Why physically destroy drives?
Posted by West-Letterhead-7528@reddit | sysadmin | View on Reddit | 232 comments
Hi! I'm wondering about disposal of drives as one decommissions computers.
I read and heard multiple recommendations about shredding drives.
Why physically destroy the drives when the drives are already encrypted?
If the drive is encrypted (Example, with bitlocker) and one reformats and rotates the key (no zeroing the drive or re-encrypting the entire drive with a new key), wouldn't that be enough? I understand that the data may still be there and the only thing that may have changed is the headers and the partitions but, if the key is lost, isn't the data as good as gone? Recovering data that was once Bitlocker encrypted in a drive that is now reformatted with EXT4 and with a new LUKS key does not seem super feasible unless one has some crazy sensitive data that an APT may want to get their hands on.
Destroying drives seems so wasteful to me (and not great environmentally speaking also).
I am genuinely curious to learn.
thortgot@reddit
The ability to go to legal and say "we physically destroy all drives that contain corporate data".
Shredding is much easier to prove. Imagine you have 100 drives you need sanitize. What is the chance one isn't cleared identically to all the others?
If you look at a pile of wiped and non wiped drives you can't immediately tell the difference.
zeptillian@reddit
You can't look at a pile of shredded metal bits and prove that drive X was destroyed as part of that batch either.
You're still relying on the tech to actually do their job and not pocket it or something.
TheLastRaysFan@reddit
Our shredding service records the shredding process and shows the S/N of each drive to the camera as they are dropped into the shredder.
vertexsys@reddit
Ok then how is that different from a tech securely erasing a drive under surveillance in a locked cage? If the secure erase is equally sufficient at purging data, why generate the unnecessary e-waste? In the end either way you're relying on the recycling company, and you're protected by the certs they give you.
thortgot@reddit
You are assuming that secure erase as implemented by the OEMs is perfect. While that may be the case as per spec.
The question is whether it can be compromised, bypassed or otherwise manipulated in different scenarios.
I get you are financially incentivized that people recycle their equipment. The reality is anyone with serious data shouldn't take the 0.000001% risk that it can be compromised.
vertexsys@reddit
Oh, I don't disagree that there are cases where the risk dictates shredding as the only option, only that the blanket assumption that shredding is the only safe option is not correct.
I have heard it mentioned a few times about OEM mis-implementation of secure erase, but haven't seen any real life examples of that. Have you seen any studies or OEM whipepapers on the subject? Would love to do some reading.
That said, there is a lot of FUD around data security which in turn generates a lot of unneeded waste. Shredding sticks of ram and CPUs, for example. The reality is that is always going to be some risk, even with shredding - particularly with regards to SSDs and shred particulate size. Due to the density of memory chips, it's possible to have whole or partial chips escape unscathed through the shredder, which poses a much more real life risk than a hypothetical OEM command malfunction. The hard drive shredder manufacturers provide special hardware for finer particulate size for flash vs HDD but there's no guarantee that they are used by the recycler. The add-on hardware, or dedicated shredders are expensive, and there's also the risk that an SSD be shredded in an HDD shredder.
Interesting topic either way.
thortgot@reddit
I don't position it as the "only safe option" but the "most safe option".
The fact of the matter is that SSDs that are encrypted, wiped (secure erase) and then shredded (as discussed as best practice) are monumentally less likely to be vulnerable to a future attack. Then those that are encrypted, wiped and resold.
Regarding secure erase being potentially improperly implemented, I'm not aware of any comprehensive investigation to how OEMs implement the standard. In security we assume compromise.
2mm particulate is the standard secure shred size and has been for quite some time. Vastly smaller than a chip. I suppose people could be using incorrect shredders but the question would be whether it is less secure than doing no shredding. Objectively it makes recovery more difficult.
Who is shredding CPUs and RAM? That is clearly ridiculous. There's no physical mechanism that would allow long term storage of data. Cold RAM attacks do exist but they are momentary attacks.
Storage is one of the cheapest parts of an endpoint. You aren't losing a ton of value by shredding them.
Server drives have data that matters. Why take a 1 in a few trillion chance your data gets compromised?
TheLastRaysFan@reddit
there's like a million different reasons I could go into that other people do in this thread
but the simplest answer is "because the people that sign my paychecks said so"
vertexsys@reddit
Yep, which is why that question is better posed to the people that sign your paycheque. There's already enough e-waste being generated on a daily basis. Shredding drives with 95% health left on them just adds to that.
trail-g62Bim@reddit
Curious -- do you have someone actually watch the video and make sure they are all done?
SpecialistLayer@reddit
Some corps yes, you have to actually download the video and sometimes send it to either legal, compliance or your insurance. Ours does this too, they literally show the SN of every single drive and throw each one in the shredder and give us a video for compliance reasons.
TheLastRaysFan@reddit
Yes. I don't know the exact process as I'm on the cloud infra team but from what I've seen:
Support/Help Desk creates a ticket and handles it with our E-Waste company.The help desk tech walks the recycling bin out to the truck and then is responsible for following up with the certification of destruction.
We don't usually have that many drives, so it's not like they're watching an hour long video.
They cross reference the serial numbers that go out and the serial numbers that are destroyed.
ConspiracyHypothesis@reddit
I dont. It doesnt matter to me whether the data is actually destroyed or not. All i care about is the receipt that puts the liability on them if it isnt.
If the data leaks and I have that receipt, I keep my job and they are the ones who get sued.
rootofallworlds@reddit
Some data destruction companies will bring the shredder to you, so one of your own employees can physically throw the drives in.
I agree that otherwise it's all just a paper compliancey exercise. Even if drives are being sent for "physical destruction" I would still want them software wiped before they leave my hands. Considering the data destruction company could dishonestly sell the drives for a definite gain against only a possible risk of being caught, I think you're right to be sceptical.
zeptillian@reddit
I mean if you're only destroying them because of the potential for a theoretical future risk, then it doesn't make sense to just create another possible theoretical risk.
If you are outsourcing drive destruction you should still wipe the drives first.
wazza_the_rockdog@reddit
It really depends on risk. Last time I had drives physically destroyed it was because the majority of them had been pulled from non working machines or the drives had been replaced as they weren't working. The data on them wasn't too sensitive, but more than just throw in the everyday garbage, so we just had them sent out for destruction. It was cheaper to have them sent out for destruction than to waste the time of a tech plugging them in to a machine to run any form of secure erase on them, or to disassemble them to throw them out if they weren't detected to be erased.
MBILC@reddit
Some companies will come to your work location and let you watch as they do it.
GullibleDetective@reddit
Take pictures and videos of drives going to alameida bomb range and let Adam savage tannerite it
angrydeuce@reddit
Right but there's a paper trail and if the data is exfil'd then there are liabilities involved that would make the shredding company liable for damages since they're certifying that the drive was destroyed.
Honestly it's so that we get that sheet of paper that says "If you fuck this up, you're going to get sued." That's why we get then shredded with a service.
Verukins@reddit
Completely agree with this - but would just like to add....
You throw out x,000 HDD's that are bitlocker'ed - without destroying them.
In x years time, Bitlocker (or any other encryption) gets worked out by some nefarious types and that data is no longer safe.
