among other things - don't wear lung protection as they stand over the machine-turning-drive-into-dust.
To my sibling who wondered about sleight of hand:
I can only speak for the machine I take drives to but it is an immediate and brutal reaction with sparks flying and pieces flying up ... and sometimes the machine jams and they back it out and re-feed it ... there is no question as to what is occurring to that specific drive.
I wonder if/when there's a data destruction company that employs professional magicians, who swap out the drives from under you at some point, while you watch "your" drive going into the grinder, never the wiser.
Not so much anymore. Increasing data density and the two step nature of the technique make it much less applicable. There are newer techniques but they're more expensive and much more sensitive to the physical state of the media being scanned.
I mean this is probably why the CIA and NSA spend so much on tailored access operations and on zero day vulnerabilities instead. Not only is it easier to get the data in flight but it's much more likely to be timely for their purposes.
A drill press is more dangerous (rotating tools can get clothes/gloves/hair caught in them), and less effective.
Bending the platters is, in practice, irrecoverable due to the sheer amount of data that's impossible to read in any reasonable amount of time unless the platter can be rotated while keeping the reading tool aligned.
With a cleanly drilled hole, and some preparation (carefully machining out the area around the hole with precision tools), the platters would be a lot more suitable for partial data recovery.
Destroying the metal casing means the whole disk takes about 10 seconds to destroy, and doesn't require a "stomp on a screwdriver" step that OSHA may not approve of.
Your procedure absolutely makes sense if you have a single-digit number of drives to destroy once in a while at home, not if you have to destroy dozens regularly.
Readit News
They are coated and only the connectors are exposed.
You are not destroying anything you just make it hard to access
Kinda wonder what’s on there. Just because somebody didn’t want anybody to see. Probably just boring business records or something though.
If you wanna do it efficiently on scale then something like this is much better option: https://m.youtube.com/watch?v=iqU9QSwHcNg
And for SSDs you'd want something like this: https://phiston.com/product/mediadice-ssd-disintegrator-2c/
* https://www.nsa.gov/Resources/Media-Destruction-Guidance/NSA...
* https://csrc.nist.gov/search?keywords=800-88
Drives are extremely dense. If there were any way to store a value and still have any remnants of the old one, we would have slapped an error-correcting code on it and used that effect to double drive density.
Companies who believe in this magical spare capacity to read values that have been overwritten suffer from an entirely irrational fear. A paranoia that there is always a possibility.
The actual, non-theoretical possibility of recovering customer data is those companies being hacked by bored teenagers or everyday ransomware. Not empty drives.
Who? And why?
In many compliance-heavy fields, there are specific requirements around data destruction, sometimes involving physically destroying the storage medium up to some given standard.
I’d assume this device targets that market.
If they are strict enough to not allow for cryptographic erasure (or the data is above a specific sensitivity), this device would likely not be in compliance either -- physical destruction generally requires shredding/grinding to a specific particulate size, or incineration, and this device does not appear to do either.
Of course, this clarification only matters if your threat model involves dealing with top-secret data and/or nation-state enemies.
The boot password might be needed to be configured but it's unlocks your SSD. It's enough for the SSD to forget the AES key
I expected this to be an hobbyist implementation, not an ad.
This will significantly complicate data recovery and render data where the drill impacts it destroyed, but it will in theory still be possible to decap/analyse platters or nand with a SEM microscope and reconstruct data off the surviving parts of the storage medium.
The cost may not be worth it even to some state actors, but such a cost is peanuts to the NSA, CIA, or any other organisation tasked with geopolitical standing. Depending on who's after you, they may even pass it to these organisations to get the data for them at cut-rate.
Only sure-fire way is to toss it in one of those big grinders data destruction companies like Iron Mountain have. They even let you watch it go in.
This is what rsync.net does with drives that need to stop existing.
I do, indeed, watch it go in and I strongly recommend a canister respirator when entering a shredding/destruction facility.
I cannot believe the operators of these devices - which are pulverizing glass and circuitry, among other things - don't wear lung protection as they stand over the machine-turning-drive-into-dust.
To my sibling who wondered about sleight of hand:
I can only speak for the machine I take drives to but it is an immediate and brutal reaction with sparks flying and pieces flying up ... and sometimes the machine jams and they back it out and re-feed it ... there is no question as to what is occurring to that specific drive.
I wonder if/when there's a data destruction company that employs professional magicians, who swap out the drives from under you at some point, while you watch "your" drive going into the grinder, never the wiser.
Not so much anymore. Increasing data density and the two step nature of the technique make it much less applicable. There are newer techniques but they're more expensive and much more sensitive to the physical state of the media being scanned.
I mean this is probably why the CIA and NSA spend so much on tailored access operations and on zero day vulnerabilities instead. Not only is it easier to get the data in flight but it's much more likely to be timely for their purposes.
Bending the platters is, in practice, irrecoverable due to the sheer amount of data that's impossible to read in any reasonable amount of time unless the platter can be rotated while keeping the reading tool aligned.
With a cleanly drilled hole, and some preparation (carefully machining out the area around the hole with precision tools), the platters would be a lot more suitable for partial data recovery.
I’ve never tried one of these but I have one of their paper shredders and they are far better built than the usual semi-disposable made-in-China junk.
Step 1: take the screwdriver, dismantle the drive, and remove the platter(s).
Step 2: take the screwdriver and gouge the platters.
Step 3: take the screwdriver, lay each platter across it on the floor and stamp your foot down, hard.
Destroying the metal casing is fun but it doesn’t really do an awful lot in terms of making your bits harder to read.
Your procedure absolutely makes sense if you have a single-digit number of drives to destroy once in a while at home, not if you have to destroy dozens regularly.