/g/, I was tasked earlier today to dispose of a hard drive, but I'm not sure if I did a good enough of a job.
I work at a hospital as an IT assistant and my boss gave me a hard drive (a maxtor one, 40gb very old) that we use on the servers but he only gave me 1 hour and a half to deal with it (seems like this was going along with a batch)
So without much time the best I could gather was getting a drill and a drill bit but by the time I managed to even get the stuff I ran out of time. The best I could do was drill a hole completely (you could see through the other side) on pic related position of the HDD
It seems the hdd had patient information that was very private and the hospital doesn't want people snooping in. It's nothing too serious, but it's definitely a concern for patients I suppose.
Question is though, would a hole on pic related's position be enough? I wanted to do at least 2 more holes in it to make sure I got through the platter, but didn't have enough time.
You could have erased the data when the hdd was working using a boot program. All you needed was a bootable drive and a computer. The program basically writes random bits over and over to hide magnetic footprints.
you should have done several holes or bent cracked the discs inside.
The best I could do with the time I had was smash it a hammer, and drill through position on OP's picture
Could people still harvest the data even through data? Would anyone go through these lengths on old hard drives in garbage?
Well I'm not sure what data the hospital had, but shouldn't be too private stuff, still somewhat worrisome though
Would a hole on OP pic's position have gone through the platter? I just tried to make it as difficult as possible so a random fag wouldn't think it was worth the hassle for a 40 gb hdd
Yeah and I barely had time to mess around with it. It's those cases when your boss think hard drives can be destroyed in 5 minutes without tools or anything
If I had another hour I'd be set with just using a DBAN and doing some physical damage on it so my boss wouldn't nag at me
Assuming you didn't damage the read head they could just replace the circuit board and have potential success aside from some corrupted where you damaged the platter.
No easy task unless you know what you're doing considering many things can go wrong.
But really if you even were to just smash it you'd render it useless for 99.99% of people unless they had millions of dollars worth of equipment for forensic work.
Dude, the hard drive was hard and sturdy as fuck. Like I'd smash it several times with a hammer and the cover of the platter wouldn't even bend.
But if they're as fragile as you say then I should be alright
After smashing it with a hammer several times I was still worried if the insides were damaged so I drilled through it just to make sure.
I hope it was damaged enough that no one would bother with it
Why didn't you just open the cover?
Open it and smash the platters themself.
>You could have erased the data when the hdd was working using a boot program.
He only had 1 hour to do it. Not enough to erase all sectors. And that is assuming that all sectors work fine and won't end up causing stalls due to errors.
Drilling that hole was a good thing to do. It most likely cracked the discs inside, no chance in hell to recover anything after that.
>bent cracked the discs inside.
HDD platters don't bend like a CD/DVD. They explode into a billion pieces instead. You can still try doing it, but do it in a bucket or something so the small pieces don't end up littering your entire room. I swear I still find some of them months later.
If you drilled a hole that went through the other side and got through the platter that will be pretty good
The rest will be debris of garbage getting inside the HDD and chances are it will scratch the disk and give all sorts of issues with it
No one will bother getting that unless they know for sure it's worth it. Which they don't
You have put a hole in the disk.
I doubt the usual suspects will bother with it.
seeing as typically your back yard hacker will need a fully functioning drive and wont have the tools required to take the disk out and read it
fat32 quick format always does the trick, scrub.
besides why the fuck do you only have an hour to destroy data, why aren't there backups of this data that you're also worrying about, and why is this a single disk that contains the data.
I don't work for a hospital but we have backups for days and months of our data and there is no single drive that we can pull that has any of the data on it, as our shit is all raided together.
also when we do decommission drives we DBAN, and physically destroy the drive, every one of them... why aren't you give the time needed to do your job correctly? Why do you care about the outcome of all of this when you have no control over it.
The guy you're replying to isn't me by the way
But the reason I wasn't given enough time was probably because there were more hard drives that were disposed earlier one and this one was left out
Given how old it was the hospital was probably updating its systems (Maxtors are what? pre-2006?)
Reason I'm worried is Idk what kind of info it had so it really weighs on my conscience if something happened to the patients and I was to be blamed for it.
Maybe /g/ could say if what I did was good enough for your regular snooper. I hope it was.
Oh another possible reason for not enough time is because my boss probably didn't know data in hard drives can be a bitch to get rid off
I guess he thought just letting it fall down a couple of times would do the job
>Dude, the hard drive was hard and sturdy as fuck. Like I'd smash it several times with a hammer and the cover of the platter wouldn't even bend.
>But if they're as fragile as you say then I should be alright
Yes, it was done after the first solid hit.
Dude, you work in a hospital.
You presumably have access to an MRI machine.
The thing generates magnetic fields on the order of 1 Tesla (really fucking strong). Put the HDD in there and any data that was on it will be unrecoverable.
