Hard Drive Panic Button Possible? (100% data wipe)

[neokeelo]

I see in many films people will sometimes have a panic button mechanism setup that will trigger some explosive or high temperature burning fuel that will destroy the hard drives in a panic situation where there is no time to take the hard drives out of the case.

Hypothetically speaking, is there a more practical way to do this using software or an electrical current?

Not that the men in black are gonna be busting down my door any time soon. Just curious

 

[drescherjm]

There is secure erase builtin to the drive but that would take hours and need power.

 

[danman]

Do you have any thermite plasma handy?

 

[evandena]

Thermite would be the fastest way I can think of.

 

[TypeRazor]

edit: I got carried away

 

[Joe Average]

Magnet from an 18" or larger subwoofer... or a bulk erase device attached to the drive and triggered with a single switch for instant on, that would do it the absolute fastest. Even Thermite would take a little time to do the job, but the bulk erase... as soon as power is applied to the coils, it's all gone within a few milliseconds.

 

[InvisiBill]

Yeah, large electromagnets are generally the most reasonable way of handling this. Flip a switch and a powerful magnetic field hits your HDDs' platters.

 

[JohnleMVP]

Really good encryption and deleting the key should be really fast.

 

[danman]

Yeah, large electromagnets are generally the most reasonable way of handling this. Flip a switch and a powerful magnetic field hits your HDDs' platters.

I don't know.... I'm sure one of those datarecovery places could still get the data off if you used a magnet. I mean, they were able to recover the black box from the Challenger.

 

[Eickst]

We used to use a large degausser, we would run the drive over the thing, so much magnetic energy flew threw that thing you had to wear kevlar gloves to hold the drives because they got so damn hot.

You could wipe an entire drive in under 30 seconds with that thing, good luck getting the data. They sell better ones that degauss and then physically obliterate the drives but they cost over $20k, ours was about $7k new I think.

 

[PigLover]

We used to use a large degausser, we would run the drive over the thing, so much magnetic energy flew threw that thing you had to wear kevlar gloves to hold the drives because they got so damn hot.

You could wipe an entire drive in under 30 seconds with that thing, good luck getting the data. They sell better ones that degauss and then physically obliterate the drives but they cost over $20k, ours was about $7k new I think.

You can buy a lot of explosives for $7k - and probably have enough money left over to get a legit blast permit and lease space at a range...and it would be a heck of a lot more fun than playing with magnets.

...OTOH, the degausser is probably more practical and can be re-sold when you are done for almost what you paid for it.

 

[rive22]

Yes the encryption idea is good. Have the drive encrypted with something like Truecrypt, using the wipe-encrypt method. Then at the drop of a couple clicks all you have to do is destroy the partition/container and it's gone.

I had thought of installing some kind of wiper into the bootloader of my laptop. So if someone say stole it, or it was lost, if they entered the wrong password more than say 3x it would wipe the encrypted drive and everything would be gone. I haven't looked into going further of doing this mainly because I just don't need to ATM and thought idea of it was cool, it can obviously easily be done though.

Another thing is to use encryption on raid 0 drives. If one drive is missing from the bunch, (say you take it away and keep it somewhere else) obviously the whole encrypted container is destroyed/useless, until you put the drive back.

 

[danman]

Another thing is to use encryption on raid 0 drives. If one drive is missing from the bunch, (say you take it away and keep it somewhere else) obviously the whole encrypted container is destroyed/useless, until you put the drive back.

Unless the file size is less than the cluster size, then it is only on 1 disk.

 

[rive22]

Correct, hence the point of making an encrypted container

 

[omniscence]

What does RAID0 add to that?
A power switch would suffice as a panic button if one uses plain disk encryption.

 

[Bookmage]

I suppose you have the software scrub, where you type in 3 passwords, scan your fingerprint, eyeprint, buttprint, and speak the password into the microphone to securely destroy your data on your drives...

and you have the hardware scrub, where you destroy the hard drives beyond recovery... something like executing a command that requires 3 different passwords and a 30 second countdown that issues a trigger to a serial port/usb device that triggers something that causes a mechanical failure which permanently damages the hard drive...

An EMP would only bring the systems offline which may be part of a destructive sequence but you would still want to destroy the data at rest...

maybe a combination? encrypted raid drives lined with small explosives/powerful magnets?

all so the gf doesn't see ur pr0n :-p

 

[danman]

 

[[LYL]Homer]

How about a funnel full of acid with a stopper that is mounted just above the pc's drives?

 

[EdZ]

If you have an hour or two (depending on drive size) in which to do the erase, the SECURE ERASE command that is part of the ATA spec will do it, and do it better than any software tool (e.g. DBAN), because it also erases any 'bad' sectors listen in the G-table. This will render any data that was on the drive completely unrecoverable. Even if you went and scanned it manually with an Atomic Force Microscope. The "35 write cycles" myth has not been valid since the introduction of heads using the magnetoresistive effect (i.e. any drive made in the last 10-15 years).
No need for any super-powerful magnets, thermite, or industrial shredders; all these methods are fun, but entirely unnecessary.

