WEBVTT

00:00:02.320 --> 00:00:08.640
wow look at this thing absolutely mangle

00:00:06.839 --> 00:00:11.779
let's do another

00:00:14.120 --> 00:00:21.199
one wait why am I doing this aside from

00:00:18.320 --> 00:00:26.439
it being totally intoxicating well because these old server drives behind

00:00:23.640 --> 00:00:31.519
me are loaded with data that is so sensitive that I am legally obligated to

00:00:29.039 --> 00:00:35.280
destroy them since we're at it anyway I thought I'd show you guys the atrack

00:00:33.280 --> 00:00:40.559
Mobile Data Destruction system here complete with dealing magnet and

00:00:38.360 --> 00:00:44.680
hydraulic press when this thing's done with your drive you will not be getting

00:00:42.719 --> 00:00:51.199
anything off of it but lonus you might say what about an

00:00:46.760 --> 00:00:54.160
SSD oh that's got to

00:00:51.199 --> 00:01:00.800
hurt turns out it can do those too but lonus you might say think of the turtles

00:00:57.920 --> 00:01:06.479
or your staff I need hard drive couldn't I just erase them and sell them

00:01:03.559 --> 00:01:13.080
maybe at a nice discount the answer is yes but also more complicated than you

00:01:09.799 --> 00:01:15.400
might expect there are a lot of ways to

00:01:13.080 --> 00:01:21.079
erase data and they're not all created equal kind of like my Segway to our

00:01:18.560 --> 00:01:25.119
sponsor xplit level up your live streams with simple yet effective broadcasting

00:01:23.360 --> 00:01:28.520
and video production tools for use on platforms like twitch and YouTube check

00:01:26.880 --> 00:01:33.479
out xsplit at the link below and use code Linus for 9% off your first

00:01:31.240 --> 00:01:37.759
purchase or subscription nice a quick search of eBay will reveal tons of

00:01:35.720 --> 00:01:43.680
listings for used magnetic hard drives so clearly plenty of folks out there are

00:01:40.159 --> 00:01:45.680
taking the wipe and resell approach but

00:01:43.680 --> 00:01:50.840
as you probably already know just hitting delete and emptying the recycle

00:01:48.000 --> 00:01:57.079
bin is not a secure method of erasing data and even a format doesn't

00:01:53.880 --> 00:01:59.399
necessarily make everything on a storage

00:01:57.079 --> 00:02:04.079
device unrecoverable just check out the results of of using test disc on an SD

00:02:01.799 --> 00:02:10.599
card full of deleted text files if you don't believe me so to prepare a drive

00:02:07.000 --> 00:02:13.040
for sale you need to do things right pun

00:02:10.599 --> 00:02:19.480
intended because the simplest method of doing that is to write zeros over the

00:02:16.360 --> 00:02:21.800
entire disc then you want to go back and

00:02:19.480 --> 00:02:26.280
read it to ensure that there's nothing but zeros to be found it's quite

00:02:24.480 --> 00:02:31.640
effective at preventing someone with a simple piece of free software from

00:02:28.000 --> 00:02:35.239
recovering all of your as recipes but

00:02:31.640 --> 00:02:39.200
what if you're a bank or hospital or the

00:02:35.239 --> 00:02:42.560
CIA well the answer there is it depends

00:02:39.200 --> 00:02:44.599
in the past Nells could conceivably use

00:02:42.560 --> 00:02:51.760
a technique called magnetic force microscopy to pull data off of a drive

00:02:48.319 --> 00:02:54.319
that had already been overwritten the

00:02:51.760 --> 00:03:00.000
idea behind it was that not every right operation on a particular bit of storage

00:02:57.959 --> 00:03:03.120
would be lined up with exact precision on the disc we're going to have a couple

00:03:01.239 --> 00:03:07.840
of papers in the description linked down below it's super interesting stuff and

00:03:05.720 --> 00:03:12.840
this potential attack Vector led to a series of data deletion standards that

00:03:10.000 --> 00:03:17.680
would call for between three and three dozen passes riding over the drive

00:03:15.760 --> 00:03:23.120
alternately filling it with zeros then ones then random characters or even

00:03:20.519 --> 00:03:27.599
predefined patterns with modern hard drives like these ones however the

