Should hard drives be destroyed or wiped?

Hammer time

BBC News Online, one of the most popular websites in the UK, is running a story today advising people not to wipe old hard disks, but to take a hammer to them instead.

The story claims that secure data erasure isn’t as safe as it makes out, and the only real security when disposing of an old drive is to smash it to smithereens.

Sorry, but I just don’t buy this advice.

Sign up to our free newsletter.
Security news, advice, and tips.

I started out my career in the computer security business some 17-odd years ago working for a firm called S&S International. Aside from producing Dr Solomon’s Anti-Virus Toolkit, which I was a fresh-faced Windows programmer for, they also had a nice line in data recovery.

Regularly I would see the teams working on hard disks that had been accidentally covered in tea (sugary tea is the worst – hot and sticky), accidentally fallen out of the window even lost over the side of a cross-channel ferry!

The wizards in the data recovery couldn’t perform miracles – but it was sometimes close. And, yes, it is extraordinary what data can be resuscitated even when a drive has been lurking at the bottom of the garden pond for weeks or seemingly wiped of its data.

Taking a sledgehammer to a hard drive isn’t the answer. For one thing, how is the average consumer supposed to know that they have physically damaged the hard drive enough to prevent data from being recovered from it?

Furthermore, it’s harder work (and undoubtedly more dangerous to your physical welfare – imagine the pieces of glass and metal flying about) than running a proper secure erasure tool.

I’m not denying the importance of handling the disposal of computer equipment properly. In the past we’ve discussed, for instance, how sensitive information has been found on computer hardware auctioned on eBay that hadn’t been properly wiped.

What firms and individuals should do is run military-grade secure erasure tools if they’re dumping their hard drives or planning to sell computer equipment on eBay. Such software can overwrite not just the files on your hard drive, but every single area – including the slack space where old “deleted” files might lurk. And they can do it multiple times, with random characters, ensuring that there is no residual magnetic echo of the data that was once on the drive still discernible.

Of course, there are some data erasure tools that may be better than others – and not all may do the job sufficiently. But choosing a data wiping solution carefully is better than trying to crack a nut with a sledgehammer.

* Image source: Alexmuse’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.