If you physically destroy the drives - you only have to worry about your current production systems.... if you ditched a bunch of drives without destroying them - there's a risk. It's a small risk, but it's still a risk.
And - depending on where you work - audit purposes.
thortgot@reddit
Bitlocker is reasonably safe today (assuming it's patched), but let's say you threw out some drives in 2022.
If I get ahold of those drives, and you don't have preboot PIN unlock enabled, I can get in without much difficulty at all. No need to break the actual encryption.
Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099Born's Tech and Windows World
With the rate of quantum computing in \~7 years those drives you threw away can be accessed regardless of their AES 128 encryption.
Please at least wipe the drives.
Verukins@reddit
yep - i wasn't aware there was already a vulnerability.... thanks for pointing that out.
All the more reason the destroy - or as you say, at least wipe.
anonymousITCoward@reddit
Hard to recreate a disk with its bits are mingled with the pieces of 100 other drives...
hurkwurk@reddit
I once went to a break out session with a large data recovery company that worked with the FBI to get data off platters that had been torn apart by a suspect that used pliares to literally tear the disks into pieces. average size was about 1/2 inch square or so.
they were able to recover useable evidence to convict him.
mind you, this was a unique situation because they knew what kind of data they were looking for specifically, and just needed to match up to something well known that he had copied from honeypot sources. (and yes, it was a CSAM case)
anonymousITCoward@reddit
ok so now i'm killing it with fire!
all joking aside, I've done similar work with the LEO's with documents that went though a crosscut shredder. One guy from a federal agency said he heard the CIA bleaches, then shreds, then burns some of their documents and the ashes are held for a year or something like that. that was about the time i started thinking about not doing forensic work like that...
I'm glad there's guys out there like you that do this sort of thing to keep the monsters away...
hurkwurk@reddit
they use an arc plasma incinerator, and the ashes are mixed.
arc plasma Incinerators, unlike normal furnaces, burn almost completely, leaving very little actual ash. the mixing is actually just overkill to prevent any kind of chemical analysis of document sourcing.
anonymousITCoward@reddit
if it's worth killing it's worth overkilling lol
West-Letterhead-7528@reddit (OP)
I imagine the contents were not encrypted, though? Or were they?
hurkwurk@reddit
this was long enough ago that we can assume they were likely not. but still, the idea that you are recovering bits from a shred of disk and rebuilding a recognizable image without a FAT table is still pretty fucking amazing.
music2myear@reddit
This is a good argument for shredding in bulk. One drive in pieces gives you a puzzle to be assembled. A pile of shreds all passed through the same machine is the pieces of a thousand similar/identical puzzles in a pile, but each puzzle is only correct when assembled with its own pieces.
RequirementBusiness8@reddit
Best response. If I look at 100 hard drives, can’t tell you what is or isn’t on any of them. Show me 100 hard drives that have been (properly) physically destroyed, and now I know they have been wiped.
At a previous job, I remember they used a software that tracked physical ID of hard drives that were wiped. Pretty sure they were physically destroyed after. I wasn’t involved in that part of the life cycle though
ohiocodernumerouno@reddit
Government contractors have a lot of money I guess.
RequirementBusiness8@reddit
Financial services, not government.
Sgt-Tau@reddit
That is usually why there are cost over runs or the $100 job was sold to the government as a $10000 job because of all the extra steps the government adds.
NETSPLlT@reddit
I use Blancco. With the erasure reports held by them and listing system serial, drive serial, etc it's reports are good enough for our auditors (healthcare). We also require 3rd party disposal service to wipe and document. Yes, we wipe them between users and before disposal, and they are wiped again by the disposer. Not real cheap, but before this we were removing and physically destroying and it took too much time = too much $$$.
Crackeber@reddit
Out of genuine curiosity, how does a properly destroyed drive look like? I pressume shredding into small/tiny pieces, but never been involved into that. I just suppose a drill wasn't good enough with disk drives, no idea now with ssd kind.
Redacted_Reason@reddit
Personally, I like taking them apart, shattering the plates, and keeping the magnets. They’re very strong and I have a pile of them now.
music2myear@reddit
I used the plates as office mirrors for a while. Propped up on my desk I could see people coming to my door quite nicely.
West-Letterhead-7528@reddit (OP)
Cool! I have a personal drive sitting here that will have that same fate.
hurkwurk@reddit
this.
virtualadept@reddit
Pretty much, yeah. That drive looks like it went through the intern-u-lator a couple of jobs back.
music2myear@reddit
Oddly enough, our interns also look like that once we pass them out of the program.
jailh@reddit
Very small fragments, like this :
https://www.reviveit.co.uk/wp-content/uploads/2019/10/edit4.jpg
See their website with some explainations : https://www.reviveit.co.uk/hard_drive_shredding/
accidentalciso@reddit
A company with giant shredders turns it into confetti and then gives you a certificate of destruction to show your auditors.
itishowitisanditbad@reddit
"So on line 42332 of this spread sheet you'll see new entries come in, sometimes it crashes but as long as you have Excel 2003 it should still work with the macros"
marcoevich@reddit
Do you work at our sales department? 😅
itishowitisanditbad@reddit
Well... I do enjoy putting in urgent tickets and leaving for the day 30 seconds later so... maybe?
music2myear@reddit
Monster!
Also, Jake from Accounting.
bughunter47@reddit
Dart?
Kracus@reddit
Not to mention the waste of resources and time properly ensuring everything is wiped properly.
blckthorn@reddit
And even then, it's really hard to truly destroy the data.
I learned this the hard way back in the 90s when I did a contract at NASA. Part of that project was recycling old PCs. The department I was in spent a couple weeks wiping the drives with the best software we had - overwriting each sector multiple times with random digits. They were then shipped to Houston for recycling.
About a week later, auditors came in and interrogated each of us separately. It seems that the security auditors were still able to recover data off the drives through government-level means. I learned that the magnetic record on the hard drive could be theoretically recovered up to 37 rewrites later.
If the info is important enough, the only sure way to destroy it is through shredding, which we started doing.
vertexsys@reddit
That's no longer a thing, it hasn't been for a long long time.
Spinning drives can be easily and verifiably zeroed, including bad and reallocated sectors as well as unused sectors if the drive is short-stroked. That has been solved years ago and the technology to implement this is commodity now.
SSDs are even easier, as secure erase commands are baked in at the manufacturer level to instantly purge a drive of all data.
We erase drives, usually a couple dozen to almost 1000 simultaneously. For SSDs to add further ability to verify down the road we zero after secure erase. All drives are erased by either writing zeroes (spinning) or secure erase + writing zeroes (SSD) and then verified with a full drive read.
As for identifying which drives have been erased, everything is logged, and if needed, we have a tool that can spot check any number of drives simultaneously to check if it's zeroed - it checks the first and last 64MB and a number of random 64MB chunks throughout the drive.