00:03:25.640 --> 00:03:32.799
components and the tolerances have shrunk so much that the possibility of

00:03:30.799 --> 00:03:39.480
fragments being left behind that could be read is basically zero so new

00:03:36.360 --> 00:03:42.200
standards like nist 888 have come along

00:03:39.480 --> 00:03:47.720
which now say that four storage devices containing magnetic media a single

00:03:45.040 --> 00:03:52.159
overwrite pass with a fixed pattern such as binary zeros typically hinders

00:03:50.120 --> 00:03:57.120
recovery of data even if state-of-the-art laboratory equipment is

00:03:54.599 --> 00:04:01.920
used to attempt it so you're probably thinking if anyone with a computer could

00:03:59.680 --> 00:04:06.959
could do that at home why is this machine still

00:04:03.519 --> 00:04:10.720
necessary well the issue is doing it at

00:04:06.959 --> 00:04:14.280
scale you see with great capacity comes

00:04:10.720 --> 00:04:17.000
great right times so even drives that

00:04:14.280 --> 00:04:23.639
have built-in ATA secur race commands which should be anything made after

00:04:18.919 --> 00:04:27.680
about 2001 can take hours or even an

00:04:23.639 --> 00:04:29.840
overnight operation to fully clear and

00:04:27.680 --> 00:04:34.960
if you're that hypothetical bank or three-letter agency you could have

00:04:31.880 --> 00:04:38.280
hundreds or even thousands of drives to

00:04:34.960 --> 00:04:40.400
sanitize and dispose of nobody got time

00:04:38.280 --> 00:04:45.720
for that I mean even if you were willing to pay some Junior IT Tech to wipe

00:04:42.960 --> 00:04:50.039
drives all day every day buddy better have the appropriate clearance to handle

00:04:47.320 --> 00:04:54.960
it and even if they do something is eventually going to slip through the

00:04:51.919 --> 00:04:56.520
cracks like like that one time when my

00:04:54.960 --> 00:05:03.479
former employer didn't wipe their employee records yeah yeah good times I mean that

00:05:00.880 --> 00:05:07.639
was bad enough but hey look imagine if the data slipping through the cracks was

00:05:05.720 --> 00:05:12.759
I don't know a list of your nation's covert intelligence sources in North

00:05:09.440 --> 00:05:15.120
Korea or something that is where the

00:05:12.759 --> 00:05:20.479
Mobile Data Destruction system comes in it's fast enough to process Mount hard

00:05:17.440 --> 00:05:23.800
drive here that's another fun dad joke

00:05:20.479 --> 00:05:27.479
in about an hour and the first stage is

00:05:23.800 --> 00:05:29.840
the deusser and this bad boy is no joke

00:05:27.479 --> 00:05:34.759
we all know that hard drive storage is magnetic but what a lot of people don't

00:05:32.280 --> 00:05:41.000
realize is that this is perfectly safe you would need a

00:05:38.400 --> 00:05:45.280
much stronger magnet than anything you'd find on a screwdriver to do anything to

00:05:43.080 --> 00:05:49.919
a modern drive and there are a lot of different ways to skin this cat but this

00:05:47.560 --> 00:05:56.199
particular unit builds up an electrical charge in its capacitors then discharges

00:05:53.120 --> 00:05:59.080
the energy as one big highfrequency

00:05:56.199 --> 00:06:04.440
electromagnetic pulse so long as that pulse is stronger than the hard drive's

00:06:01.680 --> 00:06:09.479
coercivity that is its resistance to Magnetic change the pulse will randomize

00:06:07.440 --> 00:06:15.240
the polarity of all the little magnetic bits wiping out the data permanently and

00:06:13.280 --> 00:06:21.080
this is really important the drive doesn't need to be functional for the

00:06:17.400 --> 00:06:23.680
deaser to be effective you guys ready

00:06:21.080 --> 00:06:28.800
this bad boy puts out a field of about 10,000 gaus which is about double the

00:06:26.599 --> 00:06:34.080
coercivity of both conventional and shingled hard drives there it goes

00:06:31.400 --> 00:06:38.400
meaning that aside from the data itself being gone all the tracks on the

00:06:36.479 --> 00:06:42.919
platters will be destroyed and anecdotally we've heard that it can even

00:06:40.479 --> 00:06:48.840
shift around internal components or demagnetize the permanent magnets in the

