In a recent study, a research team purchased roughly 100 hard disks off eBay and found half of them to contain sensitive information, including insurance records, biographical information about children, and even blackmailable material such as evidence of an affair.
Apparently, those folks didn't know that with a Linux boot disk and a little patience, you can securely and easily erase your old hard disks.
That's a photo of my old computer graveyard. The relics are starting to take up a lot of space and they need
to go. But who knows what's on any of them — financial data, secret plans for world domination, etc.
Whatever it is, I'm sure it's no good.
So what can you do to secure your information before selling or throwing away your old computer? Unfortunately, you need to do more than just format your hard disk. It's not even sufficient to overwrite and fill your hard disk with non-sensitive information. In 1996 Peter Gutmann published a paper describing techniques for making it as difficult as possible for an attacker to recover data from magnetic media. Basically, it comes down to scrubbing the disk a number of times with random data.
In addition to commercial software and services that do this, there are some free tools that can get the job done.
You may want to check out Darik's Boot and Nuke, which is a boot floppy that will automatically scan for hard disks and erase them. This is probably the easiest way to go, but it would scare the crap out of me having this disk anywhere in my house. Label it well.
Instead, I use the shred utility that is part of the GNU fileutils package. Here's why I do it this way:
- It's available on most Linux boot CDs
- You can examine a disk before you erase it (regardless of the filesystem used)
- It works on any machine that will run Linux
Booting Gentoo From CD
We'll be booting from a Gentoo CD and then running a quick (err. slow.) command to wipe the drive.
Like I said, the software we are using is part of the standard GNU fileutils package, so if you want to use a different flavor of Linux/Unix, that's fine too.
Download a gentoo live cd from here. Just grab the ISO CD image for your platform. You can find it at /releases/x86/../livecd/install-x86-minimal.iso for PC users and /releases/ppc/.../livecd/install-ppc-minimal.iso for Mac users.
Then use your favorite cd burning app to write the image to a new CD-R.
Boot the CD and wait for the boot prompt to appear. At the boot prompt type the following and hit enter:
Gentoo Linux will proceed to boot into command line mode.
A Note About Really Old Computers
Several of my old machines can't even boot from CD. The easiest thing to do in this case is just to unplug a newer computer's hard disk and connect the old drive to your new machine. I have a little mini-itx machine that I use all the time for stuff like this.
Just make darn sure you have disconnected all of the drives from your new machine.
In Linux, your first IDE hard drive is called /dev/hda, the second /dev/hdb, and so on. Assuming you only have one drive in your machine, you'll want to wipe out /dev/hda. If you have other disks, you'll need to run the same command for each of the devices.
If you are a *nix person, this would be a good time to mount your disk and examine it before you blow it away for good.
When you are ready to destroy your data, just type:
shred -vz -n 3 /dev/hda
This will write 3 passes of random data to your hard disk, followed by a 4th pass of zeros. It takes some time, so if you don't mind random (suspiciously random) data on the drive, you can skip the zeroing pass by omitting the z flag.
Why only three passes? It comes down to a matter of time versus diminishing returns. There are actually some non-random patterns that can be written to certain types of hard disks that 'saturate' the media more effectively and can be used in-between random passes to further destroy any memory that your disk had of your scandalous data.
Here's what Peter Gutmann has to say on the subject:
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques.
If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do.
As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.
Still want the extra voodoo? Run this instead:
shred -vz /dev/hda
Be prepared to let this one sit for a while. For a large drive this will take all day.
Sometimes you've got an old drive that just doesn't work any more. The one pictured above makes noises like there are some marbles loose inside. It's just a no-good, dirty hard drive, and it's got bad written all over it.
That doesn't mean, however, that there isn't still a wealth of data on those platters. Your level of paranoia will determine the best course of action, ranging from 'who cares?' to 'get the blowtorch'.
I like to remove the platters and make coasters.
The Ultra Paranoid
Over the last 5 years, I've slept with a different married woman every night, cheated on my taxes to the tune of
$10billion, sold nukes to Iran, North Korea and Jerry Falwell, conspired with international terrorists to undermine
freedom, liberty and the expansion of Mc Donalds, and documented all of this in a personal manifesto on my PC.
My hard disk was full so I've upgraded to a new PC. I used shred (with extra voodoo) to clean the hard drive in
my old machine, but I'm still afraid to sell it on eBay. Do you have any recommendations?
We like to think of digital devices as holding a bunch of 0s and 1s. In reality, data is ultimately stored in
some analog form. Two bits of data on a drive may both be recognized as a 1, but one of them may not carry as
strong a magnetic force... a giveaway that it may have been a zero that was recently overwritten with a 1. Those
bits retain a history, Cletus.
So if you really want to be sure that your data will never be read, you will have to destroy your hard disk. The best thing to do is to melt it down. Other alternatives might be to destroy the surface with a belt sander, cut it into pieces and bury them in geographically seperate locations.
This sort of ruins your opportunity to resell the drive on eBay, though, unless you cast it into a collectable figurine.