Alternatively, get sledgehammer and smash. If you had time to remove the platters a regular hammer should work just fine. The more you smash the platter the finer the fragments will become and the harder it will be to reconstruct the data.
Why did you have an hour though, why couldn't you just hang on to it until you could do it properly? Was a boogie man coming?
Also if you drilled a hole through it, you most likely shattered the platter within, it would now take more time and energy to recover the data than it could ever be worth to anyone... 99.999999999999999999999999% impossible to get.
>face book frogs
erase yourself, preferably gutmann method
>thinks pepe images were made on facebook
Kill yourself kid.
>why did you have an hour though
That, and it was going with a batch with other hdds, so I guess my boss wanted everything together so I wouldn't be late
if I had more time I'd have used DBAN and I wouldn't be making this thread.
But thanks for everyone who replied
if I had more time I'd have used
I wouldn't do this unless you want to responsible for breaking the MRI machine.
The no metal in the room rule isn't for your safety it's for the machines safety. An MRI machine is not an inexpensive machine.
So really what you're saying is that the reason you only had one hour to destroy the data is because your boss said in one hour you have to have the data destroyed. There was no audit or anything on that sort, it's just that he wanted it done. Like a boss might not have a good reason for you to show up to work on time, it's just what he wants so you have to do it.
Well I would have told that guy to eat a shit steak.
1 x lighter
1 x scrap of plastic
or you could have melted a piece of plastic into the screw hole, let it harden for a min
hey presto, fucking plastic t7 screwdriver
i done similar things like this and it works a treat
>Well I would have told that guy to eat a shit steak.
You have no idea how pissed I was man.
Like I had to talk with a bunch of people to get a hammer and a drill, and the guy only wanted to give me a single bit
No screwdrivers, no nothing and time was running out. It's like he thinks data in hdds is something to played with.
>face book shit
You work in a hospital, you already have HIPAA Compliant ways of disposing of data and if you don't holy fucking shit are you all retarded as fuck.
>source, I have worked in Healthcare IT for a major Hospital Network
Came to post exactly this. Your boss is a fucking idiot for not disposing of hardware correctly (or at least telling you how to instead of just handing you the drive and saying "go away") and you're a fucking idiot for even posting this. Any method apart from that prescribed under HIPAA is illegal and will get your shit fucked under law.
I worked in a school and we *still* sent decom drives off to be securely shredded. Learn the correct process per the regulations you are legally obliged to follow (and fuck what your fleshwaste of a boss says, he's already demonstrated himself to be a liability) and use them to destroy the drive, or expect to get arsefucked for non compliance when someone finds out.
Because you work in IT in a fucking Hospital and not being compliant with HIPAA can mean a multi million dollar lawsuit for a single infraction involving PHI.
It's multi million dollar kind of retarded.
Based on the all responses, /g/ is confirmed for neckbears that have never worked in an enterprise environment of any sort.
It makes him a retard because he works in an industry where it should be pretty fucking obvious that secure data destruction via accountable methods is required, and he is too fucking stupid to make that mental connection. The dumb cunt is fucking around with a drill instead. THAT'S what makes him a retard.
what would you do in OP's stead given the resources he had then
what you're saying is that you wouldn't do anything, and just cry that this is all wrong and get your boss fired and then take his place
you're a genius bro props to you
What I would do is look up the documentation my employer should be providing me regarding secure data destruction and follow it. If there was no such documentation, I would be climbing the managerial chain to find out why, or looking for a new role with a department that does not place me at risk of penalty because of their incompetence.
All of this you will understand once you move out of mums basement kid.
From what I gather from OP's post, the HDD that was given to him came from a batch
We don't know what kind of hospital he operates and if the HDD he had was one that was left out
You can't, for the fuck of yourself, push the values of the industry you worked in, in the standards you worked in, to be the standards the whole world will follow
Standards that should be followed, and standards that are actually followed are two things very different. If you don't understand that much you should re-evaluate things before calling other retards.
If it was in a machine that was EVER connected to a health network, it falls under that jurisdiction, period. Sure, it may have only ran the infoboard LCD's in the foyer, but fuck knows who has accessed it or put what on it. I have known of helldesk robots using random, low use machines as network shares on the down low, god knows what kind of rogues there are in that place if his boss is pulling this kind of shit.
HIPAA is not a standard you just don't follow because you feel like saving 30 minutes or a couple hundred thousand dollars. It's just one of the few standards you don't fuck around with because if you do, you're looking at a lawsuit from the patient (Which they will win) auditing and fines from the government and an internal investigation that will get your ass fired faster than you can say "but.."
idk why you're crying about other being basement kids when you're the one throwing a fit for no reason in a thread that already had OP's question answered.
i figure you should go look to do something productive instead of making clear to everyone how big your neckbeard is
> Well fuck, he's right.
