How James Bond would wipe his hard drive

Ed Dawson | Feb 12, 2007 4:00 PM

Once you’ve read this article, your hard drive could be melted in 30 seconds. “Digital Shredding” technology is now available.

“Your mission, should you choose to accept it,” These classic words would often prelude the espionage action of the Mission Impossible TV shows and films, where spies were given secret instructions that destroyed themselves completely. Surprisingly, technology like this is now becoming commercialised for ordinary companies. A new product called the EDT Digital Shredder promises fast, neat and total destruction of data, without damaging the drive electronics for re-use.

Mr Jorge Silveira, of Consulvest Australia is a methodical operator. He presents his facts in careful order, backed up with research and real-world examples. He explains the grim state of decommissioned computer data in today’s business world clearly and without laying blame, in such a way that the total scale of the problem is immediately laid bare. Yet you may have never considered the problem.

He’s exactly the kind of careful, ordered character you’d want in charge of a gritty area of work with potentially great importance, like data destruction. Representing Ensconce Data Technology (EDT) in Australia, his company Consulvest is the sole distributor of the Digital Shredder. EDT make equipment for the kind of people that are deeply paranoid about data being recovered from decommissioned hard drives.

The value of data
According to Jorge, data from government embassies could potentially be “worth probably millions.” He said. He emphasises that this value is not exaggerated for private enterprise, either. “This can mean success or failure for companies”. One hard drive recovered from a dumper bin, with a thousand customer credit card numbers could spell a public relations disaster. The same drive could mean effortless theft of original IP, or inside information, that is supposed to remain private. Yet, there seems to be an alarming amount of lackadaisical procedures when it comes to decommissioning computers.

Jorge explains his education approach like this: he puts the directors of IT and the financial directors in the room together, firstly re-affirming the damage that leaked intellectual property or customer data could cause. Everyone can agree on that point. He then reminds everyone how most desktop computers in an organisation will contain some kind of secret information along these lines, especially servers. He then asks the IT director what the decommissioning process is for old computers – which is nearly always “give them away to a worthy cause” or “have them collected by computer recyclers”. At this point, the financial director usually turns white and shortly afterward, places an order. Financial institutions, insurance companies, law firms and government agencies have been quick to adopt the product, according to Jorge. “These guys get the message right away, no problem.” He said.

“We want to become the world leaders in data destruction,” said Jorge. According to EDT, there are a number of ways to wipe information off hard drives, but most of them are inadequate, or unnecessarily damaging to the environment. He detailed the pros and cons of each approach for PC Authority.
Mechanical shredding
The historical alternative to data shredding has been a massive, old-fashioned device called a mechanical shredder, which physically hacks the drive into one centimetre cubes, creating a potpourri of toxic materials for disposal. Jorge explains how it works: “I watched a guy shredding 500 hard drives in five minutes,” he said. “But then, the magnetic pieces all stick to the gears and teeth in the shredder.” The operator using the machine then faced a gruelling six hours to completely clean the magnetic debris from the machine before it could be used again. Apart from being environmentally obnoxious, those drives could have been re-used in a community or non-profit setting, extending their utility. There’s also other drawbacks. Jorge says that even this drastic method leaves behind recoverable data with today’s areal densities. “One centimetre of platter: get that to a forensic lab, and you can recover a Word document,” he said. “You might be able to recover thirty to forty percent (of a mechanically shredded drive)”. Additionally, problems around care, custody and control of the information in the drives still remain. You never know the credentials of the people handling the drives in transit, Jorge maintains. PC Authority could not find any evidence of mechanical shredding services in Australia.

Degaussing
This fairly logical idea puts the drive under an incredibly powerful magnetic field, scrambling the bits. However, like the mechanical shredder, this process destroys the drive electronics, turning each device into a poisonous piece of landfill. Also, the drives must again be transported to the bulky degaussing machine, raising the issue of custody once again. There are two major degaussing service operators in Australia.

Triple-overwrite
People who know something about data destruction will be aware that overwriting data on a drive a number of times reduces the likelihood of it being recovered. However, Jorge explained that simply overwriting the bits does not erase tiny slivers of magnetic material between the bits, on the fringes of the readable areas. These slivers can contain what is called “shadow data”, which holds an echo of the information the drive once contained. According to Jorge, erasing the shadow data requires activating a special low-level formatting process called Secure Erase. “Secure Erase moves the head from side to side,” says Jorge, thereby wiping the shadow data as well. Secure Erase is apparently a function built into most modern hard drives that comply with ATA and SATA standards, but consumer operating systems and BIOS features will prevent you from activating it accidentally. Additionally, the US military grade triple-overwrite process takes many hours or days to complete for each drive. Jorge also maintained that triple-overwrite may not erase the shadow data when run through conventional operating system environments.

The Digital Shredder
The EDT Digital Shredder activates the drive in a special operating environment that can access and run Secure Erase. The technician must remove the drive from the computer and physically lock it into the Digital Shredder machine, which is a toaster-sized device that utilises a touch-screen interface. In doing so, the drive is quickly wiped clean in less than one hour, “beyond forensic recovery”. This is no idle claim. EDT employed a crime laboratory in the United States, belonging to the city of Portsmouth, New Hampshire Police Department to try and recover information from their Secure Erased drives. According to the results of that test, no data of any kind was recoverable following the Secure Erase process, and the hex value “00” was shown in every single byte.
Yet, the drive remained functional as a useful piece of equipment and could be safely reformatted and put to work in a new role after decommissioning. This is important primarily for environmental reasons, removing the need to grind the drive into a noxious souffle of chemicals, nanomaterials and chunks of Rare Earth magnet. Finally, the Digital Shredder has a physically resilient casing, allows for password protected administrator and user accounts, data logging of all erasing activities and it will resume any interrupted digital shredding task after a power outage. The Digital Shredder pricing starts at $20,000 Australian dollars.

Drive ‘melting’
If you think the Digital Shredder is like something from a James Bond film, you’re not far wrong. But EDT has even more exotic equipment in the making. A “remotely destroyable hard drive” is on the way, which uses 17 different triggers to detect theft or tampering. These triggers will activate a small tube-like compartment in the drive, which will instantly coat the hard drive platters with a non-toxic chemical substance. Within fifteen minutes, the drive is beyond forensic recovery. With each drive containing its own destruction mechanism, any number of such drives could be exterminated concurrently. Actions such as removing the drive from the building will trigger the GPS unit, which will destroy the drive. Using the wrong access password will destroy the drive. Naturally, this drastic drive destruction can also be remotely activated by administrators. No word yet as to whether smoke would be vented languidly as the destruction takes place.

Now that you have finished reading this article, this server will self-destruct in thirty seconds.