 

[Joe Average]

The bulk eraser is still the best bet: flip the switch, the drive is erased, down to basically subatomic levels - every particle of the coating on the platters is pretty much instantly changed to another state, including said "bad sectors," control tracks, all of it. That fucking data is gone, kids. Gone, baby, gone.

As for the Challenger thing and the "Black Box" recovery(always a joke since the damned things are fluorescent orange or red in color), that was a cakewalk compared to retrieving data that's been wiped down to subatomic levels. I've seen videos of the kind of damage those devices end up in, and it's pretty bad, but the OP is asking for a way (the most practical, as stated) to effectively wipe a drive in the shortest time possible, and that's with a bulk eraser - it's instant, leaves no traces of anything, no damage, no outwards signs at all of what just happened, and is irreversible.

Destruction of said hardware is not practical, and everything else takes time - only hitting it with a rather powerful magnetic field instantly changes the state of every particle of the coating, period. And, if the drive is in operation, there's a very good chance the magnetic fields could even cause misalignment of the heads as well, even a head crash situation is possible in the presence of such a field.

I wouldn't trust any form of encryption out there unless I created the algorithm myself anymore regardless of the math behind all the currently available encryption methodologies.

But that's just me I suppose...

 

[LightningCrash]

You can buy a lot of explosives for $7k - and probably have enough money left over to get a legit blast permit and lease space at a range...and it would be a heck of a lot more fun than playing with magnets.

Don't need a permit for Tannerite in my home state.

 

[Red Squirrel]

Induction heat.

Have the hard drive be in the middle of that coil. You just flip the switch, the metal components get red hot and platter surface basically melts. You'd want it to be in a cement enclosure of some kind so you can contain the molten metal once it reaches that state, so you basically have a molten hard drive soup.

For something simpler, a nail gun or other penumatic piercing device could be set on the drive. You flip the switch, it pierces through the platters and all while it's spinning. This is not really 100% though but it would probably cause enough damage to make the data very hard to read. Combine this with encryption.

 

[rive22]

What does RAID0 add to that?
A power switch would suffice as a panic button if one uses plain disk encryption.

As a rule you want to assume any encryption can be broken/cracked/backdoored no matter what the hype. So creating that container on a raid 0 and keeping the drives apart from each other is one way around this. It's really very simple.

 

[confusis]

In-built vial of sand/diamond dust in the hard drive chassis, with a igniter cap at the back of it. hit the button, sand/diamond is blown into the drive, which will be spinning, and it should grind the surfaces off the disks

 

[chinesepiratefood]

Set your house on fire

 

[omniscence]

As a rule you want to assume any encryption can be broken/cracked/backdoored no matter what the hype. So creating that container on a raid 0 and keeping the drives apart from each other is one way around this. It's really very simple.

You are implying that "hiding" the disks is more secure than encryption?

 

[PynkFloydd]

I'll throw my evil scheming 2 cents into mix...

Use SSDs and rig some high voltage caps via a switch to the power input on the drive. Flip the switch and (hypothetically), it should provide enough juice to fry everything. Eh?

 

[rive22]

You are implying that "hiding" the disks is more secure than encryption?

I said nothing of hiding, I said separating which is a world different. I said nothing of being more secure than encryption, I said this renders your encrypted files useless which then would yes add even more security. I'm not going to sit here and explain it to people that clearly "don't want to get it". This is extremely good advice that other guys are probably sitting back looking at me saying why the hell are you telling these people this stuff. And you guys aren't getting it. So forget it.

 

[Red Squirrel]

Speaking of hiding, turning this space into a giant vault with live storage could posibly do the trick. By the time they find out about it and get in, the drives are securely erased. The vault door could be lined with cinder block facing. Nobody would even suspect.

 

[PynkFloydd]

I'm not going to sit here and explain it to people that clearly "don't want to get it".

The other day, someone told me, "truth is merely a matter of what people want to believe". I thought that was a great saying...

Speaking of hiding, turning this space into a giant vault with live storage could posibly do the trick. By the time they find out about it and get in, the drives are securely erased. The vault door could be lined with cinder block facing. Nobody would even suspect.

Haha! Yes! ...I hope the FBI isn't monitoring this thread.

 

[LightningCrash]

I said nothing of hiding, I said separating which is a world different. I said nothing of being more secure than encryption, I said this renders your encrypted files useless which then would yes add even more security. I'm not going to sit here and explain it to people that clearly "don't want to get it". This is extremely good advice that other guys are probably sitting back looking at me saying why the hell are you telling these people this stuff. And you guys aren't getting it. So forget it.