I check in every few months but of yet I have not seen anyone be able to recover more than a few bytes of data from a properly erased drive. I wish I could dig up one of the studies I read, they took a drive which had been erased with single pass write zeroes and used an electron microscope and lots of specialized equipment and they came up with a few ASCII characters, "ump" or something like that. Could be a reference to the current president - could also be someone commenting on the quality of the last hotel they stayed at. Basically, no one has ever recovered actual useful information from a drive zeroed even with a single pass in the past 20 years.
music2myear@reddit
SSDs are theoretically better, but in reality it is a spec in the standard and manufacturers vary in whether and how they implement the spec.
Shredding is still the best method.
cbowers@reddit
But it is a thing. You can only wipe the addressable areas of the SSD. Wear leveling and various other spare sector issues mean there’s usually data where you cannot access. Studies have shown that no matter what algorithm you use to wipe, 10-100MB per GB can be recovered.
https://cseweb.ucsd.edu/\~swanson/papers/Fast2011SecErase.pdf Reliably Erasing Data From Flash-Based Solid State Drives
Conclusion Sanitizing storage media to reliably destroy data is an essential aspect of overall data security. We have em- pirically measured the effectiveness of hard drive-centric sanitization techniques on flash-based SSDs. For san- itizing entire disks, built-in sanitize commands are ef- fective when implemented correctly, and software tech- niques work most, but not all, of the time. We found that none of the available software techniques for sanitizing individual files were effective. To remedy this problem, we described and evaluated three simple extensions to an existing FTL that make file sanitization fast and effec- tive. Overall, we conclude that the increased complexity of SSDs relative to hard drives requires that SSDs pro- vide verifiable sanitization operations. “
https://cseweb.ucsd.edu/\~swanson/papers/TR-cs2011-0968-Grind.pdf Destroying Flash Memory-Based Storage Devices Conclusions and Limitations Our analysis shows that for all but the most well-funded, skillful, and determined adversary a particle size of 5mm will ensure that data is not recoverable from the flash chips inside an SSD. If more information is available about the particular flash device or packaging standard the SSD uses larger particle sizes may be acceptable as well. However, reliably determining that information on a per-SSD basis is probably impractical in practice.
For the “worst case” adversaries, much smaller particles are required to prevent recovery and the particle sizes decreases with advanced in flash manufacturing technology. Currently available SSD will require reduction to particles with maximum diameters of between 0.5 and 2.5 mm, and future SSDs may require particles as small as 0.2mm.
chillzatl@reddit
It also feels good to smash the fuck out of a box of hard drives with a sledge hammer.
scottkensai@reddit
ooooh...I've only put a nail through em...that sounds fun. brb
loki03xlh@reddit
Shooting them is fun too!
Max_Wattage@reddit
'merica has entered chat 🙄
timbotheny26@reddit
Incendiary .50 BMG says hi.
MBILC@reddit
HardOCP
HardOCP TV - .50 Caliber BMG - Shooting Hard Drives on Vimeo
scriminal@reddit
Our custom 556 drive destruction service is of a superior caliber!
EsotericEmperor@reddit
That's what my former boss and I used to do - we'd bring our rifles and handguns and use the hard drives as target practice, make it a team building event! Haha
chillzatl@reddit
how have I not thought of this? We have an outdoor range on private land that we visit often and I've never taken a box of drives up there for disposal. :)
saltysomadmin@reddit
Hey, it's me. Your long lost best friend!
mjewell74@reddit
I like to use a hammer and screwdriver to shatter the ceramic platters in 2.5" laptop drives, they make great maracas...
nighthawke75@reddit
Mr. 2-Pound.
i8noodles@reddit
i say that. "how can u be sure the data was destroyed?" give them a pile of shredded disk and go "this is how"
jkirkcaldy@reddit
It’s also way quicker to shred hundreds of drives vs write random data over the entire drives.
You could shred 100 drives in less than 10 minutes vs days to write terabytes of data onto a single drive multiple times.
vertexsys@reddit
Jumping in here, a good ITAD can erase, test and process hundreds of drives an hour. We are comparably small and can process about 800 drives concurrently. For example, 800 12TB drives - about 10PB - takes about 24 hours from start to finish including erase, verify, test and recording. For hands on labour that's about 60 min for a 2 person crew to load, unload and label the drives.
scriminal@reddit
yep this is it, no one will ever make the news and thus get fired for a data leak from drives that have been shredded or crushed. We had one customer so determined they used our on site degauss/crush service then had a drive shredding truck come get the remains just to be sure.
unclesleepover@reddit
If the company pays for cyber insurance this will probably be a requirement.
West-Letterhead-7528@reddit (OP)
Ha. This makes total sense. Good point.
YodasTinyLightsaber@reddit
This is a bit of a "Department of Redundancy Department" thing, but when you use overkill, you know it is dead.
Me personally, I use an old desktop at the office with a ton of disk connectors, perform a 7x wipe with DBAN, then physically destroy with a hammer. All disk get the DBAN treatment, and retired ones get the hammer. This also incentivises other teams to be nice to IT because we get a few people that we like from around the office to smash computer parts with a claw hammer (pretty fun stuff).
GreyXor@reddit
I see 2 reasons
- physicaly destroy eleminate any theory of recovery. it's gone. even when we have quantum computer. it's gone.
- compliance reason: there's some regulatory that just requires to physically destroy hardware
alexforencich@reddit
And a 3rd reason is it's probably faster to destroy the drive rather than doing a secure erase. At least for spinning rust. And it also works with dead drives.
Frothyleet@reddit
Not really, if it's already bitlockered even a HDD is good to go when it's detached from it's keys. It's irrecoverable unless and until a Bitlocker vulnerability is found or the next leap in cryptography renders current encryption tech obsolete.
SSDs can also do it at the firmware level, above and beyond bitlocker.
But we destroy drives too. It's simpler. There are minimal benefits from a corporate perspective in avoiding destruction.
thortgot@reddit
A preboot bitlocker vulnerability was found in 2022 making all prior encrypted disks vulnerable. I imagine there will be a future vulnerability.
alexforencich@reddit
In both of those cases you're also relying on the encryption being implemented correctly, the key not being stored somewhere unexpected, the firmware actually erasing the keys properly, data not being left in extra sectors/spare capacity, etc. Physical destruction avoids all of those potential issues.
Frothyleet@reddit
It does! Whether those are realistic threat vectors for your data security needs is a question everyone needs to ask.
Working_Astronaut864@reddit
This is why we destroy.
timallen445@reddit
hours to seconds. Also what if the drive fails mid wipe. Its not surviving mid shred
Brunik_Rokbyter@reddit
Third reason. Lead is cheap and .22 will indeed pierce platters (which means anything will). Server hardened spinning platters takes a bit more.
zeptillian@reddit
They are the same disks.
They aren't armor plating SAS drives or anything.
Brunik_Rokbyter@reddit
Not sure if it’s material density, type, or what. Didn’t claim they were bullet proof. I claimed that .22 won’t pierce platter on a server hardened drive inside the casing. Still stand by that statement. I have a large pool of evidence that agrees. Could be outside materials for all know, but it’s consistent.
zeptillian@reddit
What is a server hardened drive?
Drew707@reddit
Special Air Service disks are almost certainly armored.
