Quantcast

Zoz – And That’s How I Lost My Other Eye… Explorations in Data Destruction

Dr. Andrew 'Zoz' Brooks This DEF CON 23 presentation by Dr. Andrew ‘Zoz’ Brooks turned out a blast, so read about the ways to destroy data on hard disks, and don’t try this at home.

Hello DEF CON! I’m actually going to break with tradition this time and start one minute early, because I have so much shit to show you guys that I’m worried about how much I can fit in here. I have not counted, but I’m reasonably confident in saying that there are most explosions in this presentation than any other DEF CON presentation in history, which is crazy because it’s nearly a quarter century of DEF CON – can you believe it? That’s totally blowing my mind.

A shout-out

A shout-out

A lot of projects are not solo, but this one is very much not solo. I called in so many favors in working on this project (see right-hand image). A lot of friends went above and beyond to help me out, so this is their old school anti-splash screen hacker thanks. I think the only person who made it to CON this year is RF, so hopefully he’s awake and watching.

Previous research

Previous research

I was inspired to do this by a talk at DEF CON 19 by Bruce who just spoke in here, and Deviant and Shane (see left-hand image). They were running some kind of data center that had very valuable stuff on the hard disk in that data center. And they were sort of kicking around some ideas like, you know, it could really be a target for some criminals to come and steal everything. So could you have a switch that you could flip to destroy physically all of the disks in your data center? I thought this was pretty cool and I really wanted to kind of do a follow-up and do some experimentation of my own.

And then four years later I thought about, well, where are we now? We have actually had data centers be physically raided and have all this stuff stolen: TorMail, the multiple Silk Road(s), and Snowden taught us that we don’t really know how much we can trust crypto, because our endpoints are so insecure. Your crypto is only as secure as the keys, so think about it. At the NSA, when they get rid of encrypted drives do they just throw the drives away? No, of course they don’t. They destroy them completely.

Project objectives

Project objectives

So here are the goals (see right-hand image). Flip a switch, drives are gone, no bits left standing. Protect your data center against highly motivated criminal organizations such as the three-letter government agencies. And then of course the big one – produce a lot of destruction pr0n for the DEF CON audience, for all of you here. That means more thermite, more high explosives, and more voltage.

The rules to follow

The rules to follow

These are the rules that Bruce and Shane and Deviant came up with (see left-hand image). And I’m going to mostly try and follow them. You have a 1U server with your equipment in it. You have 1U above and below for whatever you want. I personally, when I was doing this, tried to keep all the actual destructo equipment in 1U so that the other 2U could be used for protection, hot gas extraction and so on. 60 seconds to completion – I really want to make a joke about Bruce and Deviant and Shane here, but I won’t. Don’t set off the fire systems. Don’t set off the seismic sensors in the nearby banks. I don’t really care about that, so don’t worry about that. Contain the damage within the equipment. And protect any nearby humans.

HDD technology

HDD technology

A quick word on hard disk technology (see right-hand image). Data centers still use a lot of spinning platters. These tend to be made out of aluminum, and now more frequently glass, and glass smashes easily. So most of this stuff is with aluminum, and almost everything I do here will also work on glass. The coating is really interesting of hard disks. They have underlayers of a cobalt-nickel-iron alloy. The magnetic alloy actually is cobalt, chromium with platinum. And these layers tend to be separated by four atom layers of ruthenium. So the surfaces of hard disks are very chemically unreactive actually. And now of course, not so much in data centers, but we are starting to see solid state drives, so I wanted to do a little bit of stuff with them, too.

DEF CON 19 takeaways

DEF CON 19 takeaways

Here are the results from DEF CON 19 (see left-hand image). They did three categories and they split it up between the three of them. Deviant worked on incendiary. And the results were they had some regulatory issues with possible deployment, because they were working with Tannerite, which is used for making explosive targets. And legally, to set off Tannerite you have to shoot it. They did some melting of the aluminum platter hard disks using propane and MAPP gas. And what they discovered was the drive is an excellent heat sink. It’s a big chunk of cast aluminum, the patters themselves are often aluminum, so they suck up heat like crazy and they are hard to melt.

They did some chemical injection, and it was basically a total fail. They injected various corrosives, and the hard disks are quite chemically unreactive. The most fun they had was with physical tools. They used a lot of woodworking tools such as hole saw, spade bit and grinding disc. They got things hot and burned themselves a lot. You should definitely watch the talk, I was going to say that earlier. I don’t want to say too much about the actual talk – just go online and watch it. It’s very amusing. And then, they did some electro-deplating of the platters, which worked great on the glass platters but completely failed on the aluminum ones.

Industrial HDD destruction

Industrial HDD destruction

Just a word on how they destroyed drives industrially (see right-hand image). When they decommission disks they mostly degaussed them and then threw them into a shredder. So when you are getting rid of drives you want to predict your adversary. The TLAs are able to collect and exploit physically destroyed drives. I talked to a guy who did EOD work in Iraq, and he was under instructions from the NSA that if he found any hard disks that were not crushed and burnt – to send them in, they could get stuff off them. So if you want to nuke a drive from orbit, degauss it, crush and shred, and burn.

The 101 piece

The 101 piece

So here, since I’m in the 101 track, even though this is mostly original research, here’s my one 101 slide (see left-hand image). For anyone who’s here for actually a 101 talk about how to destroy their own hard disks at home, you can leave satisfied after this slide. Open your drive – this usually takes a Torx T8 bit; remove the platters – this usually takes Torx T6; rub it with a rare-earth magnet to degauss it; crush, break, deform it by the method of your choice; then burn it; then separate the debris. Don’t dispose of it all in the same place. Separate it and throw it away.

Data destruction techniques

Data destruction techniques

Alright, so the rest of this talk – hopefully interesting to you, not necessarily useful. I too decided to use three different techniques with this: thermal, kinetic, and electric (see right-hand image). The goal of doing a thermal method with a drive is basically to exceed the Curie point of the magnetic media. For cobalt that’s 1115º C – at that point it becomes magnetically disorganized and theoretically nothing can be read from it again.
The thermal way

The thermal way

Here are some things that I didn’t do that you can either try or realize why I didn’t do them (see left-hand image). I really wanted to look at some flameless chemical reactions. I couldn’t find any that got hot enough. Of course you can make a kickass oven and bake a disk. That is not exciting to watch. You can inductively melt aluminum very easily. You can get a big inductive furnace, it’s nice, I’ve used them before. I would have liked, I guess, to drop a hard disk in one and watch it melt, but I didn’t do it.
 

Read next: Explorations in Data Destruction 2: Thermal Techniques

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: