Does drilling a hole into a hard drive suffice to make its data unrecoverable?

Question

We have a lot of PCs in the company and nobody wants to wipe a multitude of hard drives. We also have many apprentice toolmakers who really want to destroy things. Thus, every couple of months, our apprentices receive two heavy baskets of hard drives to drill through.

Some of my coworkers believe that this is absolutely overkill. I, however, believe that not wiping the drives before drilling through them might make some data recoverable.

According to this question, wiping with DBAN will make data completely unrecoverable.

DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.

How about drilling a hole?

Answer 1

Drilling a hole in the drive enclosure which passes through all the platters will make it impossible to run the drive. Most modern HDDs don't have air inside the enclosure, and you've let what was in there escape. You've filled the cavity with tiny pieces of drill swarf, which will be on everything including the platters, and will crash the heads if someone tries to lower them onto the rotating platters. You've also unbalanced the platters, though I don't have an estimate for whether this will be fatal. The drill bit will likely pass through the controller board on the way, which though not fatal will certainly not help anyone trying to hook the drive up.

You have not prevented someone from putting the platter under a magnetic force microscope and reading most of the data off that way. We can be fairly sure this is possible, because the SANS paper linked from the linked SF article demonstrates that you can't recover data from a platter with an MFM after a single overwriting pass, and such a test would be completely meaningless if you couldn't recover non-overwritten data using the same procedure.

So drilling through the platters will very likely prevent data from being read off the HDD by normal means. It won't prevent much of the data being recoverable by a determined, well-funded opponent.

All security is meaningless without a threat model. So decide what you're securing against. If you're worried about someone hooking up your old company HDDs and reading them, after they found them on ebay / the local rubbish dump / the WEEE recycling bin, then drilling is good. Against state-level actors, drilling is probably insufficient. If it helps, I drill most of my old drives, too, because I am worried about casual data leakage, but I doubt the security services are interested in most of my data. For the few drives I have which hold data that Simply Must Not Leak, I encrypt them using passphrases of known strength, and drill them at the end of their lives.

Answer 2

The security policy for many companies is to universally physically destroy all data carriers, so plain old paper documents and prints, spinning hard disks, SSD's etc. all get shredded before they get recycled.

In that regard your question might be irrelevant and you may simply need to comply to that policy.

With SSD's becoming more prevalent it is also good to realise that software wipes are not reliable for SSD's.

With regards to physically destroying drives by drilling a hole: That will prevent normal usage, resale and refurbishing.

In many cases that may be sufficient, but while drilling a hole makes the disk inoperable that still only destroys a fraction of the data. With sufficient money to spend a determined attacker can still recover the remaining data. If that is a risk is something you need to determine for yourselves.

Answer 3

Don't drill all the way through, just through the top of the housing. Pour in thermite and ignite!*

• Definitely safer than drilling one hole all the way through.
• Probably a lot safer than overwriting every bit too.
• This will even take care of SSDs, though they may not have a hollow for powder to fill.
• Your apprentice toolmakers will think this is a lot more fun even than drilling!

*do this outside.

Answer 4

Its worth remembering that drilling and other physical destruction methods are relatively fast compared to a wipe, and it is simple to verify that the disk has in fact been processed by looking at it, since unlike a wiped and unwiped disk, it is obvious that a disk with a hole in it will not work.

So, either a few hours, or a minute or (less!) with a drill press per disk.

You'd obviously want to tailor your approach for SSDs but the advantage with physical destruction for a lot of disks is speed and relative verifiability that the data on the disks is no longer recoverable.

Answer 5

While drilling a hole is sufficient against most real-life attackers, why not buy an HDD shredder? It's only $3000 to $5000 for smaller models, and it works pretty well with SSDs too. Also, having your drives shredded will sound much more convincing in case of an audit than "we have drilled holes in them".