JumpingCoconutMonkey@reddit
"Who dares [saves their data]"
Superb_Raccoon@reddit
Metal shredder will do it.
jmbpiano@reddit
Quantum computing is just the beginning, man. Once we have QC and AI working together, it's only a matter of time before they collapse the waveform to create an infinite improbability drive and from there it's only a short step to time travel and then GAME OVER, MAN!
*adjusts tinfoil hat*
nurbleyburbler@reddit
Yep and they will get Jeff in Sales pr0n collection
virtualadept@reddit
You sound an awful lot like one of my ex-bosses who used to warn us to never get MRIs because "they copy sensitive memories right out of your brain."
jmbpiano@reddit
Now that's just ridiculous.
You need an electroencephalogram for that.
Cozmo85@reddit
Modern ssds you can at least just wipe the encryption key. Takes seconds
Specific_Frame8537@reddit
4th reason: smashing stuff feels good, see office space.
West-Letterhead-7528@reddit (OP)
I can understand compliance and in environments that would require these actions.
Good point.
Greedy_Ad5722@reddit
Insurance reason for my company. Easier to saw look, no one can get any data out of this no matter how good they are vs someone with enough time on their hands and skill might be able to steal all the data.
Ross_G_Everbest@reddit
Because people arent smart.
A single pass wipe is all you need. It's the UK's military standard. NO ONE has ever recovered from a digital magnetic medium that has been over written. No floppies, no hard drives.
MastodonMaliwan@reddit
We have requirements to logically and physically destroy drives.
https://www.nsa.gov/portals/75/documents/resources/everyone/media-destruction/PM_9-12_20201204_Storage%20Device%20Sanitization%20and%20Destruction%20Manual.pdf?ver=zx7StOLhG4LC6sXArMYiHQ%3D%3D/PM_9-12_20201204_Storage%20Device%20Sanitization%20and%20Destruction%20Manual.pdf
tru_power22@reddit
Prevents these sorts of attacks:
https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later
pertexted@reddit
Ive done this as a hobby for a number of years. Its deeply satisfying to pull an unlabeled drive from a stack and putz with it for a while, decrypt it, and discover that it has a vanilla windows install on it with nothing else.
Its really addicting.
pdp10@reddit
We're concerned about those attacks on commissioned hardware when it's outside the physical control of the organization, not from wiped drives. Classic harvest attacks are drive copies taken at a border or during an Evil Maid Attack, or TLS-protected traffic online.
tru_power22@reddit
I get what you're saying, but I think my point is still valid for these reasons.
TRIM is kind of a black box, and you don't know what data is still living in the sectors marked as bad but not fully wiped.
If you're dealing with magnetic media, there is always the possibility of recovery, and it takes time to wipe those drives in a secure way -- destroying them is faster and cheaper.
This person didn't indicate the drives were being wiped, just that they were deleting the encryption key. This attack could be done on the drives as described by OP.
pdp10@reddit
The alternative to destroying drives is wiping them. FDE is a big factor, but FDE strengthens the argument to wipe and not destroy. TRIM isn't a factor post-decommissioning, because we're not examining the alternative of neither wiping, nor FDEing, nor destroying, but selling them on Ebay for beer money.
Yes; we realized long ago that always wiping hardware before it leaves the rack is by far the preferable path. For non-rack hardware, this obviously means wiping before hardware goes back into inventory. Now you don't have to manage inventory with the possibility that you'll need to recover old data from it, or that anyone else can recover old data from it.
West-Letterhead-7528@reddit (OP)
Cool ! Thanks for the link.
julioqc@reddit
its fun?
Zenin@reddit
Prove it.
Prove you lost all copies of the key.
Prove they can't be recovered.
Explain the math to a lay person how losing the key is equivalent to destroying the data itself. Make sure you include a section about future encryption-cracking technology such as quantum computing.
And do it in a court of law. Under oath. With thousands if not millions or hundreds of millions of dollars in potential legal liability on the line.
Suddenly shredding looks really attractive.
Frothyleet@reddit
OK. I will give you a certificate with the drive's serial number that says the drive's data was securely wiped.
For the point you are trying to argue, there's no difference between that and drive destruction. OK, you shredded the drive, now you are in court, and /u/zenin2 is yelling "PROVE YOU DESTROYED IT!" at you.
Are you going to present the ziplock bag filled with platter pieces and a SD card with uncut footage of you destroying the drive and putting it in the ziplock before you put a wax seal over the opening?
Nah, you're going to present a certificate of destruction.
Zenin@reddit
That's testimony, not evidence, not proof.
Are you arguing that a bag of metal bits isn't evidence of destruction?
Yes, apparently that is your contention. Good luck with that.
dustojnikhummer@reddit
It's also a contract, that can be considered proof.
Frothyleet@reddit
So I was being a little facetious with this one, which I thought would be obvious since we don't keep the scraps of metal. If you have shelves in storage lined with ziploc bags covered in sharpie notes and filled with platter shards, I think you are unique.
The point with my example is that whether you physically destroy a drive or simply wipe it, if you are called upon to prove that you undertook the data destruction task, you will produce a record of some sort. 3rd parties provide CODs to attest to the destruction, for example. If your org does it yourselves, you may have different record keeping mechanisms, like some excel spreadsheet. Or a ticket. Or nothing, in which case your only proof would be your personal attestation.
All that is true regardless of whether you destroyed the drive, or whether you wiped it. You are certifying that the data is destroyed.
This is really an aside, but it's always a pet peeve for me when I see these terms abused - I'm assuming you are referencing these words in their denotative legal senses and not how they are used colloquially.
Testimony is in a very literal sense evidence. Evidence in the sense of a trial is literally anything introduced to prove something to the finder of fact (a judge or jury). This can include physical objects, records, documents, or... testimony. This includes both direct and circumstantial evidence.
Whether evidence, testimony or otherwise, has "proven" something would be up to the finder of fact, if a matter has gotten to a trial.
If you're not in a trial, whether something is proven is of course just a matter of opinion.
stephendt@reddit
You could get really pedantic and say that the scrap bits are "this" drive but the real drive was swapped out before drives went to the scrapper, muwahaha
MartinDamged@reddit
We just secure erase them. Pretty fast on newer disks.
Then repurpose them or donate them.
TotallyInOverMyHead@reddit
We offer disposal services. for a small fee we will film your pile of disks being thrown onto a large hydraulic press and squish them for you to see. for an even smaller fee we will make "your company" coins out the endresult.
Kamikaze_Wombat@reddit
For small businesses and home users we just hit the drive with a 2 lb hammer. Big dent in the cover bending the disks is enough to keep any normal thieves out of spinning disks, for SSD it's breaking one or more chips for sure so same result. We have exactly one customer who has data sensitive enough to be at risk for more targeted attacks and who would get the shredder treatment.
billiarddaddy@reddit
I have to destroy entire computers for the same reason.
Playful_Tie_5323@reddit
I used to work at a university library and we had these self issue units that students could use and it had massive magnets in to desensitize the anti theft magnetic strips in the book spines.
We realised we could load these units with hard drives and set off the unit a couple of times - result was a load of dead drives in seconds - very satisfying - Also highly recommend a sledgehammer to achieve the same thing - very theraputic!
