Destroying a hardrive

[alexis101]

Ok,
My boss come to me with a strange request ... in case of emergency he wants the hardrives of our servers to "self destruct" even if they are in use. We have very sensitive data on these hard drive and in case of an emergency( like buglars) we need to be sure that nobody go away with our data. I search the internet for solution but the only solution i found its booting with a floppy drive and things like that ... But i need to be abble to activate the destruction remotely (By phone with asterisk).
I dont know if anyone can point me to any software or code that will burn the hard drive!

[occ]

Even IF you were able to run a program, to say, 'erase' the data, it would not be enough.

See:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

If the data on your disk must not be read by unauthorized party under any circumstances, your only choice, AFAIK is to have use an encrypted filesystem.
see
http://www.sdc.org/~leila/usb-dongle/readme.html
http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml
http://fedoranews.org/alex/tutorial/crypto/

[ToeiRei]

My 'self-destruct' setup here:

* USB Stick with Certificates
* encrypted system
* Root-Plug

The system is only bootable with the USB Stick which can easily be destroyed...
You might want to have a look at sys-fs/cryptsetup-luks


Rei
_________________
Please stand by - The mailer daemon is busy burning your messages in hell...

[alexis101]

Thanks for these solution , Encrypted system sounds interesting ... Ill look into it ... But the fact is I am more looking into something that will destruct the drive itself not only the data ...

And Rei you boot from the usb stick but once the system is up can you remove it And do you have any links for me about this setup?

[GenYetiToo]

[Rikai]

Basically, short of an enormous, moving, permanent magnet you're going to have a hard time completely wiping the drive. Even encasing the thing in thermite and setting it off may not do it.

There was an article on slashdot a little while ago about it. That might give you more information, or at least a place to start looking.

[Aurisor]

Basically, the only reliable way to destroy the data on a hard drive is using a magnet. Simply sending too much voltage to the drive will just burn out the controller and leave the data intact, and any software solution is going to take a long-ass time to work properly. Unless you can be sure that the drive will be unattended, running, and connected to the internet after the theft, it's nearly impossible to do this reliably. Anyways, here are a few ideas...

1) Don't bother with trying to destroy the data....write something that silently "calls home" and just go find the person instead.
2) Minimize the amount of data. You could create an encrypted volume on your disk of say 200 megs and store all of the important data in there. Then have some program run "shred" on just that part of the disk. I'd imagine that could probably wipe the data before anyone notices. Of course, there is still the issue of getting in contact with the computer....if you can connect to the stolen laptop, why not just get the IP and do some detective work?
3) Hardware solution. As far as I know, wrapping live, short-circuited hard drive is the easiest way to TRULY erase a drive. You just take a heavy-gague extension cord, strip off one of the plugs, connect that end, and then connect the other plug to the wall. I've heard of l33tsauce hackers having these on all of their hard drives connected to a switched outlet that's always off. If they ever get busted, they just have to make sure they flip the light switch on the way out and they're clean. Of course, I'm not sure how you'd connect something like this to a laptop, since the power supply lowers the voltage before it even gets to the laptop. If you guys have the resources, perhaps you could make a custom power supply with a cell phone in it....when the cell phone activates, it switches the full voltage through a special wire which wraps around the laptop's hard drive. Only problem is, this may be beyond what you guys are capable of doing.

Anyways, although I don't think this is a very practical project, it is neat to think about it.

[alexis101]

First , The data are not on laptop but on server.

[Aurisor]

Well, there are hard drive destruction programs, shred. Just run shred /dev/hda and it'll just start overwriting random patterns on all of your data. It won't stop the FBI, but petty thieves most likely won't have the resources to recover the data.

As far as I know, encrypting a drive requires a reformat. There's probably a way to do it on the fly, but honestly I would just copy my data somewhere else, reformat, and then copy it back....you need a backup anyways.

And just an unwarranted two cents....I don't know what kind of business you're in, so I may just be talking out of my ass here, but...

Honestly, most data loss happens because of absolutely colossal stupidity, rather than actual assaults against planned defenses.....you know, downloading sensitive data on public computers, using "ADMIN" for a password, accidentally leaving laptops in public places, redacting data in pdfs by drawing black boxes over them, etc etc. IMO most of the time spent designing james bond gadgets to protect your armored data center against ninjas would be better spent elsewhere. It's the proverbial locked door and open window....

Anyways, just my two cents, take it as you will.

[bluedevils]

an old workplace had degussers for erasing tapes, but it also completely destroyed the hard drive physically and the data itself.

Buy one of those and connect it to a remotely controlled power strip.

[xPAGANx]

The only safe way to protect your data is through encryption. Once you start trying to implement ways of actually harming your own data you put a risk there. What if something funky happens and that process launches? What if you make a slight logic error? If you want to implement anything of that sort you would need a serious testing environment. If you pick a strong encryption, that data is as good as gone without the key.

[occ]

based on the description, we can assume that the 'bad guy' is after the data. Indeed if he only cared about the hardware he would not go after this particular one: there are millions of computers more easely accesible. (if you are after a dolly, you don't try to break into fort knox)

If he is after the data, and if you assume that he is not stupid, he will do his homework and lear how to break-in without trigerring the 'silent' alarm, or at least do it in a way that make you wonder if it's for 'real' long enough so he can get to it before you decide to push the nuke button.

With an encrypted FS, the guy would not be able to unplug the computer. he would have to steal the computer AND the UPS that goes with it (I assume that your computer has an UPS). While still doeable, that present unique logistical challenge: UPS are heavy and cumbersome... now the bad guy need to be a full team with heavy equipment... and the timing is quite critical.

If you still want you nuke button, all you need to do is to remotely turn off the power of your machine. The good news is that in case of false alarm, you can recover with minimal disruption. once you filesystem has been unmounted (the hard way : power failure), as it has been said before, the disk's data is just as good as junk without the password.

Of course, now you have the problem to protect yourself agains social engineering effort to gain access to the password. On the other hand, you already have this problem today, since a smart 'bad guy' would certainly try to access the data that way than physically breaking in.

Another thing to consider. Maybe the bad guy intention is just to cause disruption. If you rig you computer to self destruct at the first intrusion alarm, a disgrunted employee could certainly make that happen, without actually being even near the site. (how-to, depend on the type of alarm(s) you have, but there is alwys a way to make it trigger)

[alexis101]

[jackieTHEjokeman]

I've heard from a guy who's brother in law works for the NSA that they can recover data off of any hard drive. It doesn't matter how many times it was erased or even if the hard drive was thrown out the window! They can piece the platters together. The only solution:

THROW IT IN HOT MOLTEN LAVA!!!