/ Technology

What’s on your old hard drive? ‘Delete’ does not mean destroy

Have you ever sold an old computer? Given it to charity? Or sent it to the scrapheap? If so, you could be among thousands of Brits who may have unwittingly put their personal data at risk in the process.

It’s a common misconception that ‘delete’ means ‘destroy’. In fact, with just a little expertise, deleted files can easily be recovered from old hard drives.

In an investigation conducted by Which? Computing, we purchased several second-hand hard drives online via eBay – some cost as little as £15 to pick up.

Using the kind of data recovery software that can be cheaply downloaded off the internet by anyone, we were able to recover over 2,500 files from the eleven hard drives we’d purchased. We recovered everything from personal photos, spreadsheets, music files to online chat conversation histories.

Our lab experts conducted this exercise under tightly-controlled conditions, and the recovered data was fully destroyed at the end of the investigation. But in the wrong hands, the same data could lead to ID theft, fraud or even blackmail.

The risks of recovered data

Have you ever saved a CV on to your computer’s hard drive? Ever done your online banking on your home computer, or saved copies of documents to do with your home finances? These are exactly the sorts of files that can be retrieved from an old hard drive if all precautions aren’t taken to destroy the data properly.

In our recent survey of 1,003 Which? readers, we found that many are potentially leaving themselves at risk when disposing of old computer equipment. Of those who had ever sold or recycled a computer, 53% deleted their files first, though only 38% said they’d emptied the Recycle Bin as well.

Crucially, only 43% of the respondents had removed a computer’s hard drive before disposing of it. When you’re dealing with your own private files, this is the most secure method of all for ensuring no one can recover your own data from your old computer.

Data destruction – how do you do it?

Keeping a library of old hard drives stored away at home may seem like a pain, but it beats the risk of leaving your files on an old hard drive when disposing of an old computer.

Alternatively, data-wiping software can help to permanently over-write your files, though this can often be complicated to use for the less computer-savvy.

The safest method of permanent destruction is to remove a hard drive and take a hammer to it until the disk is smashed to smithereens. Environmentally this isn’t great, and it can prove hard work, but it certainly makes things nigh-on impossible for data thieves.

Comments
Profile photo of wavechange
Member

I have a failed terabyte external hard drive that has been gathering dust for more than a year. I lost no data because it was used to provide automatic back-up. I will eventually remove and destroy the two internal disk units or keep the working one as a spare for another external hard drive.

Member
Em says:
28 May 2012

@wavechange – sounds like it’s a fairly recent drive if it’s a terabyte. Worth checking the manufacturer’s website – I had a 1TB Seagate drive fail and entered the serial number. Still had a year’s warranty to go and got a free exchange unit within a week of sending it off.

Profile photo of wavechange
Member

Thanks for the sensible suggestion, Em. This LaCie drive was less than two years old when it failed.

This drive was used in my office at work and contained a lot of confidential data. Sending computers and drives can be a risky business because of the possibility that someone could access the data. I don’t believe that the disk units themselves were faulty, meaning that it could be very easy to harvest the data.

Fortunately it was not my money, but I would still be reluctant to send off a faulty drive even if I had paid for it.

Member
anon the mouse says:
28 May 2012

While a hammer is a fun way to destroy a hard disk, you can also drill a couple of holes completely through. This breaks the vacuum and also damages the platters.

If you are passing on an old hard disk consider getting a military grade disk wiper (google it). They are free and will overwrite every sector with junk data…. completely wiping anything on it but leaving it usable.

Member
Em says:
28 May 2012

A hard drive is hermetically sealed to keep dust and other contaminants out, but it cannot work in a vacuum. In fact, it relies on a thin film of air to “fly” the heads and stop them crashing into the platter. I only mention this, as breaking the seal alone is not enough to stop data being accessed – at least for a short time.

Obviously, as anon has suggested, drilling holes in the platter will create enough damage to stop the drive being read, but if you don’t have a drill or a Torx driver to remove the lid, what then? If you examine the cover carefully, there may be areas covered in a soft aluminium film. Punch a few holes in these with a kitchen knife, then soak the drive in a bucket of salt water overnight. That should finish it off – both the electronics and the shiny platter holding the data.

Profile photo of wavechange
Member

Em’s comment above makes me think about the dangers of sending a computer for repair. If there is a fault it may be impossible to even attempt to remove personal data.

There are various possible solutions but anyone who cannot repair their own computer should think about what would happen if their computer develops a fault. In the case of laptops there is a significant risk of theft or being damaged by being dropped.

Member
Oliver says:
29 May 2012

Leaving data on your had disk could be dangerous. Smashing hard drive requires efforts and time but doesn’t guarantee that data is now safe because there are some specialized data recovery firm like Stellar Phoenix, which is dedicated to provide data recovery services from smashed or malfunctioned hard drive.
Though, you can use some specialized disk wiping software to permanently delete the data.

