How To Destroy Information


This article presents a particular way of destroying information that is stored on a personal computer.

My acquaintances often approach me with the same question: “I am leaving my job. I used my computer for something that is not related to my duties at work and it is rather personal. I am uneasy about simply leaving the machine in the office and walking away. What would be the proper way of destroying that information?”

Before I explain technical details of destroying information that is stored on your machine, I must elaborate on several truly important matters.

For an Introduction

Usually, I readily answer to that question only to people whom I know personally very well for a considerable amount of time: honest, upright ladies and gentlemen that certainly understand the meaning of the word ethics. Since I publish this information online for all to see, I must assume the same about my readers. Please note however, that if your intentions are of a doubtful nature (or worse, clearly illegal—even to yourself), then please—I beg of you—stop reading this instant: in jurisdictions that I am aware of, covering up a crime is a crime in itself. I neither have the least intent of helping you nor I wish to complicate your situation any further. Seek legal advice, the sooner the better.

You might ask “All right, what is acceptable then, in your opinion?” In my opinion, if you accessed your private mail and downloaded the pictures of your children from their birthday party that your partner sent to you, or you read your bank statement online, or you purchased airline tickets for your holiday using the employer's machine then, at very least, destroying this information is not unethical (while all of the above certainly may be against the acceptable use policies that are established at your place of work by your employer)—if your only true intent is to ensure that those pictures of your kids, your banking information, or knowledge of your holiday destinations will not fall into wrong hands—but not the intent of hiding the fact that you have done something that your employer specifically asked you not to do. The latter case belongs to the ‘grey’ area, where the proper conduct depends on your particular circumstances: it might amount (if at all) to a mild disciplinary offence if you are a Web design artist working in an open environment or, on the other hand, even to the extreme case of an act of state treason that is punishable by law if you work for your government. (It appears, however, that some people manage to get away even with such deeds.)

Being straight and honest with your employer is always good for you. Even if you are consciously selfish and do not have any care for that place or those people who remain to work there anymore, I must repeat a truism here for you: leave gracefully, you may need to return. As the Russian proverb has it: «Не плюй в колодец — пригодится воды напиться.» (“Do not spit in the well, [it] will be of use for drinking [to yourself].”) For the rest of us, the common sense that was best stated by Rabbi Hillel the Elder applies: דעלך סני לחברך לא תעביד (“That which is hateful to you, do not do to your fellow”).

Assume No Privacy

‘Your’ office computer is a tool that you received from your employer for performing your job. Legally speaking, this computer is not yours in any sense whatsoever—it is your employer's property. I am not versed in the law at all, therefore I prefer to err on a safe side and advise you to do the same: always suppose that your employer has every right for any bit or all of information stored on the disks of your office computer (be it a desktop, a notebook, or a mobile device), without any exception.

I am truly sorry if that comes as a sad news to you: most probably, the expectation of privacy of yours in this case is unreasonable. You made the mistake of using your employer's equipment for your personal purposes and it is your responsibility to resolve the matter—first and foremost—to the complete satisfaction of your employer and only then to yours.

If you are not agree with me and feel that this issue is unclear to you (I completely respect your right of thinking differently and support your desire for knowing the truth—however painful is the truth at times), here is what you can do:

Always make sure that you receive your information from an authoritative source. Except the first case above, be prepared to explain (and maybe visually present) the kind of personal information in question. Do mind the axis of time: the rules may have changed since the last when you took interest in them (if at all). Make sure that your understanding is up-to-date.

Does Your Employer Perform Backups?

If your employer performs periodic backups (yes, you may not be aware of that), you may discover that your personal disaster has happened and the information in question has already ‘leaked’ into the employer's complete possession. Worse yet, there are employers that keep a history of backups. In that case a remedy can be achieved only through open and honest negotiations with the employer. Be prepared to discover that your employer uses a cloud backup service that is provided by a third party, which complicates the matters even further.

There is a technical subtlety that is worth knowing: whether those backups are performed on the block level or file level. If the backups are performed on the file level, there is a chance that the end user (you) has access to a local configuration program of the backup agent that runs on the computer. This program usually allows the user to specify (or, at very least, to see) which directories are backed up. If that is the case, you have a way of assessing the damage that you might have caused yourself through negligence of the matter.

If backups are made, your only hope is that the history is not kept and you have a chance to remove your personal information before the last backup is made while you still have access to the computer.

Your best bet is speaking with the local IT personnel. Usually they are friendly and helping souls but they are often very busy, so contact them in advance.

The End of The Old Machine

The first step of yours should be figuring out what precisely happens to that computer when you leave. Make sure to find the answer to two questions: are there any established procedures and what are they; what will happen to this specific computer in practice (there are exceptions to rules).

There are several possible outcomes:

As you can deduce from the above, the general rule is as follows: if the disk(s) of ‘your’ machine cannot be overwritten completely or physically destroyed in your presence then you must seek a way to perform the data destruction procedure as described below.

