/ Technology

What’s on your old hard drive? ‘Delete’ does not mean destroy

40
Profile photo of Rich Parris Rich Parris Which? Tech
Comments 40

Have you ever sold an old computer? Given it to charity? Or sent it to the scrapheap? If so, you could be among thousands of Brits who may have unwittingly put their personal data at risk in the process.

It’s a common misconception that ‘delete’ means ‘destroy’. In fact, with just a little expertise, deleted files can easily be recovered from old hard drives.

In an investigation conducted by Which? Computing, we purchased several second-hand hard drives online via eBay – some cost as little as £15 to pick up.

Using the kind of data recovery software that can be cheaply downloaded off the internet by anyone, we were able to recover over 2,500 files from the eleven hard drives we’d purchased. We recovered everything from personal photos, spreadsheets, music files to online chat conversation histories.

Our lab experts conducted this exercise under tightly-controlled conditions, and the recovered data was fully destroyed at the end of the investigation. But in the wrong hands, the same data could lead to ID theft, fraud or even blackmail.

The risks of recovered data

Have you ever saved a CV on to your computer’s hard drive? Ever done your online banking on your home computer, or saved copies of documents to do with your home finances? These are exactly the sorts of files that can be retrieved from an old hard drive if all precautions aren’t taken to destroy the data properly.

In our recent survey of 1,003 Which? readers, we found that many are potentially leaving themselves at risk when disposing of old computer equipment. Of those who had ever sold or recycled a computer, 53% deleted their files first, though only 38% said they’d emptied the Recycle Bin as well.

Crucially, only 43% of the respondents had removed a computer’s hard drive before disposing of it. When you’re dealing with your own private files, this is the most secure method of all for ensuring no one can recover your own data from your old computer.

Data destruction – how do you do it?

Keeping a library of old hard drives stored away at home may seem like a pain, but it beats the risk of leaving your files on an old hard drive when disposing of an old computer.

Alternatively, data-wiping software can help to permanently over-write your files, though this can often be complicated to use for the less computer-savvy.

The safest method of permanent destruction is to remove a hard drive and take a hammer to it until the disk is smashed to smithereens. Environmentally this isn’t great, and it can prove hard work, but it certainly makes things nigh-on impossible for data thieves.

Comments
40
Member
wavechange says:
28 May 2012

I have a failed terabyte external hard drive that has been gathering dust for more than a year. I lost no data because it was used to provide automatic back-up. I will eventually remove and destroy the two internal disk units or keep the working one as a spare for another external hard drive.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Em says:
28 May 2012

@wavechange – sounds like it’s a fairly recent drive if it’s a terabyte. Worth checking the manufacturer’s website – I had a 1TB Seagate drive fail and entered the serial number. Still had a year’s warranty to go and got a free exchange unit within a week of sending it off.

0
 |     Reply    Report
Share   
Member
wavechange says:
28 May 2012

Thanks for the sensible suggestion, Em. This LaCie drive was less than two years old when it failed.

This drive was used in my office at work and contained a lot of confidential data. Sending computers and drives can be a risky business because of the possibility that someone could access the data. I don’t believe that the disk units themselves were faulty, meaning that it could be very easy to harvest the data.

Fortunately it was not my money, but I would still be reluctant to send off a faulty drive even if I had paid for it.

0
 |     Reply    Report
Share   
Member
anon the mouse says:
28 May 2012

While a hammer is a fun way to destroy a hard disk, you can also drill a couple of holes completely through. This breaks the vacuum and also damages the platters.

If you are passing on an old hard disk consider getting a military grade disk wiper (google it). They are free and will overwrite every sector with junk data…. completely wiping anything on it but leaving it usable.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Em says:
28 May 2012

A hard drive is hermetically sealed to keep dust and other contaminants out, but it cannot work in a vacuum. In fact, it relies on a thin film of air to “fly” the heads and stop them crashing into the platter. I only mention this, as breaking the seal alone is not enough to stop data being accessed – at least for a short time.

Obviously, as anon has suggested, drilling holes in the platter will create enough damage to stop the drive being read, but if you don’t have a drill or a Torx driver to remove the lid, what then? If you examine the cover carefully, there may be areas covered in a soft aluminium film. Punch a few holes in these with a kitchen knife, then soak the drive in a bucket of salt water overnight. That should finish it off – both the electronics and the shiny platter holding the data.

