14 DAY TRIAL // Security researchers and computer experts were baffled to hear that a respectful UK-based computer magazine was advising its readers to smash their old hard drives with a hammer under the pretext of protecting sensitive data. The magazine is careful enough to mention taking the HDDs out of the computer first, but fails to say anything about physical protection gear.
Which? Computing magazine is pretty popular in the UK for publishing good quality hardware and software reviews, as well other computing-related guides. However, this was not the case with one particular article published recently, some computer professionals argue.
In an attempt to raise public awareness regarding the dangers of what they call hard disk hijacking, the editors of the magazine claim that going medieval on data storage equipment by using a good old hammer is the best way to make sure that sensitive information cannot be recovered by ill-intended individuals.
The magazine's editors conclude that data wiping software is unreliable and cannot ensure that previously stored information cannot be retrieved. “It sounds extreme, but the only way to be 100% safe is to smash your hard drive into smithereens,” Sarah Kidner, editor for Which? Computing, says.
Despite potentially having therapeutic effects for people with anger management problems, this approach raises several issues of its own, experts explain. For one thing, data recovery gurus with access to the proper tools can recover information from relatively badly damaged data storage devices. Of course, shattering the platers into thousands of little pieces would completely hinder the success of any data recovering attempt, but, at the same time, would pose serious physical injury risks.
Our common sense tells us that having glass and metal shrapnel flying around is definitely not a good idea. Graham Cluley, senior technology consultant for Sophos, outlines another issue. “How is the average consumer supposed to know that they have physically damaged the hard drive enough to prevent data from being recovered from it?,” he asks.
We agree that improper disposal of data storage devices is a security risk, and there have been numerous cases where sensitive information has been discovered on second-hand hard drives or digital cameras. If it falls in the hands of identity thieves, fraudsters, or even extortionists, such information has the potential to ruin lives. In their article, the Which? Computing editors describe how they were able to recover 22,000 improperly deleted files from eight hard drives bought on eBay.
Even so, there are safer ways to ensure that your data cannot be retrieved. For example, Phil Bridge, managing director of Kroll Ontrack UK, a well known data recovery company, told BBC in an interview (watch video) that they were not able to recover data after a zero fill, otherwise known as a low level format. Most HDD manufacturers offer their own tools that allow users to perform such low level formatting for free.
Other third-party applications can do a pretty good job when it comes to data wiping or scrambling, as well, but choosing one usually requires a bit of personal research. “Choosing a data wiping solution carefully is better than trying to crack a nut with a sledgehammer,” Sophos' Graham Cluley concludes, and we tend to agree with him.