JustSomeGuyFromIT@reddit
It's just an encryption. If someone wants they can uncrypt the data and access the files. It's just saver to destroy the disks with magnets, scratching, bending and shredding since the data cannot be recovered after all that. Melting down the disks would be even better.
Now with SSDs it's best to just destroy the board and cut it into small bits and pieces.
lagunajim1@reddit
Bitlocker is an effective encryption technique, so no need to even erase a drive let alone destroy it.
Having said that, it can be fun to drive nails through a hard drive.
SilenceEstAureum@reddit
Because it means that the sensitive data is, beyond all reasonable doubt, completely gone and irrecoverable. Plus it's quicker to physically damage the drives beyond repair than it is to do something like DBAN
hdtrolio@reddit
We are currently going through a massive upgrade and we are pulling a keeping drives currently with a long term plan to physically destroy all the drives that we can't reuse (mainly sata HDD & SSD) any m.2 drives we plan on snapping in half and throwing away we end up not needing. Physically destroying each drive ensures we can say no company data has gotten into the hands of "bad actors". Cover our ass legally.
djgizmo@reddit
evidence and audit trail. there are companies that will shred and provide a certificate of destruction.
some compliance / insurance policies require documented evidence of this.
Primary_Remote_3369@reddit
SSD drives I usually do a RCMP TSSIT OPS-II data wipe (when in Canada, use Canadian standards)
But HDDs? Especially hundreds of desktop hard drives? Directly to the shredder. It's more cost effective than paying someone to do the wipes.
spacelama@reddit
Because studies have shown that when 70% of the population are wrong, individuals would prefer to stick with those wrong people rather than stand out in the crowd. So even though society and businesses are incredibly wasteful and already destroying the planet, hey carry on, because to stand out would mean you'd get blamed for everything that goes wrong, related to your decision or not.
"But someone might steal the data!!!!"
Really! It'd take me one command and 3 days of waiting for me to wipe these 15PB of data in the array, but sure, I'll hand this incredibly sensitive data to a third party who'll charge me a shitload of money to take these valuable assets off my hands and give me a certificate in return saying the data has been destroyed and they'll resell the untouched drives back onto eBay or chuck them in the shredder or ship them to China who will put the drives on AliExpress untouched. But I'm ok because the certificate says I satisfied the cyber insurance policy requirements.
malikto44@reddit
All about compliance. If it were up to me, I'd make sure all data stored on drives is FDE protected, then either do an ENHANCED SECURE ERASE on spinny media, or a secure erase on SSDs with a TRIM to ensure the data is not just gone with the SSD generating a new key, but all cells were marked and free and overwritten.
Without worrying about compliance, drives that needs to be destroyed (bad disks), many ways to fix that. SSDs get a nail tapped on the NAND chips, HDDs get drilled, taken apart, or used for range therapy.
However, there needs to be assurance that data is gone, and that is when the fun and games stops. With that, I just let a third party shredding place get me stuff, and on my punch list is 1, preferably 2 witnesses signing off that each serial number was destroyed on each drive, a certificate of destruction, and maybe a video of the work being done. This helps things greatly during an audit. One drive missing can mean a firing in a lot of environments.
BrianKronberg@reddit
Because you can visually tell it has been completed. Greatly accelerating the second person verification.
ms4720@reddit
Thermite is fun to play with
Zolty@reddit
It's the only way to be sure.
Encryption will get broken, it's just a question of when. When it does then your company will wonder what you cryptographically deleted and what their exposure is.
Physical destruction is far more reliable, besides everything is ssd these days so there's not a huge use for a 10 year old ssd with a few thousand hours on it.
ATek_@reddit
How else do you assure there’s 0% chance of recovery? Anything less than physical destruction is half-assing it.
stephendt@reddit
No one has ever recovered data from a drive that was encrypted and then wiped.
thortgot@reddit
No one has recovered data from a properly 0, 1 wiped drive either. Regardless of encryption.
It's still a plausible attack.
stephendt@reddit
How is it plausible?
thortgot@reddit
Determining whether the drive had a 0 or 1 prior to the wipe is theoretically possible.
Breaking AES 128 is entirely possible if quantum computers continue to advance.
From a security standpoint we classify that as a plausible risk.
stephendt@reddit
Do you have evidence that backs up your claim that you can determine whether a modern HDD previously used a 0 or 1? As far as I can tell this has never been done.
Keyword = modern. 8GB IDE HDDS from 1998 don't count.
thortgot@reddit
It hasn't been done. It theoretically can be done.
stephendt@reddit
Theoretically it also cannot be done because it breaks the laws of physics.
West-Letterhead-7528@reddit (OP)
Mitigation of theoretical future risks. I can't argue with that. :)
TxTechnician@reddit
I got a bunch of devices wholesale from a bank.
Four of the devices had HDDs that were unencrypted and intact. The other drives had been wiped.
Destroying the drives (via a shredder, not the gun range) ensures the data will never be recoverable.
Absolute_Bob@reddit
A 0.005% chance of recovery is still a better chance than 0%.
thebemusedmuse@reddit
A friend of mine had to wipe drives in the 80s for a secure facility. It had to be witnessed by 2 senior leadership members.
It would have taken them a month to wipe the drives to DoD spec, so they pulled them out the servers and smashed them up with sledge hammers in front of the board. He said it was fun and therapeutic.
at-the-crook@reddit
you can always make a brick sized mold and add concrete mix once the drive is inserted. garden walls can hold terabytes of old data that way.
bigloser42@reddit
Physical destruction ensures that no matter what the encryption level was, the data on the drive is unrecoverable. And frankly, it’s faster and a lovely way to take out some anger. When my old company was going under they were going to pay a 3rd party to destroy the drives, but it told my boss we got 3 people here about to lose their jobs and the company inexplicably owned a sledgehammer, I’m pretty sure we can destroy these drives for free. Those platters were fine dust by the time we finished.
Lost-Expression4000@reddit
When I was in the military I saw Division level intelligence guys throw "wiped" classified drives into a dumpster. We recovered the drives and they still had all their data on them, unencrypted. They had used some type of hand wave degausser and just called it good.
When I wiped drives the proper way we shredded them, classified or not. When I did it the improper way ( no time for paperwork), I removed and smashed the platters completely.
StarSlayerX@reddit
We are forced to destroy all drives because of these two reason:
1) Client Engagement Requirement
2) Government regulations
BloodFeastMan@reddit
Shredders are cheap and leave no room for doubt. Besides, it takes less time to just drop the thing in.
cum-on-in-@reddit
u/thortgot answered it correctly but I’ll just add that, it is indeed “enough” to just toss the encryption key and rotate, like you said.
The data will still be there, but in such garbled format that it’s useless.
Yes. It’s still possible to read it. But you’d need so much time……so much processing power…….like it’s obviously not feasible.
Apple does this with all their devices. Erase All Content and Settings just tosses the encryption key and rehashes a new one in Secure Enclave. Then the storage controller is told to treat the drive as empty now.
GrayRoberts@reddit
Catharsis.
Kangie@reddit
Compliance and auditability.
