Destroying Hard Drives As A Service?

Avatar
Brian Rhodes
Jul 24, 2014
IPVMU Certified

Take a look at this HDD destruction service offering:

Essentially, you pay them $20 and send your old disks, and they send you back a 'certificate of destruction' that promises they turned the thing into dust and recyclable shreds.

I understand that data destruction is important in many cases, but what do you think of building a mail-order service around the mechanical obliteration of disks?

Is such a service worth spending $20 on?

Avatar
Michael Silva
Jul 24, 2014
Silva Consultants

Many of my corporate clients use a service of this type when decommissioning their old computers. Having a process of this type (and documenting its use) can demonstrate "due diliegence" was used in the protection of confidential data - something very important in many industries such as healthcare, financial services, etc. Well worth the $20 in my opinion.

Avatar
Brian Rhodes
Jul 24, 2014
IPVMU Certified

Beyond a low-level format and smacking them with a hammer a few times, does proper 'due diligence' require destroying them into component pieces or smaller?

Avatar
Michael Silva
Jul 24, 2014
Silva Consultants

From a practical standpoint, probably not. But what these clients are mostly looking for is a certificate from a credible outside party that the destruction was done using approved methods. Having these certificates on file pleases the various auditors and regulatory agencies that the client has to deal with.

JR
Javier Ramirez
Jul 25, 2014

I would step into the Linux world and use Derik's Boot & Nuke software. Its free and will deetroy ANY data on a HDD. It does it by writing random 1's and 0's or just 1's or just 0's to every secotr of the disk.....and it does it up to 35 times if you want it to.

Avatar
Carl Lindgren
Jul 25, 2014

We drill a hole through the case and the platter(s) inside. Granted, someone could probably retrieve some data from the platters if they really wanted to but the drive itself is rendered useless.

Avatar
Ethan Ace
Jul 25, 2014

Using nuking software and drilling holes are totally valid ways for most people to destroy drives. If you really need them gone and certifiably so, you're looking at a service like this. It's very similar to the mobile shredding services you see. They pull up, shred your stuff, and then give you the certificate saying it's done. Like Michael said, regulatory bodies love this.

JH
John Honovich
Jul 25, 2014
IPVM

So here you get a certificate from a company who has literally been open for 32 days. And you have to mail it to them in Florida...

Avatar
Ethan Ace
Jul 25, 2014

What could go wrong?!

Avatar
Ari Erenthal
Jul 25, 2014
Chesapeake & Midlantic

I dunno. That seems like a lot of work to go through for a measly twenty bucks. I think I'd rather start a service where I take people's hard drives, dump them in the trash, and then print up an official looking certificate, suitable for framing, solemnly stating that the hard drive had been erased, overwritten, degaussed, shattered, crushed, ground, sauteed, crushed again, defenestrated, and then I jumped up and down on the little bits with, like, a really angry expression on my face.

Avatar
Carl Lindgren
Jul 25, 2014

SOLD!

Would you send the client a picture of that? I'd be willing to pay $20 for one.

In fact, I just had an old drive fail in my home computer. I haven't bothered pulling it out since it was my secondary, backup drive and only had backups of videos that I digitized from VHS on it (the primary copies are on BluRays) but I don't want anyone getting hold of it and duplicating my Space Shuttle mission collection.

Avatar
Ari Erenthal
Jul 25, 2014
Chesapeake & Midlantic

Sure, I got Photoshop, I'll send you a picture of Bigfoot smashing your hard drive with a big hammer. He's wearing the most adorable helmet and safety glasses, too. OSHA regs, you know.

Avatar
Carl Lindgren
Jul 25, 2014

Is he/she an employee?

Avatar
Ari Erenthal
Jul 25, 2014
Chesapeake & Midlantic

Contractor. Part time. It's the economy, you know.

Avatar
Brian Rhodes
Jul 25, 2014
IPVMU Certified

My five-year old son will do this service for $10 each disk, and the certificate will be hand-written in crayon on the backside of old copy machine paper.

PS: He does this stuff for fun:

Avatar
Ari Erenthal
Jul 25, 2014
Chesapeake & Midlantic

Careful with that thing, kid, it's an antique!

RW
Rukmini Wilson
Jul 25, 2014

People, you are missing the real synergy here! Remember, these things come with their own slow-acting overwrite mechanism built-in.

A pair of apparently unrelated start-ups are in order:

Stan's Solemnly Sworn Swipe and Wipe Service

and

Clancy's Cut-rate Cloud Cache

Also, may I point out that we humans think that a degaussed and crushed hard drive is useless, but if the NSA were to really to give a crap about your hard drive, i.e. 9/11 or you are Snowden, a file with say a phone number can live in an exceedingly small place. Like the size of grain of sand. Degaussing is therefore best when done last, after low-level formatting (if drive is operational).

Avatar
Carl Lindgren
Jul 25, 2014

In the spirit of saving our planet, I prefer to recycle, or repurpose used equipment. Below is an example of an alternate use for hard drives; note the platters(s) have been removed and destroyed, rendering the data unusable:

Avatar
Carl Lindgren
Jul 25, 2014

By the way, they have competition:

MI SECURE

Avatar
Michael Silva
Jul 25, 2014
Silva Consultants

The leading document destruction companies, such as Iron Mountain and Shred-It, also offer this service. Most major clients would probably already have a contract with one of these companies and would use them to handle their hard drives along with everything else.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions