HD data destruction

[RandomlyAdam]

Allrighty, so I'm currently working on a project where I have to ensure that the data on approx 200 harddisks is not longer accessable for retrival. I work in the information services department at a medical center, so the data **HAS** to be destroyed according to HIPPA regulations. We have a degausser available at out disposal, but from what I've been told, it take about 15 minutes per disk to do...and 15 minuts per disk at 200disks is way more time than i want to spend on this project.. I was wondering what quick effective measures any of you might have.

Adam

 

[dirtydr]

I'm thinking the degausser is going to be the best bet from a time standpoint.

You could hook them up and perform a DOD (or greater) level wipe with any one of the dozens of available destruction programs, if the company is looking to sell the drives but that would take forever.

You could stack them up in one big pile, apply thermite, step back and ignite problem solved in an afternoon! Of course I'm just kidding about the thermite route...

 

[unhappy_mage]

15 minutes is probably the best you'll get, other than physical destruction. Thermite might be good, see the Wikibook on how to make it.

 

[daks001]

Even a degausser and re-formatting the hard-drives will leave the data salvageable by a data recovery firm. There are hard drive writing programs that write 1's and 0's to the drives multiple times to overwrite/erase data but it takes a while. Some data recovery firms cans salvage data after 4 passes! But every data recovery firm/system can't always restore 100%, it all depends how sensitive the data is. In fact it's surprising how little a degausser will do to destroy data. Try a magnetic swipe card on in one, (saw that in Mythbusters). Don't know the wording of the HIPPA regulations but I know some regulations will accept the format and 0/1 writers. That's if you want to save the drives... but still time consuming.

If the drives are not important and time and security is... the BEST, FASTEST, MOST assured way is physical distruction.

Most fun ways we have done...

Sledgehammer... have contest to see who can crush the highest stack and that way you can get your coworkers to help without knowing it. (Maybe even sell tickets if you're real smooth). Wear safety glasses
Two ball peen hammers and "play the drums".Wear safety glasses and make sure the door is closed, it might disturb unknowing coworkers to see you smashing the hell out of stuff and smiling.
Line them up in the parking lot and drive over them.
If you have a local gun club... they will probably love to help you destroy them and since you would have to "supervise" the destruction it can make for a real fun day out of the office. They are messy but are great "reactive targets" when they break apart.
Local military base might be interested because that quantity of disks can make a large pattern ground target(s) (and metallic) used in Air to ground training/testing or Artillery testing. And they are the perfect size for the 300 and 1k yard rifle training.. that could be a really entertaining day out of the office! And makes a great video for proof of data destruction. An A-10 Warthog tank killer passing over with it's minigun spraying 3000 rounds a minute over a pattern of hard drives... just makes you go "holy #$%@". Helps if you know somebody though.
In the fidonet days we used to have hard drive toss competitions...

 

[RandomlyAdam]

Thanks for all the great suggestions! I think I'll use the 'sledgehammer' trick. That one seems like the most fun, and easiest to implement. Once again, thanks!!

 

[Ockie]

Do you guys have an incenerator?


Where are you located and whats the specs of the drives?

 

[Stugots]

Take them all home, use a government grade harddrive wiping utility, sell all to us, pocket the profit...

Or just take a sledge hammer to each of them, one or two good wacks should be enough to destroy the internals and bend the platters nice and good.

I use a simple claw hammer here at work to destroy hdd's.

 

[davidlem]

The only answer is physical destruction. Some amount of data is recoverable after any other method. Short of warping the platters in a degausser - which takes a long time at insane power levels - they're useless...I don't care what your brother's friend's neighbor's IT Manager (with requisite MIS degree) said. Any method other than physical annihilation is partially recoverable. Thermite and/or sledgehammer sound like great answers. Be sure the hammer destroys the platters beyond recognition before tossing them. Some models use glass platters (easy to shatter) and some use metal which are much more difficult to destroy. Thermite should eat through everything, but again any portion of the platter not destroyed leaves traces of data. Concentrate on the platters, everything else is moot.

 

[jt99]

A drill press does wonders as well. Turn it into swiss cheese.. not just one hole

 

[drizzt81]

I loke the BOFH's NonVolatile reprogramming tool:

http://www.theregister.co.uk/2002/11/21/the_killer_bofh_bot/

that should be fun and do it.

Or drill a hole, insert sand, then power up

 

[RandomlyAdam]

Do you guys have an incenerator?


Where are you located and whats the specs of the drives?