If you ask me where our non-disposed disks are, the answer is either:
If data supposedly destroyed in the second case turns up somewhere we will sue the pants off of the reputable company that we contract to certify destruction.
zero_z77@reddit
Encrypting it beats the 99% of hackers that don't have access to a supercomputer or a quantum computer, which means your breach will come from the one drive on the one machine that had bitlocker issues and didn't get encrypted by the tech who was under the gun to get it deployed.
Zeroing it beats the 99% of attackers that don't want to break out an electron microscope and devote three years of their life to recovering it, which means your breach will come from the drives that you thought you zeroed.
Destroying it beats the 99% of attackers that don't wanna put together a bajillion piece jigsaw puzle and break out the elecron microscope, which means your breach will come from the drive you saved from the shredder, left on a shelf, and completely forgot about.
Encrypting it, zeroing it, and then destroying it like it's a religion guarantees that the data is not only 100% unrecoverable, but also that you will actually do it, and even if you miss a step, it will still be mostly unrecoverable.
In other words, it's an idiot proof redundancy.
stephendt@reddit
I don't physically destroy drives because it's a waste of good hardware and no one has ever been able to retrieve data from an encrypted drive.
OffenseTaker@reddit
every encryption method in use today will eventually, one day, be cracked. as long as you keep that data, you will eventually be able to read the decrypted version of it. this is true of encrypted hard drives, packet captures of TLS streams, whatever.
there's gobs of encrypted internet traffic being intercepted and recorded in its encrypted, currently unreadable form right now, so that one day it can be decrypted and analysed.
if you physically destroy the drive, you are ensuring that the data is not preserved and, one day, decrypted and read
Trbochckn@reddit
Cost.
Mobile-Ad-494@reddit
Recovering a lost bitlocker key may not be feasible now but in time computing power may have increased enough to allow even someone do it at home with their personal (quantum) computer.
There was a time when DES and SHA-1 were secure, today no one in their right mind would consider them safe.
A brute force with a reasonable modern gpu is very doable.
cheese-demon@reddit
a brute force with a reasonable modern gpu is not doable.
bitlocker is in a way limited by its recovery keys being 128 bits (48 decimal digits). that's still pretty secure because the most powerful distributed computing project can only count up to around 2\^94 or so every year (the bitcoin network is currently about 800M TH/s). if you could turn the network to this purpose, you could exhaust the key space for a 128-bit key in roughly 17 billion years
aes256 cannot be bruteforced except by luck, or a more fundamental attack that would require reducing the difficulty of attacking it by more than half the bits used. the current best known results reduce the attack from 256 bits to 254.3 bits, which still leaves bruteforcing in the completely computationally infeasible range. it would require more energy than released in a hypernova to bruteforce, even considering an ideal computer. physical reality gets in the way of bruteforcing here.
quantum computing does not help much here, both because quantum computers are currently just physics experiments but also because Grover's algorithm is within a constant factor of ideal, and that reduces the problem to the square root of the input - which for a 256-bit key is still 128 bits, or i suppose 127 if the best known attack on AES could be applied in tandem.
sha1, as a hash function, is insecure because it is not all that lengthy due to the properties of hashes and what they're used for. were it perfect, it is an 80-bit level of security, which is certainly computationally feasible to break now. it's not perfect and breaking it is somewhere on the level of 60-70 bits.
tacotacotacorock@reddit
Risk mitigation.
ExceptionEX@reddit
Because almost everything requires a certificate of destruction.
But the truth is, you don't know if bitlocker can or will be cracked in the future, if it is do you want that data sitting around?
You destroy the drive, you destroy the data, no good enough, not probably won't get recovered.
Easy and smart to just throw it in the wood chipper
Brufar_308@reddit
Excuse to go to the shooting range, as if I need an excuse.. but anyway.
West-Letterhead-7528@reddit (OP)
What kind of gun do you have that shoots hard drives?!!
Brufar_308@reddit
Pretty much any rifle will put holes through em like a hot knife through butter. But honestly that’s more of a joke response as I usually disassemble and scrap the individual parts. I don’t want to spend time cleaning up a mess on the range from shot up electronics.
Frothyleet@reddit
I think he was doing a uno reverse joke implying that you would be using the drives as ammunition.
Brufar_308@reddit
Slow on the uptake today.
UninvestedCuriosity@reddit
Man I wish my workplace could afford one of those hard drive shredders. That would be cool.
kudatimberline@reddit
I pull out the drive and snap it in half. Ahh .. feels good. Things we couldn't do with platter drives.
Patrick_Vliegen@reddit
Oof, I had a job once where I had to degauss the drive, register them (their serial numbers) then drop them in a slotted sealed box and once the box was full I had to personally take them to a company for shredding. Then I would have to unseal the box, they unloaded and registered the serial numbers and shred them. Finally I had to match their registry to mine and bring a bag of shredded material in a bag as proof and store that proof with both the registers.
There was rule that said the shredded materials were not allowed to be bigger than x by x and one time management felt the shredded materials were to big and I had to go back ‘to make sure the remains would be shredded a second time to meet demands”
redmage07734@reddit
Because security experts are on crack
SgtKashim@reddit
I mean... yes, but they're also often correct. They're a strange bunch, and theoretical attacks have a distressingly common pattern of becoming practical attacks a few years later. To truly embrace security mindset is definitely the domain of the tinfoil-hat brigadiers, but also... you can transmit data across an air-gap by varying fan-speed and listening carefully. You can recover volatile memory contents by freezing the RAM. You can figure out what's being printed through the wall with a sufficiently sensitive electromagnet. Power usage patterns can reveal details about encryption schemes, and tiny tiny variations at the plug can be induced by your keyboard - and at least one attack has demonstrated you can keylog by watching the power plug.
Security land is *wild*, and frankly it's often just safest to take the absolute destruction route.
redmage07734@reddit
But you also have to scale that with a scale of the business and risk. It's kind of dumb to destroy hard drives that have been zeroed out for smaller businesses because you're likely not to get much off of it
hops_on_hops@reddit
These responses are nonsense. Physical destruction is the lazy way. You don't have to keep records or think about things if you just shred "everything".
You're right. Losing the key to an encrypted drive is sufficient. And all the OEMs have a drive clearing tool built into preboot at this point.
JustSomeGuy556@reddit
Because people are paranoid and it's easy. There's no real reason to destroy an encrypted drive, or one that has been overwritten (Though SSD complicates that)
But if you've got hundreds or even thousands of drives to manage, knowing which ones are encrypted or have been wiped is a pain in the ass. Easier to just shred them all. And some insurance or regulatory requirements might insist on it.
Confident_Yam7610@reddit
We do 7 pass DOD and toss them in e waste and sign off on it internally
the_syco@reddit
Quicker to shred than to encrypt. Also, shredded drives won't be found on eBay from one machine that wasn't encrypted for whatever reason. It's less of a headache than ensuring your company follows HIPAA, FACTA, or GDPR rules are followed. Saying "it was encrypted" when asked why X data from Y drive found it's way online. This doesn't happen if it's shredded.
Finally, a lot of drives that get shredded are recycled. Aluminum, copper, and precious metals are extracted for reuse.
DragonsBane80@reddit
Exactly this.
Assurance and speed.
Re-encrypt 30 drives. = At least a day Shred 30 drives = an hour.