Profile photo of wavechange
Member

Would anyone go to the length of trying to recover data from a smashed disk unless it was known to contain valuable information? What you are saying is possible but as likely as criminals breaking into banks to steal the small change. 🙂

Companies such as the one you mentioned can recover some or all of the data from faulty computer hard drives, though this is likely to cost a lot more than the replacement drive.

Member
Oliver says:
29 May 2012

Definitely you have to spend a bit more than the brand new hard drive but what option you have left to choose in the case if the data is so important to you and couldn’t suffer to loose. Remember, what I’m saying is about critical data loss situations and steps to get it back.

Profile photo of wavechange
Member

Absolutely, but this Conversation is primarily about the risk of data falling into the wrong hands.

Member
Sophie Gilbert says:
30 May 2012

Is Which? planning to review data-wiping software at some point?

Profile photo of Rich Parris
Member

Hi Sophie – we tested five data-wiping software programs as part of our investigation featured in this June’s Which? Computing. We looked at programs like Disk Doctor’s Data Sanitizer, Eraser and Darik’s Boot and Nuke. You can find more details in our June report, though generally we found that most software worked effectively but required quite a high degree of technical understanding

Member
Sophie Gilbert says:
31 May 2012

Thanks, Rich.

Member
Chris B says:
1 June 2012

I’ve got a couple of retired laptops which my business has finished with, and which I’d ideally like to dispose of in a green and useful way (e.g. give to one of those charities which recommissions them for use in third world countries). But the problem of who might get access to my old data has always stopped me donating them.

Profile photo of cdnhome
Member

Surely FORMAT will completely wipe a hard drive? I did not think anything could be recovered after a a drive had been reformatted If you’re getting rid of a PC, then if your being kind, run FORMAT on hard drive and then reinstall Windows. If you’re not feeling kind, just leave a empty formatted drive. Would be interested to know if FORMAT doesn’t really do the job.
For everyday use I use CCleaner set to “Complex Overwrite” to get rid of deleted files.

Profile photo of loones
Member

Formatting simply writes a new, empty table of contents to the disk. The actual data remains on the disk, but is only accessible using special tools. Also, because the surface of the disk is effectively lots of iron filings on a metal plate, even if you overwrite the area where the data was using another file some traces can remain of the old file on the edges of the groove (if you think of it in LP record terms). The safest way to remove data completely if you want to sell or give away the disk is to repeatedly write random data over the entire surface of the disk at least 4 times. This requires special programs (I use one called DBAN) but even so, some data may still be left behind. Big businesses which have super critical data to protect go further – they put the drives through a form of mulcher which turns the entire drive into dust and iron filings.

Member
Howsa says:
1 June 2012

How about a strong magnet, think I saw something on Bang goes the Theory that this could also be effective, but didn’t say if would render the drive completely unusable?

Member
John Cannell says:
1 June 2012

Ccleaner is a free programme that is useful for keeping your hard drive in good condition and now includes an option called ‘drivewiper’ which can be run up to 35 passes. It can either be programmed to to just deal with unused parts of the drive or all of it. Probably good enough for domestic use?

Member
William says:
1 June 2012

When I have needed to dispose of old hard discs (usually because they have failed), I “format’ them with a 12-bore shotgun. One shot blow them to bits!

Member
Chris B says:
1 June 2012

..”no officer, I only use my 12-bore for IT purposes” 🙂

Profile photo of wavechange
Member

Hard drives were often referred to as Winchesters, so perhaps a rifle would be more appropriate. 🙂

Member
Tom says:
1 June 2012

Remove hard drive. Cut in half with angle grinder (knife through butter <1 minute). Put pieces in different bins. Piece of mind achieved.

Profile photo of wavechange
Member

I hope you lot will comply with the Waste Electronic and Electrical Equipment Regulations 2006 and dispose of the remains of your hard drives accordingly. 🙂

Member
Big Bad John says:
1 June 2012

The last hard drive I had finished with I attacked with a hammer, then left it in a bucket of water overnight. Before putting it in the dustbin I coated it with the contents of my cat’s litter tray, defying anyone to handle it.

Member
Em says:
1 June 2012

I don’t think cat WEEE was quite what wavechange had in mind!

Member
graham says:
1 June 2012

I read recently, that the Australian government grind their hard drives to dust, then send it to be mixed into the cement when building/repairing roads. Pretty conclusive I’d have thought. Smash them and make a path or patio out of them could be the way at home.

Member
Derek says:
2 June 2012

Forthe future reference – SSD

Way back in the past (70’2) my data centre had a degausser, which could magnetically neutralise 2400 foot tapes and 14 inch diameter exchangeable discs (the first I worked with had six recordable platters and held a mighty 4 Mb)

This cost both arms and one leg, but would comfortably do the job, I wonder whise garage it wound up in.