Located in San Mateo, CA and it's a great assortment of drives.. mostly 40 gig Western Digital's, i believe.. unfortunatly they won't be for sale, because HIPPA regulations state they be destroyed, and all data unretrivable...

:edit: no, we don't have an incenerator.. :-(

 

[tdg]

Drill holes through them, and smash them with a hammer. A degauser does pretty much nothing on modern drives, we have a few at work and I've stuck drives on them for 30 minutes before, hooked it back up and boots right into the OS with all data still perfectly intact.

If you want really secure, where no data could ever be recovered, do something like a German security wipe, drill holes, smash with sledge, and then incinerate them and bury the ashes out in the middle of nowhere. Even the NSA or CIA would have a tough time recovering that data.

 

[SJConsultant]

Allrighty, so I'm currently working on a project where I have to ensure that the data on approx 200 harddisks is not longer accessable for retrival. I work in the information services department at a medical center, so the data **HAS** to be destroyed according to HIPPA regulations.

Don't know where your getting your information, but in all my experiences with dealing with HIPAA, I have *never* seen any part of the law that states you must physically destroy the hard drives themselves.

AFAIK, you must implement policies and procedures to address the final disposition of said data. What those standards are, are up to the individual business. So if a business chooses to perform a DoD wipe and documents such wipe was performed on a hard drive, then that would be perfectly fine. Mind you the documentation would require the serial number, operator who performed the wipe, verification the wipe was successful, and the product used.

But if someone here has information to the contrary, then please point me to a reference where HIPAA mandates physical destruction of electronic media.

 

[LhasaCM]

But if someone here has information to the contrary, then please point me to a reference where HIPAA mandates physical destruction of electronic media.

I believe you are right - it is up to the individual business to determine the best approach for disposal of electronic media and the destruction of data on said media. A lot of the "tips" I've seen with the regs (from what I recall during the Federal Register process) have destruction as an option, but not the only option. In this case, with 200 drives to clear of data, a DoD wipe or degaussing seem to be too time consuming, leaving physical destruction the "best" approach here.

 

[SJConsultant]

In this case, with 200 drives to clear of data, a DoD wipe or degaussing seem to be too time consuming, leaving physical destruction the "best" approach here.

Well, the OP hasn't stated what exactly the business plans on doing with the systems, I would rather hope the business has not been blindsided by overzealous interpretation of HIPAA laws.

If the business were to reuse the PCs they could save quite a bit of money by not having to purchase new HDDs. DoD wipe on 200 hard drives would take some time, but it is not like someone is sitting there the whole time.

They could setup one system to perform a DoD wipe on 4 drives at a time (assuming IDE). Setup 10 systems with 4 HDDs each at the same time and you could easily accomplish wiping all drives within a week.

 

[Impulse]

But hey, if you're gonna destroy them be sure and take some pictures to share the mayhem! Heck send them to Kyle if they're really good pictures, mass destruction is always newsworthy.

 

[Vertigo Acid]

They could setup one system to perform a DoD wipe on 4 drives at a time (assuming IDE). Setup 10 systems with 4 HDDs each at the same time and you could easily accomplish wiping all drives within a week.

cheap 2-channel IDE cards for the win

 

[RandomlyAdam]

Don't know where your getting your information, but in all my experiences with dealing with HIPAA, I have *never* seen any part of the law that states you must physically destroy the hard drives themselves.

AFAIK, you must implement policies and procedures to address the final disposition of said data. What those standards are, are up to the individual business. So if a business chooses to perform a DoD wipe and documents such wipe was performed on a hard drive, then that would be perfectly fine. Mind you the documentation would require the serial number, operator who performed the wipe, verification the wipe was successful, and the product used.

But if someone here has information to the contrary, then please point me to a reference where HIPAA mandates physical destruction of electronic media.

I haven't actually read the HIPPA regulations regarding data disposal.. I was just informed to have the data inaccessable from the drives when i'm done with them. So I just assumed, that physical destruction was the only option to ensure that the data can't be retrived in the end..

 

[SJConsultant]

I haven't actually read the HIPPA regulations regarding data disposal.. I was just informed to have the data inaccessable from the drives when i'm done with them. So I just assumed, that physical destruction was the only option to ensure that the data can't be retrived in the end..

Having the data "inaccessible" is a matter of what "risks" the business is willing to take in regards to the methods involved and typically should be a well balanced choice.

A DoD wipe will be sufficient to ensure anyone using software means of data recovery will not be able to do so. However it does not rule out professional level data recovery, but does make such recoveries very expensive.