We go through enough that we have our own destruction process in place instead of outsourcing it.
reddit-trk@reddit
Right now, bitlocker is secure. Ten years from now it's anyone's guess.
I read a paper a while ago on the feasibility of recovering data from a wiped drive and, at least when it was written, overwriting every bit a number of times didn't make picking up "residual traces of data" more or less secure.
I'm not a fan of destroying things that could be reused by someone else, but that was part of a SOC2 certification (I don't wish that upon anyone) requirement. I found it pointless, but the "experts" wanted to see affidavits from a shredding company going forward.
theoreoman@reddit
It's honestly really straightforward 1. the cost of destroying drives is much much cheaper than the cost of dealing with a data breach from an improperly wiped drive
The labor cost associated with wiping a drive is probably the same or more as it's wholesale value.
Nation States have the resources, time, and budgets to try and salvage data from encrypted drives.
So why risk it? Scrap the drives and move on
UncleSoOOom@reddit
Anyone still has fun microwaving CDs/DVDs/Bluray?
theborgman1977@reddit
We would clean the drives to DOD 13 standards. Then we would take them to a shooting range.
SpecialistLayer@reddit
The only real reason - compliance
Not saying I agree with it as if it's actually encrypted, you lose the encryption key and voila, it's as good as being wiped, from a mathematical perspective.
GelatinousSalsa@reddit
How confident are you that the encryption on your drive is never gonna be broken?
Physically destroying the drive adds another puzzle before an adversary can start decrypting your drive (if all the pieces are recovered)
Jsaun906@reddit
The CEO of your company doesn't know what "encrypted" means. He knows what "shredded" meaning. Physical destruction removes any possibility of recovery and any doubt that non-technical decision makere might have.
a60v@reddit
You are awfully trusting of encryption technology. If the drives don't get shredded, end up out in the world, and flaws are found in your encryption scheme at some point in the future, you are (potentially) fucked.
Shredding is a small price to pay for peace of mind and protection from legal liability. Also, as a practical matter, mechanical hard disks and SSDs have limited lifespans. They're generally near the end of their expected life by the time when they get shredded, and the secondary market value at that point is next to nothing.
anonymousITCoward@reddit
Because it feels good to physically destroy the things that give you stress.
JH6JH6@reddit
I see it as a liability transfer. You pay a company to provide you a certificate of destruction, and you can take that to legal and say the drives are destroyed. Method is secondary in importance.
colenski999@reddit
In 1994, I was working for a VAR that got a shitload of old hard drives from a health authority (leaseback computers). We supposedly scrubbed them all but one was missed. We sold them all at retail, and somebody found this hard drive, and it had tons of PIA and records of HA executives with salary details, and this fucker that bought the drive decided to post the dirty details onto USENET. It caused a minor scandal in my hometown with press coverage. After that, we just crushed any hard drives that came back.
AggravatingPin2753@reddit
When we were not able to shred, we were known to give them an extended saltwater bath.
Bad_Mechanic@reddit
Because it's fast, easily proven, easily witnessed, and not expensive.
Plus, it's fun. I've been doing this for over 25 years, and it still hasn't gotten old.
Thats-Not-Rice@reddit
Related story, back when our org was a lot smaller, we didn't pay for a company to come shred our drives. Instead we just took the platters out and smashed them ourselves.
My go-to method was to simply squeeze the platters together end-to-end until they snapped in half. Not perfect, but for the level of sensitivity of the data, plenty enough.
One year we got a temp in over summer to help out. Really smart kid, probably the smartest person I'll ever meet. We get on with our drive destruction, and as I'm squeezing the platter, he starts squinting and leaning away.
I say what, I've done this a hundred times, they just crack in half, some of them don't even crack they just bend. And Murphy himself would have died laughing, because that exact platter shattered into a thousand little pieces, raining metal everywhere. I managed to get my eyes closed in time, but my face was covered in shards of metal and it took forever to clean up and off my face so that I could open my eyes.
That was actually my first time getting debriefed by the OHS rep.
Odd-Slice6913@reddit
Also TIME. Recovery methods are always evolving. You can still recover data from platters, and sit on it, until decryption is feesable. It's highly not likely, but still possible.
maxlan@reddit
Because people are lazy/incompetent.
All this about "in the future you can crack it". No, very unlikely to matter or be considered a risk.
Did someone forget to enable encryption on that extra drive they plugged in after initial build to add a bit of space?
Probably, yes. Much higher risk of happening. Ive seen it on about 30-40% of drives before an audit. It's an easy mistake to make and without an audit very hard to spot.
And so it is easier to demand everything is shredded and a lot quicker than blancco than it is to go and audit every damn drive on every OS is properly configured to encrypt.
CeBlu3@reddit
Are you confirming for every drive whether Bitlocker was actually active before decom? If you are, no need to shred.
It has happened more than once that a drive we thought to be encrypted actually wasn’t. It’s just an additional safety step to be certain.
nme_@reddit
Just make sure your Bitcoin wallet isn’t on one of the drives.
50BTC wasn’t that much last time I went to the range with a box of drives….
wild_eep@reddit
Drives are cheap, shredding is fast and permanent and gives you protection.
Specific_Frame8537@reddit
Smashing stuff feels good, see office space.
TheOnlyKirb@reddit
Why? Because it's fun
Helmett-13@reddit
REVENGE! VENGEANCE! Taking out our frustrations on the memories of our silicon-based tormentors!
MWUAHAHAHHA!
CeC-P@reddit
Those are the only conditions I've seen. With HIPAA data destruction law training, we know exactly how we're allowed to erase drives and most drill bits and hammer crushing actually isn't adequate.
sexybobo@reddit
HIPAA violation can be $1 million. Why try to keep a 6 year old HDD worth $4 if it can cost you $1 million if it wasn't wiped fully
QuantumRiff@reddit
but most health compliance standards require all disks to be encrypted. So having to pay someone to destroy that drive in most cases is silly.
that is just someone using 'HIPAA' as justification for whatever they wanted to do. (I work in health care, we joke that "we need to ensure this meets hipaa compliance" == "I don't want to do that, it sounds like work")
You would be amazed at how little HIPAA actually covers, compared to how much people claim it does.
sexybobo@reddit
HIPAA doesn't specify how to do most things. If records get leaked you can get fined even if they don't specify what to do with the drives. If you're not following standard practices for data security they can find you more for negligence.
With all things in business there is a risk and a reward. In medical IT the risk of not destroying the disksis a $1.5 million fine. What is the benefit of keeping a 6-10 year old HDD that out ways the risk?
West-Letterhead-7528@reddit (OP)
Thanks for the comment.
Putting aside all insurance and compliance claims, in your opinion, throwing an encrypted drive with some sensitive health-care data out the window would have minimal risk? medium risk? high?
Of course this is a theoretical question.
West-Letterhead-7528@reddit (OP)
lol. Because the environment? :-)
Yeah, for these scenarios there is zero argument against physical destruction.
hologrammetry@reddit
Gives me an excuse to use the drill press.
sunnyspiders@reddit
Because the ball of hard drive magnets must feed and demands more every day.
Katamari of Data
Site-Staff@reddit
The big ass hard drive crusher tool we have is my favorite.