> I'll fall back on ad hominem, that's always a winner,
Here you are sweetheart, can't have that gorgeous mascara of yours running down your cheeks now can we..
Haha, reminds me, I've retrieved and replaced the PC of a psychiatrist once, after a whole upgrade.
>mount the HDD
>files were deleted, not a format, just cleared c:/recycler/stuffs
>just launch Testdisk, retrieve a bunch of Ms-WORKS documents (well craziness is contagious) and basically every report she made, stories were kept there.
That was interesting, and I still have them, and her Dell Optiplex P4
Are you kidding me?
Are you fucking kidding me?
We just had a major fucking hacking issue going on with that children company because they didn't follow basic standards of fucking security
Like, bottom of the barrel standards of security? I forgot the name of that company
Are you really fucking shitting me that you don't understand that standards exist but whether companies or industries properly follow is really up to them?
Can you really just go around and call people "basement dwellers" when you don't fucking understand this much?
I'm sure whoever licensed her to practice has mandated processed around patient data security and would have penalties in place, but, in the same way as I print dox and drop them into letterboxes when I find a PC on curbside that has not been wiped/had the HDD pulled, it's a lesson in data security more than anything. I'd rather go "hey look, I just found your birth certificate on the PC you threw out, here's a link to some info on securing your data so people less honest than me don't rape your life right out from under you" than let it slide. The more we educate the plebs, the less they'll fuck with our days by doing stupid shit.
not OP, but I wanted to ask
does smashing with a hammer works fine like that?
like, last time i put it inside a microwave i had found in a dumpster
and i really wanted to blow it up, so thats how i did and it was fine and all
but just smashing it with hammer would be enough without taking the cover out or anything?
i thought hdds were sturdier than that
Just keep smashing until the cover comes off, then smash the fucking disks too. They will already be fucked anyway just from the frame bending them but if your paranoid there is no reason not to. It would literally takes seconds and a few good hard swings.
2.5" HDD's tend to use use glass platters, so yeah, wailing on one of them will fuck it good and proper. a 3.5" drive, not so much.
I tend to drill a hole in the upper cover, fill the drive with acetone (non conductive) the fire it up. Acetone eats the magnetic coating off the platters leaving them bare metal, you're not getting shit off that drive.
Yes it does. Different industries have different standards and are enforced to different degrees. Guess what, the healthcare industry get's fucked in the ass if it doesn't comply with HIPAA
VTech loses a few sales and has to put out a day one patch if they fuck something up.
The discussion is clearly based around the Healthcare industry and you're clearly autistic if you can't understand this.
> Implying any amount of force will shatter an aluminium disk of metal
Shouldn't you be off getting your arse plunged by a sock wearing faggot?
No. You're clearly autistic if you think every single hospital will obey standards if the one you worked in did.
That's just fucking hilarious, and VTech is an example of an industry who didn't follow basic standards of security and that will also cost them millions in prosecution
Just how many industries gets the stick and fucked for not following basic forensics?
It's really up to them to enforce it, but it's also up to them to pay the price for not doing it.
God, you're retarded. Last time I'm replying.
The goal isn't to break them retard, just fucking them up is enough.
You go ahead and try to recover data off that platter when it looks like it took more hits than your mom's face. Bet you $100 you wont get shit.
OP, if you smashed it a couple of times with a hammer and drilled a hole on the plate, you have nothing to worry about
People who savage HDDs on the trash look for ones where people just threw it away without basic knowledge of wiping it out etc.
If you put a hole in it, that makes it hard enough no one wants to bother, and if it's just a regular hdd, no one will
So, a few things here:
#1. Devices that store ePHI (electronic Patient Health Information) have to be physically destroyed in such a manner that no remnants of the data can be recovered. Most "secure destruction" companies put them through shredders, then degauss the whole pile.
#2. There has to exist a chain of responsibility for this. A running list of who has had that drive has to be maintained, and available incase of audits. From whomever pulled it from the "server", whomever had access to where it was stored, whomever rode in the car it was in, you, your boss, etc.
#3. There has to be validatable proof of the destruction performed. Secure Destruction companies basically issue a "Certificate of destruction" for that drive/serial number to say "Shit's dead, yo" and maintain these records themselves, too.
A) What your boss asked you to do is pretty shady. Proper tools are needed for secure destruction, and he obviously did not care if you had them or not.
B) The method you performed was not secure at all. Realistically, nobody is going to pull this thing's platters, spin 'em and try to scrape up some identities to harvest. But this fantasy setting shouldn't even be given a leg to stand on for possibility.
C) Report your boss. Broker your own deal with the hospital, say you'll make things right where he didn't. Offer them a slightly less-pricey contract since it'll be you solo. Profit.