0
 |     Reply    Report
Share   
Member
wavechange says:
28 May 2012

Em’s comment above makes me think about the dangers of sending a computer for repair. If there is a fault it may be impossible to even attempt to remove personal data.

There are various possible solutions but anyone who cannot repair their own computer should think about what would happen if their computer develops a fault. In the case of laptops there is a significant risk of theft or being damaged by being dropped.

0
 |     Reply    Report
Share   
Member
Oliver says:
29 May 2012

Leaving data on your had disk could be dangerous. Smashing hard drive requires efforts and time but doesn’t guarantee that data is now safe because there are some specialized data recovery firm like Stellar Phoenix, which is dedicated to provide data recovery services from smashed or malfunctioned hard drive.
Though, you can use some specialized disk wiping software to permanently delete the data.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
wavechange says:
29 May 2012

Would anyone go to the length of trying to recover data from a smashed disk unless it was known to contain valuable information? What you are saying is possible but as likely as criminals breaking into banks to steal the small change. 🙂

Companies such as the one you mentioned can recover some or all of the data from faulty computer hard drives, though this is likely to cost a lot more than the replacement drive.

0
 |     Reply    Report
Share   
Member
Oliver says:
29 May 2012

Definitely you have to spend a bit more than the brand new hard drive but what option you have left to choose in the case if the data is so important to you and couldn’t suffer to loose. Remember, what I’m saying is about critical data loss situations and steps to get it back.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
wavechange says:
29 May 2012

Absolutely, but this Conversation is primarily about the risk of data falling into the wrong hands.

0
 |     Reply    Report
Share   
Member
Sophie Gilbert says:
30 May 2012

Is Which? planning to review data-wiping software at some point?

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Rich Parris says:
30 May 2012

Hi Sophie – we tested five data-wiping software programs as part of our investigation featured in this June’s Which? Computing. We looked at programs like Disk Doctor’s Data Sanitizer, Eraser and Darik’s Boot and Nuke. You can find more details in our June report, though generally we found that most software worked effectively but required quite a high degree of technical understanding

0
 |     Reply    Report
Share   
Member
Sophie Gilbert says:
31 May 2012

Thanks, Rich.

0
 |     Reply    Report
Share   
Member
Chris B says:
1 June 2012

I’ve got a couple of retired laptops which my business has finished with, and which I’d ideally like to dispose of in a green and useful way (e.g. give to one of those charities which recommissions them for use in third world countries). But the problem of who might get access to my old data has always stopped me donating them.

0
 |     Reply    Report
Share   
Member
cneal says:
1 June 2012

Surely FORMAT will completely wipe a hard drive? I did not think anything could be recovered after a a drive had been reformatted If you’re getting rid of a PC, then if your being kind, run FORMAT on hard drive and then reinstall Windows. If you’re not feeling kind, just leave a empty formatted drive. Would be interested to know if FORMAT doesn’t really do the job.
For everyday use I use CCleaner set to “Complex Overwrite” to get rid of deleted files.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
loones says:
1 June 2012

Formatting simply writes a new, empty table of contents to the disk. The actual data remains on the disk, but is only accessible using special tools. Also, because the surface of the disk is effectively lots of iron filings on a metal plate, even if you overwrite the area where the data was using another file some traces can remain of the old file on the edges of the groove (if you think of it in LP record terms). The safest way to remove data completely if you want to sell or give away the disk is to repeatedly write random data over the entire surface of the disk at least 4 times. This requires special programs (I use one called DBAN) but even so, some data may still be left behind. Big businesses which have super critical data to protect go further – they put the drives through a form of mulcher which turns the entire drive into dust and iron filings.

0
 |     Reply    Report
Share   
Member
Howsa says:
1 June 2012

How about a strong magnet, think I saw something on Bang goes the Theory that this could also be effective, but didn’t say if would render the drive completely unusable?

0
 |     Reply    Report
Share   
Member
John Cannell says:
1 June 2012

Ccleaner is a free programme that is useful for keeping your hard drive in good condition and now includes an option called ‘drivewiper’ which can be run up to 35 passes. It can either be programmed to to just deal with unused parts of the drive or all of it. Probably good enough for domestic use?

0
 |     Reply    Report
Share   
Member
William says:
1 June 2012

When I have needed to dispose of old hard discs (usually because they have failed), I “format’ them with a 12-bore shotgun. One shot blow them to bits!