What wil we do when SSD’s stop being the latest adadition, and become the latest thing to be disposed of? I guess that sanitising will do the job, but physical attacks may not. Bear in mind that this is also the case for all the old 256Mb USB pen drives as well.

Profile photo of wavechange
Member

Derek provides a useful reminder that USB flash drives can contain sensitive information. I have not found a reason to destroy my first flash drive which had a capacity of 128k and cost an amazing £80 from PC World, and it is still in regular use. I have cut up and disposed of my five and a quarter inch floppy disks, though.

Member
Bill says:
3 June 2012

I had a dozen internal hard drives to destroy from a number of old computers. Dismantling the drive cases was fairly easy, generally using a cheap precision screwdriver set ( < £10), including TX-Star bits pieces and pliers. Trick was to spot some of the screws hidden under sticky tape. Then used same TX-Star bits to separate the platters, breaking off the flimsy heads with pliers where they got in the way. At the same time, I dismantled one set of head balancing (surprisingly strong) magnets from the drives and wiped those across each platter. Punched a dozen or so serious dents into each platter with a hammer and nail-punch, and finally gently bent each platter back and forth with the pliers until they just fell apart into two halves. Disposed of halves (no electronics) in separate refuse collections. Probably a bit OTT – guess I could have skipped the nail-punch bit – but infact, nowhere near as difficult as I expected.

Member
Peter says:
5 June 2012

Hitting a hard drive with a hammer is not enough. In 2010 an MOD employee did just that and threw the pieces away. The pieces were recovered and sold on eBay as computer scrap. The pieces were bought and the purchaser using freeware recovered data.

Member
gill says:
8 June 2012

not a expert on computers but managed to take out hard drive disk but now not sure what to do with it, I have put a hammer to it bent it and put in water,the casing went to the tip.I assume I have taking out the right part.

Member
John Cannell says:
9 June 2012

One programme that’s been arouind for a while is DBAN. It’s useful for several things, including cleaning a hard drive and eliminating all data. I’ve used it for my own reasons – not security, but to allow me to start from a totally empty drive following virus and other issues. Certainly did what I wanted. Details here:- http://www.dban.org/

Profile photo of chris
Member

Personally I have always found driving a 6″ nail though the drive platter does the job pretty well, all considering.

Member
dfdf says:
16 January 2013

To erase data permanently on disks with bad sectors, try WBD(Wipe Bad Disk).

Member
John Cannell says:
16 January 2013

As mentioned earlier, unless you’re destroying a business HD, where security is of great importance an easier way for domestic use is Ccleaner, a free download from here:-
http://www.piriform.com/ccleaner
which has many useful features for the home user, including ‘drive wiper’, which deletes and then overwrites the deleted files. (Delete just means that the files can be overwritten – the data is still there until it IS overwritten.) It can overwrite several times if required. It can be programmed to act on just deleted and empty areas of the drive, or all of it. This should be sufficient in most cases.

Member
Neo Jensson says:
18 December 2013

One way to erase data from hard drive is ErAce. It over writes har drive 1-100 times. In that way it is impossible to recover data. It can be loaded from erace.it or sourceforge

Member
Michael Williams says:
11 February 2015

I have an old computer that I’m trying to sell. However, I’m not sure that I’ve fully wiped the hard drive. I know that a lot of people say that nothing is never lost on the net, but I really want this to be. Do I have to completely destroy the hard drive, or what are my other options?

Profile photo of John Bogue
Member

Hi Michael, your other options are to simply remove the hard drive and put it in a safe place in your home or if you have the Windows installation disk for this machine go through the Windows re-installation process including a full format of the drive. Personally I’m not a fan of smashing things up as this can be dangerous unless you wear proper protective clothing such as thick gloves and eye protection!

Profile photo of David-Johnson26
Member

Yes, it is true, permanent data wiping can be done by various techniques. Most of them are undermentioned

1) Crushing/Physical Destruction
2) Shredding
3) Degaussing
4) Using Data Erasure Tool

Different people use different methods for data erasing depend on their situation and understanding. But, personally being pro-environment-friendly. I always opt for method which creates less or no pollution. Used various data erasure many times in past, some of them are BitRaser, DiskWipe, Eraser. All of them works well and destroys all HDD sensitive data. But BitRaser software gives me more satisfaction in terms of Certifying about complete removal after recovery.
The last technique is no doubt a eco-friendly technique. Choose wisely

Profile photo of duncan lucas
Member

David-I wisely chose a builders heavy hammer (recommended ) -#1- place HDD on solid concrete/stone ground – #2- with an arching motion swing back said hammer -#3- bring the hammer down with a crushing blow to the HDD (while wearing plastic safety glasses ) -#4- watch as the drive is flattened and shattered by this action- #5- deposit remains in an environmentally safe fashion.