Security through obscurity should be avoided.

 

[rive22]

The other day, someone told me, "truth is merely a matter of what people want to believe". I thought that was a great saying...

Very true, thanks for the reminder

Security through obscurity should be avoided.

You think your encryption is secure? How is doing what I said less secure than standard encryption? Sure for noobs securing grandmas secret recipies then who wants complex, but then they aren't really secure are they..

 

[LightningCrash]

You think your encryption is secure? How is doing what I said less secure than standard encryption? Sure for noobs securing grandmas secret recipies then who wants complex, but then they aren't really secure are they..

You think what you said had anything to do with my post? Do you think that if you write a file to your SSD striped array that it will inherently be on more than one SSD?
You can't even explain your concept, so you are just summarily dismissed.

 

[rive22]

You think what you said had anything to do with my post? Do you think that if you write a file to your SSD striped array that it will inherently be on more than one SSD?
You can't even explain your concept, so you are just summarily dismissed.

I hate to say this and offend you, but even you obviously don't know what I'm talking about. You've clearly stated in your wording just like the guys here that you have no clue what I was trying to say, which is yet the simplest thing in the world. It has gone right over head.

The op wanted some options, I gave him some options. Apparently I should have kept my mouth shut because instead of people "asking" or trying to find out what I mean if they needed more explanation, people act like pricks assuming they know everything. I shall return to my usual "short and vague posting style" so I don't have to deal with this nonsense.

 

[BinarySynapse]

You think what you said had anything to do with my post? Do you think that if you write a file to your SSD striped array that it will inherently be on more than one SSD?
You can't even explain your concept, so you are just summarily dismissed.

Encryption is more than just "A = Z, B = Y, ... Y = B, Z = A". It takes a mix of all sorts of data and combines them in mathematically reversible ways. So a file may not be split across the drive in an array, but the information needed to decrypt it very likely will be. If you keep the drives separated, that gives you more time to destroy at least one drives worth of data making it virtually impractical to ever recover anything on the drive that might be compromised. Though, I'm not sure how to actually go about having a separate but still useful storage system,

 

[Gorankar]

Wood chipper, and hot swap bays. Yank, toss, shred. All gone.

 

[bexamous]

Encryption on HDDs -- no need for destruction. Destroying a HDD is not easy. Plus complex destruction system is a huge liability, you'd have to worry about it failing or you simply failing to hit the destruct button.


Perfect system:
RAM HDD with battery to allow RAM to hold data between reboots / power outages. RAM HDD just holds the key to decrypt your HDDs. Your kill switch is simply disconnecting power to your computer (which will wipe key from sys RAM) and disconnecting power to your RAM HDD (which will wipe key from that RAM). The end.

BTW knowing the encryption key is a problem. You can be convinced to give it up. RAM storage method is much more secure.

 

[rmd3003]

Encryption on HDDs -- no need for destruction. Destroying a HDD is not easy. Plus complex destruction system is a huge liability, you'd have to worry about it failing or you simply failing to hit the destruct button.


Perfect system:
RAM HDD with battery to allow RAM to hold data between reboots / power outages. RAM HDD just holds the key to decrypt your HDDs. Your kill switch is simply disconnecting power to your computer (which will wipe key from sys RAM) and disconnecting power to your RAM HDD (which will wipe key from that RAM). The end.

BTW knowing the encryption key is a problem. You can be convinced to give it up. RAM storage method is much more secure.

This!!! Excellent post.

 

[BinarySynapse]

Encryption on HDDs -- no need for destruction. Destroying a HDD is not easy. Plus complex destruction system is a huge liability, you'd have to worry about it failing or you simply failing to hit the destruct button.


Perfect system:
RAM HDD with battery to allow RAM to hold data between reboots / power outages. RAM HDD just holds the key to decrypt your HDDs. Your kill switch is simply disconnecting power to your computer (which will wipe key from sys RAM) and disconnecting power to your RAM HDD (which will wipe key from that RAM). The end.

BTW knowing the encryption key is a problem. You can be convinced to give it up. RAM storage method is much more secure.

It is possible, although very impractical, to recover data from RAM that's recently had it's power removed.
http://citp.princeton.edu/memory/

 

[bexamous]

Hmm only seen that with freezing RAM. Okay while we have access to system and could rig something up to first wipe the RAM drive before cutting power, that is much more complex. Probably be easiest to just cut power and discharge some large cap on the dimm module or apply 120v ac to it... wouldn't be much more than changing to a 3way switch. At best they have minutes, after you apply huge current even if damage is not even (eg current only damages some of the dimm... no way they'd recover anything. Still think this is fullproof. If we're worried about the few minutes between cutting power and recovering data, we also need to worry about them shooting you in the back of the head and not flipping the switch at all.