It would also be in your best interest no matter what method you choose to document very carefully and with detail as to the make, model, serial number, and type of "data destruction" was performed on the hard drives and keep such records on file for a long period of time (years).

 

[MixManSC]

I used to work at a hospital and we used the physical method unless the drives were bige enough to have resale value then we used a bootable floppy to do a 7 pass erase and let those run overnight as it generally took over an hour for it to securly erase the drives. In the physical arena a cordless dewalt drill with a good quality quarter inch bit did the trick very nice.

 

[RandomlyAdam]

I used to work at a hospital and we used the physical method unless the drives were bige enough to have resale value then we used a bootable floppy to do a 7 pass erase and let those run overnight as it generally took over an hour for it to securly erase the drives. In the physical arena a cordless dewalt drill with a good quality quarter inch bit did the trick very nice.

The drill is the method I've been debating. ^_^

 

[handyrandyrc]

My vote:

http://www.ssiworld.com/watch/watch-en.htm

 

[debaucher]

In the past for our HIPPA drive destructions, I just used 5 cheap IDE cards (20 drives at a time) powered by a seperate jumpered power supply (green and black wire jumper) stacked on top of each other with the side of the case open and just ran a good DoD wipe overnight (around 7+ passes).
This way we were able to reuse them as cheap upgrades to existing computers.
D.

 

[Ockie]

They would make great drives for my cluster project

 

[unhappy_mage]

^^ Netboot, man! PXE and Etherboot make this so simple there's no excuse not to; put all the storage on NFS and centralize it.

 

[ChingChang]

My vote:

http://www.ssiworld.com/watch/watch-en.htm

omg... I want one of those!

I vote shooting them, cause that could be fun.
Or maybe line em up on a railroad track

 

[Dark_fire]

you could format them and give them to me to make a 200 HD raid arrary. or get like a heavy duty wood chipper and send them through and have it rain HD chips

 

[Vertigo Acid]

That shedder site is absolutely amazing.

 

[ChingChang]

Allrighty, so I'm currently working on a project where I have to ensure that the data on approx 200 harddisks is not longer accessable for retrival. I work in the information services department at a medical center, so the data **HAS** to be destroyed according to HIPPA regulations. We have a degausser available at out disposal, but from what I've been told, it take about 15 minutes per disk to do...and 15 minuts per disk at 200disks is way more time than i want to spend on this project.. I was wondering what quick effective measures any of you might have.

Adam

Throw them into a volcano.
Problem Solved.

 

[Eva_Unit_0]

That shedder site is absolutely amazing.

QFT man that site made my day I want one of those things so bad now...that would be so fun to toss random stuff into it.

My favorite is the mattresses...or maybe the boat.

 

[davef139]

Do you guys have an incenerator?


Where are you located and whats the specs of the drives?

Heh incinerating hardware can cost you tons if you get caught.

Thermiting the drives into 1 meld would probably be the most effective, and its fun to play with!

 

[Vertigo Acid]

Making enough thermite for 200 hard drives would get expensive quick. Powdered aluminum ain't cheap you know

 

[movax]

Circular table saw + saw blades + shove HDDs over it one by one perhaps?

 

[Absentee]

Circular table saw + saw blades + shove HDDs over it one by one perhaps?

i dont wanna be the one hit by the flying metal shards

if it were me?
.50 cal rifle....nuff said

 

[alkoholik]

just ask some 16 yr old from these forums to mail em to you (UPS) in plastic zip lock bags.....guaranteed DOA

 

[movax]

just ask some 16 yr old from these forums to mail em to you (UPS) in plastic zip lock bags.....guaranteed DOA

Bwhahahahahaha.

 

[RandomlyAdam]

so, i discovered that we have eight of those white US mail crates full of drives... yeah.. i'm pissed... i also found out that i have a sizable amout of 3M Blackwatch 700 tape in our storage trailer as well... who knew data destruction could be so frustrating..

 

[unhappy_mage]

Make a proposal of using thermite to your boss

But really, the tape may be destroyable by magnet. Someone on another forum once suggested using a microwave, but I don't know if I'd do that The bulk eraser may be your only option.

 

[ChingChang]

Use the volcano.

 

[Rofl-Mic-Lofl]

Gasoline for the tape, for the harddrives...are they Maxtor? If they are, who cares they'll be dead in a month or two. If not, catch them on fire, and then sledgehammer, a fun yet painful game if wearing shorts. You could place bets on who will chicken out first and quit because they got burned.