00:06:45.120 --> 00:06:51.120
drive it's kind of the uh nuke it from

00:06:48.840 --> 00:06:57.520
orbit option it still looks perfectly normal but this drive is now completely

00:06:54.280 --> 00:07:00.240
unusable which raises a question why do

00:06:57.520 --> 00:07:05.360
we need the rest of this getup here well modern privacy and data protection

00:07:02.440 --> 00:07:11.039
laws require a more systematic approach and the mdds is more than just a dealer

00:07:08.800 --> 00:07:15.560
and a Crusher on a cart let me show you guys the workflow we start by scanning

00:07:13.199 --> 00:07:20.639
in the serial number of our drive then placing it here to take a before picture

00:07:18.560 --> 00:07:24.720
atrack is working on an AI module that will just read the serial number from

00:07:22.440 --> 00:07:28.720
the picture but that's not ready yet then it pops into the deusser we've

00:07:26.520 --> 00:07:33.160
already hit this drive once but doing it again isn't going tot it any more than

00:07:30.000 --> 00:07:35.639
it already is run right now it's

00:07:33.160 --> 00:07:39.919
charging up its capacitors then it's going to take all that power and I don't

00:07:38.879 --> 00:07:45.080
know if you'd call that an electromagnetic pop or thunk does anyone

00:07:42.879 --> 00:07:48.319
around here got a pacemaker no oh good probably should have checked that before

00:07:46.199 --> 00:07:53.080
we started but everyone's still standing I think we're all right atra says that

00:07:50.680 --> 00:07:58.120
we should only measure about five of this units 10,000 gaus directly above

00:07:56.000 --> 00:08:01.800
the unit where the shielding is weakest that could potentially impact older

00:08:00.000 --> 00:08:07.280
pacemakers but that's within the occupational safety limits for short

00:08:03.560 --> 00:08:08.840
exposure so should be fine after the

00:08:07.280 --> 00:08:14.280
thud we wait for the Raspberry Pi controller to pop up once this readout

00:08:11.400 --> 00:08:19.599
says success the data is gone but this next step is still important for a few

00:08:16.319 --> 00:08:22.319
reasons one it gives us an obvious

00:08:19.599 --> 00:08:27.960
visual indicator that uh this thing ain't going to work no more two the more

00:08:25.560 --> 00:08:34.519
extreme data protection standards do still call for physical construction and

00:08:31.560 --> 00:08:38.680
number three this is the most important it's super fun to watch oh you doing

00:08:36.880 --> 00:08:42.640
okay buddy it didn't go it's not it's in there the right way

00:08:41.399 --> 00:08:47.519
I don't want to not follow the instructions did I put it upside down or

00:08:44.720 --> 00:08:52.200
something matter destruction fail open door oh this is a helium drive this is a

00:08:49.920 --> 00:08:56.160
sealed drive we spoke with at Rack about the difficulty that we had crushing

00:08:53.839 --> 00:09:01.519
these beefier unibody hard drives and it turns out the crusher in our cart was

00:08:58.760 --> 00:09:06.519
modified if IED to run on 110v Power and as a result doesn't have quite the same

00:09:03.720 --> 00:09:09.560
oomph of the production units at Rack picked up a few of these drives to

00:09:07.760 --> 00:09:13.680
double check and their production unit made short work of them once the drive

00:09:11.720 --> 00:09:18.120
is crushed we shake any loose bits out into the drawer down here throw it back

00:09:15.720 --> 00:09:22.200
under the camera for an after picture and all of that gets logged to atra's

00:09:20.200 --> 00:09:26.320
redundant Cloud servers and then you can print off a certificate of Destruction

00:09:24.399 --> 00:09:28.800
for your local records kind of wonder what else we could crush in this thing

00:09:27.560 --> 00:09:33.720
that would make a great Floatplane exclusive maybe uh yeah we'll have the social team

00:09:31.120 --> 00:09:38.000
do that lg. g/f flat plane coming soon that aside I can practically hear you

00:09:35.399 --> 00:09:42.640
guys saying L is what about ssds don't worry we're going to get to that but

00:09:39.800 --> 00:09:47.480
first we need to at least mention new magnetic hard drive Technologies like