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Chris B says:
1 June 2012

..”no officer, I only use my 12-bore for IT purposes” 🙂

0
 |     Reply    Report
Share   
Member
wavechange says:
1 June 2012

Hard drives were often referred to as Winchesters, so perhaps a rifle would be more appropriate. 🙂

0
 |     Reply    Report
Share   
Member
Tom says:
1 June 2012

Remove hard drive. Cut in half with angle grinder (knife through butter <1 minute). Put pieces in different bins. Piece of mind achieved.

0
 |     Reply    Report
Share   
Member
wavechange says:
1 June 2012

I hope you lot will comply with the Waste Electronic and Electrical Equipment Regulations 2006 and dispose of the remains of your hard drives accordingly. 🙂

0
 |     Reply    Report
Share   
Member
Big Bad John says:
1 June 2012

The last hard drive I had finished with I attacked with a hammer, then left it in a bucket of water overnight. Before putting it in the dustbin I coated it with the contents of my cat’s litter tray, defying anyone to handle it.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
Em says:
1 June 2012

I don’t think cat WEEE was quite what wavechange had in mind!

0
 |     Reply    Report
Share   
Member
graham says:
1 June 2012

I read recently, that the Australian government grind their hard drives to dust, then send it to be mixed into the cement when building/repairing roads. Pretty conclusive I’d have thought. Smash them and make a path or patio out of them could be the way at home.

0
 |     Reply    Report
Share   
Member
Derek says:
2 June 2012

Forthe future reference – SSD

Way back in the past (70’2) my data centre had a degausser, which could magnetically neutralise 2400 foot tapes and 14 inch diameter exchangeable discs (the first I worked with had six recordable platters and held a mighty 4 Mb)

This cost both arms and one leg, but would comfortably do the job, I wonder whise garage it wound up in.

What wil we do when SSD’s stop being the latest adadition, and become the latest thing to be disposed of? I guess that sanitising will do the job, but physical attacks may not. Bear in mind that this is also the case for all the old 256Mb USB pen drives as well.

0
 |     Reply    Report
Share   
Hide replies ∧
Member
wavechange says:
2 June 2012

Derek provides a useful reminder that USB flash drives can contain sensitive information. I have not found a reason to destroy my first flash drive which had a capacity of 128k and cost an amazing £80 from PC World, and it is still in regular use. I have cut up and disposed of my five and a quarter inch floppy disks, though.

0
 |     Reply    Report
Share   
Member
Bill says:
3 June 2012

I had a dozen internal hard drives to destroy from a number of old computers. Dismantling the drive cases was fairly easy, generally using a cheap precision screwdriver set ( < £10), including TX-Star bits pieces and pliers. Trick was to spot some of the screws hidden under sticky tape. Then used same TX-Star bits to separate the platters, breaking off the flimsy heads with pliers where they got in the way. At the same time, I dismantled one set of head balancing (surprisingly strong) magnets from the drives and wiped those across each platter. Punched a dozen or so serious dents into each platter with a hammer and nail-punch, and finally gently bent each platter back and forth with the pliers until they just fell apart into two halves. Disposed of halves (no electronics) in separate refuse collections. Probably a bit OTT – guess I could have skipped the nail-punch bit – but infact, nowhere near as difficult as I expected.

0
 |     Reply    Report
Share   
Member
Peter says:
5 June 2012

Hitting a hard drive with a hammer is not enough. In 2010 an MOD employee did just that and threw the pieces away. The pieces were recovered and sold on eBay as computer scrap. The pieces were bought and the purchaser using freeware recovered data.

0
 |     Reply    Report
Share   
Member
gill says:
8 June 2012

not a expert on computers but managed to take out hard drive disk but now not sure what to do with it, I have put a hammer to it bent it and put in water,the casing went to the tip.I assume I have taking out the right part.

0
 |     Reply    Report
Share   
Member
John Cannell says:
9 June 2012

One programme that’s been arouind for a while is DBAN. It’s useful for several things, including cleaning a hard drive and eliminating all data. I’ve used it for my own reasons – not security, but to allow me to start from a totally empty drive following virus and other issues. Certainly did what I wanted. Details here:- http://www.dban.org/

0
 |     Reply    Report
Share   
Member
chris says:
10 October 2012

Personally I have always found driving a 6″ nail though the drive platter does the job pretty well, all considering.

0
 |     Reply    Report
Share