Put down a bag, throw on some safety glasses, and get to chuckin those fuckers in it and pull the lever.
Bleachbit is nowhere near as much fun.
schwags@reddit
I'll throw in my 2 cents here since I own a n ITAD business and we literally do this everyday.
Some clients require us to physically destroy the drive. Sometimes it really sucks when your contracted to destroy hundreds of perfectly viable 4 TB SSDs, but client gets what they want.
Hard drives are worthless. We don't bother taking the time to wipe them, they all go through the shredder. The resultant shreds are sold as commodity scrap and smelted and reused.
If we run across an SSD that we were not contracted to destroy, rather logical sanitation is acceptable, then we will do that. Our certification actually encourages reuse over recycling. We will never sell raw drives, but we will use them internally for refurbished computers because we can verify every single one of them has been erased during the refurbishment process. However, we're not going to worry about whether or not the drive was encrypted on the OS level or the firmware level, we're just going to connect it to are automated drive eraser system and it's going to do its thing. We've only got a few minutes to process each drive and most of that time is spent entering the serial number into the ERP and clicking "go" on the software.
Tldr, sometimes we're required to destroy, sometimes the item is not worth reusing, and sometimes we do logically erase it and in the case of SSDs that often does just require wiping the encryption key.
Pristine_Curve@reddit
Encryption is unbreakable today, but will it remain unbreakable next year? I can't go back and update the encryption methods of drives which are out of my control.
Secure erasure routines are satisfactory. Performing the secure erasure routine is slow, and requires someone who knows what they are doing to oversee/validate the process. A fraction of devices will fail the routine, but still contain data.
Shredding is certain, inexpensive, fast, and does not require skilled tech time.
Helpjuice@reddit
The only way to guarntee something is unrecoverable is to physical make it unrecoverable. It is not possible to restore something that has been physically destroyed beyond recovery.
This is a hard requirement for some customers due to the sensitivty of the work, especially some government customers.
Deadly-Unicorn@reddit
Cheaper than anger management therapy
Megafiend@reddit
Compliance: It's not been wiped by some overworked network junior, or a third party handling the data. Its destroyed; the data is not accessible.
Catharsis: the printer scene in office space comes to mind.
Silveradotel@reddit
because destroying them with a plasma cutter is fun.
firesyde424@reddit
We destroy drives because the time required to effectively wipe them to a reusable state isn't worth whatever value they have at the time nor is it worth the risk of a data breach.
Citizen493@reddit
Mainly compliance, but you are correct. If the drive is encrypted (BitLocker or similar) and the key is no longer available to the drive for unlocking, that is a drive filled with nonsense. There is no need to fill it with zeros or other pseudo random contents.
craigmontHunter@reddit
Technically? There isn’t really a reason, between encryption and wiping.
From a policy perspective it is just more insurance, what if a drive was not encrypted for some reason? Or missed being wiped? Physical destruction just confirms that nothing can be recovered, and from a company standpoint if it’s already at the point of disposal there is really no financial value to them.
Geekenstein@reddit
Encryption has a shelf life - computers are always getting better. Shredding is permanent.
pdp10@reddit
There are claims that some regulatory regimes outside of national defense require destruction, but we've never been able to confirm that. Particularly, no HIPAA reference has ever made its way to us.
Quickref links for wiping all types of media on Linux: SATA, NVMe, spinning, eMMC.
West-Letterhead-7528@reddit (OP)
Thanks for the link! It will be useful soon. :)
stufforstuff@reddit
Speed. Which translates to cost (time is money).
binaryhextechdude@reddit
Why settle for encryption only? Surely a drive with several holes in it is guarenteed to be useless.
lynxss1@reddit
I destroy/disassemble them because:
- scrap yard pays more for non mixed metals
- scrap yard pays a LOT more for HD and Ram pcb
- Magnets! - good for crafts, kids playing with them and projects.
- Motors and parts - also good for kids projects
MrBr1an1204@reddit
Its fun. I keep a golf club at my desk for "decommissioning" old devices.
Insomniumer@reddit
Why? Because it's a requirement in several standards.
Is it necessary? Most of the time, absolutely not.
For an average corporation it is totally unnecessary to physically destroy hard drives or solid state drives. For hard drives, DoD Short is more than enough and for SSDs the secure erase feature in the firmware does the trick.
zeptillian@reddit
Instant Secure Erase is just an encrypted drive that had it's internal key wiped.
It would still be vulnerable if attacks against the encryption algorithm are discovered later.
West-Letterhead-7528@reddit (OP)
Thanks for this comment. It's hard to ask something like this for fear of being downvoted into oblivion. :D
This is my feeling. I understand this is the only guarantee, but not everyone works under such strict standards or compliance frameworks.
Superb_Raccoon@reddit
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
See section 2.6.
Not that those requirements can't be met, it is just that physical destruction is MUCH easier to document and prove.
stashtv@reddit
We grind our drives into dust and save the dust.
zeptillian@reddit
If you leave the data there it could be readable in the future if there is ever a weakness discovered in the encryption or if it becomes possible to break it.
If the drive is zeroed out, there is no reason to destroy the drives. That only serves as a failsafe for people not doing their jobs properly and being able to prove to others that the drive is unrecoverable.
A zeroed out formerly encrypted drive is 100% unrecoverable in my opinion, even with state attacker level resources.
Roland_Bodel_the_2nd@reddit
Realistically because someone less technical higher up than you in the org is slightly more risk averse and just wants to CYA.
Often times I've been able to push back saying we have to pay extra to "keep the drives" and then the minimal cost is often not acceptable and they accept the risk.
Also in places I've worked it's less about the actual data that could be lost and more about the reputational hit if it were somehow public news.
TabascohFiascoh@reddit
Insurance reasons.
rUnThEoN@reddit
You can setup a proper process by documenting the serial numbers via the wipe program. Then you can barcode scan any exitting harddisk.
Tahn-ru@reddit
Why not? It's a cheap way to close the last little bit of possibility that data might leak from them (see other comments mentioning "Harvest now, Decrypt Later". As long as the company hired for the destruction aren't assholes about disposal, there is no difference as far as recycling their materials goes.
Compare the cost of shredding (cheap) to the cost of the fines, PR and court damages in the event of a data breach (astronomical).
deefop@reddit
Because encryption can be broken, and it doesn't have to be broken *today* for it to be broken years from now. You let a drive with really sensitive data fall into the wrong hands, they toss it on a shelf with a bunch of other drives they want to crack into, and then 5 years from now someone comes up with a quick method to break the encryption, and now the bad guys have all your sensitive data.
But when you take the drives to a shredding facility and have them physically annihilated, nobody but god himself could ever put them back together and recover that data.
-rem93@reddit
There are always new methods for data recovery, even if they arent available now, a vulnerability in the future may compromise the data on an encrypted drive. Physical destruction is the best way to guarantee that data wont be recoverable.
DenialP@reddit
Risk mitigation.
gwig9@reddit
No encryption is perfect and because of that many organizations have adopted the policy of physically destroying the data when they are done with it as that is the only way to "be sure" it can never be recovered. Not saying it's right, but that is the idea behind physical destruction.