00:09:44.880 --> 00:09:52.440
heat assisted magnetic recording or hammer in a nutshell these Cutting Edge

00:09:50.279 --> 00:09:57.600
drives achieve much greater storage density by using platter materials with

00:09:55.120 --> 00:10:02.079
much higher coercivity as you can imagine from when we were talking about

00:09:59.120 --> 00:10:08.440
about the deusser this helps to prevent accidental flips to nearby bits when

00:10:05.519 --> 00:10:13.760
they're exposed to the right head but it presents some other challenges like well

00:10:11.480 --> 00:10:21.320
how do you intentionally write to the bit you're actually targeting it's super

00:10:17.600 --> 00:10:24.000
cool in less than a nond they heat the

00:10:21.320 --> 00:10:31.880
target bit up with a laser to around 450° C which reduces the coercivity then

00:10:28.640 --> 00:10:34.160
they it and rapidly cool it back down to

00:10:31.880 --> 00:10:39.200
lock in the data at this time we're not aware of a deusser that is capable of

00:10:36.560 --> 00:10:43.320
clearing a hammer drive yet but we're told that they are in the works so for

00:10:41.079 --> 00:10:46.440
now a drive Shredder might be your best bet for Hammer at Rack told us they're

00:10:45.160 --> 00:10:51.639
working on a shredder attachment for this unit and if you guys are into this stuff I would love to get our hands on

00:10:49.480 --> 00:10:57.240
it and show it to you now let's finally talk about ssds and all your other

00:10:54.000 --> 00:10:59.839
non-magnetic storage the deuser isn't

00:10:57.240 --> 00:11:05.200
going to do Jack squat to these either and overriding them might not be Totally

00:11:03.000 --> 00:11:10.680
Secure either if the drive uses automatic wear leveling which pretty

00:11:07.480 --> 00:11:12.360
much any modern consumer SSD would as

00:11:10.680 --> 00:11:17.240
with hammer drives then that leaves you with secure Ras which at least is

00:11:14.600 --> 00:11:21.279
refreshingly quick on an SSD and if properly implemented should be good

00:11:19.000 --> 00:11:26.000
enough for anyone to resell the drive without worrying about recovery but in

00:11:24.079 --> 00:11:33.399
cases where you have to be 100% sure that nothing's getting through the cracks our Crusher has a cool little

00:11:30.880 --> 00:11:39.240
accessory that not only crushes the drives but also ensures damage to each

00:11:36.680 --> 00:11:43.720
and every memory chip on the board that's scary looking let's give it

00:11:41.959 --> 00:11:47.000
a try all we got to do is pull out the hard drive

00:11:45.279 --> 00:11:55.279
attachments okay put this bad boy in here H yeah

00:11:51.600 --> 00:11:57.440
something like that seems

00:11:55.279 --> 00:12:02.320
legit you want to see a 2 and 1/2 in or an m.2 yes all right right well let's

00:12:00.720 --> 00:12:08.279
start with one of the I mean not the heck it could probably do both here we

00:12:05.560 --> 00:12:10.680
go sayara buddy

00:12:10.680 --> 00:12:18.079
oh oh there we go did we get all the chips let's see let's see oh wow I mean

00:12:16.240 --> 00:12:24.880
the whole board came in half that's probably a good sign Nan chip

00:12:21.120 --> 00:12:26.680
dead nand chip in half other more

00:12:24.880 --> 00:12:31.399
different Nan chip that's not quite half but that's definitely some fraction the

00:12:29.000 --> 00:12:38.880
controller survived but there's no data on there last n chip definitely dead now

00:12:35.480 --> 00:12:42.079
how about this boy oh okay

00:12:38.880 --> 00:12:44.959
well there's one n chip I think it's

00:12:42.079 --> 00:12:48.680
dead obviously we are talking thousands of dollars in the hardware alone not to

00:12:46.880 --> 00:12:52.120
mention the software and integration work around this whole process and the

00:12:50.560 --> 00:12:56.600
Redundant servers around the world keeping your logs safe for years to come

00:12:54.680 --> 00:13:00.720
but the way that at Rack envisions things these carts are going to just

00:12:58.839 --> 00:13:05.199
live in the data center they're safe to use in either the hot or cold aisle and

00:13:03.120 --> 00:13:10.839
with an all-inclusive leasing cost of less than $1,000 a month they should

