Even if you aren’t planning on getting new tech this holiday season, you probably have some old devices sitting around your house. And as we’ve learned from the monster hacks of the last year or two, anything that exists on a hard drive could eventually be made public.
So it’s time to get rid of your old devices.
“Three ways of removing information from your computing devices, from the least effective to most effective, are deleting, overwriting, and physically destroying the device holding your information,” Carnegie Melon’s Linda Pesante, Christopher King, and George Silowash wrote in a guide for the United States Computer Emergency Readiness Team.
They note that deletion is “not effective” and recommend you at least consider “overwriting” if you’re going to offer the device to someone else, turn it in to be recycled or return it to your carrier.
But if the device is outdated enough or the data on their is so sensitive that you’d rather not risk it ending up in anyone’s hands, US-CERT calls physically destruction “the ultimate way to prevent others from retrieving your information.”
The team suggests utilizing a destruction service you trust or taking the matter into your own hands, literally.
“[I]t is possible for you to destroy your hard drive by drilling nails or holes into the device yourself or even smashing it with a hammer.”
Hertta offered an example of destruction by hammer in the parking lot of F-Secure Headquarters. That did more damage to the hammer than it did to the hard drive. So our colleague Marjaana took it a step further.
As you saw in the video, that still wasn’t good enough. So they’re taking the remains of the device to a confidential disposal service.
We showed the video to our Erka Koivunen, F-Secure Cyber Security Advisor, and he shook his head.
“You should remove the disks from the casing before you start banging the hard drive disk with a hammer,” he told us. “So, before going for the hammer, you’d need screwdrivers and some preparation time. One might also finish with an electric drill.”
The drill works for destroying anything with a flash memory. But destroying a computer isn’t as simple as it seems as journalists learned when technicians from the British Intelligence Agency GCHQ destroyed laptops that held data from CIA contractor turned whistleblower Edward Snowden. And it seems data isn’t only stored in the hard drives.
“I have spent some quality time with my small kids opening up magnetic hard drives and ‘undressing’ old computers,” Erka said. “I don’t want them to get any ‘ideas’ so I have not banged the hardware with a hammer while they watch.”
As you can see, it can get dangerous.
No matter when you intend to destroy a device, Erka recommends using proper full disk encryption in a secure fashion during all active use.
For home users, he suggests the following before disposal:
– Turn off any cloud based key-management and only have local decryption keys for the full disk encryption
– Change the disk encryption passphrase to something incredibly long and complex
– If you have “recovery key”, change the passphrase for that key too
– Throw away the keys (if you wrote it on a paper, burn it)
– Proceed to overwrite and PHYSICAL DESTRUCTION.
We’re working on an alternative example disposal method with some friends that’s a bit more final.
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017