Answer 6

Drilling, or disassembling the platter stack and bending/breaking the platters, will certainly make any non-laboratory, non-multi-$1000 recovery effort futile. Any HDD, even 1980s types, relies on the platter surface being perfectly level, since aerodynamic effects are used to keep head and platter very close to each other without touching. Any reading method that can deal with a bent or perforated platter no longer resembles a hard drive, and would certainly not only require expensive and/or custom made equipment but would also be orders of magnitude slower than reading from an intact drive.

Theoretically, someone could attempt to modify the drive to do a partial recovery on tracks not interrupted by the hole, so to be safe, drill several holes so most concentric tracks are effected.

Damaging or removing (and separately disposing or keeping) the circuit board is either pointless (if dealing with an even slightly determined attacker - using a replacement circuit board from the same model is a common technique in data recovery) or absolutely sufficient (to deter opportunistic, trivial attackers like someone that would resell an intact drive not meant to be sold).

BTW, any claims about software-wiped data being recoverable depends a lot on two things: a) which encoding type was used (2000 and newer will likely be PRML, which already exploits any error margins it can to store more data), b) how the wiping method deals with HBA features and fault-remapping algorithms (and the spare sectors they use) in the drive (crude wipe programs usually won't, builtin "secure erase" firmware usually will).

Answer 7

This question reminded of something. I studied Electrical and Electronics Engineering. We had a lecturer who used to work for the army. In one lecture he said that from time to time the army destroyed some HDDs.

Asked if anyone knows the correct answer about how, many answers came. Then he said, we take a sledgehammer. Make sure that it gets beaten hard. Right after that we shred it.

My only reaction to that was "primal". Seems like it is the correct way to destroy a HDD.

Also I suggest you to read this link: https://community.spiceworks.com/topic/586771-the-leftovers-is-drilling-holes-in-an-old-hard-drive-really-enough

It will most probably answer many of your questions.

Answer 8

Hard drive platters are made either of aluminium or tempered glass. If you are to quickly render the data of many such drives absolutely irrecoverable, using a drill-press will utterly destroy the glass ones. (Even the smallest damage will cause them to fracture into thousands of shards.) After drilling the hole, the aluminium platters would be destroyed best / easiest by injecting a quantity of a strong lye (NaOH) solution. There are other methods f.e. throwing them into an active volcano, but this is how I would do it. 'Could do 50 over drives in an hour like that, I reckon. Do wear eye protection though -not only is lye a nasty substance, but highly tempered glass will violently shatter and project very dangerous shards.

Answer 9

The plates can be removed, cleaned up and installed into another (new) hard drive. Cylinders that are fully outside the hole area should be readable no problem. This means, majority of the content, if there is only a single small hole.

The plates may be re-balanced by drilling another hole of the same diameter in the opposite side. Some means must be taken to prevent heads running over the holes, but looks possible.

Answer 10

There are two points here - what works, and what you should (or should not) do.

When I'm done with an old HDD, I open the top and heat it red-hot internally with a small DIY gas torch. It takes a few seconds from start to end. No magnetic data is going to survive the heat rise, which destroys/randomises the magnetic domains with absolute certainty, even if the plating on the platters wasn't oxidised/charred/burnt off and peeling. The case is easy to open too.

Notice the emphasis above: it's what I do. Almost certainly it isn't what you should do as a business. Nor is drilling, acid, electrocution, thermite, or any other fun activity. There are serious issues to consider before letting staff loose on the disks.

As an individual I'm fine doing what I prefer. As an employer your company is probably legally liable for staff safety and any accidents (in most if not all countries). I wouldn't allow my staff to do what I do personally. All it takes is one accident with a drill, due to exuberance or carelessness, some metal swarf to hit an eye, or anything else, and you can expect a visit from the lawyers who will ask you exactly what training and control your company gives, when it turns ugly.

Most of the alternatives suggested in other answers are a lot of fun - until they go wrong. At which point one person is in the line of fire. You.

Alternatives - top off case (ensures exposure as other answers state), and ideally some action that physically damages the platters (in any manner) but doesn't incite reckless conduct or risk an accident. Perhaps buy a hand-held demagnetiser (mains powered, produces a powerful local magnetic field designed to randomise data, has little or no harmful potential). Less exciting but a lot safer.