00:13:07.680 --> 00:13:12.839
quickly pay for themselves in time saved

00:13:10.839 --> 00:13:17.399
I personally would love to see them have an attachment maybe I don't know down

00:13:15.120 --> 00:13:22.320
here or something where you can load in drives for security racing that maybe

00:13:20.240 --> 00:13:27.320
could then be tested and sold if they still work I mean if it's bad obviously

00:13:24.519 --> 00:13:31.320
just Crush those ones but I can also understand that regulations is

00:13:29.079 --> 00:13:37.480
regulations at least until we can change them

00:13:33.360 --> 00:13:39.000
and I do get it even if I don't like it

00:13:37.480 --> 00:13:44.440
oh there's one more thing we should touch on let's talk about seds or self-

00:13:41.800 --> 00:13:48.399
encrypting drives these have a data encryption key that set at the factory

00:13:46.600 --> 00:13:52.519
and they automatically encrypt or decrypt data that is being written to or

00:13:50.639 --> 00:13:56.959
read from the drive the whole thing is transparent to the user apart from

00:13:54.480 --> 00:14:01.160
entering their password at boot the cool trick with these is that without the the

00:13:58.920 --> 00:14:07.120
key the data on the drive is essentially just random characters so all you need

00:14:03.839 --> 00:14:09.519
to do to erase that drive permanently is

00:14:07.120 --> 00:14:14.600
to overwrite the data encryption key this is called a cryptographic erase and

00:14:11.759 --> 00:14:19.600
is effectively instantaneous making it perhaps the most time effective method

00:14:16.920 --> 00:14:25.800
of Data Destruction while still allowing reuse of the drive many ssds have self-

00:14:23.360 --> 00:14:30.399
encryption features like these already but don't enable them by default so you

00:14:28.839 --> 00:14:34.880
can check the security settings in your PC BIOS or do a little bit of Googling

00:14:32.560 --> 00:14:39.839
to figure out how to get started on your platform software-based encryption Works

00:14:37.360 --> 00:14:43.000
similarly and is also possible but usually comes with some kind of

00:14:41.320 --> 00:14:47.040
performance hit so we'll have a couple guides linked down below it's important

00:14:45.399 --> 00:14:51.600
to remember in all of this that the schemes we're talking about though are

00:14:48.720 --> 00:14:57.360
for protecting the data at rest on the drive or once it's dead this is not

00:14:55.480 --> 00:15:02.600
magically protecting that picture of your lunch that you're uploading to the

00:14:59.880 --> 00:15:07.040
gram and while self- encrypting discs and full dis encryption might be the

00:15:04.440 --> 00:15:12.519
best way forward there's still going to be a place for setups like this for a

00:15:09.759 --> 00:15:18.240
long time because reliable trackable Data Destruction is critical for many

00:15:14.680 --> 00:15:21.880
Industries and sponsors are critical for

00:15:18.240 --> 00:15:24.040
Reliable segue to Squarespace creating

00:15:21.880 --> 00:15:28.000
your own website doesn't have to be difficult luckily with Squarespace it

00:15:25.920 --> 00:15:31.639
isn't they all-in-one platform makes it easy to get your website up and running

00:15:29.920 --> 00:15:35.959
quickly designing with their fluid engine sight Builder is a breeze start

00:15:33.920 --> 00:15:40.319
with a template and customize every detail imaginable with drag and drop

00:15:38.000 --> 00:15:44.440
technology for desktop or mobile you can also use their asset library to manage

00:15:42.399 --> 00:15:48.519
all your files from one Central Hub and use them across the Squarespace platform

00:15:46.680 --> 00:15:52.759
with squarespace's analytic insights you can see what's working well and What

00:15:50.240 --> 00:15:56.880
needs a little TLC and if you need help Squarespace has got your back with

00:15:54.279 --> 00:16:01.680
helpful guides and a 247 support team head to squarespace.com

00:15:58.759 --> 00:16:05.720
LT and get 10% off today if you guys liked this video maybe check out the one

00:16:03.360 --> 00:16:09.120
from a few years back about the red key Data Destruction tool it's still

00:16:07.759 --> 00:16:14.000
available for purchase even if they don't have the cool key-shaped USB drive

00:16:11.240 --> 00:16:14.000
anymore