Data Destruction Procedure

Administrativia

Exert every effort for reliable preservation of all work-related material that was stored on your computer. There are many ways about that; ensure that your direct manager and your colleagues are satisfied with your approach. Leave them detailed written or ‘screen-casted’ instructions on finding information in the pile of bits that you leave behind.

Inform your direct manager and the IT personnel about your intent. If you feel unsure about your future, you may ask them for a written notice stating that they are informed of your actions and that they are agree with your plan. Be prepared for giving explanations as to the purpose of this procedure. Please refrain from performing the below if there are any objections.

Preparations

You will use the OpenBSD operating system for the task. There are several reasons for that choice:

  1. A fast non-blocking generator of random numbers, which is fed from entropy-gathering mechanisms of the kernel through the ChaCha20 stream cipher.
  2. The download size of less than 5 megabytes.
  3. There is no installation required, besides writing the downloaded image to a USB portable storage.
  4. Unattended operation is possible—you can leave the building forever within minutes after launching the process, assuming that you can guarantee that the computer will remain powered up and otherwise uninterrupted for several hours.

Create a Bootable USB Drive

  1. Download the miniroot.fs image to your computer. From the list given here, select the identifier of the hardware architecture of your computer that appears right to the bullet that is titled minirootXX.fs : for instance, select amd64 for a 64-bit Intel machine or i386 for a 32-bit Intel machine.
  2. If you are preparing the bootable image on a Unix system, you can use dd(1) for writing the image, for instance:
    sudo dd if=miniroot62.fs of=/dev/sda
    sync
    The above assumes that the USB drive is known to your machine as sda. If you are not sure, it is advisable to verify that by examining the last lines of output produced by
    sudo dmesg
    Please note, that you must write the file to the disk device node and not to a partition.
  3. If you are preparing the bootable image on a Windows machine, you can use the Win32 Disk Imager, the user interface of the tool is self-explanatory. A word of caution though: make sure to remove all other USB storage attached to this computer to ensure that you do not overwrite a wrong drive by a mistake.

Bootup and Collection of Information

  1. Insert the bootable USB drive into the machine whose disk you wish to erase, and boot the computer from the USB. (If that is a desktop system with a USB mouse attached, disconnect the mouse first—this will save you from the trouble of having your screen garbled with kernel messages about mouse events.) Please consult the BIOS documentation or ask a colleague if you do not know how to boot your system from an external USB drive.
  2. Eventually, you will see the prompt similar to the following:
    Welcome to the OpenBSD/amd64 6.2 installation program.
    (I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
    Type s and press Enter. You will see the shell prompt (a lone hash character ‘#’ at the beginning of the line).
  3. Optional: if that computer is connected to a LAN having the DHCP service, you can significantly improve the quality of the random numbers by configuring the network card of the computer using DHCP. Type
    ifconfig -a
    and pick an Ethernet interface (this is not exacly precise, but find the first interface whose name is not lo0, for instance em0). Then type
    ifconfig em0 up
    and wait a couple of seconds, then type
    ifconfig em0
    again. Check whether the status of the interface has changed to active. If that did not work then continue to the next point. Otherwise, launch the DHCP client:
    dhclient em0
    and wait for the shell prompt.
  4. Find the name(s) of the internal hard drive(s) on that computer:
    dmesg | grep -E '(pci|scsi).*<[^<]+>' | grep -v removable
    You should see a line (maybe several lines) of the form
    sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT4> SCSI3 0/direct fixed naa.5002538d40b63943
    or
    wd1 at pciide0 channel 0 drive 0: <STT_FZM64GW18P>
    The name of the drive starts at the beginning of the line, has the prefix of either wd or sd followed by a number and is terminated at the first space, it should look, for example, like wd0, wd1, sd0, or sd1. In the example above the name of the first disk is sd0 and the name of the second disk is wd1.

Erasing the Disk

THIS IS IT: AFTER MUCH ADO, YOU ARE ABOUT TO DESTROY ALL INFORMATION ON THE DISK THAT YOU SELECTED. THERE IS ABSOLUTELY NO WAY BACK PAST THIS POINT. THINK AGAIN BEFORE PROCEEDING.

I assume that you selected the disk named sd0. Type the following to erase it:

dd if=/dev/urandom of=/dev/rsd0c ; halt -p
This command usually takes several hours to complete, it is best to leave it running over a weekend, it needs no baby-sitting. If you have several disks to erase on a particular machine then repeat the same command before issuing a halt(8):
dd if=/dev/urandom of=/dev/rsd0c ; dd if=/dev/urandom of=/dev/rsd1c ; halt -p
The command above will erase the disk sd0 and then the disk sd1.

Vadim Penzin, March 19th, 2018


I hereby place this article into the public domain.
You are welcome to contact me by writing to howto at this domain.
I publish this information in the hope that it will be useful, but without ANY WARRANTY.
You are responsible for any and all consequences that may arise as the result of using this information.