Sections

Services

Information

UK United Kingdom

Explainer: how do you destroy a hard drive?

Anyone who looked at The Guardian’s website this week will have seen a picture of one of the newspaper’s own laptops smashed and in pieces. Why did this Mac have to die? The article accompanying the photo…

Hope they backed it up … purplemattfish

Anyone who looked at The Guardian’s website this week will have seen a picture of one of the newspaper’s own laptops smashed and in pieces.

Why did this Mac have to die? The article accompanying the photo describes how The Guardian was visited by representatives of GCHQ who, believing The Guardian were using the laptop in question to store files provided by the NSA whistleblower Edward Snowden, demanded that the data on it should either be handed over to them, or destroyed.

The fragments of computer pictured on The Guardian’s website make it clear that they chose the second option. Leaving aside the rights and wrongs of an intelligence agency interfering with journalists, and the fact that electronic data is very easily replicated, was it really necessary to smash up a computer in order to make sure the data was really gone? Well, truly deleting data might be harder than you think.

A standard computer will store your files on a “hard drive”; specifically a stack of spinning disks coated in a magnetic film. This film acts like billions of tiny magnets, each of which can be in one of two positions, representing either a one or a zero. All of your files: documents, pictures, music and movies, are encoded on these disks as sequences of ones and zeros. To keep things organised, the hard drive has a table of contents that indicates which parts of the drive are currently in use and where each file is stored.

Deleting a file only deletes the file’s information from the drive’s table of contents; the ones and zeros that make up the file remain on the drive. Until this data is overwritten, it is easy enough to look at this ghost data and reconstruct the file. An analysis of second hand hard drives from eBay found 40% contained personal information that could be recovered in this way.

A more sophisticated method of removing a file is to repeatedly overwrite the file data with random values and then delete it. This is the standard method of “securely deleting” files used by many businesses. There are many free applications that will do this for you on Windows (for example, Eraser); on a Mac this can be done via the “Securely Empty Trash” option on the finder menu and on Linux you can use the “shred” command.

But even this isn’t guaranteed to destroy the data completely; when viewed under a magnetic force microscope, a tiny magnet on the drive that has recently been switched from a 1 to a 0 will look slightly different to one that has been in the 0 position for a long time. Therefore, with a well-equipped lab, it may still be possible to reconstruct the deleted data. A further complication is that it would have been hard for The Guardian to prove to GCHQ that this procedure had been carried out correctly; showing GCHQ the smashed pieces of a hard drive would certainly have provided more conclusive evidence.

Smashing a hard drive is a sure way to stop it functioning as intended (step-by-step instructions on physically destroying a hard drive can be found here). Companies that specialise in the mass destruction of data will put hard drives through an industrial shredder. But even this may not be enough to ensure the data really is unreadable. Each fragment of disk will still contain the ones and zeros that represent the files, and so with advanced lab equipment they could be read and pieced back together. The Guardian reports that they used angle grinders to destroy their drive, which would have probably fragmented it into pieces too small to read. In which case, we can be sure that the data on the laptop in question is gone.

Justified or not, the complete destruction of The Guardian’s hard drive was the only sure way to be certain that the data was really gone, but many questions remain. For example, the pictures on the Guardian’s website only showed the smashed case and main computing boards, not the computer’s memory and hard drive. So what happened to the actual hard drive that stored the data? Why were parts of the computer that hold no data also smashed?

It’s unlikely that The Guardian or GCHQ will be providing answers to these questions anytime soon. So that leaves us with one final question (originally posed by security expert Matt Blaze): does an AppleCare warranty cover the destruction of a computer due to interference by the secret services? Let’s hope so, because it looked like a nice laptop.

Articles also by This Author

Sign in to Favourite

Join the conversation

5 Comments sorted by

    1. Tom Chothia

      Lecturer in Computer Science at University of Birmingham

      In reply to Alex Moses

      Hi Alex,

      Thanks for the link. There is indeed a lot of debate about how hard it really is to recover “securely deleted” data using a magnetic force microscope. Many studies, including the one you cite, have shown that recovering a few bits of data is possible, but whether it’s possible to recover whole documents isn’t currently known. One party that takes the risk very seriously is the UK government that explicitly does not consider “secure deletion” as enough to destroy data and requires shredding or degaussing for confidential data.

      report
  1. lew hunt

    retired

    Why have did this Mac have to die? Have to say that looks less like a shredded Mac than a dozen assorted hard drives mostly not laptop drives. It would have been a fine jape for the Guardian to have conned the GCHQ experts but I suspect it was an editorial decision that it was a better picture.

    report
  2. Ben Gardner

    Student

    I'm sure our good old friend Fire would do the job right. But to painstakingly recover a few bytes via microscope simply isn't feasible because of the time it takes, i'm confident that using DBAN for 7 passes would make your data effectively unrecoverable to all.

    report
  3. Gary Bau

    logged in via email @me.com

    Not so fast...on the mac there are more advanced overwrites x35 built in to settings>utilities

    A commercially available file recovery software can resurrect files long deleted and overwritten. A case in point, I was called on to recover a file mistakenly deleted on a hard drive. The usual directions, do no more as the standard delete merely removes reference to the file in the table of contents (TOC) easy to recover...the reply was that they had used secure delete..contents overwritten. I proceeded to start the recovery process. I used the highest level of sensitivity..silly choice!! Recovery took over 20 hours but files securely deleted several YEARS earlier were also recovered...this at a desktop! Nothing too special, I expect a lab could get back mostly every/anything.

    report