Answer 11

I take a two-pronged approach to sensitive data and old drives, that involve my children:

• All /home/user directories are encrypted (with default Ubuntu home directory encryption).
• All user data except for large work-in-progress media files, that is stored in custom directories, is encrypted with EnCryptFS. (Possibly doubly encrypted if under a /home/user directory - for standardization, not "extra encryption".)
• If the drive is still operational at EOL:
  • If it contained potentially sensitive data: a one-pass randomized wipe is performed.
  • If no sensitive data: A new MBR or GPT table is written, a new partition created, and a few MB of random data is written. (Time permitting.)
• All SSDs get hit repeatedly with a hammer and discarded.
• All HDDs get handed to my children. They can do anything they want with them, with minimum parameters:
  • All platters must be physically, individually removed.
  • Platters must be physically scrambled/jumbled from all drives and within each drive (e.g. by scattering on the floor and shuffling them around).
  • Making duct-tape animals out of the platters and parts is totally OK.
  • Scratching the platters is totally OK.
  • I've never gone farther than that, but throwing the platters in a bonfire, or taking a torch to them, might make for a fine additional step.

Answer 12

Considering that you''ve many drives to wipe, you may invest some time in an auto-eraser PC : barely a linux host that wipes any attached drive(s) and fill them with random data.

Then, destroy them physically :

• For HDDs: an hydraulic press with a sharp end
• For SSDs: 300V AC on the chips' pins.

Answer 13

Adjunct: In case you want to orderly disassemble a hard drive to dispose of the platters, there is a trick to know. If you attempt to remove all the screws on the plate stack one after another, the last one or two will always appear to be immovably stuck, and the torque you can bring to bear on it safely is severely limited by the screw still being in an easily rotated part. This is because the unequal tension on the top washer invariably jams it into the threads. Loosen all the screws evenly but only very slightly at first, only then remove them all the way.

Answer 14

Determined attackers will still be able to retrieve partial data and there are places I've heard that specialize in this sort of thing.

If you really want to wipe the drive's data, simply employ the Gutmann method (https://en.wikipedia.org/wiki/Gutmann_method). Then run the drive under a powerful electromagnet.

Anything short of this and you will at least have partial data recovery as possibility. That being said, unless the NSA or some organization with very high technical resources/skills is after your data, it's usually safe to just do a DoD 5220.22-M wipe(3 Passes).

The alternative is to melt down the drives, in which case data recovery is infeasible in any case.

Now the matter is different for SSDs, for normal attack vectors, a "secure erase" (typically available in your SSDs management software) is usually enough. TRIM does not erase data on an SSD, simply marks it as empty and ready for re-usage.

Otherwise, melting is still a good option :)

Answer 15

Well seeing as Zero-ing out the disk using military grade writing doesn't suit your fancy, a sledge hammer will do the trick better than a car or drill press. my preferred method: metal CNC (Fusion 360 or find an online 3D model of a hard drive and feed that into a linux CNC) and watch the machine battle the machine! Gloriously calculated "paths" for the mill to follow!

Note that the military has their hard drives embedded with thermite (no joke) and they just shoot the darn things till they melt. Ooo nifty idea, take a torch to them, or cook them in an aluminum oven!

Personally the magnets are awesome and the platters make good mirrors so my bad drives are on the wall :D

Answer 16

DBAN may be preferable up to a given size. If you have to wipe disks containing terabytes of data it will take hours to wipe it completely.

Using a drill takes only a second. I'll let you do the math yourself what makes more sense for you.

Answer 17

Depends on the requirements of your enterprise and also the level of the group attempting to reconstruct your data.

Casual hackers may be defeated by this but some specialized agencies can get past, about, 6 layers of "wipe" and can also recover all the data but the hole (On raid though, they can usually reconstruct that, depending on whether they have some of the parity drive etc.).

In our copany, we bulk demagnetize and shred most. Some projects also require that the drives are disassembled and the individual disks sanded,.. after the demag and then a shred.